Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown virus


  • This topic is locked This topic is locked
33 replies to this topic

#16 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 AM

Posted 07 January 2014 - 04:41 PM

Hi,

 

I understand now about those shadows.  Thanks.

 

You can just delete JRT. For adwCleaner, launch it and click Uninstall; then delete C:\adwcleaner if it's still there.

 

For Combofix, before we delete that quarantine, let's just confirm what is in it.  Perhaps it falsely deleted a graphics driver.  Please attach (or copy/paste the contents of) C:\Qoobox\ComboFix-quarantined-files.txt   If that looks OK, we'll uninstall combofix and work on the graphics issues.

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


BC AdBot (Login to Remove)

 


#17 leneshu

leneshu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 11 January 2014 - 05:30 AM

sorry for not answering, work problems.

 

 

2013-10-10 16:47:18 . 2013-10-10 16:47:18 377 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat

2013-10-10 16:47:12 . 2013-10-10 16:47:12 230 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKU-Default-RunOnce-SPReview.reg.dat

2013-10-10 16:47:11 . 2013-10-10 16:47:11 115 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-ABBYY Screenshot Reader Bonus.reg.dat

2013-10-10 16:44:38 . 2013-10-10 16:44:38 5,693 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2013-10-10 16:40:01 . 2013-10-10 16:40:01 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

-----------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

and there is another file in c:\Qoobox\Quarantine\C|windows\SysWOW64\\FlashPalyerApp.exe.vir


Edited by leneshu, 11 January 2014 - 05:35 AM.


#18 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 AM

Posted 12 January 2014 - 07:03 AM

Hi,

 

Nothing there.  Let's clean Combofix up...Do you still have the Combofix icon on your desktop?  Rename it from combofix.exe to uninstall.exe (or if it's named combofix only, then just rename it to uninstall only, that means you're hiding the file extensions).  Then,double-click it to uninstall.  Did that work OK?

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#19 leneshu

leneshu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 12 January 2014 - 11:19 AM

ok, I uninstalled combofix, adwCleaner... al quarantine files are deleted.

I appreciate your help, thank you very much for your time.

The only think that still bothers me, are those shadows/stripes... maybe when i'll backup and restore my Win7 the problem will disappear.



#20 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 AM

Posted 12 January 2014 - 02:16 PM

Hi leneshu,

 

It may be the graphics driver or Adobe Flash.  Adobe was in the quarantine.  Uninstall Adobe Flash Player via add/remove programs, then go to http://get.adobe.com/flashplayer/ from the browser you normally use to install flash player again.  Then, reboot and try to look at that website.  Is it any better?

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#21 leneshu

leneshu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 12 January 2014 - 05:41 PM

no,  I did like you said and there is no difference.



#22 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 AM

Posted 13 January 2014 - 05:34 PM

Hi,  OK, you may want to post in our Windows 7 forum.  I can't explain that shadow based on what occurred.  If you do post, please provide a link here and I'll follow the thread and make sure a BC Advisor can help you.  My skillset is malware removal, not graphics or other drivers.  We have people who monitor those forums who are more experienced in that area.

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#23 leneshu

leneshu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 14 January 2014 - 05:56 AM

http://www.bleepingcomputer.com/forums/t/520796/shadowsstripes-on-my-desktop/

Thank you for your help.

 

PS.  I did it again !!! F..k

I was trying to install something  ( for firefox browser) and under that installation there were a bunch of other programs which a manage to uninstall, except one ''browse beyond''.

I uninstalled it in ''control panel, add/remove programs'', but there still is a trace in manage add ons IE ( it's in the ''not available'' section)....

10x

 

PSS. In start up there are some new programs running ( programs that came with my last mistake and I uninstalled ....) ?!?!?

 

I  run malawerebytes in one of this location C:\Users\Pisoi\AppData\Roaming\newnext.me , i'll post the log file:

 

Database version: v2013.12.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Pisoi :: HP [administrator]

14/01/2014 13:08:11
mbam-log-2014-01-14 (13-08-11).txt

Scan type: Custom scan (C:\Users\Pisoi\AppData\Roaming\newnext.me|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 3
Time elapsed: 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Pisoi\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Pisoi\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Pisoi\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\Users\Pisoi\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Users\Pisoi\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Pisoi\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\Users\Pisoi\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)

 

 

PSSS.I run again malawereBytes , quick scan, below is the log file:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.14.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Pisoi :: HP [administrator]

14/01/2014 13:23:17
mbam-log-2014-01-14 (13-23-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217593
Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> Quarantined and deleted successfully.
HKCU\Software\Nosibay\Bubble Dock Tag (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f04a89fa-d7e3-4fbd-9569-502b4cad4347} (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKCR\CLSID\{f04a89fa-d7e3-4fbd-9569-502b4cad4347} (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKCR\TypeLib\{81e4892a-7e59-408c-ad31-a913e05ab8a3} (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKCR\Interface\{39A85641-67C3-40B7-AE1F-F3D034B167A9} (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F04A89FA-D7E3-4FBD-9569-502B4CAD4347} (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F04A89FA-D7E3-4FBD-9569-502B4CAD4347} (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Pisoi\AppData\Roaming\IminentToolbar (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.

