Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I' m wrong. I have installed AdWares !


  • Please log in to reply
9 replies to this topic

#1 TeckMike95

TeckMike95

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 12 September 2014 - 02:33 PM

I' m wrong, i have installed AdWares and i need your help. I feel so stupid. 

 

Here the DDS log

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 24/11/2011 19:23:09
System Uptime: 12/09/2014 21:25:21 (0 hours ago)
.
Motherboard: TOSHIBA |  | PWWHA
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz | CPU 1 | 990/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 102,926 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 136,992 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Scheda miniport WiFi virtuale Microsoft
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1B4DCC7D&0&01
Manufacturer: Microsoft
Name: Scheda miniport WiFi virtuale Microsoft
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1B4DCC7D&0&01
Service: vwifimp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Scheda Microsoft Teredo Tunneling
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe FE Family Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FC301179&REV_05\4&1068A457&0&00E0
Manufacturer: Realtek
Name: Realtek PCIe FE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FC301179&REV_05\4&1068A457&0&00E0
Service: RTL8167
.
==== System Restore Points ===================
.
RP639: 26/08/2014 20:10:32 - Windows Backup
RP640: 31/08/2014 19:26:13 - Windows Update
RP641: 02/09/2014 12:13:23 - Removed LogMeIn Hamachi
RP642: 02/09/2014 15:34:52 - Windows Update
RP643: 04/09/2014 09:02:01 - Windows Update
RP644: 09/09/2014 09:11:27 - Windows Update
RP645: 11/09/2014 21:48:09 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.08)
Ares 2.2.4
Atheros Bluetooth Filter Driver Package
Atheros Driver Installation Program
µTorrent
aTube Catcher
Avira
Avira Free Antivirus
Bluetooth Stack for Windows by Toshiba
CCleaner
ClearThink
D3DX10
DAEMON Tools Lite
Epson Connect Guide
Epson E-Web Print
Epson Event Manager
Epson FAX Utility
Epson Guida di rete WF-3520 Series
Epson Guida utente WF-3520 Series
EPSON Scan
EPSON WF-3520 Series Printer Uninstall
EpsonNet Print
ESET Online Scanner v3
Galerie de photos Windows Live
GeoGebra 4.2
GIMP 2.8.10
Google Chrome
Google Update Helper
High-Definition Video Playback
IIS 7.5 Express
ImgBurn
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java 8 Update 20
Java 8 Update 20 (64-bit)
Java Auto Updater
JavaFX 2.1.0
Junk Mail filter update
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware versione 2.0.2.1012
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (ITA)
Microsoft .NET Framework 4.5.1 (Italiano)
Microsoft Antimalware Service IT-IT Language Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client IT-IT Language Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files 
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA
Microsoft VM for Java
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NeroKwikMedia Help (CHM)
NVIDIA Control Panel 268.57
NVIDIA Graphics Driver 268.57
NVIDIA HD Audio Driver 1.2.23.3
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
OpenOffice 4.1.0
PET 1.00
PlayReady PC Runtime amd64
Presto! PageManager 9.03 SE
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Software Updater
SpywareBlaster 5.0
Sql Server Customer Experience Improvement Program
Synaptics Pointing Device Driver
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA Places Icon Utility
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
TRORMCLauncher
Utility Common Driver
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.1.2
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (64-bit)
.
==== End Of File ===========================
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 11.20.2
Run by Michele at 21:30:24 on 2014-09-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.4074.1841 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\mqtgsvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://astromenda.com/?f=1&a=ast_ir_14_37_ch&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzztDyCyDtAzzyCtB0D0FtN0D0Tzu0SzyzzyCtN1L2XzutAtFtBtFyDtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyDyBtB0AtDyCtAtGzz0AtCzztG0AyDtD0DtGzz0CyCyDtGyDzzyB0CtCyBtAzzyBzzyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FyDyBzz0C0AtDtG0C0DtBzytGyEyC0FzztG0Bzz0F0BtG0CtAtB0BtAtBtAyD0EyEtAtC2Q&cr=757484219&ir=
uSearch Page = about:blank
uDefault_Page_URL = about:blank
uDefault_Search_URL = about:blank
mStart Page = about:blank
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
mWinlogon: Userinit = userinit.exe
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll
BHO: ClearThink: {7e6d4e3e-fc66-4036-9799-ce5c625c4c56} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe /STARTUP
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\Users\Michele\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Aggiungi a TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
TCP: NameServer = 198.211.120.70 8.8.8.8
TCP: Interfaces\{C2E4C361-13E3-4048-B88F-DDA0E027704D} : DHCPNameServer = 198.211.120.70 8.8.8.8
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll
x64-Run: [MsmqIntCert] regsvr32 /s mqrt.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64;{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64;C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [2014-9-12 61072]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-6-9 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-11-25 279616]
R2 AntiVirSchedulerService;Avira Pianificatore;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-6-9 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-6-9 430160]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-6-9 117712]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2011-8-26 27648]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-10-28 1809920]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-28 2656280]
