Post by smb74 on Apr 17, 2015 1:45:52 GMT -8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04
Ran by Baker Family at 2015-04-17 19:42:53 Run:2
Running from C:\Users\Baker Family\Desktop
Loaded Profiles: Baker Family (Available profiles: Baker Family)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
C:\Program Files (x86)\Lavasoft
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
C:\Program Files\Lavasoft
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\...\Run: [Fatal1tySTU] => [X]
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1303872 2015-03-12] (Lavasoft)
BootExecute: autocheck autochk * bddel.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3966097637-85055233-1928392602-1000 -> DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_CJ_150413&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3966097637-85055233-1928392602-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_CJ_150413&q={searchTerms}
BHO: NoeNoizeBrowse -> {d94c203a-367c-4f5f-b044-57734bbe56e0} -> C:\Program Files (x86)\NoeNoizeBrowse\AtEoOgGHndkreF.x64.dll [2015-04-12] ()
C:\Program Files (x86)\NoeNoizeBrowse
Toolbar: HKU\S-1-5-21-3966097637-85055233-1928392602-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Hosts:
FF NewTab: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_CJ_150413
FF DefaultSearchEngine: Ad-Aware SecureSearch
FF SelectedSearchEngine: Ad-Aware SecureSearch
FF Homepage: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_CJ_150413
FF SearchPlugin: C:\Users\Baker Family\AppData\Roaming\Mozilla\Firefox\Profiles\lfena6n4.default\searchplugins\securesearch.xml [2015-04-14]
FF Extension: ActiveDeals - C:\Users\Baker Family\AppData\Roaming\Mozilla\Firefox\Profiles\lfena6n4.default\Extensions\xaluwexxjbplznbten@chvzpsoheekizf.edu [2015-04-12]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-12] (Lavasoft Limited)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-12] ()
2015-04-13 18:29 - 2015-04-13 18:31 - 00000000 ____D () C:\AdwCleaner
2015-04-12 13:59 - 2015-04-12 13:59 - 00000000 ____D () C:\Program Files (x86)\NoeNoizeBrowse
2015-04-12 13:59 - 2015-04-12 13:59 - 00000000 ____D () C:\Program Files (x86)\ActiveDiscount
C:\Users\Baker Family\AppData\Local\Temp\4460.exe
C:\Users\Baker Family\AppData\Local\Temp\c07bc887-a1d8-4edc-8e52-c94726c99716.exe
C:\Users\Baker Family\AppData\Local\Temp\F3C0.exe
C:\Users\Baker Family\AppData\Local\Temp\Quarantine.exe
C:\Users\Baker Family\AppData\Local\Temp\SpOrder.dll
C:\Users\Baker Family\AppData\Local\Temp\sqlite3.dll
Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Task: {47B87A6A-8C28-480F-B8CD-1E14CA0554C0} - System32\Tasks\{A05CEEC1-9C46-4321-8BDF-D1091AEF4C5A} => pcalua.exe -a "C:\Users\Baker Family\AppData\Roaming\mystartsearch\UninstallManager.exe" -c -ptid=bdo
C:\Users\Baker Family\AppData\Roaming\mystartsearch
Task: {61F5A5BD-9B5A-48DA-B337-595BD1D4902A} - \a8a0435c-3d56-46ac-bca3-4078e6a79e25-6 No Task File <==== ATTENTION
Task: {709A3AC1-7BDA-4CD3-B35D-8957C860DCE8} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {B8C3FE46-3B5D-4848-9CBB-C5C5890108D2} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-1.job => <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-10_user.job => <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-2.job => <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-4.job => <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-5.job => <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-5_user.job => <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-7.job => <==== ATTENTION
CMD: netsh winsock reset
Reboot:
end
*****************
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe => No running process found
"C:\Program Files (x86)\Lavasoft" => File/Directory not found.
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe => No running process found
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe => No running process found
"C:\Program Files\Lavasoft" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdAwareTray => Value not found.
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Fatal1tySTU => value deleted successfully.
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3966097637-85055233-1928392602-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}" => Key deleted successfully.
HKCR\CLSID\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d94c203a-367c-4f5f-b044-57734bbe56e0}" => Key deleted successfully.
"HKCR\CLSID\{d94c203a-367c-4f5f-b044-57734bbe56e0}" => Key deleted successfully.
C:\Program Files (x86)\NoeNoizeBrowse => Moved successfully.
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Not found.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Not found.
Hosts was reset successfully.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Users\Baker Family\AppData\Roaming\Mozilla\Firefox\Profiles\lfena6n4.default\searchplugins\securesearch.xml => Moved successfully.
