Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advert Popups/Browser Hijacked - Windows 7 Pro ver 6.1 (Build 7601 SP1)


  • Please log in to reply
16 replies to this topic

#1 paul_guertin

paul_guertin

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 11 April 2015 - 03:49 PM

Hello

 

I am trying to help my 67 year-old mother clean her computer which appears to have been infected with advert malware.

 

The Problem

- Simply opening both her Chrome and/or IE browsers generates numerous advert pop-ups and banner ads.

- Her Google search results are manipulated and showing primarily advertising at the top of the results

- Sometimes, clicking a bookmark or even clicking a search result is diverting to advert webpages

- the malware is blocking the downloading, installing or running of different anti-malware/anti-vrus tools

- the primary offender that I can see right now is "Sharkmancoupon" adverts

 

Done So Far

- Booted up into Safe Mode with Networking

- Installed and ran SuperAntiSpyware, Malware Bytes, Avast Free Anti-virus, SpywareBlaster, Spybot H&D, Spyhunter

- Tried without success to install Ad-Aware

 

Results

- Each application found numerous infections/threats and allegedly removed/cleaned them.

- Spyhunter found a bunch of stuff but will not clean anything unless purchased (not purchased yet)

 

I installed and ran HijackThis and can post the log if/when requested.

 

Any help you can provide will be very appreciated.

 

Thank you,

 

Paul



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 14 April 2015 - 06:31 PM

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

 

 

Tell me how things are, if you have any issues let us know. :)



#3 paul_guertin

paul_guertin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 14 April 2015 - 07:59 PM

Thank you so much for your help.

After following all of these instructions, I rebooted the computer (still in Safe Mode with Networking) and opened Chrome. As soon as I did so, a Sharkman Coupons advert opened as before and multiple tabs opened with different surveys and adverts on them.

Below are my eScanAV, ZHP Cleaner, Security Check and Minitoolbox reports/logs.

EScan AV

14 Apr 2015 19:50:07 [09ec] - **********************************************************
14 Apr 2015 19:50:07 [09ec] - MWAV - eScanAV AntiVirus Toolkit.
14 Apr 2015 19:50:07 [09ec] - Copyright © MicroWorld Technologies
14 Apr 2015 19:50:07 [09ec] - **********************************************************
14 Apr 2015 19:50:07 [09ec] - Source: C:\Users\Czarina\Desktop\mwav.exe
14 Apr 2015 19:50:07 [09ec] - Version 14.0.178 (C:\USERS\CZARINA\APPDATA\LOCAL\TEMP\MEXE.COM)
14 Apr 2015 19:50:07 [09ec] - Log File: C:\Users\Czarina\AppData\Local\Temp\MWAV.LOG
14 Apr 2015 19:50:07 [09ec] - MWAV Registered: TRUE
14 Apr 2015 19:50:07 [09ec] - User Account: Czarina (Administrator Mode)
14 Apr 2015 19:50:07 [09ec] - OS Type: Windows Workstation [InstallType: Client]
14 Apr 2015 19:50:07 [09ec] - OS: Windows 7 64-Bit [OS Install Date: 03 Jan 2015 14:56:48]
14 Apr 2015 19:50:07 [09ec] - Ver: Professional Service Pack 1 (Build 7601)
14 Apr 2015 19:50:07 [09ec] - System Up Time: 6 Days, 3 Hours, 38 Minutes, 1 Second


14 Apr 2015 19:50:07 [09ec] - Parent Process Name : C:\Users\Czarina\Desktop\mwav.exe
14 Apr 2015 19:50:07 [09ec] - Windows Root Folder: C:\Windows
14 Apr 2015 19:50:07 [09ec] - Windows Sys32 Folder: C:\Windows\system32
14 Apr 2015 19:50:07 [09ec] - DHCP NameServer: 192.168.2.1
14 Apr 2015 19:50:07 [09ec] - Interface0 DHCPNameServer: 192.168.2.1
14 Apr 2015 19:50:07 [09ec] - Local Fixed Drives: c:\
14 Apr 2015 19:50:07 [09ec] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
14 Apr 2015 19:50:07 [09ec] - [CREATED ZIP FILE: C:\Users\Czarina\AppData\Local\Temp\pinfect.zip]
14 Apr 2015 19:50:08 [09ec] - Latest Date of files inside MWAV: Mon Mar 2 17:13:53 2015.
14 Apr 2015 19:50:10 [09ec] - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "ChromeHTML" to "htmlfile"
14 Apr 2015 19:50:10 [09ec] - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "ChromeHTML" to "htmlfile"
14 Apr 2015 19:50:10 [09ec] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Czarina\AppData\Local\Temp\ESCANDB.LOG]
14 Apr 2015 19:50:10 [09ec] - Loaded/Created FileScan Cache Database...
14 Apr 2015 19:50:10 [09ec] - Loading AV Library [DB]...
14 Apr 2015 19:50:41 [09ec] - ArchiveScan: DISABLED
14 Apr 2015 19:50:42 [09ec] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].
14 Apr 2015 19:50:42 [09ec] - MWAV doing self scanning...
14 Apr 2015 19:50:42 [09ec] - MWAV files are clean.
14 Apr 2015 19:50:47 [09ec] - ArchiveScan: DISABLED
14 Apr 2015 19:50:47 [09ec] - Virus Database Date: 02 Mar 2015
14 Apr 2015 19:50:47 [09ec] - Virus Database Count: 6701505
14 Apr 2015 19:50:47 [09ec] - Sign Version: 7.59505 [518257]
14 Apr 2015 19:50:47 [09ec] - Scheduler Service not enabled. Scheduler Feature Disabled.
14 Apr 2015 19:51:05 [09ec] - Uninitializing Scanner (3)...
14 Apr 2015 19:51:06 [09ec] - Freeing Libraries (3)...
14 Apr 2015 19:51:06 [09ec] - AV Library Unloaded (3)...
14 Apr 2015 19:51:06 [09ec] - Exiting App...
14 Apr 2015 19:51:13 [0b64] - **********************************************************
14 Apr 2015 19:51:13 [0b64] - MWAV - eScanAV AntiVirus Toolkit.
14 Apr 2015 19:51:13 [0b64] - Copyright © MicroWorld Technologies
14 Apr 2015 19:51:13 [0b64] - **********************************************************
14 Apr 2015 19:51:13 [0b64] - Version 14.0.178 (C:\USERS\CZARINA\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
14 Apr 2015 19:51:13 [0b64] - Log File: C:\Users\Czarina\AppData\Local\Temp\MWAV.LOG
14 Apr 2015 19:51:13 [0b64] - MWAV Registered: TRUE
14 Apr 2015 19:51:13 [0b64] - User Account: Czarina (Administrator Mode)
14 Apr 2015 19:51:13 [0b64] - OS Type: Windows Workstation [InstallType: Client]
14 Apr 2015 19:51:13 [0b64] - OS: Windows 7 64-Bit [OS Install Date: 03 Jan 2015 14:56:48]
14 Apr 2015 19:51:13 [0b64] - Ver: Professional Service Pack 1 (Build 7601)
14 Apr 2015 19:51:13 [0b64] - System Up Time: 6 Days, 3 Hours, 39 Minutes, 6 Seconds


