WSSCRIPT.EXE Threat detected

  1. Detected automatically by Avast.
    Exact message is:
    avast! web shield has blocked a hamrful webpage or file
    Object: http://ludvanjohnson.zapto.org:4955/is
    URL:Mal
    Process: C:\Windows\System32\wscript.exe
  2. Website
  3. downloaded 09/20/2014
    4.Don’t remember, deleted it
  4. Exact message is:
    avast! web shield has blocked a hamrful webpage or file
    Object: http://ludvanjohnson.zapto.org:4955/is
    URL:Mal
    Process:C:\Windows\System32\wscript.exe
  5. Scanned many times and nothing happens
  6. I’ve scanned with malwarebytes, mcshield, and jrt, nothing seems to have solved this issue.
    JRT LOG:
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Long on Sat 09/20/2014 at 19:32:56.57



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricspal
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\utorrentbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Long\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\Long\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Long\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Long\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Users\Long\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Long\appdata\locallow\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\adawaretb"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\Long\AppData\Roaming\mozilla\firefox\profiles\qtdxku42.default\user.js
Successfully deleted the following from C:\Users\Long\AppData\Roaming\mozilla\firefox\profiles\qtdxku42.default\prefs.js

user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
user_pref("browser.search.selectedEngine", "Astromenda");
Emptied folder: C:\Users\Long\AppData\Roaming\mozilla\firefox\profiles\qtdxku42.default\minidumps [4 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp



~~~ Event Viewer Logs were cleared





Scan was completed on Sat 09/20/2014 at 19:50:01.18
End of JRT log

Any help is greatly appreciated, thank you very much.

attach Farbar Recovery Scan Tool diagnostic logs in your next reply
you find it here https://forum.avast.com/index.php?topic=53253.0

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Long (administrator) on LONG-PC on 22-09-2014 13:35:01
Running from G:\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) F:\Program Files\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Skype Technologies) D:\Programs\Skype\Updater\Updater.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Long\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Long\AppData\Local\Akamai\netsession_win.exe
(TeamViewer GmbH) G:\New folder\TeamViewer_Service.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Skillbrains) C:\Users\Long\AppData\Local\Skillbrains\lightshot\5.1.4.9\Lightshot.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Google Inc.) C:\Users\Long\AppData\Local\Google\Chrome\Application\chrome.exe
(MyCity) G:\McShield\MCShieldRTM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Long\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) D:\Programs\Itunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) F:\Program Files\Avast\avastui.exe
(Adobe Systems Incorporated) D:\Programs\AdobeReader\Reader\reader_sl.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH) G:\New folder\TeamViewer.exe
(Google Inc.) C:\Users\Long\AppData\Local\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) G:\New folder\tv_w32.exe
(TeamViewer GmbH) G:\New folder\tv_x64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Users\Long\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Long\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Long\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM.…\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2085160 2010-03-04] (Synaptics Incorporated)
HKLM.…\Run: [IntelTBRunOnce] => wscript.exe //b //nologo “C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs”
HKLM.…\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM.…\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM.…\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM.…\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM.…\Run: [Nvtmru] => “C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe”
HKLM.…\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM.…\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM.…\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM-x32.…\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [899072 2010-03-24] (Creative Technology Ltd)
HKLM-x32.…\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32.…\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32.…\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32.…\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-12-08] (cyberlink)
HKLM-x32.…\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32.…\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32.…\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32.…\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32.…\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32.…\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32.…\Run: [iTunesHelper] => D:\Programs\Itunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32.…\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32.…\Run: =>
HKLM-x32.…\Run: [AvastUI.exe] => F:\Program Files\Avast\AvastUI.exe [4085896 2014-08-08] (AVAST Software)
HKLM-x32.…\Run: [drivers] => wscript.exe //B “C:\Users\Long\AppData\Local\Temp\drivers.vbe”
HKU.DEFAULT.…\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-19] (Microsoft Corporation)
HKU\S-1-5-21-325623103-982688984-2047028564-1001.…\Run: [Google Update] => C:\Users\Long\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-12-06] (Google Inc.)
