Multiple running processes of ie and Chrome using up serious memory and causing program lockups

[LadyGreenWitch]

Hi Mal,
Thanks for sticking with me on this. I really appreciate it. Things seem to be working pretty darn well. So far so good. The service out here is poor a lot of the time, but taking that into consideration the lockups are much better. I think we may finally be at the end of this madness. Looking forward to your reply.

TTFN,
LGW

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Teresa's Laptop (2015-10-01 13:56:25) Run:9
Running from C:\Users\Teresa's Laptop\Desktop
Loaded Profiles: Teresa's Laptop (Available Profiles: Teresa's Laptop)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\GWX\GWX.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-09-10] ()
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3797571617-2345687493-384676197-1002 -> OldDefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3797571617-2345687493-384676197-1002: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll No File
FF Plugin HKU\S-1-5-21-3797571617-2345687493-384676197-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-3797571617-2345687493-384676197-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 ogmservice; "C:\Program Files (x86)\Online Games Manager\ogmservice.exe" --service-run [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Windows\system32\GWX
C:\Windows\SysWOW64\GWX
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job
C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
C:\Windows\system32\Drivers\etc\hosts_bak_236
C:\Windows\System32\Tasks\SidebarExecute
C:\Windows\system32\Drivers\etc\hosts_bak_245
C:\Windows\system32\Drivers\TrueSight.sys
C:\ProgramData\Comodo
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
C:\ProgramData\AVAST Software
C:\ProgramData\Real
015-09-23 18:36 - 2015-09-23 18:36 - 0000017 _____ () C:\Users\Teresa's Laptop\AppData\Local\resmon.resmoncfg
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Task: {A9EA09CC-0210-4813-9E2E-C3929101A8B6} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {CEBD64CB-0BA9-4BF9-909A-7C46A4503760} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com
CMD: netsh winsock reset catalog
hosts:
Emptytemp:
reboot:
end


*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\GWX\GWX.exe => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled => moved successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3797571617-2345687493-384676197-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\OldDefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => key removed successfully
HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => not found.
"HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin" => key removed successfully
C:\Program Files (x86)\PDFlite\npPdfViewer.dll => not found.
"HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll => moved successfully
"HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll => not found.
WinDefend => service removed successfully
ogmservice => service removed successfully
catchme => service removed successfully
C:\Windows\system32\GWX => moved successfully
C:\Windows\SysWOW64\GWX => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job => moved successfully
C:\Users\Public\Desktop\Post Win10 Spybot-install.exe => moved successfully
C:\Windows\system32\Drivers\etc\hosts_bak_236 => moved successfully
C:\Windows\System32\Tasks\SidebarExecute => moved successfully
C:\Windows\system32\Drivers\etc\hosts_bak_245 => moved successfully
C:\Windows\system32\Drivers\TrueSight.sys => moved successfully
C:\ProgramData\Comodo => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\ProgramData\Real => moved successfully
015-09-23 18:36 - 2015-09-23 18:36 - 0000017 _____ () C:\Users\Teresa's Laptop\AppData\Local\resmon.resmoncfg => Error: No automatic fix found for this entry.
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9EA09CC-0210-4813-9E2E-C3929101A8B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9EA09CC-0210-4813-9E2E-C3929101A8B6}" => key removed successfully
C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tweaking.com - Windows Repair Tray Icon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEBD64CB-0BA9-4BF9-909A-7C46A4503760}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEBD64CB-0BA9-4BF9-909A-7C46A4503760}" => key removed successfully
C:\Windows\System32\Tasks\SidebarExecute => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job => not found.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123topsearch.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.co.uk" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12w.net" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\132.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337-crew.to" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337crew.info" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\136136.net" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\150freesms.de" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\163ns.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17-plus.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\171203.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17concepts.info" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1800searchonline.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180searchassistant.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ghporn.info" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1importantiamreal.com" => key removed successfully

========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 348.9 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 14:01:16 ====



