pups and frequent unresponsive browser issues

L

larrynose

Member
Joined
Jan 28, 2014
Posts
5
Hi,

I have a Dell laptop with windows 8.1 running on it and have recently come across frequent unresponsive browsers, file explorer windows etc. Running MBAM showed up quite a few PUP files in the temp folder. So I ran TFC and then re-ran the MBAM scan again and the infection still shows with a few more files in addition. I tried running the DDS but it says it wouldnt run on compatibility mode. I am stuck on what else I should be doing now to get rid of the infection and have the browsers working proper again.
Appreciate any help on this.
Thanks in advance.
 
Hi, larrynose. Welcome to Sysnative.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

1. Please provide a copy of the most recent log from MBAM. The log can be viewed by clicking the Logs tab in MBAM.

2. Please download zoek.exe to your desktop.

Notes:
  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.
  • Please disable your antivirus and antispyware programs, as they may conflict with Zoek.exe. If you are unsure how to do this, please ask.

Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.
  • Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator. Be patient, as it will take the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    Code: 
    filesrcm;
startupall;
chromelook;
firefoxlook;
skipfix-iedefaults
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your system drive.
  • Please post the logfile for further review in your next reply.
 
Hi Corrine,
here are the logs you asked for.
the temp files seem to be clean now...
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware

Database version: v2014.01.27.08

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Bhavana :: DELL [administrator]

28-01-2014 13:19:10
MBAM-log-2014-01-28 (13-26-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210475
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Detected: 3
C:\Program Files (x86)\lucky leap\updateluckyleap.exe (PUP.Optional.LuckyLeap.A) -> 1448 -> No action taken.
C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe (PUP.Optional.LuckyLeap.A) -> 2220 -> No action taken.
C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (PUP.Optional.Wajam.A) -> 2268 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 30
HKCR\CLSID\{d77aa852-def3-43cb-a3f5-bd679de72f32} (PUP.Optional.LuckyLeap.A) -> No action taken.
HKCR\TypeLib\{b8bfa10f-6ffd-44b5-9dbb-e17cbaa107ff} (PUP.Optional.LuckyLeap.A) -> No action taken.
HKCR\Interface\{7F66829F-F442-431F-AF59-E4474505A67A} (PUP.Optional.LuckyLeap.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> No action taken.
HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> No action taken.
HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> No action taken.
HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam) -> No action taken.
HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> No action taken.
HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam) -> No action taken.
HKCR\wajam.WajamBHO (PUP.Optional.Wajam) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> No action taken.
HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Update lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Util lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken.
HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\LUCKY LEAP (PUP.Optional.LuckyLeap.A) -> No action taken.
HKLM\SOFTWARE\lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken.
HKLM\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdaterV3 (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> No action taken.

Registry Values Detected: 4
HKCU\Software\Mozilla\Firefox\Extensions|{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} (PUP.Optional.Wajam.A) -> Data: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi -> No action taken.
HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 5927 -> No action taken.
HKCU\Software\lucky leap|iid (PUP.Optional.LuckyLeap.A) -> Data: def_luckyleap -> No action taken.
HKLM\SOFTWARE\Wajam|red (PUP.Optional.Wajam.A) -> Data: 4 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 12
C:\Program Files (x86)\lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\bin (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\bin\plugins (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam (PUP.Optional.Wajam.A) -> No action taken.

Files Detected: 77
C:\Program Files (x86)\lucky leap\luckyleapBHO.dll (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE\priam_bho.dll (PUP.Optional.Wajam) -> No action taken.
C:\Program Files (x86)\lucky leap\updateluckyleap.InstallState (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\luckyleap.ico (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\luckyleapUninstall.exe (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\updateluckyleap.exe (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\bin\sqlite3.dll (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\bin\utilluckyleap.InstallState (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.16.dll (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.FFUpdate.dll (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.GCUpdate.dll (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.IEUpdate.dll (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\amazon.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\argos.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\ask.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\bestbuy.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\bing.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\ebay.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\etsy.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\facebook.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\favicon.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\google.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\homedepot.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\ikea.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\imdb.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\lowes.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\mercado.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\mysearchweb.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\myshopping.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\searchresult.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\sears.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\setting.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\settings.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\shopping.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\target.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\tesco.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\tripadvisor.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\twitter.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\wajam.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\walmart.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\wiki.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\yahoo.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Logos\zalando.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Updater\update.exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Settings.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Facebook.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Twitter.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Wajam Website.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Ask.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Bing.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Google.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\IMDb.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Shopping.com.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\TripAdvisor.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Wikipedia.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Yahoo!.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Amazon.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Argos.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ebay.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Etsy.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\HomeDepot.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ikea.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Lowe's.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Mercadolivre.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\MyShopping.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Sears.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Target.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Tesco.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Walmart.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Zalando.lnk (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam\uninstall.lnk (PUP.Optional.Wajam.A) -> No action taken.