14 Apr 2015 19:51:13 [0b64] - Parent Process Name : c:\Windows\explorer.exe
14 Apr 2015 19:51:13 [0b64] - Windows Root Folder: C:\Windows
14 Apr 2015 19:51:13 [0b64] - Windows Sys32 Folder: C:\Windows\system32
14 Apr 2015 19:51:13 [0b64] - DHCP NameServer: 192.168.2.1
14 Apr 2015 19:51:13 [0b64] - Interface0 DHCPNameServer: 192.168.2.1
14 Apr 2015 19:51:13 [0b64] - Local Fixed Drives: c:\
14 Apr 2015 19:51:13 [0b64] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
14 Apr 2015 19:51:13 [0b64] - [CREATED ZIP FILE: C:\Users\Czarina\AppData\Local\Temp\pinfect.zip]
14 Apr 2015 19:51:13 [0b64] - Latest Date of files inside MWAV: Mon Mar 2 17:13:53 2015.
14 Apr 2015 19:51:13 [0b64] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Czarina\AppData\Local\Temp\ESCANDB.LOG]
14 Apr 2015 19:51:13 [0b64] - Loaded/Created FileScan Cache Database...
14 Apr 2015 19:51:13 [0b64] - Loading AV Library [DB]...
14 Apr 2015 19:51:15 [0b64] - ArchiveScan: DISABLED
14 Apr 2015 19:51:15 [0b64] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].
14 Apr 2015 19:51:15 [0b64] - MWAV doing self scanning...
14 Apr 2015 19:51:15 [0b64] - MWAV files are clean.
14 Apr 2015 19:51:15 [0b64] - ArchiveScan: DISABLED
14 Apr 2015 19:51:15 [0b64] - Virus Database Date: 02 Mar 2015
14 Apr 2015 19:51:15 [0b64] - Virus Database Count: 6701505
14 Apr 2015 19:51:15 [0b64] - Sign Version: 7.59505 [518257]
14 Apr 2015 19:51:15 [0b64] - Scheduler Service not enabled. Scheduler Feature Disabled.

14 Apr 2015 19:51:57 [0b64] - **********************************************************
14 Apr 2015 19:51:57 [0b64] - MWAV - eScanAV AntiVirus Toolkit.
14 Apr 2015 19:51:57 [0b64] - Copyright © MicroWorld Technologies
14 Apr 2015 19:51:57 [0b64] -
14 Apr 2015 19:51:57 [0b64] - Support: support@escanav.com
14 Apr 2015 19:51:57 [0b64] - Web: http://www.escanav.com
14 Apr 2015 19:51:57 [0b64] - **********************************************************
14 Apr 2015 19:51:57 [0b64] - Version 14.0.178[DB] (C:\USERS\CZARINA\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
14 Apr 2015 19:51:57 [0b64] - Log File: C:\Users\Czarina\AppData\Local\Temp\MWAV.LOG
14 Apr 2015 19:51:57 [0b64] - User Account: Czarina (Administrator Mode)
14 Apr 2015 19:51:57 [0b64] - Parent Process Name : c:\Windows\explorer.exe
14 Apr 2015 19:51:57 [0b64] - Windows Root Folder: C:\Windows
14 Apr 2015 19:51:57 [0b64] - Windows Sys32 Folder: C:\Windows\system32
14 Apr 2015 19:51:57 [0b64] - OS: Windows 7 64-Bit [OS Install Date: 03 Jan 2015 14:56:48]
14 Apr 2015 19:51:57 [0b64] - Ver: Professional Service Pack 1 (Build 7601)
14 Apr 2015 19:51:57 [0b64] - Latest Date of files inside MWAV: Mon Mar 2 17:13:53 2015.
14 Apr 2015 19:51:57 [0b64] - Scheduler Service not enabled. Scheduler Feature Disabled.

14 Apr 2015 19:51:57 [0a14] - Options Selected by User:
14 Apr 2015 19:51:57 [0a14] - Memory Check: Enabled
14 Apr 2015 19:51:57 [0a14] - Registry Check: Enabled
14 Apr 2015 19:51:57 [0a14] - StartUp Folder Check: Enabled
14 Apr 2015 19:51:57 [0a14] - System Folder Check: Enabled
14 Apr 2015 19:51:57 [0a14] - Services Check: Enabled
14 Apr 2015 19:51:57 [0a14] - Scan Spyware: Enabled
14 Apr 2015 19:51:57 [0a14] - Scan Archives: Disabled
14 Apr 2015 19:51:57 [0a14] - Drive Check: Enabled
14 Apr 2015 19:51:57 [0a14] - All Drive Check :Disabled
14 Apr 2015 19:51:57 [0a14] - Drive Selected = C:\
14 Apr 2015 19:51:57 [0a14] - Folder Check: Disabled
14 Apr 2015 19:51:57 [0a14] - SCAN: All_Files [ANSI]
14 Apr 2015 19:51:57 [0a14] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)

14 Apr 2015 19:51:57 [0a14] - Scanning DNS Records...
14 Apr 2015 19:51:57 [0a14] - Scanning Master Boot Record (User)...
14 Apr 2015 19:51:57 [0a14] - Scanning Logical Boot Records...
14 Apr 2015 19:51:57 [0a14] - ***** Scanning For Hidden Rootkit Processes *****
14 Apr 2015 19:51:57 [0a14] - ***** Scanning For Hidden Rootkit Services *****

14 Apr 2015 19:51:59 [0a14] - ***** Scanning Memory Files *****

14 Apr 2015 19:52:03 [0a14] - ***** Scanning Registry Files *****
14 Apr 2015 19:52:03 [0a14] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon]
14 Apr 2015 19:52:03 [0a14] - Invalid Entry DllName = SDWinLogon.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon). Action Taken: Deleting Registry Key SDWinLogon.
14 Apr 2015 19:52:04 [0a14] - ERROR(3)!!! Invalid Entry 3D BubbleSound = "C:\Program Files\BubbleSound\3D BubbleSound.exe" (in key HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
14 Apr 2015 19:52:04 [0a14] - ERROR(3)!!! Invalid Entry Web Companion = C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.

14 Apr 2015 19:52:04 [0a14] - ***** Scanning StartUp Folders *****
14 Apr 2015 19:52:13 [0af0] - C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin not Scanned. Possibly password protected...
14 Apr 2015 19:52:26 [0af0] - C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [07f4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [0ae0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [0af0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [06f4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [0af0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [07f4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [0ae0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [0ae0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [07f4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [06f4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [0af0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [0ae0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [07f4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [06f4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Wordpad-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [07f4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [0ae0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip not Scanned. Possibly password protected...
14 Apr 2015 19:52:29 [0af0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip not Scanned. Possibly password protected...

14 Apr 2015 19:52:29 [0a14] - ***** Scanning Service Files *****
14 Apr 2015 19:52:30 [0a14] - Invalid DLL ["c:\Program Files (x86)\SystemAdvance\SystemAdvance.dll] in entry [ImagePath="C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemAdvance\SystemAdvance.dll",serv]
14 Apr 2015 19:52:30 [0a14] - Invalid DLL ["c:\Program Files (x86)\LighterInstance\LighterInstance.dll] in entry [ImagePath="C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\LighterInstance\LighterInstance.dll",serv]
14 Apr 2015 19:52:40 [0a14] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].

