Solved need help removing stubborn java update pop up + ads throughout text

[LvonB]

I don't have a clue how to use the:
aswMBR version 1.0.1.2161 Copyright(c) 2014 AVAST Software
Run date: 2014-10-23 19:26:51
-----------------------------
19:26:51.811 OS Version: Windows 6.1.7601 Service Pack 1
19:26:51.811 Number of processors: 2 586 0x1706
19:26:51.815 ComputerName: STLR-PC UserName: stlr
19:26:52.113 Initialze error C0000022 - driver not loaded
19:27:08.464 AVAST engine download error: 0
19:27:38.024 Scan error: Incorrect function.
19:27:42.450 Disk 0 statistics 0/0/0 @ -1,#J MB/s
19:27:42.451 Scan stopped
19:27:45.748 Scan error: Incorrect function.
19:28:03.725 The log file has been saved successfully to "C:\Users\stlr\Desktop\aswMBR.txt"




# AdwCleaner v4.001 - Report created 22/10/2014 at 23:31:39
# Updated 20/10/2014 by Xplode
# Database :
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : stlr - STLR-PC
# Running from : C:\Users\stlr\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\stlr\AppData\Roaming\Mozilla\Firefox\Profiles\16x6kc6q.default\searchplugins\astromenda.xml
File Found : C:\Users\stlr\AppData\Roaming\Mozilla\Firefox\Profiles\16x6kc6q.default\user.js
Folder Found : C:\Program Files\file scout
Folder Found : C:\Program Files\MapsGalaxy_39EI
Folder Found : C:\Program Files\VideoPerformer
Folder Found : C:\ProgramData\2308189059
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\stlr\AppData\Local\Gameo
Folder Found : C:\Users\stlr\AppData\Local\PutLockerDownloader
Folder Found : C:\Users\stlr\AppData\Local\Temp\AirInstaller
Folder Found : C:\Users\stlr\AppData\Local\torch
Folder Found : C:\Users\stlr\AppData\LocalLow\MapsGalaxy_39EI
Folder Found : C:\Users\stlr\AppData\Roaming\Funmoods
Folder Found : C:\Users\stlr\AppData\Roaming\Gameo
Folder Found : C:\Users\stlr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com
Folder Found : C:\Users\stlr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPerformer
Folder Found : C:\Users\stlr\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\stlr\AppData\Roaming\WebExtend

***** [ Scheduled Tasks ] *****

Task Found : Funmoods
Task Found : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\ClickConnect
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\Funmoods
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\torch
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279411
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\MapsGalaxy_39EI
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKLM\SOFTWARE\torch
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[16x6kc6q.default] - Line Found : user_pref("CT3279411_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361928092224,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[16x6kc6q.default] - Line Found : user_pref("Smartbar.ConduitHomepagesList", "");
[16x6kc6q.default] - Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
[16x6kc6q.default] - Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
[16x6kc6q.default] - Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=2354520593834836&o=APN10645&q=");
[16x6kc6q.default] - Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279411");
[16x6kc6q.default] - Line Found : user_pref("browser.search.defaultenginename", "Astromenda");
[16x6kc6q.default] - Line Found : user_pref("browser.search.defaultthis.engineName", "appbario12 Customized Web Search");
[16x6kc6q.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279411&SearchSource=3&q={searchTerms}&CUI=UN14353232782267721");
[16x6kc6q.default] - Line Found : user_pref("browser.search.order.1", "Search Results");
[16x6kc6q.default] - Line Found : user_pref("browser.search.selectedEngine", "Astromenda");
[16x6kc6q.default] - Line Found : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_38_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DyCtBzztDyD0CyC0EyB0CtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyE[...]
[16x6kc6q.default] - Line Found : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_clickconnect_14_38_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DyCtBzztDyD0CyC0EyB0CtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutC[...]
[16x6kc6q.default] - Line Found : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[16x6kc6q.default] - Line Found : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[16x6kc6q.default] - Line Found : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_clickconnect_14_38_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DyCtBzztDyD0CyC0EyB0CtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1Czu[...]
[16x6kc6q.default] - Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279411&SearchSource=2&CUI=UN14353232782267721&UM=UM_ID&q=");
[16x6kc6q.default] - Line Found : user_pref("smartBar.searchInNewTabOwner", "CT3279411");

*************************

AdwCleaner[R0].txt - [8306 octets] - [22/10/2014 23:31:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8366 octets] ##########

AdwCleaner v4.001 - Report created 22/10/2014 at 23:48:42
# Updated 20/10/2014 by Xplode
# Database : 2014-10-21.1
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : stlr - STLR-PC
# Running from : C:\Users\stlr\Downloads\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files\Enigma Software Group
Folder Found : C:\ProgramData\Browser Manager