R3 CeKbFilter;CeKbFilter;C:\Windows\System32\drivers\CeKbFilter.sys [2011-10-28 20592]
R3 debutfilter;Debut Filter Driver v6.10.01;C:\Windows\System32\drivers\debutfilterx64.sys [2013-7-5 32024]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-10-28 38096]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-7-14 141392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Update ClearThink;Update ClearThink;"C:\Program Files (x86)\ClearThink\updateClearThink.exe" --> C:\Program Files (x86)\ClearThink\updateClearThink.exe [?]
S2 Util ClearThink;Util ClearThink;"C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe" --> C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe [?]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\drivers\btfilter.sys [2010-10-18 42096]
S3 hcw66xxx;WinTV HVR-900H;C:\Windows\System32\drivers\hcw66x64.sys [2013-6-15 478720]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-10-28 247400]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-26 413800]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-28 54136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-25 1255736]
S4 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-5-4 135824]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2014-6-5 93040]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-09-12 19:23:18 -------- d-----w- C:\ProgramData\374311380
2014-09-12 19:20:00 61072 ----a-w- C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
2014-09-12 19:17:50 -------- d-----w- C:\Program Files (x86)\ClearThink
2014-09-12 18:31:37 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B7685BA-2DC6-41A9-832C-F1A680C3961F}\mpengine.dll
2014-09-11 19:57:59 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-11 19:48:51 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 19:48:51 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 19:12:29 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-11 19:12:29 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-11 19:12:08 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-11 19:12:07 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-11 19:11:30 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-11 19:11:29 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-11 19:11:29 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-11 19:11:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-11 19:11:29 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-11 19:11:22 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-11 19:11:22 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-09 09:06:15 -------- d-----w- C:\Program Files\Synaptics
2014-09-06 18:24:48 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-09-06 17:46:50 -------- d-----w- C:\Program Files (x86)\ESET
2014-09-04 07:42:10 -------- d-----w- C:\FRST
2014-08-31 17:26:10 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-31 17:26:10 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-31 17:26:10 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-25 07:44:34 -------- d-----w- C:\Users\Michele\AppData\Roaming\WinBatch
2014-08-25 07:00:26 -------- d-----w- C:\Windows\pss
2014-08-24 22:34:33 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-24 22:34:33 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-24 22:34:33 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-24 22:34:33 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-24 22:34:32 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-24 22:34:32 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-24 22:34:08 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-24 22:34:08 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-24 20:35:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-24 20:35:28 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-24 20:35:06 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-24 20:35:06 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-24 20:35:06 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-08-24 20:35:06 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-24 20:35:05 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-24 20:35:05 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-24 20:35:05 112064 ----a-w- C:\Windows\System32\consent.exe
2014-08-24 20:34:51 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-23 11:43:19 -------- d-----w- C:\ProgramData\Package Cache
2014-08-23 11:40:10 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-23 11:40:10 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-23 11:06:16 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-23 11:06:04 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-23 11:06:04 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-23 11:05:58 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-23 11:05:58 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-23 11:05:58 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-23 11:05:58 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
.
==================== Find3M  ====================
.
2014-09-12 18:54:33 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-11 19:54:42 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-11 19:54:41 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-04 14:29:34 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-09-04 14:28:28 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-05 07:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-16 09:02:28 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-07-16 09:02:25 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
.
============= FINISH: 21:32:25,33 ===============

 

 



BC AdBot (Login to Remove)

 


m

#2 shelf life

shelf life

  • Malware Response Team
  • 2,642 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:30 AM

Posted 13 September 2014 - 08:30 AM

hi,

 

If you still need help simply reply back.