14 Apr 2015 19:52:43 [0a14] - ***** Scanning Registry and File system for Adware/Spyware *****
14 Apr 2015 19:52:43 [0a14] - Loading Spyware Signatures from new External Database [Name: C:\Users\Czarina\AppData\Local\Temp\spydb.avs, Size: 464717]...
14 Apr 2015 19:52:43 [0a14] - Indexed Spyware Databases Successfully Created...

14 Apr 2015 19:52:51 [0a14] - Offending file found: C:\Users\Czarina\Recent\hijackthis.log.lnk
14 Apr 2015 19:52:51 [0a14] - System found infected with Software Antivirus Spyware/Adware (C:\Users\Czarina\Recent\hijackthis.log.lnk)! Action taken: File Deleted.
14 Apr 2015 19:52:51 [0a14] - Object "Software Antivirus Spyware/Adware" found in File System! Action Taken: File Deleted.


14 Apr 2015 19:52:52 [0a14] - ***** Scanning Registry Files *****
14 Apr 2015 19:52:52 [0a14] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
14 Apr 2015 19:52:52 [0a14] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
14 Apr 2015 19:52:52 [0a14] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
14 Apr 2015 19:52:52 [0a14] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
14 Apr 2015 19:52:52 [0a14] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
14 Apr 2015 19:52:52 [0a14] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
14 Apr 2015 19:52:52 [0a14] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = https://mysearch.avg.com/?cid={D1224D19-82B7-4F5A-8060-D52A34486884}&mid=74688987d3a247cda921d15709025658-9534a48a16ce80866700ff13982163e2a155ab86&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-04-08 14:54:51&v=4.1.0.411&pid=wtu&sg=&sap=hp
14 Apr 2015 19:52:52 [0a14] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = https://mysearch.avg.com/?cid={D1224D19-82B7-4F5A-8060-D52A34486884}&mid=74688987d3a247cda921d15709025658-9534a48a16ce80866700ff13982163e2a155ab86&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-04-08 14:54:51&v=4.1.0.411&pid=wtu&sg=&sap=hp

14 Apr 2015 19:52:52 [0a14] - ***** Scanning System32 Folders *****


14 Apr 2015 19:53:21 [0a14] - ***** Scanning Drive C:\ *****
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{12954758-de23-11e4-a801-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{13be32c0-c889-11e4-a71c-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{50e3c31a-dd99-11e4-8a9b-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{50e3c31e-dd99-11e4-8a9b-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{50e3c322-dd99-11e4-8a9b-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{903d01da-c908-11e4-8a50-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{903d01f5-c908-11e4-8a50-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{903d0216-c908-11e4-8a50-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{a4875efd-c910-11e4-a81c-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{a4875f71-c910-11e4-a81c-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{a4875fdc-c910-11e4-a81c-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{a487603a-c910-11e4-a81c-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{b945f887-d2fb-11e4-8a72-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{b945f946-d2fb-11e4-8a72-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{b945f969-d2fb-11e4-8a72-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{c92846ca-b8d8-11e4-a5bd-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{c92846f6-b8d8-11e4-a5bd-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{c965689b-bd8f-11e4-8a6f-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{c96583f6-bd8f-11e4-8a6f-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:54:31 [06f4] - Scanning File C:\System Volume Information\{c9658494-bd8f-11e4-8a6f-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
14 Apr 2015 19:55:13 [0ae0] - C:\Users\Czarina\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{03B999F4-E300-11E4-91B5-001E4FE6BFAB}.dat not Scanned. Possibly password protected...
14 Apr 2015 19:55:13 [0ae0] - C:\Users\Czarina\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{03B999F6-E300-11E4-91B5-001E4FE6BFAB}.dat not Scanned. Possibly password protected...
14 Apr 2015 19:57:15 [07f4] - C:\Users\Czarina\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat not Scanned. Possibly password protected...
14 Apr 2015 19:57:15 [07f4] - C:\Users\Czarina\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp not Scanned. Possibly password protected...
14 Apr 2015 20:00:30 [0ae0] - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat not Scanned. Possibly password protected...
14 Apr 2015 20:00:30 [07f4] - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat not Scanned. Possibly password protected...
14 Apr 2015 20:01:18 [06f4] - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected...
14 Apr 2015 20:01:18 [06f4] - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected...

14 Apr 2015 20:10:33 [0a14] - ***** Checking for specific ITW Viruses *****

14 Apr 2015 20:10:33 [0a14] - ***** Scanning complete. *****

14 Apr 2015 20:10:33 [0a14] - Total Objects Scanned: 162975
14 Apr 2015 20:10:33 [0a14] - Total Critical Objects: 1
14 Apr 2015 20:10:33 [0a14] - Total Disinfected Objects: 0
14 Apr 2015 20:10:33 [0a14] - Total Objects Renamed: 0
14 Apr 2015 20:10:33 [0a14] - Total Deleted Objects: 1
14 Apr 2015 20:10:33 [0a14] - Total Errors: 3
14 Apr 2015 20:10:33 [0a14] - Time Elapsed: 00:18:20
14 Apr 2015 20:10:33 [0a14] - Virus Database Date: 02 Mar 2015
14 Apr 2015 20:10:33 [0a14] - Virus Database Count: 6701505
14 Apr 2015 20:10:33 [0a14] - Sign Version: 7.59505 [518257]

14 Apr 2015 20:10:33 [0a14] - Scan Completed.

ZHP Cleaner

~ ZHPCleaner v2015.4.15.168 by Nicolas Coolman (14/04/2015)
~ Run by Czarina (Administrator) (14/04/2015 20:23:09)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Czarina\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Czarina\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\ Services (0)
~ No malicious items found.


---\\ Browser internet (2)
REPLACED Proxy: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride ( <-loopback> )
MOVED file: C:\Users\Czarina\Desktop\SpyHunter.lnk [Bad : C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe] (Crapware.SpyHunter)


---\\ Hosts file (1)
~ The hosts file is legitimate (21)


---\\ Scheduled automatic tasks. (0)
~ No malicious items found.