C:\Users\Baker Family\AppData\Roaming\Mozilla\Firefox\Profiles\lfena6n4.default\Extensions\xaluwexxjbplznbten@chvzpsoheekizf.edu => Moved successfully.
LavasoftAdAwareService11 => Service not found.
LavasoftTcpService => Service not found.
SearchProtectionService => Service not found.
C:\AdwCleaner => Moved successfully.
"C:\Program Files (x86)\NoeNoizeBrowse" => File/Directory not found.
C:\Program Files (x86)\ActiveDiscount => Moved successfully.
"C:\Users\Baker Family\AppData\Local\Temp\4460.exe" => File/Directory not found.
C:\Users\Baker Family\AppData\Local\Temp\c07bc887-a1d8-4edc-8e52-c94726c99716.exe => Moved successfully.
"C:\Users\Baker Family\AppData\Local\Temp\F3C0.exe" => File/Directory not found.
C:\Users\Baker Family\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Baker Family\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\Baker Family\AppData\Local\Temp\sqlite3.dll => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47B87A6A-8C28-480F-B8CD-1E14CA0554C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47B87A6A-8C28-480F-B8CD-1E14CA0554C0}" => Key deleted successfully.
C:\Windows\System32\Tasks\{A05CEEC1-9C46-4321-8BDF-D1091AEF4C5A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A05CEEC1-9C46-4321-8BDF-D1091AEF4C5A}" => Key deleted successfully.
"C:\Users\Baker Family\AppData\Roaming\mystartsearch" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61F5A5BD-9B5A-48DA-B337-595BD1D4902A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61F5A5BD-9B5A-48DA-B337-595BD1D4902A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a8a0435c-3d56-46ac-bca3-4078e6a79e25-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{709A3AC1-7BDA-4CD3-B35D-8957C860DCE8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{709A3AC1-7BDA-4CD3-B35D-8957C860DCE8}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8C3FE46-3B5D-4848-9CBB-C5C5890108D2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8C3FE46-3B5D-4848-9CBB-C5C5890108D2}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => Key not found.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-1.job => Moved successfully.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-10_user.job => Moved successfully.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-2.job => Moved successfully.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-4.job => Moved successfully.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-5.job => Moved successfully.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-5_user.job => Moved successfully.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-7.job => Moved successfully.
========= netsh winsock reset =========
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 19:42:54 ====
Ran by Baker Family at 2015-04-17 19:42:53 Run:2
Running from C:\Users\Baker Family\Desktop
Loaded Profiles: Baker Family (Available profiles: Baker Family)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
C:\Program Files (x86)\Lavasoft
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
C:\Program Files\Lavasoft
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\...\Run: [Fatal1tySTU] => [X]
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1303872 2015-03-12] (Lavasoft)
BootExecute: autocheck autochk * bddel.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3966097637-85055233-1928392602-1000 -> DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_CJ_150413&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3966097637-85055233-1928392602-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_CJ_150413&q={searchTerms}
BHO: NoeNoizeBrowse -> {d94c203a-367c-4f5f-b044-57734bbe56e0} -> C:\Program Files (x86)\NoeNoizeBrowse\AtEoOgGHndkreF.x64.dll [2015-04-12] ()
C:\Program Files (x86)\NoeNoizeBrowse
Toolbar: HKU\S-1-5-21-3966097637-85055233-1928392602-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Hosts:
FF NewTab: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_CJ_150413
FF DefaultSearchEngine: Ad-Aware SecureSearch
FF SelectedSearchEngine: Ad-Aware SecureSearch
FF Homepage: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_CJ_150413
FF SearchPlugin: C:\Users\Baker Family\AppData\Roaming\Mozilla\Firefox\Profiles\lfena6n4.default\searchplugins\securesearch.xml [2015-04-14]
FF Extension: ActiveDeals - C:\Users\Baker Family\AppData\Roaming\Mozilla\Firefox\Profiles\lfena6n4.default\Extensions\xaluwexxjbplznbten@chvzpsoheekizf.edu [2015-04-12]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-12] (Lavasoft Limited)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-12] ()
2015-04-13 18:29 - 2015-04-13 18:31 - 00000000 ____D () C:\AdwCleaner
2015-04-12 13:59 - 2015-04-12 13:59 - 00000000 ____D () C:\Program Files (x86)\NoeNoizeBrowse
2015-04-12 13:59 - 2015-04-12 13:59 - 00000000 ____D () C:\Program Files (x86)\ActiveDiscount
C:\Users\Baker Family\AppData\Local\Temp\4460.exe
C:\Users\Baker Family\AppData\Local\Temp\c07bc887-a1d8-4edc-8e52-c94726c99716.exe
C:\Users\Baker Family\AppData\Local\Temp\F3C0.exe
C:\Users\Baker Family\AppData\Local\Temp\Quarantine.exe
C:\Users\Baker Family\AppData\Local\Temp\SpOrder.dll
C:\Users\Baker Family\AppData\Local\Temp\sqlite3.dll
Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Task: {47B87A6A-8C28-480F-B8CD-1E14CA0554C0} - System32\Tasks\{A05CEEC1-9C46-4321-8BDF-D1091AEF4C5A} => pcalua.exe -a "C:\Users\Baker Family\AppData\Roaming\mystartsearch\UninstallManager.exe" -c -ptid=bdo
C:\Users\Baker Family\AppData\Roaming\mystartsearch
Task: {61F5A5BD-9B5A-48DA-B337-595BD1D4902A} - \a8a0435c-3d56-46ac-bca3-4078e6a79e25-6 No Task File <==== ATTENTION
Task: {709A3AC1-7BDA-4CD3-B35D-8957C860DCE8} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {B8C3FE46-3B5D-4848-9CBB-C5C5890108D2} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-1.job => <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-10_user.job => <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-2.job => <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-4.job => <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-5.job => <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-5_user.job => <==== ATTENTION
Task: C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-7.job => <==== ATTENTION
CMD: netsh winsock reset
Reboot:
end
*****************
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe => No running process found
"C:\Program Files (x86)\Lavasoft" => File/Directory not found.