VirIT eXplorer Lite Log

[SCANNING MEMORY]
OK
--------------------------------------------------------
01/10/2015 - 14:09:19

[SCANNING REGISTRY]
OK

[C:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FileAssociationManager\FAM.exe.vir Infect of PUP.Win32.AmnisTech.A
* * * CLEAN * * *
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\ReiGuard.exe.vir Infect of PUP.Win32.Reimage.A
* * * CLEAN * * *
C:\Old Disk\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Teresa.reg Infect of Trojan.Win32.Startpage.CFX
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Teresa.reg Infect of Trojan.Win32.Startpage.CFX
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2a-Teresa.reg Infect of Trojan.Win32.Startpage.CFX
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Application Data\Real\RealPlayer\Update\RealPlayer11.exe Infect of Trojan.Win32.DownLoad1.NWI
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Desktop\Tools\Installs\avg_free_stb_all_2011_1153_cnet.exe -> avgrunasx.exe Infect of Trojan.Win32.Inject1.DAPL
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Desktop\wrar350.exe Infect of Trojan.Win32.Agent2.WQF
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Local Settings\Temporary Internet Files\Content.IE5\BRUDHJ2S\avg_free_stb_all_2011_1153_cnet[1].exe -> avgrunasx.exe Infect of Trojan.Win32.Inject1.DAPL
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Common Files\SpeechEngines\Microsoft\SR61\1033\ITNGRAM.DLL Infect of Trojan.Win32.Crypt_s.FWA
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Dream Chronicles - The Book of Air\xgmddkd.exe Infect of Trojan.Win32.Generic.MZ
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\iWin.com\Nancy Drew Blackmoor\NancyDrewCurse.ifn Infect of Backdoor.Win32.Bandok.B
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Midnight Mysteries - Salem Witch Trials\hqxwpqp.exe Infect of Trojan.Win32.Generic.MZ
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll Infect of Adware.Win32.Coupons.A
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll Infect of Adware.Win32.Coupons.A
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Enforce.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\mmlicmgr.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\MMCodec.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\MP3.cdc Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\wma.out Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\wma.inp Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Music Services\mmlicmgr.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Music Services\MP3Pro.cdc Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Music Services\Musicmatch Update\WMP\MP3Pro.cdc Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Enforce.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\MMCodec.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\MP3.cdc Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll Infect of Spyware.ViewPoint.A
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\WebEx\WebEx\832\atscjoin.exe Infect of Trojan.Win32.Generic.CMDR
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Yahoo!\Common\Yshortcut.exe Infect of Trojan.Win32.Click2.BVBU
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Yahoo!\Messenger\YServer.exe Infect of Trojan.Win32.Generic.BYKS
* * * CLEAN * * *
C:\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\Templates\CrazyTalk 4 Template\Effect\Stork.js Infect of I-WORM.JS.A
* * * CLEAN * * *
C:\Program Files (x86)\ERUNT\NTREGOPT.EXE Infect of Trojan.Win32.Banker6.CDPF
* * * CLEAN * * *
C:\Program Files (x86)\Google\Picasa3\PicasaUpdater.exe Infect of Trojan.Win32.Click.CQE
* * * CLEAN * * *
C:\USERS\TERESA'S LAPTOP\DESKTOP\MYPHONEEXPLORER PORTABLE\DLL\MPECLIENT.APK -> classes.dex Infect of Android.Trj.SMSAgent-S.Gen
* * * CLEAN * * *
C:\Users\Teresa's Laptop\Downloads\Installer_mysteriesnevervrunestoneoflight.exe Infect of Trojan.Win32.Stealer.TMS
* * * CLEAN * * *
C:\USERS\TERESA'S LAPTOP\SD CARD DOWNLOAD\DOWNLOAD\360MOBILESAFE_1.0.0.1084.APK -> classes.dex Infect of Android.Trj.SMSAgent-S.Gen
* * * CLEAN * * *
C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll Infect of PUP.Win32.Linkury.A
* * * CLEAN * * *
[D:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK
Infected Registry keys: 0.
Files infected: 39.
Files suspected: 0.
Files scanned: 728843.
Files totals: 728843.
Registry keys clean: 0.
Files cleaned: 38.

 

[Malnutrition]

Lets run a couple new programs, then change settings for another for that you currently have. When you have completed these steps, we will clean up all the tools we used and I will make some suggestions to you on how to save some bandwidth and keep from being infected again..

Step 1: Have CCleaner Remove All Temp Files at each Reboot of your machine!

Lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

• Hit options.
• Settings.
• Place a tick to run Ccleaner when the computer starts.

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

STEP 2: Disable USB Autoruns with USB Fix.

Download USB Fix from the link below.
http://www.telecharger.sosvirus.net/download/usbfix/
You click the button that reads. Telecharger.

Wait on the countdown to complete, save the file to your desktop.
Right Click run as ADMIN. Then Click on the Clean Button.
Decline offer from their help site, a report will be generated on your desktop please post that in your next reply.
NOTE!! This program will close unessential items, save any work prior to running.