---\\ Explorer ( File, Folder) (43)
MOVED file: C:\Windows\System32\DRIVERS\EsgScanner.sys (PUP.EnigmaSoftware)
MOVED file: C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [Enigma Software Group USA, LLC. - Service scanner interface] (Crapware.SpyHunter)
MOVED file: C:\Program Files (x86)\DealsutEr\EpVjYNm5jLxCsQ.dat (PUP.DealSter)
MOVED file: C:\Program Files (x86)\DealsutEr\EpVjYNm5jLxCsQ.tlb (PUP.DealSter)
MOVED file: C:\Program Files (x86)\SSaveRPRRo\ZSPJypgu8d6b4i.dat (PUP.SaverPro)
MOVED file: C:\Program Files (x86)\SSaveRPRRo\ZSPJypgu8d6b4i.tlb (PUP.SaverPro)
MOVED file: C:\Program Files (x86)\Websoaver\Websoaver.dat (PUP.Websave)
MOVED folder: C:\Program Files (x86)\globalUpdate\CrashReports (PUP.GlobalUpdate)
MOVED folder: C:\Program Files (x86)\DealsutEr (PUP.DealSter)
MOVED folder: C:\Program Files (x86)\globalUpdate (PUP.GlobalUpdate)
MOVED folder: C:\Program Files (x86)\predm (Adware.Downware)
MOVED folder: C:\Program Files (x86)\SSaveRPRRo (PUP.SaverPro)
MOVED folder: C:\Program Files (x86)\Websoaver (PUP.Websave)
MOVED folder: C:\Program Files\Enigma Software Group\SpyHunter (PUP.EnigmaSoftware)
MOVED folder: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)
MOVED file: C:\ProgramData\16027410463994887347\0e950e00e627140efb0e658434babe74.ini (PUP.CrossRider)
MOVED file: C:\ProgramData\16027410463994887347\73ecd09576ab61e0fb0e658434babe74.ini (PUP.CrossRider)
MOVED file: C:\ProgramData\16027410463994887347\f5dc0d0456a8eaf3fb0e658434babe74.ini (PUP.CrossRider)
MOVED file: C:\ProgramData\16027410463994887347\fabe6de3a4ead422fb0e658434babe74.ini (PUP.CrossRider)
MOVED file: C:\ProgramData\AVG Security Toolbar\TBCampaign2013.txt (Toolbar.AVGSearch)
MOVED file: C:\ProgramData\AVG Security Toolbar\TBCampaignINSP.txt (Toolbar.AVGSearch)
MOVED folder: C:\ProgramData\16027410463994887347 (PUP.CrossRider)
MOVED folder: C:\ProgramData\2b3a57f00007e24 (PUP.CrossRider)
MOVED folder: C:\ProgramData\816ddc67000066df (PUP.CrossRider)
MOVED folder: C:\ProgramData\AVG Security Toolbar (Toolbar.AVGSearch)
MOVED file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip\PepperZip.lnk (PUP.PepperZip)
MOVED file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip\Uninstall.lnk (PUP.PepperZip)
MOVED file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip\Website.lnk (PUP.PepperZip)
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip (PUP.PepperZip)
MOVED file: C:\Users\Czarina\AppData\Roaming\Enigma Software Group\sh_installer.exe [Enigma Software Group USA, LLC. - Enigma Installer] (PUP.EnigmaSoftware)
MOVED folder: C:\Users\Czarina\AppData\Roaming\Enigma Software Group (PUP.EnigmaSoftware)
MOVED file: C:\Users\Czarina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter Emergency Startup.lnk (Crapware.SpyHunter)
MOVED file: C:\Users\Czarina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk (Crapware.SpyHunter)
MOVED file: C:\Users\Czarina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall.lnk (Crapware.SpyHunter)
MOVED folder: C:\Users\Czarina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter (Crapware.SpyHunter)
MOVED folder: C:\Users\Czarina\AppData\Local\globalUpdate\CrashReports (PUP.GlobalUpdate)
MOVED folder: C:\Users\Czarina\AppData\Local\globalUpdate (PUP.GlobalUpdate)
MOVED folder: C:\Users\Czarina\AppData\Local\Temp\UninstallRes\ClientPackage (PUP.UniSales)
MOVED folder: C:\Users\Czarina\AppData\Local\Temp\UninstallRes (PUP.UniSales)
MOVED file*: C:\Users\Czarina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_uk.ask.com_0.localstorage (Toolbar.Ask)
MOVED file*: C:\Users\Czarina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_uk.ask.com_0.localstorage-journal (Toolbar.Ask)
MOVED file: C:\Users\Czarina\AppData\Roaming\appdataFr3.bin (PUP.Optional)
MOVED file: C:\END (Toolbar.Conduit)


---\\ Registry ( Key, Value, Data) (45)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} [https://mysearch.avg.com/search?cid={D1224D19-82B7-4F5A-8060-D52A34486884}&mid=74688987d3a247cda921d[...]] [AVG Secure Search] (Toolbar.AVGSearch)
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\EsgScanner [C:\Windows\System32\DRIVERS\EsgScanner.sys (Not File)] (PUP.EnigmaSoftware)
DELETED key^: HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Not File)] (Crapware.SpyHunter)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\d0efce5d-9d8a-0450-d79f-acdfbf2caaa3 [] (PUP.CrossRider)
DELETED key*: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\Software\AnyProtect [] (PUP.AnyProtect)
DELETED key*: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\Software\gamesdesktop [] (Adware.GamesDesktop)
DELETED key*: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\Software\globalUpdate [] (PUP.GlobalUpdate)
DELETED key*: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\Software\ProPCCleanerConfig [] (PUP.ProPCCleaner)
DELETED key*: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\Software\Softonic [] (PUP.Softonic)
DELETED key*: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\Software\Classes\.7z [PepperZip] (PUP.PepperZip)
DELETED key*: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\Software\Classes\.rar [PepperZip] (PUP.PepperZip)
DELETED key*: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\Software\Classes\.zip [PepperZip] (PUP.PepperZip)
DELETED key*: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\Software\Classes\PepperZip [PepperZip] (PUP.PepperZip)
DELETED key*: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [] (Adware.Graftor)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\anyprotect.com [] (PUP.AnyProtect)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\feeding-frenzy.sd.en.softonic.com [0] (PUP.Softonic)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\inst.shoppingate.info [1278037] (PUP.ShoppinGate)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\propccleaner.com [72] (PUP.ProPCCleaner)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markable.net [] (PUP.Re-Markable)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\shoppingate.info [] (PUP.ShoppinGate)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com [] (PUP.Softonic)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.boostsaves.com [728] (PUP.BoostSaves)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markable00.re-markable.net [1352] (PUP.Re-Markable)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.anyprotect.com [59] (PUP.AnyProtect)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\zombienewsapp.com [] (PUP.ZombieNews)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\feeding-frenzy.en.softonic.com [0] (PUP.Softonic)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inst.shoppingate.info [31862] (PUP.ShoppinGate)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\quickrefapp.com [] (PUP.QuickRef)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info [] (PUP.ShoppinGate)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com [] (PUP.Softonic)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.boostsaves.com [199] (PUP.BoostSaves)
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Mountain Bike [] (PUP.MountainBike)
DELETED key*: [X64] HKLM\SOFTWARE\EnigmaSoftwareGroup [] (PUP.EnigmaSoftware)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ProPCCleaner_RASAPI32 [] (PUP.ProPCCleaner)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ProPCCleaner_RASMANCS [] (PUP.ProPCCleaner)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.4.0 (Not File)] (Toolbar.AVGSearch)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\GeniusBox [] (PUP.GeniusBox)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\GlobalUpdate [] (PUP.GlobalUpdate)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\TUTORIALS [] (PUP.AgenceExclusive)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [] (Adware.Graftor)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GeniusBox [GeniusBox 2.0] (PUP.GeniusBox)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter [Enigma Software Group, LLC] (Crapware.SpyHunter)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{76605da1} [Software Publisher] (Adware.Graftor)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{7f278ca8} [Software Publisher] (Adware.Graftor)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.4.0 (Not File)] (Toolbar.AVGSearch)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 57500
~ Items found : 0
~ Items repaired : 92


End of clean at 20:29:06
===================
ZHPCleaner-[R]-14042015-20_29_06.txt


Security Check

Results of screen317's Security Check version 1.00
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
AVG AntiVirus Free Edition 2015
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Spybot - Search & Destroy
Google Chrome (41.0.2272.118)
Google Chrome (GoogleUpdate.dll..)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


