John, this virus is still taking over my Google searches and giving me pop ups. Here are the two logs:
# AdwCleaner v3.302 - Report created 01/08/2014 at 23:23:08
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Mozart - HOMEBUSINESS-PC
# Running from : C:\Users\Mozart\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Adblocker
Folder Deleted : C:\ProgramData\MySearch
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\pricechoup
Folder Deleted : C:\ProgramData\SaveeMassS
Folder Deleted : C:\Program Files (x86)\Adblocker
Folder Deleted : C:\Program Files (x86)\TelevisionFanatic
Folder Deleted : C:\Program Files (x86)\pricechoup
Folder Deleted : C:\Program Files (x86)\SaveeMassS
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Mozart\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Mozart\AppData\Local\torch
Folder Deleted : C:\Users\Mozart\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Mozart\AppData\Roaming\OneTab
File Deleted : C:\Users\Mozart\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\Mozart\AppData\Roaming\Mozilla\Firefox\Profiles\ldnv72dy.default\searchplugins\mngr.xml
File Deleted : C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
Task Deleted : PC Optimizer Pro Updates
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dcillohgikpecbmgioknapdpcjofaafl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealioToolbar-stub-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealioToolbar-stub-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\livesupport_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings-InternalInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKCU\Software\a0dfd0e569b917
Key Deleted : HKLM\SOFTWARE\a0dfd0e569b917
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-493389286
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-792098896
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_media-player-codec-pack_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_media-player-codec-pack_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Deleted : HKCU\Software\Microsoft\ClaroDirectory
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\TelevisionFanatic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sw-boo~1\assist~1.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\pc_boo~1\assist~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\PC_BOO~1\ASSIST~2.DLL
Key Deleted : HKLM\Software\Classes\Installer\Features\F092B960893592640A90584BCB4B1B9B
Key Deleted : HKLM\Software\Classes\Installer\Products\F092B960893592640A90584BCB4B1B9B
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7601.18487
-\\ Mozilla Firefox v31.0 (x86 en-US)
[ File : C:\Users\Mozart\AppData\Roaming\Mozilla\Firefox\Profiles\ldnv72dy.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.wonderfulsearches.info/?pid=377&r=2014/07/29&hid=4881289388557932063&lg=EN&cc=US&unqvl=60&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.1w2QBuBjYW.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Deleted : user_pref("extensions.S8VaN.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Line Deleted : user_pref("extensions.VCtGO1Rh.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.xybL.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
Line Deleted : user_pref("extensions.yVsipA4cp.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]
Line Deleted : user_pref("extensions.z4F.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [11247 octets] - [01/08/2014 23:21:46]
AdwCleaner[S0].txt - [10874 octets] - [01/08/2014 23:23:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10935 octets] ##########
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Mozart on Fri 08/01/2014 at 23:29:52.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1247566685-3204817280-1395948680-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{461fc775-35b6-4d0b-9ff3-af280bfaba83}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A098C1C-1AF6-4400-91CE-77CAE6EE2B72}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7E8D6A1D-9CF4-4A8C-8963-C67918F1F94C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F8D46F78-3131-4931-ABFC-0F8B743173DA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{461fc775-35b6-4d0b-9ff3-af280bfaba83}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Mozart\appdata\local\{23D04A75-00C3-41CA-B6CD-5D50F5DEE2D8}
Successfully deleted: [Empty Folder] C:\Users\Mozart\appdata\local\{2EAE3DCB-7133-4A02-927B-8D42B36B5A1B}
Successfully deleted: [Empty Folder] C:\Users\Mozart\appdata\local\{A57E4E25-B82B-46B5-BE8E-C53FD7FEE3C6}
~~~ FireFox
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected]"
Successfully deleted the following from C:\Users\Mozart\AppData\Roaming\mozilla\firefox\profiles\ldnv72dy.default\prefs.js
user_pref("extensions.S8VaN.url", "hxxp://installsunny.us/sync2/?q=hfZ9ofV9CShEAen0rHC6tMqLDe49CNU0nUkMCMlNhd9Fqda6rTUFqdkHrTrMBzqUojw9rdYErjwFqdUHpih7hfs0pihPBMn0qdw8qHk5pdC7
Emptied folder: C:\Users\Mozart\AppData\Roaming\mozilla\firefox\profiles\ldnv72dy.default\minidumps [159 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Mozart\appdata\local\Google\Chrome\User Data\Default\Extensions\cbnocfnjkmlljbfgpkbhefnlpbiemhif
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cbnocfnjkmlljbfgpkbhefnlpbiemhif
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/01/2014 at 23:34:27.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