Files Detected: 8
C:\Users\Pisoi\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Users\Pisoi\AppData\Local\Temp\Install_BubbleDock_ES.exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\Pisoi\AppData\Local\Temp\Install_BubbleDock_FR.exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\Pisoi\AppData\Local\Temp\Install_BubbleDock_GB.exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\Pisoi\AppData\Local\Temp\Install_BubbleDock_IT.exe (PUP.Optional.BubbleDock.A) -> Quarantined and deleted successfully.
C:\Users\Pisoi\AppData\Local\Temp\pricepeep_1.exe (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Users\Pisoi\AppData\Roaming\Bubble Dock.boostrap.log (PUP.Optional.Bubbledock.A) -> Quarantined and deleted successfully.
C:\Users\Pisoi\AppData\Roaming\IminentToolbar\sqlite3.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.

(end)


Edited by leneshu, 14 January 2014 - 07:34 AM.


#24 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 AM

Posted 14 January 2014 - 05:03 PM

OK, please scan with DDS and post the resulting logfile here.  (Both DDS.txt and attach.txt please)



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#25 leneshu

leneshu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 14 January 2014 - 05:17 PM

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 01/09/2013 22:05:31

System Uptime: 14/01/2014 18:40:55 (5 hours ago)

.

Motherboard: MSI | | 2A9C

Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz | CPU 1 | 3200/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 452 GiB total, 73,663 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1,651 GiB free.

E: is FIXED (NTFS) - 66 GiB total, 18,78 GiB free.

F: is FIXED (NTFS) - 83 GiB total, 55,606 GiB free.

G: is CDROM ()

H: is Removable

I: is Removable

J: is Removable

K: is Removable

M: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: LogMeIn Kernel Information Provider

Device ID: ROOT\LEGACY_LMIINFO\0000

Manufacturer:

Name: LogMeIn Kernel Information Provider

PNP Device ID: ROOT\LEGACY_LMIINFO\0000

Service: LMIInfo

.

==== System Restore Points ===================

.

RP99: 03/01/2014 21:24:49 - Removed Java™ 6 Update 45

RP100: 03/01/2014 21:28:54 - Installed Java 7 Update 25

RP101: 03/01/2014 21:30:04 - Installed Java 7 Update 25 (64-bit)

RP102: 03/01/2014 22:57:38 - Installed Java 7 Update 45

RP103: 03/01/2014 23:25:17 - Removed LogMeIn Hamachi

RP104: 05/01/2014 22:06:34 - avast! antivirus system restore point

RP105: 07/01/2014 11:31:24 - Windows Update

RP106: 07/01/2014 20:02:27 - Installed Java 7 Update 45 (64-bit)

RP107: 12/01/2014 17:07:53 - ComboFix created restore point

RP108: 13/01/2014 00:04:14 - Removed calibre 64bit

RP109: 13/01/2014 00:06:34 - Installed calibre 64bit

RP110: 14/01/2014 11:13:21 - Windows Update

.

==== Installed Programs ======================

.

ABBYY FineReader 9.0 Sprint

ACDSee

Activision®

Adobe Flash Player 11 ActiveX

Adobe Flash Player 12 Plugin

Adobe Reader XI (11.0.05)

Adobe Shockwave Player 12.0

Agatha Christie - Death on the Nile

ArcSoft TotalMedia Theatre 6

Assassins Creed IV Black Flag

ATI Catalyst Install Manager

Torrent

AutoCorect 4.1.5

avast! Free Antivirus

Bejeweled 2 Deluxe

BS.Player FREE

calibre 64bit

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Chuzzle Deluxe

Counter-Strike

Counter-Strike 1.6

Counter Strike 1.6

CyberLink DVD Suite Deluxe

DAEMON Tools Lite

Diner Dash 2 Restaurant Rescue

DVD Menu Pack for HP MediaSmart Video

Epson Event Manager

EPSON Scan

EPSON SX130 Series Printer Uninstall

FATE

FileHippo.com Update Checker

GameRanger

Google Chrome

Google Update Helper

Guida utente EPSON SX130 Series

Hercules Deluxe Optical Glass

Hewlett-Packard ACLM.NET v1.2.1.1

HP Advisor

HP Customer Experience Enhancements

HP Game Console

HP Games

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP Odometer

HP Setup

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

HydraVision

Insaniquarium Deluxe

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java 7 Update 45

Java 7 Update 45 (64-bit)