Minitoolbox

MiniToolBox by Farbar Version: 14-04-2015
Ran by Czarina (administrator) on 14-04-2015 at 20:38:59
Running from "C:\Users\Czarina\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Model: OptiPlex 755 Manufacturer: Dell Inc.
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® 82566DM-2 Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Czarina-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel® 82566DM-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1E-4F-E6-BF-AB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4855:932e:d819:63ec%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : April-14-15 8:31:06 PM
Lease Expires . . . . . . . . . . : April-17-15 8:31:06 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234888783
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-A8-7B-50-00-1E-4F-E6-BF-AB
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: homeportal
Address: 192.168.2.1

Name: google.com
Addresses: 2607:f8b0:400b:807::1004
173.194.43.104
173.194.43.96
173.194.43.97
173.194.43.105
173.194.43.102
173.194.43.98
173.194.43.99
173.194.43.100
173.194.43.103
173.194.43.110
173.194.43.101


Pinging google.com [173.194.43.104] with 32 bytes of data:
Reply from 173.194.43.104: bytes=32 time=14ms TTL=53
Reply from 173.194.43.104: bytes=32 time=17ms TTL=53

Ping statistics for 173.194.43.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 17ms, Average = 15ms
Server: homeportal
Address: 192.168.2.1

Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=85ms TTL=49
Reply from 206.190.36.45: bytes=32 time=86ms TTL=49

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 85ms, Maximum = 86ms, Average = 85ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 1e 4f e6 bf ab ......Intel® 82566DM-2 Gigabit Network Connection
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.11 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.11 276
192.168.2.11 255.255.255.255 On-link 192.168.2.11 276
192.168.2.255 255.255.255.255 On-link 192.168.2.11 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.11 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.11 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::4855:932e:d819:63ec/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/14/2015 08:32:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 08:19:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 10:28:40 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Users\Czarina\AppData\Local\Temp\_av_iup.tm~a00288\New\instup.exe /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\Czarina\AppData\Local\Temp\_av_iup.tm~a00288; Description = avast! antivirus system restore point; Error = 0x8007043c).

Error: (04/08/2015 05:51:08 PM) (Source: PerfNet) (User: )
Description:

Error: (04/08/2015 05:45:08 PM) (Source: PerfNet) (User: )
Description:

Error: (04/08/2015 05:43:06 PM) (Source: PerfNet) (User: )
Description:

Error: (04/08/2015 04:14:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 03:49:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 03:32:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 03:23:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (04/14/2015 08:38:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/14/2015 08:38:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/14/2015 08:38:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/14/2015 08:35:52 PM) (Source: DCOM) (User: )
Description: 1084defragsvc{D20A3293-3341-4AE8-9AAF-8E397CB63C34}

Error: (04/14/2015 08:33:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/14/2015 08:33:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/14/2015 08:33:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/14/2015 08:31:30 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (04/14/2015 08:31:30 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/14/2015 08:31:30 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (04/14/2015 08:32:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 08:19:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 10:28:40 PM) (Source: System Restore)(User: )
Description: C:\Users\Czarina\AppData\Local\Temp\_av_iup.tm~a00288\New\instup.exe /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\Czarina\AppData\Local\Temp\_av_iup.tm~a00288avast! antivirus system restore point0x8007043c

Error: (04/08/2015 05:51:08 PM) (Source: PerfNet)(User: )
Description:

Error: (04/08/2015 05:45:08 PM) (Source: PerfNet)(User: )
Description:

Error: (04/08/2015 05:43:06 PM) (Source: PerfNet)(User: )
Description:

Error: (04/08/2015 04:14:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 03:49:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 03:32:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 03:23:02 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Czarina\Downloads\SoftonicDownloader_for_feeding-frenzy-2.exe


CodeIntegrity Errors:
===================================
Date: 2015-03-12 14:11:30.602
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-12 14:11:30.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-12 14:10:23.478
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-12 14:10:23.222
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-12 14:10:23.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-12 13:41:48.094
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-12 13:41:46.989
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-12 13:41:43.269
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-12 13:41:41.415
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-12 13:40:21.670
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.



=========================== Installed Programs ============================
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4328 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{A1A724F3-F1A6-479C-AE98-208946717E2B}) (Version: 42.0.2311.39 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
join.me (HKCU\...\JoinMe) (Version: 1.20.0.125 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.7.0205.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM-x32\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
MSXML4SP2 (HKLM-x32\...\{451BB54C-8B23-4455-8BDC-14FC7D43E056}) (Version: 1.00.0000 - Logiciel Dr Tax Software Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.5491 - Analog Devices)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
UFile 2014 (HKLM-x32\...\{BAF69D89-5F75-4872-8389-74157F5E3087}) (Version: 18.20.0000 - Thomson Reuters DT Tax and Accounting Inc.)
UFile Updater 2014 (HKLM-x32\...\{85DEECC9-38D1-4BA9-A8DD-09282CFB97C8}) (Version: 10.12.0010 - Thomson Reuters DT Tax and Accounting Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

========================= Devices: ================================

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Device ID: ROOT\LEGACY_SPLDR\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 3956.61 MB
Available physical RAM: 3034.88 MB
Total Pagefile: 7911.41 MB
Available Pagefile: 7006.14 MB
Total Virtual: 4095.88 MB
Available Virtual: 3986.05 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:927.75 GB) (Free:882.14 GB) NTFS

========================= Users: ========================================

User accounts for \\CZARINA-PC

Administrator Czarina Guest


**** End of log ****

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 14 April 2015 - 08:14 PM

You have the following.

 

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)

 

You must uninstall all but one.!!

 

After you remove all but one antivirus, reboot and run the scans below.

 

 

Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

 

Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.



#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 14 April 2015 - 08:15 PM

Also please remove Spybot from your machine. :) You may reinstall it later. The Esan was not updated when you ran it either...

 

 

this is the escan database, .......Virus Database Date: 02 Mar 2015 You needed to update it prior to scanning.


Edited by InadequateInfirmity, 14 April 2015 - 08:17 PM.


#6 paul_guertin

paul_guertin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 15 April 2015 - 12:24 PM

Sorry about that.  I thought I had updated eScanAV.  Since your posts last evening I have...

 

1. Updated and re-run eScan

2. Ran JRT

3. Ran AdwCleaner

4. Ran Adware Removal Tool

 

When I was finished, I opened Chrome and was still seeing adverts labeled as by SharkMan ads.

 

I am posting those logs now, in the same order.

 

Thank you for your continued help!