(end)

the zoek log


Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by Bhavana on 29-01-2014 at 11:06:24.67.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bhavana\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29-01-2014 11:07:32 Zoek.exe System Restore Point Created Succesfully.

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2014-01-28 08:32:04 C84D4DDDD1CF1AC0328DB25E04043650 501060870 ----a-w- C:\WINDOWS\MEMORY.DMP
====== C:\Users\Bhavana\AppData\Local\Temp ====
====== C:\WINDOWS\SysWOW64 =====
2014-01-28 07:11:27 D496480A00ABDE0655C0FDCE9530B43E 216064 ----a-w- C:\WINDOWS\SysWOW64\gcapi_dll.dll
2014-01-28 06:45:21 7FA3046AC2751A408899EFD331FE1980 479744 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-28 06:45:21 6A7D239E3A3B90818B9BFE7B7CCD4BFC 584192 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-28 06:45:11 9EA661DB9B393F46046D6181A3DDC4AD 2804528 ----a-w- C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-01-28 06:45:06 BEFC9EE0724E53E004A6316C20931F99 2142936 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll
2014-01-28 06:45:05 A6A82DE8976069DBA0256AE5327110B5 1371312 ----a-w- C:\WINDOWS\SysWOW64\combase.dll
2014-01-28 06:45:03 2E6C68B92DFB0A95771F6DD7A4179FFE 13925888 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-01-28 06:45:00 E0C156E4380CE5C64CFBF2650895038D 18642504 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2014-01-28 06:44:59 72B3380DA5EA53028501F3B94E421FBB 2295808 ----a-w- C:\WINDOWS\SysWOW64\authui.dll
2014-01-28 06:44:58 D11A05032C28EE7588C135ECF7B49E81 1204968 ----a-w- C:\WINDOWS\SysWOW64\winmde.dll
2014-01-28 06:44:55 15DF7EF29273464E6112E7A131537BCD 669344 ----a-w- C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-01-28 06:44:54 92124EF7B1BF5492EFCA17B3A208E4F4 663680 ----a-w- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-01-28 06:44:52 FF73CDC3F09904D82B0CCC1CA750CD02 218112 ----a-w- C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-01-28 06:44:52 C85EA737B20BEDC46CBA748DCE115184 433664 ----a-w- C:\WINDOWS\SysWOW64\mfds.dll
2014-01-28 06:44:50 CF4C3815E577C7DC32BB8DB90F0B34C1 552624 ----a-w- C:\WINDOWS\SysWOW64\oleaut32.dll
2014-01-28 06:44:50 48B8013201B1846F893A83606248A8CC 336384 ----a-w- C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-01-28 06:44:49 ECD4A3F754224C954D3D19B6ECBFE5AA 513536 ----a-w- C:\WINDOWS\SysWOW64\rastls.dll
2014-01-28 06:44:49 4E556E5490191ED9B771576D9221A461 273920 ----a-w- C:\WINDOWS\SysWOW64\msieftp.dll
2014-01-28 06:44:49 06730D9C233B01E2F99C1BE2461629F7 980480 ----a-w- C:\WINDOWS\SysWOW64\mispace.dll
2014-01-15 09:58:43 ED8ED1CE6CAB56103230E2097763DC2B 695808 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 09:58:43 B6D28E8DC13F9EAF8B74BDB4F3DD9781 174592 ----a-w- C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 09:58:42 73D0837E97CD7368BCA7DE4E373B8503 103936 ----a-w- C:\WINDOWS\SysWOW64\OEMLicense.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-01-28 06:45:23 0E0796E3413D38A396B1C1591CE2B72E 4191232 ----a-w- C:\WINDOWS\Sysnative\win32k.sys