Java Auto Updater

Jewel Quest II

Jewel Quest Solitaire

John Deere Drive Green

Junk Mail filter update

K-Lite Codec Pack 7.1.0 (Full)

LabelPrint

LightScribe System Software

Magic Desktop

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4.5.1

Microsoft .NET Framework 4.5.1 (ITA)

Microsoft .NET Framework 4.5.1 (Italiano)

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Mobipocket Reader 6.2

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 26.0 (x86 it)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MusicStation

Nero BackItUp

Nero BackItUp 12 Essentials

Nero BackItUp Help (CHM)

Nero ControlCenter

Nero ControlCenter Help (CHM)

Nero Core Components

Nero RescueAgent

Nero RescueAgent Help (CHM)

Nero Update

Nitro Pro 8

NVIDIA PhysX

Opera Stable 18.0.1284.68

PDF Complete Special Edition

Penguins!

PhotoNow!

PictureMover

Plants vs. Zombies

PlayReady PC Runtime amd64

Polar Bowler

Power2Go

PowerDirector

Prerequisite installer

Raccolta foto di Windows Live

Realtek High Definition Audio Driver

Recovery Manager

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition

Skype Click to Call

Skype 6.11

Slingo Deluxe

SopCast Plugin V6 - www.cool-tv.ro

Strumento di caricamento di Windows Live

swMSM

System Requirements Lab CYRI

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Virtual Villagers - The Secret City

VLC media player 2.1.2

Wedding Dash

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Sync

Windows Live Writer

WinRAR archiver

X-Lite 4

X-Men Origins - Wolverine™

Yahoo! Messenger

Zuma Deluxe

.

==== End Of File ===========================

 

 

DDS txt:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2

Run by Pisoi at 23:14:44 on 2014-01-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.6007.3656 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Windows\SysWOW64\ezSharedSvcHost.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Browsebeyond\updateBrowsebeyond.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

F:\cod cs\19e.exe

E:\GAMES\Valve\hl.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

TCP: NameServer = 192.168.1.254 62.101.93.101 83.103.25.250

TCP: Interfaces\{C2013058-1B85-424A-9F62-E763F8A9EE8C} : DHCPNameServer = 192.168.1.254 62.101.93.101 83.103.25.250

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Pisoi\AppData\Roaming\Mozilla\Firefox\Profiles\1jlhoiaq.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - google.com

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-12 65776]

R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-12 207904]

R1 ArcCtrl;ArcCtrl;C:\Windows\System32\drivers\ArcCtrl.sys [2013-11-9 604192]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-10-12 1034464]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-10-12 422216]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-7-8 44064]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-26 203264]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-12 78648]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-5 50344]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-9-1 151648]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-26 13336]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-9-2 72216]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-12 418376]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]

R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-10-1 230920]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-11-26 635416]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-26 2320920]

R2 Update Browsebeyond;Update Browsebeyond;C:\Program Files (x86)\Browsebeyond\updateBrowsebeyond.exe [2014-1-10 97056]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-9-2 283064]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-26 56344]

R3 hxctlflt;hxctlflt;C:\Windows\System32\drivers\hxctlflt.sys [2013-9-1 111104]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-12 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-26 346144]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-12 701512]

S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe --> C:\Windows\SysWOW64\nlssrv32.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-5 79672]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-3 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-3 57856]

S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-2 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: AutoCorectFile="C:\Program Files (x86)\AutoCorect\AutoCorect.exe" "%L"

ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"

.

=============== Created Last 30 ================

.

2014-01-14 17:36:46 -------- d-sh--w- C:\$RECYCLE.BIN

2014-01-14 17:29:09 98816 ----a-w- C:\Windows\sed.exe

2014-01-14 17:29:09 256000 ----a-w- C:\Windows\PEV.exe

2014-01-14 17:29:09 208896 ----a-w- C:\Windows\MBR.exe

2014-01-14 17:15:33 -------- d--h--w- C:\AdwCleaner

2014-01-14 11:11:37 -------- d-----w- C:\Program Files (x86)\Browsebeyond

2014-01-14 11:09:13 -------- d-----w- C:\Users\Pisoi\.android

2014-01-14 10:13:51 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{08903D66-9E97-48A2-A955-E3DD239321ED}\mpengine.dll