 

****************

 

15 Apr 2015 12:18:43 [1320] - **********************************************************
15 Apr 2015 12:18:43 [1320] - MWAV - eScanAV AntiVirus Toolkit.
15 Apr 2015 12:18:43 [1320] - Copyright � MicroWorld Technologies
15 Apr 2015 12:18:43 [1320] - **********************************************************
15 Apr 2015 12:18:43 [1320] - Version 14.0.178 (C:\USERS\CZARINA\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
15 Apr 2015 12:18:43 [1320] - Log File: C:\Users\Czarina\AppData\Local\Temp\LOG\MWAV.LOG
15 Apr 2015 12:18:43 [1320] - Last Scan Date and Time: 15.04.2015 12:10:38
15 Apr 2015 12:18:43 [1320] - MWAV Registered: TRUE
15 Apr 2015 12:18:43 [1320] - User Account: Czarina (Administrator Mode)
15 Apr 2015 12:18:43 [1320] - OS Type: Windows Workstation [InstallType: Client]
15 Apr 2015 12:18:43 [1320] - OS: Windows 7 64-Bit [OS Install Date: 03 Jan 2015 14:56:48]
15 Apr 2015 12:18:43 [1320] - Ver: Professional Service Pack 1 (Build 7601)
15 Apr 2015 12:18:43 [1320] - System Up Time: 8 Hours, 53 Minutes, 23 Seconds
 
 
15 Apr 2015 12:18:43 [1320] - Parent Process Name : c:\Windows\explorer.exe
15 Apr 2015 12:18:43 [1320] - Windows Root  Folder: C:\Windows
15 Apr 2015 12:18:43 [1320] - Windows Sys32 Folder: C:\Windows\system32
15 Apr 2015 12:18:43 [1320] - DHCP NameServer: 192.168.2.1
15 Apr 2015 12:18:43 [1320] - Interface0 DHCPNameServer: 192.168.2.1
15 Apr 2015 12:18:43 [1320] - Local Fixed Drives: c:\
15 Apr 2015 12:18:43 [1320] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
15 Apr 2015 12:18:43 [1320] - [CREATED ZIP FILE: C:\Users\Czarina\AppData\Local\Temp\pinfect.zip]
15 Apr 2015 12:18:45 [1320] - Latest Date of files inside MWAV: Wed Apr 15 16:29:14 2015.
15 Apr 2015 12:18:46 [1320] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Czarina\AppData\Local\Temp\LOG\ESCANDB.LOG]
15 Apr 2015 12:18:46 [1320] - Loaded/Created FileScan Cache Database...
15 Apr 2015 12:18:46 [1320] - Loading AV Library [DB]...
15 Apr 2015 12:18:54 [1320] - ArchiveScan: DISABLED
15 Apr 2015 12:18:55 [1320] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].
15 Apr 2015 12:18:55 [1320] - MWAV doing self scanning...
15 Apr 2015 12:18:55 [1320] - MWAV files are clean.
15 Apr 2015 12:18:55 [1320] - ArchiveScan: DISABLED
15 Apr 2015 12:18:55 [1320] - Virus Database Date: 15 Apr 2015
15 Apr 2015 12:18:55 [1320] - Virus Database Count: 5637416
15 Apr 2015 12:18:55 [1320] - Sign Version: 7.60122 [518874]
 
15 Apr 2015 12:19:07 [1320] - **********************************************************
15 Apr 2015 12:19:07 [1320] - MWAV - eScanAV AntiVirus Toolkit.
15 Apr 2015 12:19:07 [1320] - Copyright � MicroWorld Technologies
15 Apr 2015 12:19:07 [1320] - 
15 Apr 2015 12:19:07 [1320] - Support: support@escanav.com
15 Apr 2015 12:19:07 [1320] - Web: http://www.escanav.com
15 Apr 2015 12:19:07 [1320] - **********************************************************
15 Apr 2015 12:19:07 [1320] - Version 14.0.178[DB] (C:\USERS\CZARINA\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
15 Apr 2015 12:19:07 [1320] - Log File: C:\Users\Czarina\AppData\Local\Temp\LOG\MWAV.LOG
15 Apr 2015 12:19:07 [1320] - User Account: Czarina (Administrator Mode)
15 Apr 2015 12:19:07 [1320] - Parent Process Name : c:\Windows\explorer.exe
15 Apr 2015 12:19:07 [1320] - Windows Root  Folder: C:\Windows
15 Apr 2015 12:19:07 [1320] - Windows Sys32 Folder: C:\Windows\system32
15 Apr 2015 12:19:07 [1320] - OS: Windows 7 64-Bit [OS Install Date: 03 Jan 2015 14:56:48]
15 Apr 2015 12:19:07 [1320] - Ver: Professional Service Pack 1 (Build 7601)
15 Apr 2015 12:19:07 [1320] - Latest Date of files inside MWAV: Wed Apr 15 16:29:14 2015.
 
15 Apr 2015 12:19:07 [06dc] - Options Selected by User:
15 Apr 2015 12:19:07 [06dc] - Memory Check: Enabled
15 Apr 2015 12:19:07 [06dc] - Registry Check: Enabled
15 Apr 2015 12:19:07 [06dc] - StartUp Folder Check: Enabled
15 Apr 2015 12:19:07 [06dc] - System Folder Check: Enabled
15 Apr 2015 12:19:07 [06dc] - Services Check: Enabled
15 Apr 2015 12:19:07 [06dc] - Scan Spyware: Enabled
15 Apr 2015 12:19:07 [06dc] - Scan Archives: Disabled
15 Apr 2015 12:19:07 [06dc] - Drive Check: Enabled
15 Apr 2015 12:19:07 [06dc] - All Drive Check :Disabled
15 Apr 2015 12:19:07 [06dc] - Drive Selected = C:\
15 Apr 2015 12:19:07 [06dc] - Folder Check: Disabled
15 Apr 2015 12:19:07 [06dc] - SCAN: All_Files [ANSI]
15 Apr 2015 12:19:07 [06dc] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
15 Apr 2015 12:19:07 [06dc] - Scanning DNS Records...
15 Apr 2015 12:19:07 [06dc] - Scanning Master Boot Record (User)...
15 Apr 2015 12:19:07 [06dc] - Scanning Logical Boot Records...
15 Apr 2015 12:19:12 [06dc] - ***** Scanning For Hidden Rootkit Processes *****
15 Apr 2015 12:19:12 [06dc] - ***** Scanning For Hidden Rootkit Services *****
 
15 Apr 2015 12:19:20 [06dc] - ***** Scanning Memory Files *****
 
15 Apr 2015 12:19:27 [06dc] - ***** Scanning Registry Files *****
 
15 Apr 2015 12:19:28 [06dc] - ***** Scanning StartUp Folders *****
15 Apr 2015 12:19:35 [1098] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0e98] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0d30] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0c34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [1098] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0d30] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0c34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0e98] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0e98] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0d30] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0c34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0d30] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Wordpad-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0e98] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0d30] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [1098] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0e98] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip not Scanned. Possibly password protected...
15 Apr 2015 12:19:35 [0c34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip not Scanned. Possibly password protected...
 
15 Apr 2015 12:19:35 [06dc] - ***** Scanning Service Files *****
 
15 Apr 2015 12:19:51 [06dc] - ***** Scanning Registry and File system for Adware/Spyware *****
15 Apr 2015 12:19:52 [06dc] - Loading Spyware Signatures from new External Database [Name: C:\Users\Czarina\AppData\Local\Temp\spydb.avs, Size: 464724]...
15 Apr 2015 12:19:52 [06dc] - Indexed Spyware Databases Successfully Created...
 