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279411
Key Found : HKLM\SOFTWARE\EnigmaSoftwareGroup
Key Found : HKLM\SOFTWARE\TermTutor
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [termtutor@termtutor.com]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


*************************

AdwCleaner[R0].txt - [8446 octets] - [22/10/2014 23:31:39]
AdwCleaner[R1].txt - [2301 octets] - [22/10/2014 23:48:42]
AdwCleaner[S0].txt - [8688 octets] - [22/10/2014 23:36:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2421 octets] ##########

# AdwCleaner v4.001 - Report created 22/10/2014 at 23:36:13
# DB v
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : stlr - STLR-PC
# Running from : C:\Users\stlr\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\stlr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com
Folder Deleted : C:\ProgramData\2308189059
Folder Deleted : C:\Users\stlr\AppData\Local\Temp\AirInstaller
[!] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\Program Files\file scout
Folder Deleted : C:\Users\stlr\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\stlr\AppData\Local\Gameo
Folder Deleted : C:\Users\stlr\AppData\Roaming\Gameo
Folder Deleted : C:\Program Files\MapsGalaxy_39EI
Folder Deleted : C:\Users\stlr\AppData\LocalLow\MapsGalaxy_39EI
Folder Deleted : C:\Users\stlr\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\stlr\AppData\Local\PutLockerDownloader
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\stlr\AppData\Local\torch
Folder Deleted : C:\Program Files\VideoPerformer
Folder Deleted : C:\Users\stlr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPerformer
Folder Deleted : C:\Users\stlr\AppData\Roaming\WebExtend
File Deleted : C:\Users\stlr\AppData\Roaming\Mozilla\Firefox\Profiles\16x6kc6q.default\searchplugins\astromenda.xml
File Deleted : C:\Users\stlr\AppData\Roaming\Mozilla\Firefox\Profiles\16x6kc6q.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Funmoods
Task Deleted : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279411
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\ClickConnect
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\MapsGalaxy_39EI
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\torch

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[16x6kc6q.default] - Line Deleted : user_pref("CT3279411_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361928092224,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[16x6kc6q.default] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
[16x6kc6q.default] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
[16x6kc6q.default] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
[16x6kc6q.default] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=2354520593834836&o=APN10645&q=");
[16x6kc6q.default] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279411");
[16x6kc6q.default] - Line Deleted : user_pref("browser.search.defaultenginename", "Astromenda");
[16x6kc6q.default] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "appbario12 Customized Web Search");
[16x6kc6q.default] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279411&SearchSource=3&q={searchTerms}&CUI=UN14353232782267721");
[16x6kc6q.default] - Line Deleted : user_pref("browser.search.order.1", "Search Results");
[16x6kc6q.default] - Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");
[16x6kc6q.default] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_38_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DyCtBzztDyD0CyC0EyB0CtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyE[...]
[16x6kc6q.default] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_clickconnect_14_38_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DyCtBzztDyD0CyC0EyB0CtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutC[...]
[16x6kc6q.default] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[16x6kc6q.default] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[16x6kc6q.default] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_clickconnect_14_38_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DyCtBzztDyD0CyC0EyB0CtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1Czu[...]
[16x6kc6q.default] - Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279411&SearchSource=2&CUI=UN14353232782267721&UM=UM_ID&q=");
[16x6kc6q.default] - Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3279411");

*************************

AdwCleaner[R0].txt - [8446 octets] - [22/10/2014 23:31:39]
AdwCleaner[S0].txt - [8548 octets] - [22/10/2014 23:36:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8608 octets] ##########


AdwCleaner v4.001 - Report created 22/10/2014 at 23:51:07
# DB v2014-10-21.1
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : stlr - STLR-PC
# Running from : C:\Users\stlr\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\Program Files\Enigma Software Group

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [termtutor@termtutor.com]
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279411
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe]
Key Deleted : HKLM\SOFTWARE\EnigmaSoftwareGroup
Key Deleted : HKLM\SOFTWARE\TermTutor

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


*************************

AdwCleaner[R0].txt - [8446 octets] - [22/10/2014 23:31:39]
AdwCleaner[R1].txt - [2501 octets] - [22/10/2014 23:48:42]
AdwCleaner[S0].txt - [8688 octets] - [22/10/2014 23:36:13]
AdwCleaner[S1].txt - [2453 octets] - [22/10/2014 23:51:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2513 octets] ##########


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/10/14
Scan Time: 00:11:22
Logfile: malwarebytes scan.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.23.01
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: stlr