HKU\S-1-5-21-325623103-982688984-2047028564-1001.…\Run: [Akamai NetSession Interface] => C:\Users\Long\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-325623103-982688984-2047028564-1001.…\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-06-06] (SUPERAntiSpyware.com)
HKU\S-1-5-21-325623103-982688984-2047028564-1001.…\Run: [LightShot] => C:\Users\Long\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()
HKU\S-1-5-21-325623103-982688984-2047028564-1001.…\Run: [drivers] => wscript.exe //B “C:\Users\Long\AppData\Local\Temp\drivers.vbe” <===== ATTENTION
HKU\S-1-5-21-325623103-982688984-2047028564-1001.…\Run: [MCShield Monitor] => G:\McShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-325623103-982688984-2047028564-1001.…\MountPoints2: {4fc70072-2af3-11e3-8bc4-74f06da8e2c8} - H:\VZW_Software_upgrade_assistant.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk → C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk → D:\Programs\Crash Plan\CrashPlanTray.exe (No File)
Startup: C:\Users\Long\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\drivers.vbe ()
ShellIconOverlayIdentifiers: 00avast → {472083B0-C522-11CF-8763-00608CC02F24} => F:\Program Files\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_49_ch&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtA0FtC0ByCtD0CtAyB0DtN0D0Tzu0SzyyDtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0FtBtB0D0AtG0Czz0FzztGzzzzyC0FtG0CtD0F0FtGyE0D0E0FtAyE0Fzzzyzyzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0CtDtDtA0FzytG0FtAtAzytGzz0AtD0AtG0B0CtBtDtGyB0D0E0DtDtC0AyB0E0FyByC2Q&cr=741082132&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_49_ch&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtA0FtC0ByCtD0CtAyB0DtN0D0Tzu0SzyyDtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0FtBtB0D0AtG0Czz0FzztGzzzzyC0FtG0CtD0F0FtGyE0D0E0FtAyE0Fzzzyzyzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0CtDtDtA0FzytG0FtAtAzytGzz0AtD0AtG0B0CtBtDtGyB0D0E0DtDtC0AyB0E0FyByC2Q&cr=741082132&ir=
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_49_ch&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtA0FtC0ByCtD0CtAyB0DtN0D0Tzu0SzyyDtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0FtBtB0D0AtG0Czz0FzztGzzzzyC0FtG0CtD0F0FtGyE0D0E0FtAyE0Fzzzyzyzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0CtDtDtA0FzytG0FtAtAzytGzz0AtD0AtG0B0CtBtDtGyB0D0E0DtDtC0AyB0E0FyByC2Q&cr=741082132&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_49_ch&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtA0FtC0ByCtD0CtAyB0DtN0D0Tzu0SzyyDtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0FtBtB0D0AtG0Czz0FzztGzzzzyC0FtG0CtD0F0FtGyE0D0E0FtAyE0Fzzzyzyzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0CtDtDtA0FzytG0FtAtAzytGzz0AtD0AtG0B0CtBtDtGyB0D0E0DtDtC0AyB0E0FyByC2Q&cr=741082132&ir=
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class → {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} → C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → F:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name → {5C255C8A-E604-49b4-9D64-90988571CECB} → No File
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → F:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:

FireFox:

FF ProfilePath: C:\Users\Long\AppData\Roaming\Mozilla\Firefox\Profiles\qtdxku42.default
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE → disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 → D:\Programs\Itunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 → C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 → C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 → C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 → C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE → disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin → C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader → D:\Programs\AdobeReader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 → C:\Users\Long\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 → C:\Users\Long\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Lavasoft Search Plugin - C:\Users\Long\AppData\Roaming\Mozilla\Firefox\Profiles\qtdxku42.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-11-01]
FF HKLM-x32.…\Firefox\Extensions: [wrc@avast.com] - F:\Program Files\Avast\WebRep\FF
FF Extension: avast! Online Security - F:\Program Files\Avast\WebRep\FF [2014-08-08]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:

CHR DefaultSearchURL: Default → https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR Profile: C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Google Wallet) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM-x32.…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - F:\Program Files\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-08]
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 avast! Antivirus; F:\Program Files\Avast\AvastSvc.exe [50344 2014-08-08] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-10-06] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-10-06] (Creative Labs) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-03-17] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4865496 2011-08-08] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-10] ()