2014-01-28 06:45:21 F242938F69AA25B8ECD0D9E342799802 637952 ----a-w- C:\WINDOWS\Sysnative\SettingSyncHost.exe
2014-01-28 06:45:20 2EAF0A1F9E4DF34862CC5A2B5437E450 744448 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll
2014-01-28 06:45:19 5905265F56C14E67D193DB4D53451154 4106240 ----a-w- C:\WINDOWS\Sysnative\SyncEngine.dll
2014-01-28 06:45:18 5F9799975EAB95431BF78428B26B4FF6 21196664 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2014-01-28 06:45:12 32370AF583EC8B24D790E1B9201D6811 3210528 ----a-w- C:\WINDOWS\Sysnative\msmpeg2vdec.dll
2014-01-28 06:45:10 013BB1B12833CD646175312307768F93 18577920 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2014-01-28 06:45:07 3E7B2C9026986C821E507A3319EA1D80 1928144 ----a-w- C:\WINDOWS\Sysnative\combase.dll
2014-01-28 06:45:06 CA336E6ABF539A6D14DA3C49DDD24696 2131120 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll
2014-01-28 06:45:04 9FF95D589B5626852CECA2444C5C5A58 2617344 ----a-w- C:\WINDOWS\Sysnative\authui.dll
2014-01-28 06:45:01 D33E2A482C47ABFDD80185DD9C8C06F1 1399176 ----a-w- C:\WINDOWS\Sysnative\winmde.dll
2014-01-28 06:45:01 728D3349FAB251B0265EFA55C67DCA2D 1503232 ----a-w- C:\WINDOWS\Sysnative\wlansvc.dll
2014-01-28 06:44:58 1A1B60D269F745C021F69564B5906AD0 1374384 ----a-w- C:\WINDOWS\Sysnative\wmpmde.dll
2014-01-28 06:44:57 EF276593AD1BDF5A99032F62D6272848 834048 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll
2014-01-28 06:44:57 D65B1C952AEB864C2BAC7A770B17ECCE 282112 ----a-w- C:\WINDOWS\Sysnative\SystemEventsBrokerServer.dll
2014-01-28 06:44:57 A6207A88B596F726DE558425F3B7E592 263168 ----a-w- C:\WINDOWS\Sysnative\bisrv.dll
2014-01-28 06:44:56 FCB3BD54917D36FE79DFDF0ED7ACBEBB 764856 ----a-w- C:\WINDOWS\Sysnative\mfmpeg2srcsnk.dll
2014-01-28 06:44:56 39435F4007F1CEDEF04356892B18D174 202240 ----a-w- C:\WINDOWS\Sysnative\ubpm.dll
2014-01-28 06:44:55 B9FC41CEC711DC0E1BFE927EEDC49176 745336 ----a-w- C:\WINDOWS\Sysnative\oleaut32.dll
2014-01-28 06:44:55 78AB9F5DC27E317F0B34C45D54ABB6B2 32088 ----a-w- C:\WINDOWS\Sysnative\ploptin.dll
2014-01-28 06:44:55 40B228D05DB02F4A5F2452600999F53F 809872 ----a-w- C:\WINDOWS\Sysnative\mfmp4srcsnk.dll
2014-01-28 06:44:54 B818F6F3CA67E4BD278EDE5600BDD65E 461824 ----a-w- C:\WINDOWS\Sysnative\XpsGdiConverter.dll
2014-01-28 06:44:54 660891FFB1B22FF39AADB3F45CE15D45 470016 ----a-w- C:\WINDOWS\Sysnative\mfds.dll
2014-01-28 06:44:53 E18E9C9EBCFCA456B74BB6A80B1DB226 1415680 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll
2014-01-28 06:44:53 54A9F4AC86F2A4E7C3ADE47CAE5DE8E0 136704 ----a-w- C:\WINDOWS\Sysnative\psmsrv.dll
2014-01-28 06:44:53 34F8F7A0B782798F6A9511157BCC3E32 273408 ----a-w- C:\WINDOWS\Sysnative\Windows.Graphics.dll
2014-01-28 06:44:51 91433B44B1EF301E7DD696EB5281BC20 589824 ----a-w- C:\WINDOWS\Sysnative\rastls.dll
2014-01-28 06:44:50 FF9F658A51CAD74C25AF83038DBD735D 306688 ----a-w- C:\WINDOWS\Sysnative\msieftp.dll
2014-01-28 06:44:50 CD45E3FE736150D45EFDC9145DA53757 24064 ----a-w- C:\WINDOWS\Sysnative\bi.dll
2014-01-28 06:44:50 BDE4ABD3AB4171CECADFD38F392E656C 1227264 ----a-w- C:\WINDOWS\Sysnative\mispace.dll