 
15 Apr 2015 12:19:55 [06dc] - ***** Scanning Registry Files *****
 
15 Apr 2015 12:19:56 [06dc] - ***** Scanning System32 Folders *****
 
 
15 Apr 2015 12:20:24 [06dc] - ***** Scanning Drive C:\ *****
15 Apr 2015 12:21:04 [0d30] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [0c34] - Scanning File C:\System Volume Information\{12954758-de23-11e4-a801-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [1098] - Scanning File C:\System Volume Information\{13be32c0-c889-11e4-a71c-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [0d30] - Scanning File C:\System Volume Information\{50e3c31a-dd99-11e4-8a9b-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [1098] - Scanning File C:\System Volume Information\{50e3c31e-dd99-11e4-8a9b-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [0c34] - Scanning File C:\System Volume Information\{50e3c322-dd99-11e4-8a9b-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [0d30] - Scanning File C:\System Volume Information\{903d01da-c908-11e4-8a50-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [1098] - Scanning File C:\System Volume Information\{903d01f5-c908-11e4-8a50-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [0c34] - Scanning File C:\System Volume Information\{914fbb68-e317-11e4-aab4-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [0e98] - Scanning File C:\System Volume Information\{903d0216-c908-11e4-8a50-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [0d30] - Scanning File C:\System Volume Information\{a4875efd-c910-11e4-a81c-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [0c34] - Scanning File C:\System Volume Information\{a487603a-c910-11e4-a81c-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [0e98] - Scanning File C:\System Volume Information\{a4875fdc-c910-11e4-a81c-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [1098] - Scanning File C:\System Volume Information\{a4875f71-c910-11e4-a81c-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [0d30] - Scanning File C:\System Volume Information\{b945f887-d2fb-11e4-8a72-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [0c34] - Scanning File C:\System Volume Information\{b945f946-d2fb-11e4-8a72-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [0e98] - Scanning File C:\System Volume Information\{b945f969-d2fb-11e4-8a72-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [1098] - Scanning File C:\System Volume Information\{f0b65343-e310-11e4-8312-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 Apr 2015 12:21:04 [0c34] - Scanning File C:\System Volume Information\{f0b65356-e310-11e4-8312-001e4fe6bfab}{3808876b-c176-4e48-b7ae-04046e6cc752}
 
15 Apr 2015 12:33:25 [06dc] - ***** Checking for specific ITW Viruses *****
 
15 Apr 2015 12:33:25 [06dc] - ***** Scanning complete. *****
 
15 Apr 2015 12:33:25 [06dc] - Total Objects Scanned: 168320
15 Apr 2015 12:33:25 [06dc] - Total Critical Objects: 0
15 Apr 2015 12:33:25 [06dc] - Total Disinfected Objects: 0
15 Apr 2015 12:33:25 [06dc] - Total Objects Renamed: 0
15 Apr 2015 12:33:25 [06dc] - Total Deleted Objects: 0
15 Apr 2015 12:33:25 [06dc] - Total Errors: 0
15 Apr 2015 12:33:25 [06dc] - Time Elapsed: 00:14:06
15 Apr 2015 12:33:26 [06dc] - Virus Database Date: 15 Apr 2015
15 Apr 2015 12:33:26 [06dc] - Virus Database Count: 5637416
15 Apr 2015 12:33:26 [06dc] - Sign Version: 7.60122 [518874]
 
15 Apr 2015 12:33:26 [06dc] - Scan Completed.
 
*******************
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.4 (04.13.2015:1)
OS: Windows 7 Professional x64
Ran by Czarina on 15/04/2015 at 12:43:08.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/04/2015 at 12:46:17.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
****************
 
# AdwCleaner v4.201 - Logfile created 15/04/2015 at 13:02:39
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Czarina - CZARINA-PC
# Running from : C:\Users\Czarina\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\Czarina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Czarina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ff&src=crm&tb=FXTV5&o=101703&locale=en_US&apn_uid=&apn_ptnrs=F3&apn_sauid=&apn_dtid=YYYYYYYYCA&q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2459 bytes] - [14/04/2015 22:23:44]
AdwCleaner[R1].txt - [1274 bytes] - [15/04/2015 13:00:39]
AdwCleaner[S0].txt - [2579 bytes] - [14/04/2015 22:24:59]
AdwCleaner[S1].txt - [1203 bytes] - [15/04/2015 13:02:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1262  bytes] ##########
 
*****************
 
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
 
Adware Removal Tool v3.9
Time: 2015_04_15_13_07_38
OS: Windows 7 - 64 Bit
Account Name: Czarina
U0L0S13
 
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
Deleted - File - C:\Users\Czarina\Appdata\Local\Microsoft\Internet Explorer\DOMStore\C71IXOGZ\www.anyprotect[1].xml
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b79c6da1_0:
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
 
\\ Finished
 
***************


#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 15 April 2015 - 05:40 PM

Go ahead and remove Spybot from your machine, you can reinstall it after we are done

 

Boot into Safe Mode With Networking. The first tool that we will use is Emsisoft Emergency Kit. , download and save the application to your desktop. Right Click the jN5wn3A.png icon and select Run As Administrator. Click on Extract.

YvNQ89G.png

Another similar icon will appear on your desktop, right click this one and Run as Administrator as well. When the program opens then select Update.

g2dQLzX.png

After the update if you see the screen below then select yes.

Qnpw3Dt.png

Now Click on the Scan button, do not start the scan yet.

NWDLpr3.png

Make sure to click yes to detect Pups.

EyL1lzA.jpg

Select the On scan completion button, then quarantine detected objects, then hit OK.

M6NLlEF.png

Now click on the Smart Scan (Recommended)

xqcvGKt.png

Allow the scan to complete. Upon Completion select Quarantine Selected. Make Certain All Items are Ticked

KFlm13h.png

Click OK upon the completion, of the program removing the infected files.

xLHwX5a.png

Reboot if needed to remove infected files, post the log here in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt

 

Eset Scan
 
Disable your antivirus prior to running this scan.
 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#8 paul_guertin

paul_guertin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 16 April 2015 - 07:36 PM

Thank you.  I ran into a couple of slight differences but I believe I followed all of the instructions correctly.  Here are the new logs...

 

^^^^^^^^^^^^^^^^^^

Emsisoft Emergency Kit - Version 9.0
Last update: 4/16/2015 6:51:36 PM
User account: Czarina-PC\Czarina
 
Scan settings:
 
Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 4/16/2015 6:54:50 PM
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} detected: Application.Bundle (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} detected: Application.Bundle (A)
Value: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} detected: Application.Win32.InstallAd (A)
 
Scanned 157948
Found 6
 
Scan end: 4/16/2015 7:12:44 PM
Scan time: 0:17:54
 
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} Quarantined Application.Win32.InstallAd (A)
Value: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Quarantined Application.Bundle (A)
 
Quarantined 4
 
^^^^^^^^^^^^^^^^
 
Emsisoft Emergency Kit - Version 9.0
Quarantine log
 
Date Source Event Detection
4/16/2015 7:12:46 PM Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} Moved to quarantine Application.Win32.InstallAd (A)
4/16/2015 7:12:46 PM Value: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Moved to quarantine Setting.DisableRegistryTools (A)
4/16/2015 7:12:46 PM Value: HKEY_USERS\S-1-5-21-2125953388-2976912811-3778226966-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Moved to quarantine Setting.DisableTaskMgr (A)
4/16/2015 7:12:46 PM Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Moved to quarantine Application.Bundle (A)
 
^^^^^^^^^^^^^^^^^^^^^
 
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.04.16.06
  rootkit: v2015.03.31.01
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.17728
Czarina :: CZARINA-PC [administrator]
 