 

How Can I Reduce My Risk to Malware?


#3 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 14 September 2014 - 06:23 AM

Yes, i need help. Thank you very much.



#4 shelf life

shelf life

  • Malware Response Team
  • 2,642 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:30 AM

Posted 14 September 2014 - 02:00 PM

We will get two downloads to use and go from there.

 

Please download AdwCleaner to your desktop.

Double click on AdwCleaner.exe, accept the disclaimer
 Click on Scan. After the scan is done click on Clean.

Machine may reboot to finsih the removal process.

upon reboot a log file will display. Please post log in reply.

 

http://www.bleepingcomputer.com/download/adwcleaner/

 

JRT.exe:

http://thisisudax.org/downloads/JRT.exe

Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message
 

Have you run a updated Malwarebytes scan lately?


How Can I Reduce My Risk to Malware?


#5 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 15 September 2014 - 01:59 AM

# AdwCleaner v3.310 - Rapporto creato 15/09/2014 in 08:31:00
# Aggiornato 12/09/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : Michele - MICHELE-TOSH
# In esecuzione da : C:\Users\Michele\Desktop\AdwCleaner.exe
# Opzione : Scansiona
 
***** [ Servizi ] *****
 
Servizio Trovato : Update ClearThink
Servizio Trovato : Util ClearThink
Servizio Trovato : {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64
 
***** [ File / Cartelle ] *****
 
Cartella Trovato : C:\Program Files (x86)\ClearThink
Cartella Trovato : C:\ProgramData\374311380 
Cartella Trovato : C:\Users\Michele\AppData\Local\Temp\ClearThink
File Trovato : C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Trovato : C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Trovato : C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
 
***** [ Compiti ] *****
 
 
***** [ Collegamenti ] *****
 
 
***** [ Registro ] *****
 
Chiave Trovati : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chiave Trovati : HKCU\Software\ClearThink
Chiave Trovati : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Chiave Trovati : HKCU\Software\InstallCore
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Chiave Trovati : HKCU\Software\Optimizer Pro
Chiave Trovati : [x64] HKCU\Software\ClearThink
Chiave Trovati : [x64] HKCU\Software\InstallCore
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Chiave Trovati : [x64] HKCU\Software\Optimizer Pro
Chiave Trovati : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chiave Trovati : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chiave Trovati : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{7e6d4e3e-fc66-4036-9799-ce5c625c4c56}
Chiave Trovati : HKLM\SOFTWARE\Classes\Interface\{D8972B0D-B0FB-4158-A567-365283693AD6}
Chiave Trovati : HKLM\SOFTWARE\Classes\TypeLib\{06e035f9-c6b3-4ae7-a839-ba68791f5499}
Chiave Trovati : HKLM\SOFTWARE\ClearThink
Chiave Trovati : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\ClearThink_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\ClearThink_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\updateClearThink_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\updateClearThink_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\utilClearThink_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\utilClearThink_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e6d4e3e-fc66-4036-9799-ce5c625c4c56}
Chiave Trovati : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update ClearThink
Chiave Trovati : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util ClearThink
Chiave Trovati : [x64] HKLM\SOFTWARE\Classes\Interface\{D8972B0D-B0FB-4158-A567-365283693AD6}
Chiave Trovati : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClearThink
 