STEP Three FINAL Virus Scan with eScanAV

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/en/antivirus...ter.asp?pcode=MWAV&src=english_dwn&type=alter

Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
Once you have updated the program, make sure the settings are the same as the picture below.

Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.

Copy and paste entire log into your next reply.
Note: Reboot after you remove infections.

 

[LadyGreenWitch]

OkeeDokee Mal,
Here you go mate, what else needs doin?
TTFN,
LGW



################## | System information |

MB: Dell Inc. (0XN71K)
CPU: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
GC: NVIDIA GeForce GT 555M
RAM -> [Total : 8086 Mo | Free : 5579 Mo]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Google Chrome : 45.0.2454.101

################## | Security Information |

AV: 360 Total Security [Enabled |Updated]
AS: 360 Total Security [Enabled |Updated]
AS: Malwarebytes Anti-Malware : 2.1.8.1057
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 452 Gb (197 Gb free - 44%) [OSDisk] # NTFS
D:\ -> Fixed disk # 14 Gb (7 Gb free - 53%) [Recovery] # NTFS
F:\ -> Fixed disk # 466 Gb (465 Gb free - 100%) [DATAPART1] # NTFS

################## | Generic Research |


(!) Temporary files deleted. (32.174877166748 MB)

################## | Startup |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\System32\userinit.exe,
04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKLM\..\Run : [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start
04 - HKLM\..\Run : [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
04 - HKU\S-1-5-21-3797571617-2345687493-384676197-1002\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04GS - NETGEAR A6100 Genie.lnk : C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe

################## | UsbFix - Information |

Info : How to remove shortcut virus on flash disk (Video)
Info : Shortcut virus on flash disk, What is it ?
Live detection : http://how-to-remove.us/

################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

[25/10/2013 - 14:02:18 | A | 2 Ko] - C:\logFileUI.txt
[13/09/2015 - 03:52:33 | A | 32 Ko] - C:\ComboFix.txt
[02/10/2015 - 19:40:03 | ASH | 6210176 Ko] - C:\hiberfil.sys
[02/10/2015 - 19:40:14 | ASH | 8280236 Ko] - C:\pagefile.sys
[01/10/2015 - 13:50:47 | D] - C:\Config.Msi
[12/09/2015 - 16:04:23 | A | 0 Ko] - C:\zoek-results2015-09-12-230423.log
[12/02/2014 - 22:06:23 | A | 0 Ko] - C:\AVScanner.ini
[01/12/2006 - 23:37:14 | A | 884 Ko] - C:\msdia80.dll
[15/01/2014 - 17:42:40 | A | 594 Ko] - C:\SecurityScanner.dll
[20/11/2014 - 19:43:51 | A | 20 Ko] - C:\bootsqm.dat
[05/11/2013 - 20:05:42 | A | 0 Ko] - C:\local.conf
[17/05/2011 - 04:12:52 | A | 151 Ko] - C:\splash.bmp
[13/09/2015 - 03:43:44 | SHD] - C:\$RECYCLE.BIN
[17/06/2011 - 04:27:01 | RAS | 8 Ko] - C:\BOOTSECT.BAK
[13/07/2009 - 20:20:08 | D] - C:\PerfLogs
[13/07/2009 - 22:08:56 | SHD] - C:\Documents and Settings
[20/11/2010 - 20:23:51 | RASH | 375 Ko] - C:\bootmgr
[17/06/2011 - 04:22:56 | D] - C:\Hotfix
[17/06/2011 - 05:28:14 | D] - C:\Recovery
[11/01/2014 - 02:41:19 | D] - C:\first_launch
[16/01/2014 - 17:06:52 | D] - C:\inetpub
[16/01/2014 - 17:21:44 | D] - C:\bront
[16/01/2014 - 17:25:45 | D] - C:\Brother
[25/04/2014 - 10:22:37 | AD] - C:\Old Disk
[22/05/2014 - 20:26:39 | D] - C:\dell
[27/06/2014 - 15:14:11 | D] - C:\temp
[23/02/2015 - 13:05:25 | RHD] - C:\MSOCache
[11/03/2015 - 04:34:39 | D] - C:\Boot
[07/04/2015 - 19:57:24 | D] - C:\AVAST Software
[16/07/2015 - 12:03:55 | D] - C:\GameHouse Games
[11/09/2015 - 17:42:56 | D] - C:\AdwCleaner
[12/09/2015 - 17:37:54 | D] - C:\zoek_backup
[12/09/2015 - 17:46:22 | D] - C:\zoek
[13/09/2015 - 03:52:36 | D] - C:\Qoobox
[16/09/2015 - 05:49:46 | RD] - C:\Users
[25/09/2015 - 01:32:35 | D] - C:\RegBackup
[01/10/2015 - 11:37:21 | RD] - C:\Program Files (x86)
[01/10/2015 - 12:27:46 | D] - C:\Program Files
[01/10/2015 - 13:57:52 | D] - C:\ProgramData
[01/10/2015 - 14:01:16 | D] - C:\FRST
[02/10/2015 - 19:40:01 | D] - C:\VEXPLite
[02/10/2015 - 19:40:05 | D] - C:\360SANDBOX
[02/10/2015 - 19:44:07 | D] - C:\Windows
[02/10/2015 - 19:53:11 | D] - C:\$360Section
[02/10/2015 - 19:56:11 | D] - C:\UsbFix