2014-01-28 06:44:48 AD95F86C8D1843BE653F89FDE213F9E7 207872 ----a-w- C:\WINDOWS\Sysnative\deviceregistration.dll
2014-01-28 06:44:47 4B916278E1487A5CD5F8F9A521980026 385614 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml
2014-01-28 06:34:32 2B76F592B005FE7CF89B87643FDAB47E 115712 ----a-w- C:\WINDOWS\Sysnative\winbici.dll
2014-01-15 09:58:44 D8E3A4701376CCFD0BE542D745FA4809 3395920 ----a-w- C:\WINDOWS\Sysnative\WSService.dll
2014-01-15 09:58:43 E3E168E733B0E8383BA5635542FDB96F 848384 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll
2014-01-15 09:58:43 294AAE73D0D7BDAACC5224BC7334077B 206336 ----a-w- C:\WINDOWS\Sysnative\WSClient.dll
2014-01-15 09:58:42 3E245CCA42D78B9626A79FE77E111D7B 84480 ----a-w- C:\WINDOWS\Sysnative\WSCollect.exe
2014-01-15 09:58:42 30AE1D2A418A6C128CF3BD6EA37354DB 138240 ----a-w- C:\WINDOWS\Sysnative\OEMLicense.dll
2014-01-15 09:58:06 EF5A9D7523E4530D2030D4EA2D90FEC3 787968 ----a-w- C:\WINDOWS\Sysnative\uDWM.dll
====== C:\WINDOWS\Sysnative\drivers =====
2014-01-28 06:45:05 3D9A5AC880D7AA2305812D665D24ED23 2551128 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2014-01-28 06:44:57 ED39D676080A1AEA755F1DEC1A8DF1A4 1119064 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2014-01-28 06:44:56 79B6F3DF7CDFD12159871FF71464F0CE 403456 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys
2014-01-28 06:44:53 B7342B3C58E91107F6E946A93D9D4EFD 142848 ----a-w- C:\WINDOWS\Sysnative\drivers\ipnat.sys
2014-01-28 06:44:52 4628B415A84EA9D4D396A56F1D0CB6C6 142680 ----a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS
2014-01-28 06:44:49 1C89EF529DB7DCA98E801EFDCC8437DE 19456 ----a-w- C:\WINDOWS\Sysnative\drivers\BtaMPM.sys
2014-01-27 19:54:09 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-01-28 06:30:21 -------- d-----w- C:\PROGRA~2\Secunia
2014-01-27 19:58:00 -------- d-----w- C:\PROGRA~2\BillP Studios
======= C: =====
====== C:\Users\Bhavana\AppData\Roaming ======
2014-01-29 05:24:28 -------- d-----r- C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-01-28 07:12:45 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming\Foxit Software
2014-01-28 07:12:24 -------- d-----w- C:\Users\Bhavana\AppData\Roaming\Foxit Software
2014-01-28 06:30:37 -------- d-----w- C:\Users\Bhavana\AppData\Local\Secunia PSI
2014-01-27 19:58:09 -------- d-----w- C:\Users\Bhavana\AppData\Roaming\WinPatrol
====== C:\Users\Bhavana ======
2014-01-28 08:02:20 8B968045D75783A09592C3105F2865DA 688992 ----a-w- C:\Users\Bhavana\Desktop\dds.com
2014-01-28 07:12:49 -------- d-----w- C:\Users\Public\Foxit Software
2014-01-28 06:26:56 D8B9844FDFD05CD495F110FFF11C1EE5 5329480 ----a-w- C:\Users\Bhavana\Downloads\PSISetup.exe
2014-01-28 06:22:52 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\Bhavana\Downloads\TFC.exe
2014-01-27 19:58:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-01-27 19:58:00 -------- d-----w- C:\ProgramData\InstallMate
2014-01-27 19:52:57 7BB2B64FB93C8C2B3904436DAE891AEA 922152 ----a-w- C:\Users\Bhavana\Downloads\wpsetup.exe

