Zoek Results Help

[ladielyrix]

Once, again, I am needing assistance with my Zoek results. Attached is the results from Zoek. I am experiencing too many ads and pop up tabs of all sorts. I'm also experiencing those text ads within a web page's text. One of the more aggressive ones is "Ads by Ad Remover." I am running Windows 7 and I mostly use Google Chrome. Any tips on how not to get these types of malware/viruses?

 

[cottonball]

ladielyrix,

Let's see what is going on with our system...

Please use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download
Select the version that applies to your system.
Save it to your Desktop.
Double-click the downloaded file to run it.
When the tool opens, click Yes to the disclaimer.
Press the Scan button.

When done, the tool makes a log, FRST.txt, in the same directory from which the tool is run (Desktop).

:ar: Please provide the FRST.txt in your reply.

The first time the tool is run, it also creates another log: Addition.txt
:ar: Also post the Addition.txt in your reply.

 

[ladielyrix]

Thank you for the response. Attached are both the FRST.txt and Addition.txt files.

 

[cottonball]

ladielyrix,

:info: The Addition report shows you have two AntiVirus programs installed:
Microsoft Security Essentials
AV: 360 Total Security

Please uninstall one of them. Having two AV programs is counter productive. Instead of more protection, you get less. The two programs conflict with each other, as both will try to scan the same files.

If you're worried that one AntiVirus program isn't enough, you can augment your security with an on-demand malware scanner. Malwarebytes Anti-Malware is a good one to use, but, there are others.

:info: Next, please go to Start > Control Panel > Programs and Features, and uninstall: PornLeech
One of the common activities done on a computer which could infect it with adware/malware is visiting unreputable sites!

:info: Last, please make sure the Farbar Recovery Scan Tool is on he Desktop!!! Otherwise, the following will not work.


:info: Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

Start
CreateRestorePoint: 
closeprocesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1040731645-2874572335-4197253780-1001\...\MountPoints2: {d9621dee-b4d5-11e4-89d7-288023d64277} - F:\LapNetWizard.exe
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1040731645-2874572335-4197253780-1001 -> DefaultScope {731CEEC9-B92B-43E6-803B-62440D2F5092} URL = 
Toolbar: HKU\S-1-5-21-1040731645-2874572335-4197253780-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR dev: Chrome dev build detected! 
2015-06-17 03:24 - 2015-06-17 03:24 - 00000000 ____D C:\Users\Marquesha Babers\Downloads\Sexual Education (Brazzers) XXX Split Scenes (NEW 2015) [.mp4][PornLeech]
2015-06-14 01:18 - 2015-06-14 01:18 - 00000000 ____D C:\Users\Marquesha Babers\Downloads\The Avengers 2 XXX - A Porn Parody XXX [DVDRip] (NEW April, 2015) [.mp4][PornLeech]
C:\Users\Marquesha Babers\AppData\Local\Temp\AcDeltree.exe
C:\Users\Marquesha Babers\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Marquesha Babers\AppData\Local\Temp\InstallIMVU_514.0.exe
C:\Users\Marquesha Babers\AppData\Local\Temp\InstallIMVU_521.0.exe
C:\Users\Marquesha Babers\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Marquesha Babers\AppData\Local\Temp\SkypeSetup.exe
Express Find (HKLM-x32\...\Express Find) (Version: 2.0.5563.10079 - Express Find) <==== ATTENTION
Task: {099A43FC-4D50-4555-8F33-32574932BC55} - \DonutQuotes No Task File <==== ATTENTION
Task: {51299724-877E-42A7-A6CC-EB83C03A1BD3} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {C09F95FB-0296-40D1-AA1F-80CE5B67586A} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {D7C5F990-ADCD-4208-9AB9-0C4215F3938E} - \PurpleRain\PurpleRain3 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:393F7B1E
AlternateDataStreams: C:\ProgramData\Temp:3AB8D21A
AlternateDataStreams: C:\ProgramData\Temp:69FD6BF0
AlternateDataStreams: C:\ProgramData\Temp:726D640A
AlternateDataStreams: C:\ProgramData\Temp:A00BCDEF
AlternateDataStreams: C:\ProgramData\Temp:A561576B
AlternateDataStreams: C:\ProgramData\Temp:E1D818F7
RemoveProxy:
EmptyTemp: 
Reboot:
end

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST64, and press the Fix button, just once, and wait.
If for some reason the tool needs a restart, please let the system restart normally. After that let the tool complete its run.

When done, the tool creates a report on the Desktop called: Fixlog.txt
:ar: Please post the Fixlog.txt in your reply.

 

[ladielyrix]

Okay, I;m sorry for the long awaited response. I didn't have access to the internet for a while. Thank you for all of your help and attached is the fixlog.txt.