R2 SkypeUpdate; D:\Programs\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
R2 TeamViewer9; G:\New folder\TeamViewer_Service.exe [4799760 2014-09-12] (TeamViewer GmbH)
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S2 BstHdAndroidSvc; “C:\Program Files (x86)\BlueStacks\HD-Service.exe” BstHdAndroidSvc Android
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-08] ()
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69120 2010-09-24] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [16896 2007-03-20] (http://libusb-win32.sourceforge.net) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-30] () [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 WinRing0_1_2_0; C:\Users\Long\Downloads\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; No ImagePath
U3 a5ul3twy; No ImagePath
S2 BstHdDrv; ??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
S3 cpuz135; ??\C:\Users\Long\AppData\Local\Temp\cpuz135\cpuz135_x64.sys
S3 MREMP50a64; ??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
S3 MREMPR5; ??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
S3 MRENDIS5; ??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
S3 MRESP50a64; ??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
S1 SBRE; ??\C:\Windows\system32\drivers\SBREdrv.sys
S3 sj; ??\D:\Programs\EdenEternal\sjcs64.sys
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys
S3 X6va003; ??\C:\Users\Long\AppData\Local\Temp\003E465.tmp
S3 X6va013; ??\C:\Windows\SysWOW64\Drivers\X6va013
S3 X6va016; ??\C:\Windows\SysWOW64\Drivers\X6va016

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 19:50 - 2014-09-20 19:50 - 00004963 _____ () C:\Users\Long\Desktop\JRT.txt
2014-09-20 19:32 - 2014-09-20 19:32 - 00000000 ____D () C:\Windows\ERUNT
2014-09-20 19:07 - 2014-09-22 13:35 - 00000000 ____D () C:\FRST
2014-09-20 19:02 - 2014-09-20 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-09-20 19:01 - 2014-09-22 13:34 - 00000000 ____D () C:\ProgramData\MCShield
2014-09-10 18:15 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 18:15 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 18:15 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 18:15 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 18:15 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 18:15 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 18:15 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 18:15 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 18:15 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 18:15 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 18:15 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 18:15 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 18:15 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 18:15 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 18:15 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 18:15 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 18:15 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 18:15 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 18:15 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 18:15 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 18:15 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 18:15 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 18:15 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 18:15 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 18:15 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 18:15 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 18:15 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 18:15 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 18:15 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 18:15 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 18:15 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 18:15 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 18:15 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 18:15 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 18:15 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 18:15 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 18:15 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 18:15 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 18:15 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 18:15 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 18:15 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 18:15 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 18:15 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 18:15 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 18:15 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 18:15 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 18:15 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 18:15 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 18:15 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 18:15 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 18:15 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 18:15 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 18:15 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 18:15 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 18:15 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 18:15 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 17:57 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 17:57 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 17:57 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 17:57 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 17:57 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-28 11:57 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 11:57 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 11:57 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 13:35 - 2014-09-20 19:07 - 00000000 ____D () C:\FRST