====== C: exe-files ==
2014-01-28 07:12:24 3CCFDB5340E2A847F044F1A5A4B96696 902208 ----a-w- C:\Users\Bhavana\AppData\Roaming\Foxit Software\Foxit Cloud\Reader\unins000.exe
2014-01-28 07:12:16 49E549A01BB5FF6E82E386176E4D7305 96320 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe
2014-01-28 07:12:11 236BFA1DBFED844EC1FDC2525AC01243 2085952 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\SendCrashReport.exe
2014-01-28 07:12:08 E12A1B5088A8A465F2E48E61CD8D2C87 9580608 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Updater.exe
2014-01-28 07:12:02 51E3AFA324C51772EAAABDC430499486 37097536 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
2014-01-28 07:12:00 B2A596DCEE491DF39DBDC13A8A7CB05A 60480 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\FXC_ProxyProcess.exe
2014-01-28 07:11:58 FA6E28CF0CB453E635469E3618521574 759872 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\UninstallPrint.exe
2014-01-28 07:11:29 D4945107DF8F56CC4DC858C0694C13E2 26688 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Checkupdate\Checkupdate.exe
2014-01-28 07:11:27 80722698E1C467A679DD9D47289BA4BE 1904192 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe
2014-01-28 06:45:21 F242938F69AA25B8ECD0D9E342799802 637952 ----a-w- C:\Windows\System32\SettingSyncHost.exe
2014-01-28 06:45:21 7FA3046AC2751A408899EFD331FE1980 479744 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe
2014-01-28 06:30:28 7D26205608B992B4BB2FD047AA0F61A9 485208 ----a-w- C:\Program Files (x86)\Secunia\PSI\Uninstall.exe
2014-01-28 06:26:56 D8B9844FDFD05CD495F110FFF11C1EE5 5329480 ----a-w- C:\Users\Bhavana\Downloads\PSISetup.exe
2014-01-28 06:22:52 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\Bhavana\Downloads\TFC.exe
2014-01-27 19:58:02 70DF3BB833AE3C9F5342F539D732C990 439360 ------w- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
2014-01-27 19:58:01 22EDEE0F4CDCDDA4EAABB3DE6FB1B62C 809544 ------w- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe
2014-01-27 19:58:00 D706A63A455D31900734313CE2050FDF 15968 --s-a-r- C:\ProgramData\InstallMate\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}\Setup.exe
2014-01-27 19:52:57 7BB2B64FB93C8C2B3904436DAE891AEA 922152 ----a-w- C:\Users\Bhavana\Downloads\wpsetup.exe
=== C: other files ==
2014-01-28 09:38:21 A3DC20485D754C0769C2185BC22927A5 10095 ----a-w- C:\Users\Bhavana\AppData\Local\Microsoft\Windows\INetCache\IE\BINADT28\SMClientDB[1].vbs
2014-01-28 09:38:21 3AEE0EFF3E534F60279443BD2A51D9A8 12198 ----a-w- C:\Users\Bhavana\AppData\Local\Microsoft\Windows\INetCache\IE\UPRW11MN\SMShowMessage[1].vbs
2014-01-28 09:38:20 6DB634C11FCA96B90762B26918DEB612 3444 ----a-w- C:\Users\Bhavana\AppData\Local\Microsoft\Windows\INetCache\IE\MNW48XUD\SMProviderEnum[1].vbs
2014-01-28 09:38:20 6D71C45E948CACE4E905531A06EE5291 5747 ----a-w- C:\Users\Bhavana\AppData\Local\Microsoft\Windows\INetCache\IE\BINADT28\SMUIContainer[1].vbs
2014-01-28 09:38:20 42D3A2293DE78572A16211E1FE4889BB 7104 ----a-w- C:\Users\Bhavana\AppData\Local\Microsoft\Windows\INetCache\IE\MNW48XUD\SMUtils[1].vbs
2014-01-28 09:38:19 ED482B0ACC0EBFD44F6089C05F57D6D8 9097 ----a-w- C:\Users\Bhavana\AppData\Local\Microsoft\Windows\INetCache\IE\WAA8XTZA\SMSystemData[1].vbs
2014-01-28 09:38:19 3DDF47DFBF3EDE3DEBAE9E2A7A8FE57E 11025 ----a-w- C:\Users\Bhavana\AppData\Local\Microsoft\Windows\INetCache\IE\WAA8XTZA\SMConstantsdef[1].vbs
2014-01-28 08:02:20 8B968045D75783A09592C3105F2865DA 688992 ----a-w- C:\Users\Bhavana\Desktop\dds.com
2014-01-28 06:45:23 0E0796E3413D38A396B1C1591CE2B72E 4191232 ----a-w- C:\Windows\System32\win32k.sys
2014-01-28 06:45:05 3D9A5AC880D7AA2305812D665D24ED23 2551128 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-01-28 06:44:57 ED39D676080A1AEA755F1DEC1A8DF1A4 1119064 ----a-w- C:\Windows\System32\drivers\ndis.sys
2014-01-28 06:44:56 79B6F3DF7CDFD12159871FF71464F0CE 403456 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-01-28 06:44:53 B7342B3C58E91107F6E946A93D9D4EFD 142848 ----a-w- C:\Windows\System32\drivers\ipnat.sys
2014-01-28 06:44:52 4628B415A84EA9D4D396A56F1D0CB6C6 142680 ----a-w- C:\Windows\System32\drivers\USBSTOR.SYS
2014-01-28 06:44:49 1C89EF529DB7DCA98E801EFDCC8437DE 19456 ----a-w- C:\Windows\System32\drivers\BtaMPM.sys
2014-01-27 19:54:09 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-641775695-348987285-415288908-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4P1"
"RtHDVBg_PushButton"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /IM"
"QuickSet"="c:\Program Files\Dell\QuickSet\QuickSet.exe"
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