################## | D:\ - Fixed drive (NTFS) |

[17/06/2011 - 08:31:47 | A | 0 Ko] - D:\Factory.log
[17/06/2011 - 05:28:14 | A | 0 Ko] - D:\ResSys.ini
[24/09/2015 - 17:15:59 | N | 3 Ko] - D:\bootsqm.dat
[08/07/2015 - 03:19:58 | D] - D:\$RECYCLE.BIN
[17/06/2011 - 05:28:14 | D] - D:\Dell
[01/08/2013 - 03:46:20 | D] - D:\recovery

################## | F:\ - Fixed drive (NTFS) |

[24/09/2015 - 17:11:15 | A | 3 Ko] - F:\bootsqm.dat
[27/06/2011 - 17:00:46 | RA | 1 Ko] - F:\MediaID.bin
[08/07/2015 - 03:19:58 | D] - F:\$RECYCLE.BIN
[20/11/2014 - 14:35:53 | D] - F:\WindowsImageBackup
[26/09/2015 - 14:27:52 | RD] - F:\TERESAS

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

Analysed in 29.38 seconds

 

[Malnutrition]

Here you go mate, what else needs doin?

...................

Remove Remnants of Spybot that are cluttering your HDD and making scans on your machine longer.

Get the Everything Search Engine
Type Spybot into search window.
Then Click Edit.
Select All
Right Click Highlighted items
>>>>>>>> Copy full name to clipboard.
Open Notepad >>>>>>> Paste to notepad.
Name the file Fixlist
Save to your desktop.
Download and save FRST 64bit or FRST 32 bit to your Desktop.
CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
Right click FRST or FRST64 Run as Admin.
Click the fix button.
Reboot if needed.....


Some Suggested Software To Keep You Safe On The Internet.

Click Me To Update Software. Update Software.
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
AdBlock Plus To Browse The Web Ad Free
FanBoys Ultimate list. Add The Ultimate List.
ToolWhiz Smart Defrag Defrag Your Machine With Speed.
For Chrome Adguard
For FireFox Adguard



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore



Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt


Only allow programs that you wish to run on your machine, this tool will put you in full control of processes that execute on your machine.


Install VoodooShield

Disable Useless Windows Updates on your machine, you are not a part of a business. It is not going to hurt your machine to not update it. I have not updated my machines for years. Most of the time my computer will give up before I have an issue with the Operating System. Plus it steals bandwidth and slows your computer down anyhow.

Hit the start menu
Type Services.msc Hit enter
Find Windows update service
Stop it the go to properties.
Change the start up type to disabled.

Do the same for the DNS Client and Iphelper Services.

Then Disable IPV6 How to disable IPv6

While you disable IPV6 then download the Disable IPv6 on all tunnel interfaces MSfix it to remove tunnel adapters.

Change your DNS to OpenDNS or Google DNS
http://www.rentanadviser.com/en/products/smart-dns-changer/smart-dns-changer.aspx

Uninstall the programs below, if you wish.

VIRIT LITE
Zemana Antimalware.

Disable Ccleaner Monitoring from your maachine, it is useless.

Run OTL as Admin and press Run Scan. Post the log.


Reboot your machine. Tell me if you have any other single issue.

 

[LadyGreenWitch]

OK! That's a lot of stuff. Things sure have gotten a lot more involved, I used to be able to fix my PC's by going into DOS. LOL. I will follow all of your instructions and post back. I have been having a LOT of lock ups lately, but I think that I have narrowed this batch down to some issues with Outlook. You Mal are a total and complete Sweetheart, and I appreciate every second that you have spent working with me on getting all of this mess cleared up. You my dear sir, ROCK! Will look forward to a clean bill of health soon.