2014-09-22 13:34 - 2014-09-20 19:01 - 00000000 ____D () C:\ProgramData\MCShield
2014-09-22 13:34 - 2012-11-30 19:44 - 00173910 _____ () C:\Windows\setupact.log
2014-09-22 13:34 - 2010-10-06 05:06 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 13:33 - 2012-05-22 17:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-22 13:33 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 17:23 - 2011-01-08 22:06 - 00000000 ____D () C:\Users\Long\AppData\Roaming\vlc
2014-09-21 17:23 - 2010-12-25 19:32 - 00000000 ____D () C:\Users\Long\AppData\Roaming\uTorrent
2014-09-21 17:23 - 2010-10-06 04:54 - 01431377 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 17:20 - 2013-02-22 21:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 16:57 - 2010-10-06 05:06 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-21 16:51 - 2010-12-27 19:03 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-325623103-982688984-2047028564-1001UA.job
2014-09-21 15:44 - 2014-07-15 06:36 - 00000386 _____ () C:\Windows\Tasks\update-sys.job
2014-09-21 14:46 - 2014-07-15 06:36 - 00000386 _____ () C:\Windows\Tasks\update-S-1-5-21-325623103-982688984-2047028564-1001.job
2014-09-21 12:12 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 12:12 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 12:11 - 2009-07-13 22:13 - 00779266 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-21 12:06 - 2010-10-06 05:30 - 00002798 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-09-20 19:51 - 2010-12-27 19:03 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-325623103-982688984-2047028564-1001Core.job
2014-09-20 19:50 - 2014-09-20 19:50 - 00004963 _____ () C:\Users\Long\Desktop\JRT.txt
2014-09-20 19:33 - 2014-06-29 12:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-20 19:32 - 2014-09-20 19:32 - 00000000 ____D () C:\Windows\ERUNT
2014-09-20 19:02 - 2014-09-20 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-09-20 17:44 - 2011-12-25 22:59 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-09-20 17:44 - 2011-12-25 22:12 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-20 17:44 - 2011-12-11 22:33 - 00000000 ____D () C:\Users\Long\AppData\Roaming\Skype
2014-09-20 10:26 - 2014-03-30 10:22 - 00000000 ____D () C:\Users\Long\AppData\Local\Battle.net
2014-09-15 19:28 - 2014-07-15 06:39 - 00000564 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-15 19:28 - 2014-07-15 06:39 - 00000564 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-15 18:44 - 2014-07-15 06:36 - 00003258 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-325623103-982688984-2047028564-1001
2014-09-15 18:44 - 2014-07-15 06:36 - 00000434 _____ () C:\Users\Long\AppData\Local\UserProducts.xml
2014-09-15 18:44 - 2014-07-15 06:36 - 00000000 ____D () C:\Users\Long\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-09-14 11:11 - 2014-08-08 00:54 - 00004152 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-12 18:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 12:53 - 2013-06-27 08:43 - 00002362 _____ () C:\Users\Long\Desktop\Google Chrome.lnk
2014-09-10 21:20 - 2013-02-22 21:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 21:20 - 2013-02-22 21:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 21:20 - 2013-02-22 21:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 18:19 - 2010-12-06 02:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 18:14 - 2011-01-29 00:39 - 00773482 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 18:12 - 2012-11-30 20:08 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 18:12 - 2012-11-30 20:08 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-10 18:11 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 18:11 - 2012-11-30 20:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 18:11 - 2012-11-30 20:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-10 18:08 - 2013-07-12 13:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-06 13:12 - 2011-12-25 22:12 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-08-28 18:13 - 2009-07-13 21:45 - 00412592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 18:47 - 2011-12-11 22:33 - 00000000 ____D () C:\ProgramData\Skype
2014-08-25 11:44 - 2009-07-13 22:08 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:

C:\Users\Long\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplwrot8.dll
C:\Users\Long\AppData\Local\Temp\DSETUP.dll
C:\Users\Long\AppData\Local\Temp\dsetup32.dll
C:\Users\Long\AppData\Local\Temp\DXSETUP.exe
C:\Users\Long\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Long\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Long\AppData\Local\Temp\nvStInst.exe