==== Startup Folders ======================

2013-11-29 04:35:01 1949 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2014-01-28 06:30:26 1120 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [28-01-2014 12:08]
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [06-03-2013 00:04]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"]
"C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\WINDOWS\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]
"C:\WINDOWS\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"]
"C:\WINDOWS\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"]
"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe]
"C:\WINDOWS\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{DCDEB6C2-FB58-4179-BABB-9E5BCAFF134F}" [C:\WINDOWS\system32\msfeedssync.exe]

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}"="C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi" [04-10-2013 00:29]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Bhavana\AppData\Roaming\Mozilla\Firefox\Profiles\8xuyqfpd.default
2557FBC582910A71CDEB0F22886D118D - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash
D6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner +


==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 29-01-2014 at 11:14:21.98 ======================

Thanks.
 
Hi, larrynose. Thank you for the logs.

1. Let's start with a fresh scan with Malwarebytes. Please note that when MBAM added PUPs (Potentially Unwanted Programs) to detection, PUP detection shows up unchecked on the results list by default. As a result, to save checking each individually, it is necessary to make the following change:

  • Launch Malwarebytes' Anti-Malware
  • Under Settings, select Scanner Settings.
  • Go to the section at toward the bottom, where it says “Action for potentially unwanted programs (PUP)”
  • Change the option from “Show in results list and do not check for removal” to “Show in results list and check for removal.”
2. Now, you need to scan with MBAM again:

  • Click the Update tab and "Check for Updates"
  • Once the update has been installed and the program has loaded, select Quick scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
    MBAM_SR_zps573fd52e.jpg
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.
** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

How is your computer now?
 
Hello again Corrine,
Here's the MBAM log.
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware

Database version: v2014.01.29.07

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Bhavana :: DELL [administrator]

29-01-2014 23:27:44
mbam-log-2014-01-29 (23-27-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211411
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Detected: 3
C:\Program Files (x86)\lucky leap\updateluckyleap.exe (PUP.Optional.LuckyLeap.A) -> 1780 -> Delete on reboot.
C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe (PUP.Optional.LuckyLeap.A) -> 2140 -> Delete on reboot.
C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (PUP.Optional.Wajam.A) -> 2284 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 29
HKCR\CLSID\{d77aa852-def3-43cb-a3f5-bd679de72f32} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{b8bfa10f-6ffd-44b5-9dbb-e17cbaa107ff} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
HKCR\Interface\{7F66829F-F442-431F-AF59-E4474505A67A} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\wajam.WajamBHO (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update lucky leap (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Util lucky leap (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\LUCKY LEAP (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\lucky leap (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdaterV3 (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKCU\Software\Mozilla\Firefox\Extensions|{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} (PUP.Optional.Wajam.A) -> Data: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi -> Quarantined and deleted successfully.
HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 5927 -> Quarantined and deleted successfully.
HKCU\Software\lucky leap|iid (PUP.Optional.LuckyLeap.A) -> Data: def_luckyleap -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wajam|red (PUP.Optional.Wajam.A) -> Data: 4 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 12
C:\Program Files (x86)\lucky leap (PUP.Optional.LuckyLeap.A) -> Delete on reboot.
C:\Program Files (x86)\lucky leap\bin (PUP.Optional.LuckyLeap.A) -> Delete on reboot.
C:\Program Files (x86)\lucky leap\bin\plugins (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> Delete on reboot.
C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> Delete on reboot.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.