2014-01-12 23:06:42 -------- d-----w- C:\Program Files\Calibre2

2014-01-12 22:25:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-12 22:25:39 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-01-12 10:34:00 -------- d-----w- C:\Users\Pisoi\AppData\Local\cache

2014-01-07 19:03:15 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2014-01-05 21:07:47 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys

2014-01-03 21:58:56 -------- d-----w- C:\ProgramData\Oracle

2014-01-03 21:58:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-30 14:06:57 -------- d-----w- C:\Users\Pisoi\AppData\Roaming\GameRanger

2013-12-22 13:10:11 -------- d-----w- C:\ProgramData\Orbit

2013-12-21 13:24:04 -------- d-----w- C:\Program Files (x86)\FileHippo.com

2013-12-21 10:32:24 -------- d-----w- C:\Users\Pisoi\AppData\Local\Macromedia

2013-12-20 23:41:46 -------- d-----w- C:\Windows\ERUNT

2013-12-19 17:34:05 -------- d-----w- C:\ProgramData\Steam

2013-12-19 15:03:44 -------- d-----w- C:\Program Files (x86)\Assassins Creed IV Black Flag

2013-12-16 12:24:48 -------- d-----w- C:\Users\Pisoi\AppData\Roaming\AVAST Software

.

==================== Find3M ====================

.

2014-01-05 21:07:26 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2014-01-05 21:07:26 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2014-01-05 21:07:26 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2014-01-05 21:07:25 43152 ----a-w- C:\Windows\avastSS.scr

2013-12-16 07:28:36 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-12-16 07:28:36 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll

2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll

2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll

2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-11-19 02:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll

2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll

2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-10-17 16:30:30 88984 ----a-w- C:\Windows\System32\drivers\hola_mon_drv.sys

2013-10-17 16:30:30 582680 ----a-w- C:\Windows\System32\drivers\hola_drv.sys

.

============= FINISH: 23:15:06,61 ===============



#26 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 AM

Posted 15 January 2014 - 04:19 PM

Hi,

 

That looks like MBAM got all the bundled adware.  PUP means "Potentially Unwanted Program"...not necessarily malware, but adware or programs bundled with other programs (e.g. bloatware or crapware).

 

Do you know what this file is?
F:\cod cs\19e.exe
 
Also, it looks like COmbofix ran instead of uninstalling.  We'll uninstall that once you confirm that 1) your computer is running OK and 2) you confirm that file is OK and 3) you scan with adwCleaner
 

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
  •  
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #27 leneshu

    leneshu
    • Topic Starter

    • Members
    • 20 posts
    • OFFLINE
    •  
    • Local time:07:15 AM

    Posted 15 January 2014 - 07:27 PM

    About  F:\cod cs\19e.exe, yes I know what it is; it's not a virus...

    I did unistall all the programs (combofix, AdwCleaner, etc..), but I reinstalled them ( Combofix, AdwCleaner and JRT) and scan my pc (sorry  I couldn't wait), and every one of them found some trace of those programs and erased it.

    First I installed AdwCleaner and scaned my pc, than  JRT and after I installed ComboFix (i donìt know if it matters or not).

    Since then my pc works fine, I'll post the log file of AdwCleaner ( it's from 2 days ago); the file you asked it's called C:\AdwCleaner[R0].txt in my pc, instead of C:\AdwCleaner[R1].txt:

     

     

    # AdwCleaner v3.017 - Report created 14/01/2014 at 18:15:36

    # Updated 12/01/2014 by Xplode

    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

    # Username : Pisoi - HP

    # Running from : C:\Users\Pisoi\Desktop\AdwCleaner.exe

    # Option : Scan

     

    ***** [ Services ] *****

     

     

    ***** [ Files / Folders ] *****

     

    File Found : C:\Users\Pisoi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

    File Found : C:\Users\Pisoi\AppData\Roaming\Mozilla\Firefox\Profiles\1jlhoiaq.default\searchplugins\iminent.xml

    File Found : C:\Users\Pisoi\AppData\Roaming\Mozilla\Firefox\Profiles\1jlhoiaq.default\user.js

    Folder Found C:\Users\Pisoi\AppData\Local\genienext

    Folder Found C:\Users\Pisoi\AppData\Local\lollipop

    Folder Found C:\Users\Pisoi\AppData\LocalLow\IminentToolbar

    Folder Found C:\Users\Pisoi\AppData\Roaming\Nosibay

    Folder Found C:\Users\Pisoi\Documents\Mobogenie

     

    ***** [ Shortcuts ] *****

     

     

    ***** [ Registry ] *****

     