TTFN,
LGW

 

[Lord Chance]

OK! That's a lot of stuff. Things sure have gotten a lot more involved, I used to be able to fix my PC's by going into DOS.

TTFN,
LGW

That must have been when you were just a wee Lass because I know you are not much more than sweet sixteen.

 

[Malnutrition]

When you get time to complete just Copy and Paste the OTL logs. Please tell me whether the machine is locking up or just when using the internet.

I would like to see the temperature on this machine as well, we will get to that and if Windows Updates installed a screwy driver then we will see if that can be pin pointed as well......

For now carry out the task at hand and lets see if that cures the issue, I like to figure these things out so as long as you are willing I have a lot of ideas on getting your machine running like new without hiccups.

 

[Malnutrition]

How are things? An update on the issue would be great.

 

[LadyGreenWitch]

Mal,
I have been so busy, I haven't had time to finish your instructions. What I have noticed, is a lot of locking up that I cannot account for. Do you think that upgrading to 10, which I have steadfastly avoided, could potentially resolve this issue?

 

[Malnutrition]

Simply put NO! You will not like it, you still have windows 7 disk? Better off doing a clean install of windows 7 installing service pack one and disabling updates/

 

[Crush]

Do you think that upgrading to 10, which I have steadfastly avoided, could potentially resolve this issue?

I have Windows 10...It's great

 

[Lord Chance]

M'Lady, As with all Windows versions you will get mixed views and results. My advice would be to stay with Windows 7 if it serves it's purpose and you are satisfied with how it works for you. Windows 10 is still buggy and in some cases need more attention than warranted. You will eventually have to migrate to Windows 10 but until you see the necessity I would stay with what I know.

 

[Malnutrition]

You still need to finish everything, also do the lock ups happen while online only???

 

[LadyGreenWitch]

Hey Guys,
Thank you all for your opinions, and since I have lots of experience with Microsoft and their roll outs, I am going to stick with 7, (Crush you are a braver man than I, Gunga Din. ) @Malnutrition, the lockups started just online, now they seem to be affecting Office, and the pc in general. I originally thought it was a faulty .pst file in Outlook, but now it's effect is showing in Word and Excel as well. I'm also getting irked with GlassWire, the firewall with 360. Love 360, but GlassWire doesn't seem as intuitive as Comodo. I guess I am just getting old, and like what I am used to. LOL. Let me finish the instructions and see if anything is resolved that way. Otherwise, I may just have to bite the bullet and reformat. I know that you guys don't consider that a big deal, but little ole Witchy Poo, thinks of reformatting like getting my teeth pulled, BLECH! LOL. Okay, I will check back soon. Or we could keep trying your ideas! I like that idea best of all. LOL. I am always up for experimentation. So lets see where we are after the last set of instructions are completed.
TTFN,
LGW

 

[LadyGreenWitch]

OK Mal,

Here are the OTL logs. I sure hope we figure this out. I am starting to doubt my skills. LOL Looking forward to your reply. Hope you have a terrific week.

TTFN,

LGW

 

[LadyGreenWitch]

Hi Mal,
No rush, just curious as to whether you see anything in the OTL logs, and any other tips or tricks you might have for me. Looking forward to your reply,
TTFN,
LGW

 

[Malnutrition]

Sorry, I have been in the middle of no where. I am at a location now that I can respond, expect a reply within 24 hours.

I was unable to even log into this forum from my phone, and had issues with other places I help.

 

[LadyGreenWitch]

Bummer, welcome back to the 21st century. LOL

 

[Malnutrition]

Open OTL.exe (Right Click OTL Run As Admin)
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:processes
killallprocesses

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE (TG Soft S.a.s. - www.tgsoft.it)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:[b]64bit:[/b] - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: gamehouse.com ([www] https in Trusted sites)
O18:[b]64bit:[/b] - Protocol\Handler\belarc - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences



:Services

:Reg

:Files
C:\Windows\SysNative\drivers\etc\hosts
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptyjava]
[emptyflash]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

 

[Malnutrition]

Also you can install Ublock Origin along with Ghostery add-on. Block all trackers with Ghostery and you will have Zero Adds on your computer, the bandwidth you will save....

https://www.ghostery.com/our-solutions/ghostery-add-on/
https://www.google.com/search?q=Ublock+Origin&ie=utf-8&oe=utf-8