C:\Users\Long\AppData\Local\Temp\SHSetup.exe
C:\Users\Long\AppData\Local\Temp\uttD385.tmp.exe
C:\Users\Long\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Long\AppData\Local\Temp\Wildstar.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-16 22:08

==================== End Of Log ============================

Let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM-x32\...\Run: [drivers] => wscript.exe //B "C:\Users\Long\AppData\Local\Temp\drivers.vbe" HKU\S-1-5-21-325623103-982688984-2047028564-1001\...\Run: [drivers] => wscript.exe //B "C:\Users\Long\AppData\Local\Temp\drivers.vbe" <===== ATTENTION Startup: C:\Users\Long\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\drivers.vbe () SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_49_ch&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtA0FtC0ByCtD0CtAyB0DtN0D0Tzu0SzyyDtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0FtBtB0D0AtG0Czz0FzztGzzzzyC0FtG0CtD0F0FtGyE0D0E0FtAyE0Fzzzyzyzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0CtDtDtA0FzytG0FtAtAzytGzz0AtD0AtG0B0CtBtDtGyB0D0E0DtDtC0AyB0E0FyByC2Q&cr=741082132&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_49_ch&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtA0FtC0ByCtD0CtAyB0DtN0D0Tzu0SzyyDtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0FtBtB0D0AtG0Czz0FzztGzzzzyC0FtG0CtD0F0FtGyE0D0E0FtAyE0Fzzzyzyzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0CtDtDtA0FzytG0FtAtAzytGzz0AtD0AtG0B0CtBtDtGyB0D0E0DtDtC0AyB0E0FyByC2Q SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_49_ch&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtA0FtC0ByCtD0CtAyB0DtN0D0Tzu0SzyyDtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0FtBtB0D0AtG0Czz0FzztGzzzzyC0FtG0CtD0F0FtGyE0D0E0FtAyE0Fzzzyzyzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0CtDtDtA0FzytG0FtAtAzytGzz0AtD0AtG0B0CtBtDtGyB0D0E0DtDtC0AyB0E0FyByC2Q&cr=741082132&ir= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_49_ch&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtA0FtC0ByCtD0CtAyB0DtN0D0Tzu0SzyyDtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0FtBtB0D0AtG0Czz0FzztGzzzzyC0FtG0CtD0F0FtGyE0D0E0FtAyE0Fzzzyzyzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0CtDtDtA0FzytG0FtAtAzytGzz0AtD0AtG0B0CtBtDtGyB0D0E0DtDtC0AyB0E0FyByC2Q&cr=741082132&ir= SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; No ImagePath U3 a5ul3twy; No ImagePath U3 tmlwf; No ImagePath U3 tmwfp; No ImagePath S3 X6va003; \??\C:\Users\Long\AppData\Local\Temp\003E465.tmp [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] 2014-09-21 15:44 - 2014-07-15 06:36 - 00000386 _____ () C:\Windows\Tasks\update-sys.job 2014-09-21 14:46 - 2014-07-15 06:36 - 00000386 _____ () C:\Windows\Tasks\update-S-1-5-21-325623103-982688984-2047028564-1001.job 2014-09-15 18:44 - 2014-07-15 06:36 - 00003258 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-325623103-982688984-2047028564-1001 EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download Anti VBS/VBE to your desktop

[]download the appropriate version (32 bit or 64 bit) and double click the file to run it.
[
]After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
[*]Post that report

Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run

FINALLY

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

AdwCleaner v3.310 - Report created 23/09/2014 at 22:16:03

Updated 12/09/2014 by Xplode

Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

Username : Long - LONG-PC

Running from : G:\Downloads\AdwCleaner.exe

Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Skillbrains
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Users\Long\AppData\Local\Skillbrains
Folder Deleted : C:\Users\Long\AppData\Roaming\Mozilla\Firefox\Profiles\qtdxku42.default\adawaretb

***** [ Scheduled Tasks ] *****

Task Deleted : update-sys

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [LightShot]
Key Deleted : HKLM\SOFTWARE\Classes\AppID{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKCU\Software\Astromenda
Key Deleted : HKCU\Software\SkillBrains
Key Deleted : HKLM\SOFTWARE\SkillBrains
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\ Internet Explorer v11.0.9600.17280

-\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Long\AppData\Roaming\Mozilla\Firefox\Profiles\qtdxku42.default\prefs.js ]

Line Deleted : user_pref(“browser.uiCustomization.state”, "{"placements":{"PanelUI-contents":["edit-controls","zoom-controls","new-window-button","privatebrowsing-button","save-page-button","print-but[…]

-\ Google Chrome v

[ File : C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_49_ch&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtA0FtC0ByCtD0CtAyB0DtN0D0Tzu0SzyyDtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0FtBtB0D0AtG0Czz0FzztGzzzzyC0FtG0CtD0F0FtGyE0D0E0FtAyE0Fzzzyzyzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0CtDtDtA0FzytG0FtAtAzytGzz0AtD0AtG0B0CtBtDtGyB0D0E0DtDtC0AyB0E0FyByC2Q&cr=741082132&ir=


AdwCleaner[R0].txt - [2067 octets] - [23/09/2014 21:31:05]
AdwCleaner[S0].txt - [2502 octets] - [23/09/2014 22:16:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2562 octets] ##########

Thank you!

Have the alerts ceased

Yes, thank you!