    Key Found : HKCU\Software\Conduit

    Key Found : HKCU\Software\lollipop

    Key Found : HKCU\Software\Nosibay

    Key Found : HKCU\Software\powerpack

    Key Found : [x64] HKCU\Software\Conduit

    Key Found : [x64] HKCU\Software\lollipop

    Key Found : [x64] HKCU\Software\Nosibay

    Key Found : [x64] HKCU\Software\powerpack

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

    Key Found : [x64] HKLM\SOFTWARE\Iminent

     

    ***** [ Browsers ] *****

     

    -\\ Internet Explorer v11.0.9600.16428

     

     

    -\\ Mozilla Firefox v26.0 (it)

     

    [ File : C:\Users\Pisoi\AppData\Roaming\Mozilla\Firefox\Profiles\1jlhoiaq.default\prefs.js ]

     

    Line Found : user_pref("extensions.iminent.admin", false);

    Line Found : user_pref("extensions.iminent.aflt", "orgnl");

    Line Found : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");

    Line Found : user_pref("extensions.iminent.autoRvrt", "false");

    Line Found : user_pref("extensions.iminent.dfltLng", "");

    Line Found : user_pref("extensions.iminent.excTlbr", false);

    Line Found : user_pref("extensions.iminent.ffxUnstlRst", false);

    Line Found : user_pref("extensions.iminent.id", "52f346ed0000000000006c626d761586");

    Line Found : user_pref("extensions.iminent.instlDay", "16084");

    Line Found : user_pref("extensions.iminent.instlRef", "");

    Line Found : user_pref("extensions.iminent.newTab", false);

    Line Found : user_pref("extensions.iminent.prdct", "iminent");

    Line Found : user_pref("extensions.iminent.prtnrId", "iminent");

    Line Found : user_pref("extensions.iminent.rvrt", "false");

    Line Found : user_pref("extensions.iminent.smplGrp", "none");

    Line Found : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");

    Line Found : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");

    Line Found : user_pref("extensions.iminent.vrsn", "1.8.28.3");

    Line Found : user_pref("extensions.iminent.vrsnTs", "1.8.28.312:11:18");

    Line Found : user_pref("extensions.iminent.vrsni", "1.8.28.3");

    Line Found : user_pref("iminent.enabledAds", "false");

     

    -\\ Google Chrome v32.0.1700.72

     

    [ File : C:\Users\Pisoi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

     

     

    *************************

     

    AdwCleaner[R0].txt - [11573 octets] - [14/01/2014 18:15:36]

     

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11634 octets] ##########



    #28 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:02:15 AM

    Posted 16 January 2014 - 04:56 PM

    OK, please go ahead and run adwCleaner again...scan then clean/delete.  Please post the resulting log after cleaning and let me know how your computer is running.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #29 leneshu

    leneshu
    • Topic Starter

    • Members
    • 20 posts
    • OFFLINE
    •  
    • Local time:07:15 AM

    Posted 17 January 2014 - 05:36 PM

    It's ok, my pc still works :) .

    Here's the adwCleaner log file:

     

    # AdwCleaner v3.017 - Report created 17/01/2014 at 23:30:54

    # Updated 12/01/2014 by Xplode

    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

    # Username : Pisoi - HP

    # Running from : C:\Users\Pisoi\Desktop\AdwCleaner.exe

    # Option : Clean

     

    ***** [ Services ] *****

     

     

    ***** [ Files / Folders ] *****

     

     

    ***** [ Shortcuts ] *****

     

     

    ***** [ Registry ] *****

     

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

    Key Deleted : HKCU\Software\Conduit

     

    ***** [ Browsers ] *****

     

    -\\ Internet Explorer v11.0.9600.16428

     

     

    -\\ Mozilla Firefox v26.0 (it)

     

    [ File : C:\Users\Pisoi\AppData\Roaming\Mozilla\Firefox\Profiles\1jlhoiaq.default\prefs.js ]

     

     

    -\\ Google Chrome v32.0.1700.76

     

    [ File : C:\Users\Pisoi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

     

     

    *************************

     

    AdwCleaner[R0].txt - [11931 octets] - [14/01/2014 18:15:36]

    AdwCleaner[R1].txt - [1165 octets] - [17/01/2014 23:29:51]

    AdwCleaner[S0].txt - [12104 octets] - [14/01/2014 18:17:27]

    AdwCleaner[S1].txt - [1050 octets] - [17/01/2014 23:30:54]

     

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1110 octets] ##########



    #30 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:02:15 AM

    Posted 18 January 2014 - 07:30 AM

    OK, if everything is still OK, launch adwCleaner and click Uninstall.

     

    Please post one final DDS log for me to look over.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users