***** [ Browser ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
Impostazioni Trovato : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://astromenda.com/?f=1&a=ast_ir_14_37_ch&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzztDyCyDtAzzyCtB0D0FtN0D0Tzu0SzyzzyCtN1L2XzutAtFtBtFyDtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyDyBtB0AtDyCtAtGzz0AtCzztG0AyDtD0DtGzz0CyCyDtGyDzzyB0CtCyBtAzzyBzzyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FyDyBzz0C0AtDtG0C0DtBzytGyEyC0FzztG0Bzz0F0BtG0CtAtB0BtAtBtAyD0EyEtAtC2Q&cr=757484219&ir=
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Trovato [Startup_urls] : hxxp://astromenda.com/?f=7&a=ast_ir_14_37_ch&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzztDyCyDtAzzyCtB0D0FtN0D0Tzu0SzyzzyCtN1L2XzutAtFtBtFyDtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyDyBtB0AtDyCtAtGzz0AtCzztG0AyDtD0DtGzz0CyCyDtGyDzzyB0CtCyBtAzzyBzzyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FyDyBzz0C0AtDtG0C0DtBzytGyEyC0FzztG0Bzz0F0BtG0CtAtB0BtAtBtAyD0EyEtAtC2Q&cr=757484219&ir=
Trovato [Homepage] : hxxp://astromenda.com/?f=1&a=ast_ir_14_37_ch&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEzztDyCyDtAzzyCtB0D0FtN0D0Tzu0SzyzzyCtN1L2XzutAtFtBtFyDtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyDyBtB0AtDyCtAtGzz0AtCzztG0AyDtD0DtGzz0CyCyDtGyDzzyB0CtCyBtAzzyBzzyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FyDyBzz0C0AtDtG0C0DtBzytGyEyC0FzztG0Bzz0F0BtG0CtAtB0BtAtBtAyD0EyEtAtC2Q&cr=757484219&ir=
Trovato [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae
 
*************************
 
AdwCleaner[R0].txt - [1059 octets] - [26/12/2013 14:39:26]
AdwCleaner[R1].txt - [2710 octets] - [04/09/2014 09:37:58]
AdwCleaner[R2].txt - [2770 octets] - [04/09/2014 16:06:33]
AdwCleaner[R3].txt - [5766 octets] - [15/09/2014 08:27:17]
AdwCleaner[R4].txt - [5826 octets] - [15/09/2014 08:28:52]
AdwCleaner[R5].txt - [5654 octets] - [15/09/2014 08:31:00]
AdwCleaner[S0].txt - [2738 octets] - [04/09/2014 16:08:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [5774 octets] ##########
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Michele on 15/09/2014 at  8:42:56,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/09/2014 at  8:56:23,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
As for MBAM, I haven' t performed any scan lately

Edited by TeckMike95, 15 September 2014 - 02:51 AM.


#6 shelf life

shelf life

  • Malware Response Team
  • 2,642 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:30 AM

Posted 15 September 2014 - 03:52 PM

ok thanks for the info. Hows it looking on your end now?


How Can I Reduce My Risk to Malware?


#7 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 17 September 2014 - 12:50 AM

Ok, now ads don' t pop-up anymore, and the default search engine is Google. It seems it' s all ok.

However, I didn' t understand; how is it possible that a program me with a certificate, can install adware and so much ?

Edited by TeckMike95, 17 September 2014 - 12:52 AM.


#8 shelf life

shelf life

  • Malware Response Team
  • 2,642 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:30 AM

Posted 17 September 2014 - 05:31 PM

ok Good. what do you mean by a program with a certificate?  Do you think it was one of these: ClearThink or Optimizer Pro.


How Can I Reduce My Risk to Malware?


#9 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 18 September 2014 - 06:35 AM

It was a programme similar to clearthink, in the sense that even this software had the certificate

#10 shelf life

shelf life

  • Malware Response Team
  • 2,642 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:30 AM

Posted 18 September 2014 - 04:45 PM

It may have had a certificate but its still ad supported See link: http://www.useclearthink.com/Support

Malwarebytes is good at removing this type of stuff. Check Malwarebytes for updates then do a scan. See if it can dig up anything.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users