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe => No running process found
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe => No running process found
"C:\Program Files\Lavasoft" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdAwareTray => Value not found.
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Fatal1tySTU => value deleted successfully.
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3966097637-85055233-1928392602-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}" => Key deleted successfully.
HKCR\CLSID\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d94c203a-367c-4f5f-b044-57734bbe56e0}" => Key deleted successfully.
"HKCR\CLSID\{d94c203a-367c-4f5f-b044-57734bbe56e0}" => Key deleted successfully.
C:\Program Files (x86)\NoeNoizeBrowse => Moved successfully.
HKU\S-1-5-21-3966097637-85055233-1928392602-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Not found.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Not found.
Hosts was reset successfully.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Users\Baker Family\AppData\Roaming\Mozilla\Firefox\Profiles\lfena6n4.default\searchplugins\securesearch.xml => Moved successfully.
C:\Users\Baker Family\AppData\Roaming\Mozilla\Firefox\Profiles\lfena6n4.default\Extensions\xaluwexxjbplznbten@chvzpsoheekizf.edu => Moved successfully.
LavasoftAdAwareService11 => Service not found.
LavasoftTcpService => Service not found.
SearchProtectionService => Service not found.
C:\AdwCleaner => Moved successfully.
"C:\Program Files (x86)\NoeNoizeBrowse" => File/Directory not found.
C:\Program Files (x86)\ActiveDiscount => Moved successfully.
"C:\Users\Baker Family\AppData\Local\Temp\4460.exe" => File/Directory not found.
C:\Users\Baker Family\AppData\Local\Temp\c07bc887-a1d8-4edc-8e52-c94726c99716.exe => Moved successfully.
"C:\Users\Baker Family\AppData\Local\Temp\F3C0.exe" => File/Directory not found.
C:\Users\Baker Family\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Baker Family\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\Baker Family\AppData\Local\Temp\sqlite3.dll => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47B87A6A-8C28-480F-B8CD-1E14CA0554C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47B87A6A-8C28-480F-B8CD-1E14CA0554C0}" => Key deleted successfully.
C:\Windows\System32\Tasks\{A05CEEC1-9C46-4321-8BDF-D1091AEF4C5A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A05CEEC1-9C46-4321-8BDF-D1091AEF4C5A}" => Key deleted successfully.
"C:\Users\Baker Family\AppData\Roaming\mystartsearch" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61F5A5BD-9B5A-48DA-B337-595BD1D4902A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61F5A5BD-9B5A-48DA-B337-595BD1D4902A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a8a0435c-3d56-46ac-bca3-4078e6a79e25-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{709A3AC1-7BDA-4CD3-B35D-8957C860DCE8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{709A3AC1-7BDA-4CD3-B35D-8957C860DCE8}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8C3FE46-3B5D-4848-9CBB-C5C5890108D2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8C3FE46-3B5D-4848-9CBB-C5C5890108D2}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => Key not found.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-1.job => Moved successfully.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-10_user.job => Moved successfully.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-2.job => Moved successfully.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-4.job => Moved successfully.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-5.job => Moved successfully.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-5_user.job => Moved successfully.
C:\Windows\Tasks\a8a0435c-3d56-46ac-bca3-4078e6a79e25-7.job => Moved successfully.
========= netsh winsock reset =========
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 19:42:54 ====