Files Detected: 77
C:\Program Files (x86)\lucky leap\luckyleapBHO.dll (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\IE\priam_bho.dll (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
C:\Program Files (x86)\lucky leap\luckyleap.ico (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\lucky leap\luckyleapUninstall.exe (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\lucky leap\updateluckyleap.exe (PUP.Optional.LuckyLeap.A) -> Delete on reboot.
C:\Program Files (x86)\lucky leap\updateluckyleap.InstallState (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\lucky leap\bin\sqlite3.dll (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe (PUP.Optional.LuckyLeap.A) -> Delete on reboot.
C:\Program Files (x86)\lucky leap\bin\utilluckyleap.InstallState (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.16.dll (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.FFUpdate.dll (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.GCUpdate.dll (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.IEUpdate.dll (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (PUP.Optional.Wajam.A) -> Delete on reboot.
C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\amazon.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\argos.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\ask.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\bestbuy.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\bing.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\ebay.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\etsy.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\facebook.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\favicon.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\google.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\homedepot.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\ikea.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\imdb.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\lowes.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\mercado.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\mysearchweb.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\myshopping.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\searchresult.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\sears.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\setting.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\settings.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\shopping.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\target.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\tesco.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\tripadvisor.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\twitter.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\wajam.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\walmart.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\wiki.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\yahoo.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Logos\zalando.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Updater\update.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Settings.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Facebook.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Twitter.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Wajam Website.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Ask.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Bing.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Google.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\IMDb.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Shopping.com.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\TripAdvisor.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Wikipedia.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Yahoo!.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Amazon.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Argos.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ebay.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Etsy.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\HomeDepot.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ikea.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Lowe's.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Mercadolivre.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\MyShopping.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Sears.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Target.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Tesco.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Walmart.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Zalando.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Bhavana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam\uninstall.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.

(end)


I am unable to download AdwCleaner properly. When I do download it, I cannot seem to run it cos I get a message saying its an outdated version and a link(Téléchargements - Outils de Xplode - AdwCleaner) appears. I wasn't sure if its ok to download it from there.

Téléchargements - Outils de Xplode - AdwCleaner

So ,waiting to hear from you on that.
 
Yes, it is definitely safe to download it from there. That is actually the "parent" site where Xplode (the developer) posts the most recent versions, although Grinler generally has the most recent version available for direct download. Xplode must have very recently provided the update.
 
Here's the report..
# AdwCleaner v3.018 - Report created 30/01/2014 at 11:29:15
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8.1 Single Language (64 bits)
# Username : Bhavana - DELL
# Running from : C:\Users\Bhavana\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\AskBarDis
File Deleted : C:\Users\Bhavana\AppData\Roaming\Mozilla\Firefox\Profiles\8xuyqfpd.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKCU\Software\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Bhavana\AppData\Roaming\Mozilla\Firefox\Profiles\8xuyqfpd.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [5153 octets] - [30/01/2014 11:27:28]
AdwCleaner[S0].txt - [5101 octets] - [30/01/2014 11:29:15]



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5161 octets] ##########

The browsers are definitely functioning better than before.
Thank you very much.

I am aware that this is a windows forum, but I do wonder if it would be possible to help me with browser hijacking problems on my mac. Or a link to wherever else my questions can be directed. Thanks again.
 
Hi, larrynose.

Great news. Let's clean up the tools we used. You can delete Zoek from your desktop. Then do the following:

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

I will check with someone who has a Mac for advice on what steps you can take and provide an update here.
 
That was a fast answer! I already heard back from one of the Mac users and was told that they'd be happy to try and assist you. Please register at Scot's Newsletter Forums and post your question in the All Things Mac forum. Include what version you are running and which browser(s) you are having problems with.

Note: We manually approve each new member at Scot's Newsletter Forum so you will need to wait for Admin approval before you will be able to post. I have asked the other Admins to watch for your registration and I will as well.

Edit Note: By the way, due to the time difference, it is likely that there will not be an Admin available to approve your account when you register. Please don't be discouraged. I've alerted the Admins and they are watching for larrynose to register.
 
Last edited:
Sorry, I couldn't reply earlier. I am in the middle of moving houses so no internet. But I shall get back to you guys within a couple of days. Thanks again.
 
Not to worry, real life comes first! However, I'll let the folks at Scot's know about the delay.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top