16/04/2015 7:46:21 PM
mbar-log-2015-04-16 (19-46-21).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 325529
Time elapsed: 6 minute(s), 33 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
^^^^^^^^^^^^^^^^^^^^
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17728
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 4148809728, free: 2953199616
 
Downloaded database version: v2015.04.16.06
Downloaded database version: v2015.03.31.01
Downloaded database version: v2015.04.06.02
=======================================
Initializing...
------------ Kernel report ------------
     04/16/2015 19:46:12
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1e6032e.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\NuidFltr.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.04.16.06
  rootkit: v2015.03.31.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004737060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004737b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004737060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004202060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CCC9FFB1
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 7880704
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 7882752  Numsec = 1945638912
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
^^^^^^^^^^^^^^^^
 
C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan cleaned by deleting - quarantined
C:\Users\Czarina\AppData\Local\nseD7B5.tmp Win32/AnyProtect.G potentially unwanted application deleted - quarantined
C:\Users\Czarina\AppData\Local\nsn5360.tmp Win32/AnyProtect.G potentially unwanted application deleted - quarantined
C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application deleted - quarantined
 
^^^^^^^^^^^^^^^^^^


#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 17 April 2015 - 05:19 AM

Anymore issues with your machine?



#10 paul_guertin

paul_guertin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 17 April 2015 - 09:34 PM

I rebooted it into Normal Mode and launched Chrome.  Avast immediately identified and stopped a couple of webpages from opening.  It then identified that there were a couple of unwanted extensions installed and offered to clean them.  Following that, I went to check the extensions list and found that a Sharkman Coupons extension was now visible.  I deleted it.  I opened Avast and had it check for further browser extension issues and it found none.

 

Following that, webpage rendering seemed to be fine and the pop-ups and adverts were no where to be seen.  Performing a search on Google is now bringing up a 'clean' results page without the fake advert results at the top, etc.

 

1. Unless you think there's anything else I should run or re-run, I think it looks like we're in good shape now.

 

2. I've gone with Avast as the single AV client but I'm wondering if there's anything else you feel would be good to have running as a system monitor.

 

Thank you so much for all your help!  Obviously, I could not have done this without you and it is sincerely appreciated.



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 18 April 2015 - 05:02 AM

Lets run two last scans. :)

 

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 



#12 paul_guertin

paul_guertin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 18 April 2015 - 03:28 PM

Okay, now done.  I removed the infections found by each one.

 

Here are the logs...

 

^^^^^^^

 

Zemana AntiMalware 2.10.2.18 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/4/18
Operating System      : Windows 7 64-bit
Processor             : 2X Intel® Core™2 Duo CPU   E8200 @ 2.66GHz
BIOS Mode             : Legacy
CUID                  : 00E51F46A51D0D497D3B3D
Scan Type             : Deep Scan
Duration              : 9m 32s
Scanned Objects       : 32673
Detected Objects      : 3
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Engines               : Zemana, Avira, Eset, Bitdefender, AVG, Kaspersky
 
 
Detected Objects
-------------------------------------------------------
Chrome Startup Url
   Status             : Scanned
   Object             : http://www.cbc.ca/
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detections         : Suspicious Browser Setting
   Cleaning Action    : Repair
   Traces             :
                Browser Setting - Chrome Startup Url
 
Chrome Homepage
   Status             : Scanned
   Object             : http://www.cbc.ca/
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detections         : Suspicious Browser Setting
   Cleaning Action    : Repair
   Traces             :
                Browser Setting - Chrome Homepage
 
Hosts File
   Status             : Scanned
   Object             : %systemroot%\system32\drivers\etc\hosts
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detections         : Hosts Hijack
   Cleaning Action    : Repair
   Traces             :
                Hosts File - Hosts file is hidden
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 0
Failed                : 0
 
^^^^^^^
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 18/04/2015
Scan Time: 4:04:05 PM
Logfile: mb.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.18.03
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Czarina
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322725
Time Elapsed: 7 min, 13 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [cc3fd797d5b5c0765fb57b433bc83dc3], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
^^^^^^^


#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 18 April 2015 - 04:23 PM

Ok, Lets clean up the tools used and update. :)

 

Update you software.

https://patchmypc.net/freeupdater/PatchMyPC.exe

 

 

Qualys BrowserCheck To update plugins.

Safe Browsing Tool Web of trust to keep away from shady sites.

Unchecky  To avoid bundled software.

Adblock Plus  To browse the web ad free.

Malwarebytes Anti-Exploit To block Zero day attacks.

Malwarebytes | StartUpLITE To disable un-needed start ups.

 

 

 

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt



#14 paul_guertin

paul_guertin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 19 April 2015 - 11:27 AM

Okay, all done, installed and run.

I did have to uninstall some of the tools manually through Control Panel but all cleaned up now.

Here is the log.

# DelFix v10.9 - Logfile created 19/04/2015 at 11:12:23
# Updated 27/02/2015 by Xplode
# Username : Czarina - CZARINA-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner
Deleted : C:\Users\Czarina\Downloads\HijackThis.exe
Deleted : C:\Users\Czarina\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #26 [LavasoftWeCompanion | 03/12/2015 16:54:21]
Deleted : RP #27 [Removed MSXML 4.0 SP2 (KB954430) | 03/12/2015 22:46:27]
Deleted : RP #28 [LavasoftWeCompanion | 03/12/2015 22:47:50]
Deleted : RP #29 [Removed MSXML 4.0 SP2 (KB973688) | 03/12/2015 22:52:49]
Deleted : RP #30 [Windows Update | 03/15/2015 19:39:48]
Deleted : RP #31 [Windows Update | 03/18/2015 20:20:59]
Deleted : RP #32 [Windows Update | 03/22/2015 01:19:43]
Deleted : RP #33 [Windows Update | 03/25/2015 07:00:34]
Deleted : RP #34 [Windows Update | 03/30/2015 20:19:20]
Deleted : RP #35 [Windows Update | 04/05/2015 02:04:27]
Deleted : RP #36 [Windows Update | 04/05/2015 07:00:11]
Deleted : RP #37 [Installed Chrome Remote Desktop Host | 04/08/2015 03:21:20]
Deleted : RP #38 [Installed AVG 2015 | 04/08/2015 03:36:53]
Deleted : RP #39 [Installed AVG 2015 | 04/08/2015 03:37:18]
Deleted : RP #40 [Windows Update | 04/08/2015 19:27:19]
Deleted : RP #41 [Removed AVG 2015 | 04/15/2015 01:51:13]
Deleted : RP #42 [Removed AVG 2015 | 04/15/2015 01:53:32]
Deleted : RP #43 [Windows Update | 04/15/2015 07:00:16]

New restore point created !

########## - EOF - ##########

Going forward... Both Avast AV (in the system tray and the Chrome extension) and Malware Bytes anti-malware are both installed. I plan to regularly run each one's scan. Is there any other applications that you recommend I install (real-time monitoring or for regular scanning) or do you think we should be good with AvastAV and MB? Thank you!

#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 19 April 2015 - 04:14 PM

I would personally add the program below to the machine, it runs in realtime and only usues very little cpu. Although it does not offer protection, it is a great on demand scanner to have and it is always updated. It uses 1% cpu on my machine.... Run a full scan with it once a week or two.

 

http://www.tgsoft.it/english/download_eng.asp






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users