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294115
Time Elapsed: 17 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD, Quarantined, [dc4119ff027a5bdbc36830f48281718f],

Registry Values: 2
PUP.Optional.Somoto, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|network_smb_saisoftwarecracks, "C:\Users\stlr\AppData\Local\Temp\\BI_RunOnce.exe" /initurl http://sub.hereon.info/init/N4xKZste6/:uid:? /affid "-" /id "0" /name " " /uniqid N4xKZste6 /uuid 80DA284F-517A-DD11-8023-CD3D98022083 /biosserial 98022083H /biosversion TOSHIB - 20080603 /csname TECRA S10, Quarantined, [9786df39cfad87af2c4e14fcf213956b]
PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD|ImagePath, system32\drivers\ttnfd.sys, Quarantined, [dc4119ff027a5bdbc36830f48281718f]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\xpi, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\xpi\defaults, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\xpi\defaults\preferences, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],

Files: 15
PUP.Optional.Somoto, C:\Users\stlr\AppData\Local\Temp\BI_RunOnce.exe, Quarantined, [9786df39cfad87af2c4e14fcf213956b],
PUP.Optional.PCPerformer.A, C:\Users\stlr\AppData\Local\Temp\ibtmpc810551\component_358.decrpt, Quarantined, [21fc9c7c483455e141c1db45c33e56aa],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ibtmpc810551\component_514, Quarantined, [27f66dab1c6093a3307c5ce259a7bd43],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\ctbe.exe, Quarantined, [66b748d01a628bab43d3ee319967d52b],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\ieLogic.exe, Quarantined, [39e42eea710bf34399a773bfa55cb749],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\statisticsStub.exe, Quarantined, [48d51008f3891620269e28f45ea33dc3],
PUP.Optional.SweetPacks.A, C:\Users\stlr\AppData\Local\Temp\BundleSweetIMSetup.exe, Quarantined, [4fce869293e964d2f6de929c778c619f],
PUP.Optional.Babylon.A, C:\Users\stlr\AppData\Local\Temp\MybabylonTB.exe, Quarantined, [8697bd5bbbc166d0706636f860a3e719],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\chromeid.txt, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\conduit.xml, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\CT3279411.xpi, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\setup.ini.txt, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\version.txt, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\xpi\install.rdf, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],
PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\xpi\defaults\preferences\defaults.js, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[LvonB]

thanks for answering. Here is the scans you wanted. Also, I don't quite know where the 'Watch thread" is.

 

[TwinHeadedEagle]

First, uninstall Windows Media Player Packages

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[LvonB]

First, uninstall Windows Media Player Packages

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

thanks for answering so fast.

I deleted the Program. It"s funny because a window opened saying basically "why do you want to delete me, you already deleted the other stuff!!"
I ran the fix, log is attached.
I have a question. I saw that the fix was aiming Internet explorer. I rarely use Internet explorer. would whatever affects the computer work on either platform, no matter which one I use?

 

[TwinHeadedEagle]

How is the situation now?

 

[LvonB]

I have tested both Explorer and Firefox. I did various searches and checked various sites. I am very glad to say that I was not redirected anywhere, no ad appeared on the side proposing stuff, no extra hyperlinked words where in the texts I looked at. To my surprise, FR MSN is installed as the home page on Explorer, with Bing, which I have no use for, but it's a minor surprise.

Yesterday, I had noticed two icons on my desktop, one was something like Gameo online, for games I suppose, they are gone.
Explorer and Firefox were slow opening at first (circle going round and round), so I restarted the system. Now, they are back to a quick response. The circle keeps going round on round on news sites like Huff Post or Huffington Post, but I suppose it's normal.
I think my computer got infected watching a movie online.
Should I get rid of some of the malware search tools I downloaded, like SuperAntiSpyware which Malwarebytes Anti-Malware claims it's a trojan?
I very much thank you and appreciate the help you provided me. All these requests for help must keep you very busy.
Do you think everything is back to normal?

 

[TwinHeadedEagle]

Yes, I think we're done. You can uninstall SyperAntiSpyware, MalwareBytes will be enough to keep.



Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself

Recommended reading:
​

MUST READ - security tips:

• Computer Security - a short guide to staying safer online.
• Simple and easy ways to keep your computer safe and secure on the Internet

MUST READ - general maintenance:

• What to do if your Computer is running slowly?

The Importance of Software Updating:
​

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.​

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

• How to configure and use Automatic Updates in Windows
• How to update Java
• How to update Adobe Reader

Recommended additional software:
​

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

FiheHippo.com Update Checker - to keep your programs up-to-date.

Adblock - to surf the web without annoying ads!

Post-cleanup procedures:​

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle