Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs not working, ProxyOverride


  • Please log in to reply
19 replies to this topic

#1 Houka

Houka

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 12 April 2015 - 11:11 PM

So a couple progarm started to not work or just sort of sit there and do nothing. I've used Avast, Malware Bytes, Adwcleaner, and RougeKiller but doesn't seem to find anything except one thing. There appaer to be a few files Adwclea=ner finds but can't seem to gte rid of them. The Value part state they are ProxyOverride and (for two anyway) the data part states < -loopback>

 

Any suggesttion on getting rid of them or to want my probelm could be?



BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 12 April 2015 - 11:25 PM

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

 

 

Tell me how things are, if you have any issues let us know. :)



#3 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 13 April 2015 - 05:13 PM

-eScanAV-

 

12 Apr 2015 23:30:49 [0b20] - **********************************************************
12 Apr 2015 23:30:49 [0b20] - MWAV - eScanAV AntiVirus Toolkit.
12 Apr 2015 23:30:49 [0b20] - Copyright © MicroWorld Technologies
12 Apr 2015 23:30:49 [0b20] - **********************************************************
12 Apr 2015 23:30:49 [0b20] - Source: C:\Users\Andrew\Downloads\mwav.exe
12 Apr 2015 23:30:49 [0b20] - Version 14.0.178 (C:\USERS\ANDREW\APPDATA\LOCAL\TEMP\MEXE.COM)
12 Apr 2015 23:30:49 [0b20] - Log File: C:\Users\Andrew\AppData\Local\Temp\MWAV.LOG
12 Apr 2015 23:30:49 [0b20] - MWAV Registered: TRUE
12 Apr 2015 23:30:49 [0b20] - User Account: Andrew (Administrator Mode)
12 Apr 2015 23:30:49 [0b20] - OS Type: Windows Workstation [InstallType: Client]
12 Apr 2015 23:30:49 [0b20] - OS: Windows 7 64-Bit [OS Install Date: 22 Sep 2014 15:22:29]
12 Apr 2015 23:30:49 [0b20] - Ver: Personal Service Pack 1 (Build 7601)
12 Apr 2015 23:30:49 [0b20] - System Up Time: 17 Minutes, 37 Seconds


12 Apr 2015 23:30:49 [0b20] - Parent Process Name : C:\Users\Andrew\Downloads\mwav.exe
12 Apr 2015 23:30:49 [0b20] - Windows Root  Folder: C:\windows
12 Apr 2015 23:30:49 [0b20] - Windows Sys32 Folder: C:\windows\system32
12 Apr 2015 23:30:49 [0b20] - DHCP NameServer: 192.168.1.1
12 Apr 2015 23:30:49 [0b20] - Interface0 DHCPNameServer: 192.168.0.1
12 Apr 2015 23:30:49 [0b20] - Interface1 DHCPNameServer: 192.168.1.1
12 Apr 2015 23:30:49 [0b20] - Local Fixed Drives: c:\,d:\,q:\
12 Apr 2015 23:30:49 [0b20] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
12 Apr 2015 23:30:49 [0b20] - [CREATED ZIP FILE: C:\Users\Andrew\AppData\Local\Temp\pinfect.zip]
12 Apr 2015 23:30:49 [0b20] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
12 Apr 2015 23:30:52 [0b20] - ** Changed Value of "Path"
12 Apr 2015 23:30:52 [0b20] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Andrew\AppData\Local\Temp\ESCANDB.LOG]
12 Apr 2015 23:30:54 [0b20] - Loaded/Created FileScan Cache Database...
12 Apr 2015 23:30:54 [0b20] - Loading AV Library [DB]...
12 Apr 2015 23:31:32 [0b20] - ArchiveScan: DISABLED
12 Apr 2015 23:31:33 [0b20] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].
12 Apr 2015 23:31:33 [0b20] - MWAV doing self scanning...
12 Apr 2015 23:31:33 [0b20] - MWAV files are clean.
12 Apr 2015 23:31:40 [0b20] - ArchiveScan: DISABLED
12 Apr 2015 23:31:40 [0b20] - Virus Database Date: 02 Mar 2015
12 Apr 2015 23:31:40 [0b20] - Virus Database Count: 6701505
12 Apr 2015 23:31:40 [0b20] - Sign Version: 7.59505 [518257]
12 Apr 2015 23:31:53 [0b20] - Downloading AntiVirus and Anti-Spyware Databases...
12 Apr 2015 23:36:39 [0b20] - Update Successful...
12 Apr 2015 23:37:35 [0b20] - Indexed Spyware Databases Successfully Created...
12 Apr 2015 23:37:35 [0b20] - Old Sign Version: 7.59505    New Sign Version: 7.60086
12 Apr 2015 23:38:47 [0b20] - Reload of AntiVirus Signatures successfully done.
12 Apr 2015 23:38:47 [0b20] - Virus Database Date: 12 Apr 2015
12 Apr 2015 23:38:47 [0b20] - Virus Database Count: 5675400
12 Apr 2015 23:38:48 [0b20] - Sign Version: 7.60086 [518838]
 
12 Apr 2015 23:39:23 [0b20] - **********************************************************
12 Apr 2015 23:39:23 [0b20] - MWAV - eScanAV AntiVirus Toolkit.
12 Apr 2015 23:39:23 [0b20] - Copyright © MicroWorld Technologies
12 Apr 2015 23:39:23 [0b20] -
12 Apr 2015 23:39:23 [0b20] - Support: support@escanav.com
12 Apr 2015 23:39:23 [0b20] - Web: http://www.escanav.com
12 Apr 2015 23:39:23 [0b20] - **********************************************************
12 Apr 2015 23:39:23 [0b20] - Version 14.0.178[DB] (C:\USERS\ANDREW\APPDATA\LOCAL\TEMP\MEXE.COM)
12 Apr 2015 23:39:23 [0b20] - Log File: C:\Users\Andrew\AppData\Local\Temp\MWAV.LOG
12 Apr 2015 23:39:23 [0b20] - User Account: Andrew (Administrator Mode)
12 Apr 2015 23:39:23 [0b20] - Parent Process Name : C:\Users\Andrew\Downloads\mwav.exe
12 Apr 2015 23:39:23 [0b20] - Windows Root  Folder: C:\windows
12 Apr 2015 23:39:23 [0b20] - Windows Sys32 Folder: C:\windows\system32
12 Apr 2015 23:39:23 [0b20] - OS: Windows 7 64-Bit [OS Install Date: 22 Sep 2014 15:22:29]
12 Apr 2015 23:39:23 [0b20] - Ver: Personal Service Pack 1 (Build 7601)
12 Apr 2015 23:39:23 [0b20] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
12 Apr 2015 23:39:23 [1af8] - Options Selected by User:
12 Apr 2015 23:39:23 [1af8] - Memory Check: Enabled
12 Apr 2015 23:39:23 [1af8] - Registry Check: Enabled
12 Apr 2015 23:39:23 [1af8] - StartUp Folder Check: Enabled
12 Apr 2015 23:39:23 [1af8] - System Folder Check: Enabled
12 Apr 2015 23:39:23 [1af8] - Services Check: Enabled
12 Apr 2015 23:39:23 [1af8] - Scan Spyware: Enabled
12 Apr 2015 23:39:23 [1af8] - Scan Archives: Disabled
12 Apr 2015 23:39:23 [1af8] - Drive Check: Enabled
12 Apr 2015 23:39:23 [1af8] - All Drive Check :Disabled
12 Apr 2015 23:39:23 [1af8] - Drive Selected = C:\
12 Apr 2015 23:39:23 [1af8] - Folder Check: Disabled
12 Apr 2015 23:39:23 [1af8] - SCAN: All_Files [ANSI]
12 Apr 2015 23:39:23 [1af8] - MWAV Mode( B): Scan and Clean files (for viruses, adware and spyware)
 
12 Apr 2015 23:39:23 [1af8] - Scanning DNS Records...
12 Apr 2015 23:39:23 [1af8] - Scanning Master Boot Record (User)...
12 Apr 2015 23:39:23 [1af8] - Scanning Logical Boot Records...
12 Apr 2015 23:39:25 [1af8] - ***** Scanning For Hidden Rootkit Processes *****
12 Apr 2015 23:39:25 [1af8] - ***** Scanning For Hidden Rootkit Services *****
 
12 Apr 2015 23:39:30 [1af8] - ***** Scanning Memory Files *****
 
12 Apr 2015 23:40:04 [1af8] - ***** Scanning Registry Files *****
12 Apr 2015 23:40:06 [1af8] - Scanning File C:\ProgramData\{587CB0BF-08FE-6139-B978-11BB69FAC235}\1.7.1.0\colo.dll
12 Apr 2015 23:40:06 [1af8] - File C:\ProgramData\{587CB0BF-08FE-6139-B978-11BB69FAC235}\1.7.1.0\colo.dll infected by "Adware.Agent.PHQ (DB)" Virus! Action Taken: File Renamed.

12 Apr 2015 23:40:06 [1af8] - *** SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows has "RunningProcess" defined as [C:\PROGRA~3\{587CB~1\171~1.0\colo.dll] (which is infected)!
12 Apr 2015 23:40:06 [1af8] - *** Reg Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs deleted because it is infected by a Virus
 
12 Apr 2015 23:40:10 [1af8] - ***** Scanning StartUp Folders *****
12 Apr 2015 23:40:31 [194c] - ScanFile (C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7a8db574299c8568.automaticDestinations-ms) took 6381 ms
12 Apr 2015 23:40:32 [1904] - Scanning File C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\3yne4wca.Default User\extensions\staged\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js
12 Apr 2015 23:40:32 [1904] - File C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\3yne4wca.Default User\extensions\staged\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js infected by "Trojan.JS.Agent.JMG (DB)" Virus! Action Taken: File Deleted.

12 Apr 2015 23:40:44 [1904] - C:\ProgramData\Lavasoft\Web Companion\Options\Detection.SP.zip not Scanned. Possibly password protected...
 
12 Apr 2015 23:42:58 [1af8] - ***** Scanning Service Files *****
12 Apr 2015 23:43:16 [1af8] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
12 Apr 2015 23:43:24 [1af8] - ***** Scanning Registry and File system for Adware/Spyware *****
12 Apr 2015 23:43:24 [1af8] - Loading Spyware Signatures from new External Database [Name: C:\Users\Andrew\AppData\Local\Temp\spydb.avs, Size: 464724]...
12 Apr 2015 23:43:24 [1af8] - Indexed Spyware Databases Successfully Created...
 
 
12 Apr 2015 23:43:49 [1af8] - ***** Scanning Registry Files *****
12 Apr 2015 23:43:51 [1af8] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
12 Apr 2015 23:43:51 [1af8] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
12 Apr 2015 23:43:51 [1af8] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
12 Apr 2015 23:43:51 [1af8] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
12 Apr 2015 23:43:51 [1af8] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
12 Apr 2015 23:43:52 [1af8] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
12 Apr 2015 23:43:52 [1af8] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-us
12 Apr 2015 23:43:52 [1af8] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-us
 
12 Apr 2015 23:43:52 [1af8] - ***** Scanning System32 Folders *****
 
 
12 Apr 2015 23:46:28 [1af8] - ***** Scanning Drive C:\ *****
12 Apr 2015 23:46:29 [194c] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\acerace.BrowserAdapter.exe.vir
12 Apr 2015 23:46:29 [194c] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\acerace.BrowserAdapter.exe.vir infected by "Adware.BrowseFox.BB (DB)" Virus! Action Taken: File Renamed.

12 Apr 2015 23:46:29 [0fc8] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\acerace.BrowserAdapter64.exe.vir
12 Apr 2015 23:46:29 [1904] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\acerace.expextdll.dll.vir
12 Apr 2015 23:46:29 [0fc8] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\acerace.BrowserAdapter64.exe.vir infected by "Adware.BrowseFox.BB (DB)" Virus! Action Taken: File Renamed.

12 Apr 2015 23:46:29 [1904] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\acerace.expextdll.dll.vir infected by "Adware.BrowseFox.BB (DB)" Virus! Action Taken: File Renamed.

12 Apr 2015 23:46:29 [1b54] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\acerace.expext.exe.vir
12 Apr 2015 23:46:29 [1b54] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\acerace.expext.exe.vir infected by "Adware.BrowseFox.BB (DB)" Virus! Action Taken: File Renamed.

12 Apr 2015 23:46:29 [1904] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\f2944598b89f4e10b5445173761572df64.dll.vir
12 Apr 2015 23:46:29 [1904] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\f2944598b89f4e10b5445173761572df64.dll.vir infected by "Adware.BrowseFox.BB (DB)" Virus! Action Taken: File Renamed.

12 Apr 2015 23:46:29 [194c] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\f2944598b89f4e10b5445173761572df.dll.vir
12 Apr 2015 23:46:29 [194c] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\f2944598b89f4e10b5445173761572df.dll.vir infected by "Adware.BrowseFox.BB (DB)" Virus! Action Taken: File Renamed.

12 Apr 2015 23:46:30 [1904] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\updateacerace.exe.vir
12 Apr 2015 23:46:30 [1904] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\updateacerace.exe.vir infected by "Adware.BrowseFox.BB (DB)" Virus! Action Taken: File Renamed.

12 Apr 2015 23:46:31 [1b54] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\utilacerace.exe.vir
12 Apr 2015 23:46:31 [1b54] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\ace race\bin\utilacerace.exe.vir infected by "Adware.BrowseFox.BB (DB)" Virus! Action Taken: File Renamed.

12 Apr 2015 23:46:44 [1904] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\Vosteran\Application\Vosteran\helper.exe.vir
12 Apr 2015 23:46:44 [1904] - File C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\Vosteran\Application\Vosteran\helper.exe.vir infected by "Trojan.Generic.12959758 (DB)" Virus! Action Taken: File Renamed.

12 Apr 2015 23:46:45 [194c] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\Vosteran\Application\vosteran.exe.vir
12 Apr 2015 23:46:45 [194c] - File C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\Vosteran\Application\vosteran.exe.vir infected by "Application.Browser.FakeBrowser.A (DB)" Virus! Action Taken: File Renamed.

12 Apr 2015 23:46:56 [1b54] - Scanning File C:\FRST\Quarantine\C\windows\system32\drivers\{9f797875-3e17-4f05-af13-44c39bc9c2c2}Gw64.sys.xBAD
12 Apr 2015 23:46:56 [1b54] - File C:\FRST\Quarantine\C\windows\system32\drivers\{9f797875-3e17-4f05-af13-44c39bc9c2c2}Gw64.sys.xBAD infected by "Adware.SwiftBrowse.CH (DB)" Virus! Action Taken: File Renamed.

13 Apr 2015 00:00:13 [1904] - Scanning File C:\Pichers\Porn\Other\Hard\2345 - @Xeic Daisukenojo_Bito Neku_Sakuraba The_World_Ends_With_You.png
13 Apr 2015 00:00:13 [0fc8] - Scanning File C:\Pichers\Porn\Other\Hard\3337 - @Anma Blue_Exorcist Renzo_Shima Rin_Okumura.jpg
13 Apr 2015 00:00:13 [1b54] - Scanning File C:\Pichers\Porn\Other\Hard\3365 - @Teppei Blue_Exorcist Rin_Okumura Ryuji_Suguro.jpg
13 Apr 2015 00:00:13 [194c] - Scanning File C:\Pichers\Porn\Other\Hard\3336 - @Anma Blue_Exorcist Rin_Okumura Ryuji_Suguro.jpg
13 Apr 2015 00:00:13 [0fc8] - Scanning File C:\Pichers\Porn\Other\Hard\3670 - @Kisaradzu Kyushu_Sentai_Danjiger Koji_Kagoshima.jpg
13 Apr 2015 00:00:13 [1b54] - Scanning File C:\Pichers\Porn\Other\Hard\3632 - Blue_Exorcist Kinzo_Shima Renzo_Shima Ryuji_Suguro.jpg
13 Apr 2015 00:00:13 [194c] - Scanning File C:\Pichers\Porn\Other\Hard\3669 - @Kisaradzu Kyushu_Sentai_Danjiger Koji_Kagoshima.jpg
13 Apr 2015 00:00:15 [0fc8] - Scanning File C:\Pichers\Porn\Other\Hard\4423 - @DarkChibiShadow Blue_Exorcist Rin_Okumura Ryuji_Suguro.png
13 Apr 2015 00:00:16 [194c] - Scanning File C:\Pichers\Porn\Other\Hard\4849 - Durarara!! Masaomi_Kida Mikado_Ryugamine.jpg
13 Apr 2015 00:01:34 [0fc8] - Scanning File C:\Pichers\Porn\Other\Solo\3367 - @Teppei Blue_Exorcist Ryuji_Suguro.jpg
13 Apr 2015 00:01:34 [1904] - Scanning File C:\Pichers\Porn\Other\Solo\3366 - @Teppei Blue_Exorcist Ryuji_Suguro.jpg
13 Apr 2015 00:01:35 [0fc8] - Scanning File C:\Pichers\Porn\Other\Solo\3633 - Blue_Exorcist Ryuji_Suguro.png
13 Apr 2015 00:01:35 [1904] - Scanning File C:\Pichers\Porn\Other\Solo\4075 - @Soltian Prince_of_Tennis Yuta_Fuji.jpg
13 Apr 2015 00:02:32 [1904] - ScanFile (C:\Program Files\AVAST Software\Avast\20140902\{1DFF7BAE-FDCB-4E63-B5D5-AAA936470857}) took 8252 ms
13 Apr 2015 00:02:32 [1b54] - ScanFile (C:\Program Files\AVAST Software\Avast\ashQuick.exe) took 8128 ms
13 Apr 2015 00:14:48 [0fc8] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
13 Apr 2015 00:14:49 [1b54] - Scanning File C:\System Volume Information\{6c35c122-e18a-11e4-9a2d-e8039a1fb09e}{3808876b-c176-4e48-b7ae-04046e6cc752}
13 Apr 2015 00:36:56 [1b54] - ScanFile (C:\Windows\Temp\SecurityScan_Release.exe) took 7768 ms
 
13 Apr 2015 01:02:31 [1af8] - ***** Checking for specific ITW Viruses *****
 
13 Apr 2015 01:02:31 [1af8] - ***** Scanning complete. *****
 
13 Apr 2015 01:02:32 [1af8] - Total Objects Scanned: 324438
13 Apr 2015 01:02:32 [1af8] - Total Critical Objects: 13
13 Apr 2015 01:02:32 [1af8] - Total Disinfected Objects: 0
13 Apr 2015 01:02:32 [1af8] - Total Objects Renamed: 12
13 Apr 2015 01:02:32 [1af8] - Total Deleted Objects: 1
13 Apr 2015 01:02:32 [1af8] - Total Errors: 0
13 Apr 2015 01:02:32 [1af8] - Time Elapsed: 01:21:59
13 Apr 2015 01:02:32 [1af8] - Virus Database Date: 12 Apr 2015
13 Apr 2015 01:02:32 [1af8] - Virus Database Count: 5675400
13 Apr 2015 01:02:32 [1af8] - Sign Version: 7.60086 [518838]
 
13 Apr 2015 01:02:32 [1af8] - Scan Completed.

 

-ZHP Cleaner-

~ ZHPCleaner v2015.4.14.167 by Nicolas Coolman (13/04/2015)
~ Run by Andrew (Administrator)  (13/04/2015 16:22:09)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Andrew\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Andrew\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (34)
DELETED: [5zo6vkca.default] - user_pref("extensions.ClearThink.asul", "1411621237213"); (PUP.ClearThink)
DELETED: [5zo6vkca.default] - user_pref("extensions.ClearThink.aul", "1411621256488"); (PUP.ClearThink)
DELETED: [5zo6vkca.default] - user_pref("extensions.ClearThink.irl", true); (PUP.ClearThink)
DELETED: [5zo6vkca.default] - user_pref("extensions.ClearThink.is", "isgiPub2US"); (PUP.ClearThink)
DELETED: [5zo6vkca.default] - user_pref("extensions.ClearThink.ug", "ced28d7d-bd7c-42c0-acf8-627e72e6d999"); (PUP.ClearThink)
DELETED: [5zo6vkca.default] - user_pref("extensions.ace race.aul", "1422576732332"); (Adware.Sambreel)
DELETED: [5zo6vkca.default] - user_pref("extensions.ace race.is", "isgiPub2US"); (Adware.Sambreel)
DELETED: [5zo6vkca.default] - user_pref("extensions.ace race.ug", "AEEDE199-1CC9-4831-B396-4D6F639268E5"); (Adware.Sambreel)
DELETED: [5zo6vkca.default] - user_pref("extensions.snipsmart.asul", "1414795995168"); (PUP.SnipSmart)
DELETED: [5zo6vkca.default] - user_pref("extensions.snipsmart.aul", "1414795921604"); (PUP.SnipSmart)
DELETED: [5zo6vkca.default] - user_pref("extensions.snipsmart.irl", true); (PUP.SnipSmart)
DELETED: [5zo6vkca.default] - user_pref("extensions.snipsmart.is", "thin"); (PUP.SnipSmart)
DELETED: [5zo6vkca.default] - user_pref("extensions.snipsmart.ug", "4eff62da-3a3a-9529-f879-9cc9c97e3aa2"); (PUP.SnipSmart)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.AL", 4); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.aflt", "vst_dnldstr_15_05_ff"); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.appId", "{4CB3598A-82E8-4D1F-983F-061238AE696E}"); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.cd", "2XzuyEtN2Y1L1Qzu0EzztDtAzy0AtC0F0BtDzy0Ezy0CtB0BtN0D0Tzu0StCtC[...] (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.cr", "1131745502"); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.dfltSrch", true); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.dnsErr", true); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.hmpg", true); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.id", "E8039A1FB09E9C2B"); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.instlDay", "16464"); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.instlRef", "142905_s3"); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.prdct", "srchvstrn"); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.vrsn", ""); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn.vrsni", ""); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn_i.newTab", true); (PUP.Vosteran)
DELETED: [5zo6vkca.default] - user_pref("extensions.srchvstrn_i.vrsnTs", "16:37:20"); (PUP.Vosteran)
REPLACED Proxy: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride ( <-loopback> )
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings [Bad : Port=53274 <-Loopback>]  (Hijacker.Proxy)
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings [Bad : Port=53274 <-Loopback>]  (Hijacker.Proxy)
MOVED file: C:\Users\Andrew\Desktop\Video Of The Day.lnk  [Bad : C:\Users\Andrew\AppData\Local\Vosteran\Application\vosteran.exe] (PUP.Vosteran)
MOVED file: C:\Users\Public\Desktop\Driver Support.lnk  [Bad : C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe] (PUP.DriverSupport)


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (132)
MOVED folder: C:\Users\Andrew\Downloads\Driver Support\Driver Support (PUP.DriverSupport)
MOVED folder: C:\Users\Andrew\Downloads\Driver Support (PUP.DriverSupport)
MOVED file: C:\windows\Installer\11f18a9.msi [PC Drivers Headquarters, LP - InstallShield® 2013 - Premier Edition with Virtualization Pack  20] (PUP.Optional)
MOVED folder: C:\Users\Andrew\AppData\Local\{02DB427B-A05F-4B43-AD7A-46340B1E22CB} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{059CEC2A-59DC-4111-A97A-4ABD80CD12AD} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{0802DFDF-4EB2-4370-A457-D364A45AF9B9} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{0B233C89-3D6D-49F5-931C-C8ABD2D0A7D9} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{0B7168F4-95DB-4A3A-BD92-65DBAABC2E5B} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{0FAF2C73-496C-47F0-8984-E67888FA4B1A} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{1302319F-4894-4B81-8E64-4C3EA82D397A} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{18F0FC45-1D48-4F7D-95E6-6921F598B4CA} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{19B9ADF8-5894-46A6-B541-8DCE80E603B5} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{1C6FC458-3DAF-46BE-8D2A-260732CC9763} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{1CF558CD-D90A-438E-B231-4CAC1C7AAC73} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{1FE6B1E3-2D7F-4D8B-A3E4-F9C2E55A39D8} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{20A6D7D5-505F-480E-977B-38E026AE1153} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{21E1977E-B28A-4733-BB40-31753E3DB522} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{25334602-CF0C-4537-8BA3-AA826FF12769} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{25CB9A3D-E7D7-417F-9405-079A859A7E93} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{278E0E07-1F91-4F32-B0A2-1C5B9F7321F8} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{2A668056-C5B5-4D59-A4DC-C2A437B5812E} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{323157AC-E4E6-4B3A-962D-0D5185DEA8B1} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{336DE42F-135D-4A68-99FB-D78B27B28247} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{346BCA68-78DB-4D1B-8D0F-505515FB315F} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{387449E7-8426-4FE4-A407-4F776FCA3F88} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{389874E8-E15B-4778-8EEE-06F9C227C8C6} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{3BDB89BF-D823-4FB3-AE33-5353D537C4C2} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{3D25B96B-ECD1-4D27-B3C3-F7E5586AC6D7} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{3EF1EDF8-7080-48E5-AFAD-8220DC50C232} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{3F168F15-D32E-4322-A59B-44446341CF68} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{4232A828-9894-4AEA-9AD9-5B2939C11AB0} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{44159972-D6A5-4A72-AD3C-B56C2D006385} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{457EBCB8-D06B-4214-B14A-9EBD75D00A37} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{45888230-8C6D-4E86-9DEC-25AACBAFE3B4} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{4682C1DB-6FC2-4FCB-B24B-4889CBAD5EA4} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{496D9D4A-3B61-4162-8654-70A854B23825} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{49F04471-C593-4C3A-B2F3-EB77C3517143} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{4A0FCD74-A912-4DB4-9334-ACC278B0D8B8} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{4C04ABD0-1212-4096-B59F-07172F9FEBCF} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{507EF9CC-D1EF-4CB2-9E86-1DCE381A2FE9} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{508543E9-12EA-4DE6-8235-144F1201E39C} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{51D42966-F527-449D-AB69-57C4992FA121} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{5260738B-B8DE-4352-88E0-4D76C4303855} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{538A4AF6-9F8E-41D6-BE59-E94583419B03} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{5C2DCED0-F8D4-42A1-8A04-0E2F2416F679} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{5F6ECB93-3F06-4758-AA6F-3A9BCB8DAB1A} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{5FCB89DB-F891-41C5-843A-A7111A9C1565} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{62E1CEA0-3DC4-4409-9AEE-D04129880567} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{63548192-D587-493F-BB0C-E8C3080860B3} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{6537602E-3C19-40EE-9ABA-74E9A021ACB2} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{65857673-AFAD-49FB-9C3A-E70AEA6C5BD0} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{66D194B2-4B7E-44CF-8DD2-4AFE8AAFA358} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{688F93AA-7750-4C93-9EF8-65FFF46E5710} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{6A79D406-78C6-473D-95F2-794CF62C0063} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{6ACCCE00-AD39-40AA-8954-0E38E6FFA4D8} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{6FACBE8D-0241-4ABE-B69A-CF241A054CC7} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{73E16DBC-30C9-48E9-AC29-6CB057BFC0F5} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{74096BF2-A735-46AB-BC2D-96FAAFCCA258} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{758BF541-ECCC-440E-A3B1-EE9C72CA938D} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{77BA19F8-C508-4F3B-87F3-5D84958B4FD4} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{787BD50F-CA9D-40EA-8DFF-81E165C0990A} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{85BD4049-644D-4AF2-ADF3-B8455FA167DA} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{89DFB5A5-8C9E-4258-9E48-9843E0B82E59} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{8D3DADB6-5768-48ED-9859-CAB3D016241B} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{8E175E92-5D81-4342-9803-CE1050CE9658} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{9BDC63D2-61BC-4507-A553-F4162C37982F} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{9DD3A71C-8DA4-4EA9-9B52-C2BFDFEA1C25} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{9EA09673-8E12-419E-BDDB-21649F59D2CB} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{9F45B898-19FB-4EBD-9ADF-9DFABD854559} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{9FE41E88-C398-4CDD-B1F6-A216536610BC} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{A0375669-AC27-48C2-A577-24423286E1D2} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{A0CC6500-1598-42AC-A49C-9CC6B655C023} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{A328D329-9FB4-4873-BC77-2C9C75E7492E} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{A6CB9165-455A-4CFD-8E49-9F0104BF928D} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{A735FB25-92E4-4679-B689-B440A1CA0832} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{A7FDD7B5-659D-4BDA-A95C-2AD78B2A317B} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{AD4E614D-3F30-4ECF-B8E4-A18A7B83C897} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{B00F984D-E241-4510-A575-E59DA04571B0} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{B0E44A40-0A7E-47E5-BFD5-9654A1787719} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{B168C5CA-FD5D-40FA-92F1-E88F499E3033} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{B204276A-F48A-441C-8F9B-7CD58D277E0A} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{B425414F-2C45-40B5-BA2B-D490A8B3C24F} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{B49DE676-BF17-4F90-9995-5C88D89099EF} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{B4F4AA61-4981-4324-AFBE-66D6554642FD} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{B60C7386-5665-4229-A073-AA6DC510CF77} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{B7A9E3C1-7CD1-4A7F-9EB1-3A94B8283730} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{BE0CFED1-0E46-4CAB-86BB-1C42D1AD1DC2} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{C135F81A-4871-4502-9FF5-45813339A598} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{C1FFC34A-A85A-45BE-A787-60F0C99D1F23} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{C2DF6F41-A3FF-4AFC-943A-9D1326FAFF47} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{C3A7BF99-7024-4035-BD08-2948A2E577A1} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{C4568199-6B81-40EA-9EF2-F6EF4512266E} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{C565F55E-1160-4052-9809-9DC360788203} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{C7450A1B-E514-453B-A35B-70265BD72CFF} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{C83A20E7-058F-4B52-88B0-D708BC3A8FBA} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{C981C90C-5CF7-41FC-A7A4-B9AA964A228E} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{CA14C1DF-9C8B-430E-8B17-C309ACDC9A14} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{CA9F0FB9-557E-4A1F-B665-E8B56303AAFF} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{CBECCA62-3C1F-48B7-AB4C-A19777141839} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{CE509AEA-E400-472E-813E-8B377DE9E35F} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{CEEE4EB6-C682-4119-B996-765816B5299E} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{D2847A4D-6ADF-4ACC-853C-30962737FB34} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{D2F806F7-0012-48C0-91BF-E65176DD970A} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{D6281C11-F9F4-4248-B923-71DA7C12E5BC} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{D71C57AC-4EEF-4E4D-9AE0-D54B754109D1} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{D8865943-9B76-46CE-94A2-E20F908732E0} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{DA5AD020-02A8-44F2-9A18-0CD9B1E82538} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{DB7A34A1-9B63-4747-A2D7-13285F5B9B31} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{DDCDB0B2-9D9E-4EE1-9CB5-A3CC55C1379E} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{DEEE84ED-E1BF-42F0-B829-7AD7282EB092} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{E03D50F8-7CBC-4131-A932-9FD94CCC3B8E} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{E3946E95-0D17-4C8C-BDA2-5C37058760E3} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{E42DCEFC-1B17-44AB-86F4-FACA56163CB0} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{E4468CDB-09F6-4F2B-80C4-5E4CE3FD9BE1} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{E847A8B7-537F-4B6B-9FEC-A105183B9646} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{E904C8F4-AF25-4B16-9C80-57F7CD889394} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{E9878B16-1427-4BA8-BE9D-C03346E63CB4} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{EA36206C-D6B7-40D0-B3FF-006BC656F9E1} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{EBF435A9-D75C-4D5E-96D9-4D5E9ABBD54B} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{EDB94038-DABB-4ECA-B76F-0A87ED90F29F} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{EF21005A-418A-4244-996C-CF5BDEF83D10} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{F0ABE36B-0DB8-4517-9C9C-DF554D185AC0} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{F0E78E05-0E39-4463-9D4C-D4A69003925D} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{F319C1C0-536F-45D8-B169-57EF542EDE43} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{F3A75DDE-7DE1-4BBD-9AA2-312D6E26E171} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{F3C6BDF2-FD7C-442C-B9ED-C58E6D66ED9A} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{F55D9ABA-E357-4F04-B180-4ADD4F7B99A6} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{F6FFBBE9-D435-4C72-8CF5-DA59AF37B94B} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{F89582BE-7B15-403D-8A27-88852092D13F} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{F9C3261F-78CE-41B5-B0B4-4EC8E9144DD1} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{FB4CBC78-EC20-4C7C-BF72-038C6043D3F5} (Empty)
MOVED folder: C:\Users\Andrew\AppData\Local\{FE8E05B9-9027-4B76-B2AA-054000699F4F} (Empty)


---\\  Registry ( Key, Value, Data) (21)
DELETED value: [X64] HKLM\Software\Classes\.htm\OpenWithProgIDs\\VosteranHTML.7FBQCCBFSEEKNDVFNYEOIQWQ5A [] (PUP.Vosteran)
DELETED value: [X64] HKLM\Software\Classes\.html\OpenWithProgIDs\\VosteranHTML.7FBQCCBFSEEKNDVFNYEOIQWQ5A [] (PUP.Vosteran)
DELETED value: [X64] HKLM\Software\Classes\.shtml\OpenWithProgIDs\\VosteranHTML.7FBQCCBFSEEKNDVFNYEOIQWQ5A [] (PUP.Vosteran)
DELETED value: [X64] HKLM\Software\Classes\.webp\OpenWithProgIDs\\VosteranHTML.7FBQCCBFSEEKNDVFNYEOIQWQ5A [] (PUP.Vosteran)
DELETED value: [X64] HKLM\Software\Classes\.xht\OpenWithProgIDs\\VosteranHTML.7FBQCCBFSEEKNDVFNYEOIQWQ5A [] (PUP.Vosteran)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markable.net [] (PUP.Re-Markable)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markable00.re-markable.net [1864] (PUP.Re-Markable)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\VosteranHTML.7FBQCCBFSEEKNDVFNYEOIQWQ5A [Vosteran HTML Document] (PUP.Vosteran)
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\5A4BF79568DD61344A01E70847CCC2EC [Driver Support] (PUP.DriverSupport)
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Driver Support [] (PUP.DriverSupport)
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Framed Display [] (PUP.FramedDisplay)
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update snipsmart [] (PUP.SnipSmart)
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Framed Display [] (PUP.FramedDisplay)
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util snipsmart [] (PUP.SnipSmart)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972} [C:\Users\Andrew\AppData\Roaming\Browser Extensions (Not File)] (PUP.Dealio)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b} [C:\Users\Andrew\AppData\Roaming\Browser Extensions (Not File)] (PUP.Dealio)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverSupport.exe [C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (Not File)] (PUP.DriverSupport)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972} [C:\Users\Andrew\AppData\Roaming\Browser Extensions (Not File)] (PUP.Dealio)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b} [C:\Users\Andrew\AppData\Roaming\Browser Extensions (Not File)] (PUP.Dealio)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} [C:\Program Files (x86)\Microsoft\BingBar\ (Not File)] (Toolbar.BingBar)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B} [C:\Users\Andrew\AppData\Roaming\Browser Extensions (Not File)] (PUP.Dealio)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 61661
~ Items found : 0
~ Items repaired : 187


End of clean at 16:31:31
===================
ZHPCleaner-[R]-13042015-16_31_31.txt

 

-Security Check-

Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton Internet Security   
avast! Antivirus           
360 Total Security         
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Secunia PSI (3.0.0.9016)   
 Adobe Flash Player 16.0.0.305  
 Mozilla Firefox (37.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Symantec Norton Online Backup NOBuAgent.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

-Minitoolbox-

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Andrew (administrator) on 13-04-2015 at 17:02:12
Running from "C:\Users\Andrew\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: 300E4A/300E5A/300E7A/3430EA/3530EA Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 100 = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

 

Well the Programs are respoding now, so good! Now I see some Errors in there so I know we're done remov ethme yet.


Edited by Houka, 13 April 2015 - 05:20 PM.


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 14 April 2015 - 04:37 AM

Your minitoolbox log is incomplete.

 

You MUST uninstall all but one of the below.

 

Norton Internet Security   
avast! Antivirus           
360 Total Security 

Ad-Aware

 

You simply can not have more than one antivirus, after you remove all but one, post a new security check log.

 

 

After you have done that then do the following.

 

Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

 

Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.



#5 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 14 April 2015 - 03:32 PM

I'm not sure how to get rid of some of them, I don't even know how some of them got on. I should say, what is the best way to get rid of them?


Edited by Houka, 14 April 2015 - 03:33 PM.


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 14 April 2015 - 04:06 PM

You need to open add remove programs and remove them. A better way would be to use revo free. :)

http://windows.microsoft.com/en-us/windows/uninstall-change-program#uninstall-change-program=windows-7

http://www.revouninstaller.com/revo_uninstaller_free_download.html



#7 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 14 April 2015 - 05:17 PM

I can't seem to find Ad-Aware, you sure it exsist?



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 14 April 2015 - 05:39 PM

Post the entire minitoolbox log, also run the other programs suggested. :)



#9 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 14 April 2015 - 06:43 PM

OK here's what ya ask for.

 

-Minitoolbox-

MiniToolBox by Farbar  Version: 14-04-2015
Ran by Andrew (administrator) on 14-04-2015 at 18:08:17
Running from "C:\Users\Andrew\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: 300E4A/300E5A/300E7A/3430EA/3530EA Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 100 = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Andrew-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 100
   Physical Address. . . . . . . . . : 78-92-9C-7C-E4-1E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dc51:f7f:6148:60fa%18(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, April 14, 2015 5:08:25 PM
   Lease Expires . . . . . . . . . . : Saturday, May 22, 2151 12:36:40 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 444109468
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-B4-D2-C9-E8-03-9A-1F-B0-9E
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : smallbusiness.local
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E8-03-9A-1F-B0-9E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4009:80b::200e
      216.58.216.110


Pinging google.com [173.194.46.46] with 32 bytes of data:
Reply from 173.194.46.46: bytes=32 time=34ms TTL=54
Reply from 173.194.46.46: bytes=32 time=28ms TTL=54

Ping statistics for 173.194.46.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 34ms, Average = 31ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=95ms TTL=47
Reply from 206.190.36.45: bytes=32 time=83ms TTL=47

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 83ms, Maximum = 95ms, Average = 89ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...78 92 9c 7c e4 1e ......Intel® Centrino® Wireless-N 100
 13...e8 03 9a 1f b0 9e ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.10     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.10    281
     192.168.1.10  255.255.255.255         On-link      192.168.1.10    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.10    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.10    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.10    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 18    281 fe80::/64                On-link
 18    281 fe80::dc51:f7f:6148:60fa/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/14/2015 05:09:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 05:09:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Faulting module name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Exception code: 0xc0000005
Fault offset: 0x0001fbe8
Faulting process id: 0xaec
Faulting application start time: 0xSWMAgent.exe0
Faulting application path: SWMAgent.exe1
Faulting module path: SWMAgent.exe2
Report Id: SWMAgent.exe3

Error: (04/12/2015 11:19:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Faulting module name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Exception code: 0xc0000005
Fault offset: 0x0001fbe8
Faulting process id: 0x1ba8
Faulting application start time: 0xSWMAgent.exe0
Faulting application path: SWMAgent.exe1
Faulting module path: SWMAgent.exe2
Report Id: SWMAgent.exe3

Error: (04/12/2015 11:16:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Faulting module name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Exception code: 0xc0000005
Fault offset: 0x0001fbe8
Faulting process id: 0xa14
Faulting application start time: 0xSWMAgent.exe0
Faulting application path: SWMAgent.exe1
Faulting module path: SWMAgent.exe2
Report Id: SWMAgent.exe3

Error: (04/12/2015 11:15:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 11:00:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x118c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/12/2015 10:13:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Faulting module name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Exception code: 0xc0000005
Fault offset: 0x0001fbe8
Faulting process id: 0xd84
Faulting application start time: 0xSWMAgent.exe0
Faulting application path: SWMAgent.exe1
Faulting module path: SWMAgent.exe2
Report Id: SWMAgent.exe3

Error: (04/12/2015 10:13:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 07:35:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Faulting module name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Exception code: 0xc0000005
Fault offset: 0x0001fbe8
Faulting process id: 0x1670
Faulting application start time: 0xSWMAgent.exe0
Faulting application path: SWMAgent.exe1
Faulting module path: SWMAgent.exe2
Report Id: SWMAgent.exe3

Error: (04/12/2015 07:35:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Faulting module name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Exception code: 0xc0000005
Fault offset: 0x0001fbe8
Faulting process id: 0x920
Faulting application start time: 0xSWMAgent.exe0
Faulting application path: SWMAgent.exe1
Faulting module path: SWMAgent.exe2
Report Id: SWMAgent.exe3


System errors:
=============
Error: (04/14/2015 05:15:18 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (04/14/2015 05:00:44 PM) (Source: Service Control Manager) (User: )
Description: The 360 Total Security service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/12/2015 11:21:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (04/12/2015 11:12:48 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069

Error: (04/12/2015 11:12:48 PM) (Source: Service Control Manager) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/12/2015 11:12:47 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (04/12/2015 11:12:47 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/12/2015 11:12:20 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 2 time(s).

Error: (04/12/2015 11:12:18 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/12/2015 11:12:18 PM) (Source: Service Control Manager) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (04/14/2015 05:09:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 05:09:24 PM) (Source: Application Error)(User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe8aec01d076ff95ee9bd5C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exee7ff506e-e2f2-11e4-aa6f-e8039a1fb09e

Error: (04/12/2015 11:19:18 PM) (Source: Application Error)(User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe81ba801d075a0f08086f7C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe3ff84ae3-e194-11e4-8434-e8039a1fb09e

Error: (04/12/2015 11:16:45 PM) (Source: Application Error)(User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe8a1401d075a0529a7acdC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exee535f704-e193-11e4-8434-e8039a1fb09e

Error: (04/12/2015 11:15:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 11:00:40 PM) (Source: Application Error)(User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa1118c01d0759e347c14ebC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla5e7bce2-e191-11e4-9a2d-e8039a1fb09e

Error: (04/12/2015 10:13:41 PM) (Source: Application Error)(User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe8d8401d07597c8949920C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe15bf943c-e18b-11e4-9a2d-e8039a1fb09e

Error: (04/12/2015 10:13:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 07:35:28 PM) (Source: Application Error)(User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe8167001d07581bd3a6b4eC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exefb81bf4e-e174-11e4-97bb-e8039a1fb09e

Error: (04/12/2015 07:35:18 PM) (Source: Application Error)(User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe892001d075810fc2b171C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exef524ee5a-e174-11e4-97bb-e8039a1fb09e



„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.1.16.14 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
ETDWare PS/2-X64 10.0.7.2_WHQL (HKLM\...\Elantech) (Version: 10.0.7.2 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube Downloader 4.0.365 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii uslugi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Display Control Panel (Version: 6.14.12.6883 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.42.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.23 (Version: 1.0.23 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.23 - NVIDIA Corporation) Hidden
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta uslugi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
TubeSucker (HKLM-x32\...\{4E906533-F57F-45BD-A837-FCF24A2C243E}) (Version: 5.0.0.4 - )
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattelu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotograf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - ?????????? ??????????) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ?? (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ?? ??? (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ?? ??? (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ???? (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ??? (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ??? (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ??? (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ??? (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.20 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.1 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
S?????? f?t???af??? t?? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???????? ?????????? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
????? Windows Live (x32 Version: 15.4.3502.0922 - ?????????? ??????????) Hidden
?????????? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
??????????? ?? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
?????? ??????? ?? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???? ??? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

========================= Devices: ================================

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Device ID: ROOT\LEGACY_BAPIDRV\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 4009.55 MB
Available physical RAM: 1746.14 MB
Total Pagefile: 8017.28 MB
Available Pagefile: 5627.9 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.54 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:178 GB) (Free:3.7 GB) NTFS
2 Drive d: () (Fixed) (Total:266.46 GB) (Free:10.55 GB) NTFS

========================= Users: ========================================

User accounts for \\ANDREW-PC

Administrator            Andrew                   Guest                    
UpdatusUser              


**** End of log ****

-Junkware Removal Tool-

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.4 (04.13.2015:1)
OS: Windows 7 Home Premium x64
Ran by Andrew on Tue 04/14/2015 at 18:12:47.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\free youtube downloader
Successfully deleted: [Folder] C:\Users\Andrew\appdata\local\free youtube downloader
Successfully deleted: [Folder] C:\Program Files (x86)\free youtube downloader



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\3yne4wca.Default User\extensions\staged
Emptied folder: C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\5zo6vkca.default\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/14/2015 at 18:16:18.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-AdwCleaner-

# AdwCleaner v4.201 - Logfile created 14/04/2015 at 18:20:22
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Andrew - ANDREW-PC
# Running from : C:\Users\Andrew\Downloads\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] -
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings [ProxySettingsPerUser] -

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2686 bytes] - [30/09/2014 10:59:39]
AdwCleaner[R10].txt - [3627 bytes] - [11/12/2014 18:31:51]
AdwCleaner[R11].txt - [2312 bytes] - [18/12/2014 18:41:11]
AdwCleaner[R12].txt - [1941 bytes] - [25/12/2014 20:15:23]
AdwCleaner[R13].txt - [2027 bytes] - [23/01/2015 15:03:32]
AdwCleaner[R14].txt - [2416 bytes] - [24/01/2015 23:51:12]
AdwCleaner[R15].txt - [2308 bytes] - [29/01/2015 16:59:29]
AdwCleaner[R16].txt - [2429 bytes] - [29/01/2015 17:20:44]
AdwCleaner[R17].txt - [2551 bytes] - [29/01/2015 17:29:03]
AdwCleaner[R18].txt - [7503 bytes] - [29/01/2015 17:45:48]
AdwCleaner[R19].txt - [4960 bytes] - [29/01/2015 17:55:51]
AdwCleaner[R1].txt - [7517 bytes] - [20/10/2014 18:00:54]
AdwCleaner[R20].txt - [2856 bytes] - [29/01/2015 18:37:02]
AdwCleaner[R21].txt - [2917 bytes] - [29/01/2015 19:12:54]
AdwCleaner[R22].txt - [3039 bytes] - [29/01/2015 19:34:23]
AdwCleaner[R23].txt - [3160 bytes] - [12/02/2015 12:28:38]
AdwCleaner[R24].txt - [3208 bytes] - [12/03/2015 12:37:43]
AdwCleaner[R25].txt - [3676 bytes] - [21/03/2015 17:32:33]
AdwCleaner[R26].txt - [3482 bytes] - [03/04/2015 09:55:30]
AdwCleaner[R27].txt - [3940 bytes] - [10/04/2015 10:57:14]
AdwCleaner[R28].txt - [4004 bytes] - [12/04/2015 19:27:00]
AdwCleaner[R29].txt - [5770 bytes] - [12/04/2015 23:03:25]
AdwCleaner[R2].txt - [1260 bytes] - [27/10/2014 16:08:05]
AdwCleaner[R30].txt - [4244 bytes] - [14/04/2015 18:18:54]
AdwCleaner[R3].txt - [6358 bytes] - [12/11/2014 16:20:30]
AdwCleaner[R4].txt - [1245 bytes] - [16/11/2014 11:57:27]
AdwCleaner[R5].txt - [1641 bytes] - [23/11/2014 17:27:11]
AdwCleaner[R6].txt - [1422 bytes] - [23/11/2014 18:50:03]
AdwCleaner[R7].txt - [1483 bytes] - [26/11/2014 16:22:47]
AdwCleaner[R8].txt - [1543 bytes] - [26/11/2014 19:27:15]
AdwCleaner[R9].txt - [3565 bytes] - [10/12/2014 12:32:08]
AdwCleaner[S0].txt - [2675 bytes] - [30/09/2014 11:07:28]
AdwCleaner[S10].txt - [2493 bytes] - [29/01/2015 17:23:51]
AdwCleaner[S11].txt - [6841 bytes] - [29/01/2015 17:49:27]
AdwCleaner[S12].txt - [3505 bytes] - [29/01/2015 18:27:54]
AdwCleaner[S13].txt - [2981 bytes] - [29/01/2015 19:18:33]
AdwCleaner[S14].txt - [3179 bytes] - [12/02/2015 12:31:59]
AdwCleaner[S15].txt - [3279 bytes] - [12/03/2015 12:39:48]
AdwCleaner[S16].txt - [3755 bytes] - [22/03/2015 12:57:52]
AdwCleaner[S17].txt - [3551 bytes] - [03/04/2015 09:59:53]
AdwCleaner[S18].txt - [4015 bytes] - [10/04/2015 10:59:34]
AdwCleaner[S19].txt - [4077 bytes] - [12/04/2015 19:28:38]
AdwCleaner[S1].txt - [7521 bytes] - [20/10/2014 18:04:30]
AdwCleaner[S20].txt - [5881 bytes] - [12/04/2015 23:12:19]
AdwCleaner[S21].txt - [3700 bytes] - [14/04/2015 18:20:22]
AdwCleaner[S2].txt - [1320 bytes] - [27/10/2014 16:10:41]
AdwCleaner[S3].txt - [6294 bytes] - [12/11/2014 16:24:24]
AdwCleaner[S4].txt - [1708 bytes] - [23/11/2014 18:39:26]
AdwCleaner[S5].txt - [3727 bytes] - [11/12/2014 18:34:10]
AdwCleaner[S6].txt - [2382 bytes] - [18/12/2014 18:43:13]
AdwCleaner[S7].txt - [2004 bytes] - [25/12/2014 20:18:09]
AdwCleaner[S8].txt - [2430 bytes] - [24/01/2015 23:57:36]
AdwCleaner[S9].txt - [2370 bytes] - [29/01/2015 17:02:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S21].txt - [4232  bytes] ##########

-Adware Removal Tool-

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_04_14_18_27_45
OS: Windows 7 - 64 Bit
Account Name: Andrew
U0L0S21

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - File - C:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll.config
Deleted - File - C:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
Deleted - File - C:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll.config
Deleted - File - C:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
Deleted - File - C:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
Deleted - File - C:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
Deleted - File - C:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe.config
Deleted - File - C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\searchprotect.log
Deleted - File - C:\ProgramData\Lavasoft\Web Companion\Logs\WindowsService\SearchProtectServiceLog.log
Deleted - Folder - C:\ProgramData\WildTangent\Game Console - WildGames\UI\htdocs2\Common\product\babylonia
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SearchProtectionService:imagepath
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services:SearchProtectionService
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Rebooting computer : 1 Objects
\\ Reboot Done

Deleted - File - C:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

\\ Finished
 



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 14 April 2015 - 07:04 PM

Run an eset online scan. Disable your antivirus.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 

Eset Scan
 

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 14 April 2015 - 07:05 PM

Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden

 

Use this to remove Ad-Aware.

http://www.foolishit.com/vb6-projects/duninstaller/


Edited by InadequateInfirmity, 14 April 2015 - 07:06 PM.


#12 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 15 April 2015 - 01:29 PM

Alright, here's what we get after getting rid of that.

 

-ESET Online Scanner-

C:\Windows\SysWOW64\LavasoftTcpService.dll    a variant of Win32/Komodia.A potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\Vosteran\Application\31.0.1650.23\Extensions\Vosteran.crx.vir    JS/Astromenda.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\Vosteran\Application\31.0.1650.23\Installer\chrome.7z.vir    JS/Astromenda.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\Browser Extensions\Button.exe.vir    Win32/Toolbar.Widgi.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\Browser Extensions\Button64.exe.vir    Win64/Toolbar.Widgi.D potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\Browser Extensions\ButtonWrap.dll.vir    Win32/Toolbar.Widgi.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\Browser Extensions\ButtonWrap64.dll.vir    Win64/Toolbar.Widgi.D potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\Browser Extensions\coupons_3.3.xpi.vir    JS/Adware.Spigot.A application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\Browser Extensions\saamazon_1.8.xpi.vir    JS/Adware.Spigot.A application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\Browser Extensions\saebay_1.8.xpi.vir    JS/Adware.Spigot.A application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\Browser Extensions\Uninstall.exe.vir    Win32/Toolbar.Widgi.I potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\5zo6vkca.default\Extensions\{46eddf51-a4f6-4476-8d6c-31c5187b2a2f}\chrome\content\spigot.js.vir    JS/Adware.Spigot.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\5zo6vkca.default\Extensions\{84a93d51-b7a9-431e-8ff8-d60e5d7f5df1}\chrome\content\spigot.js.vir    JS/Adware.Spigot.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\5zo6vkca.default\Extensions\{f894a29a-f065-40c3-bb19-da6057778493}\chrome\content\spigot.js.vir    JS/Adware.Spigot.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe.vir    a variant of Win32/DealPly.S potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir    a variant of Win64/Systweak.A potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\MyPC Backup\Configuration Updater.exe    a variant of MSIL/RunElevated.A potentially unsafe application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\MyPC Backup\MPCBClient.dll    a variant of Win32/MyPCBackup.D potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe    a variant of MSIL/MyPCBackup.A potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\windows\system32\drivers\{9f797875-3e17-4f05-af13-44c39bc9c2c2}Gw64.sys.xBAD.mwt    a variant of Win64/NetFilter.A potentially unsafe application    deleted - quarantined
C:\Program Files\Adware-Removal-Tool\ARTP3.exe    MSIL/FakeTool.PS trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftLSPInstaller.exe    a variant of Win32/Komodia.A potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.dll    a variant of Win32/Komodia.A potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe    a variant of Win32/Komodia.A potentially unsafe application    deleted (after the next restart) - quarantined
C:\Users\Andrew\AppData\Roaming\ZHP\Quarantine\11f18a9.msi    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Users\Andrew\Downloads\FreeYouTubeDownloaderIC.exe    Win32/InstallCore.QT potentially unwanted application    deleted - quarantined
C:\Users\Andrew\Downloads\FreeYouTubeDownloaderOC.exe    a variant of Win32/OpenCandy.A potentially unsafe application    deleted - quarantined
C:\Windows\Installer\2e2fd2.msi    a variant of Win32/Komodia.A potentially unsafe application    deleted - quarantined
C:\Windows\System32\LavasoftTcpService.dll    a variant of Win32/Komodia.A potentially unsafe application    deleted - quarantined

-Sercurity Check-

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.9016)   
 Adobe Flash Player 17.0.0.169  
 Mozilla Firefox (37.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Symantec Norton Online Backup NOBuAgent.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 15 April 2015 - 05:44 PM

C:\FRST\Quarantine 

 

Are you getting help elsewhere?  How is your machine?



#14 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 15 April 2015 - 05:55 PM

Nope! It appear to be working well so nothing to say. FRST is just a left over program from some of the other times I have been asking help and no one ask me to delete it or anything.



#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 15 April 2015 - 06:12 PM

Qualys BrowserCheck To update plugins.

Safe Browsing Tool Web of trust to keep away from shady sites.

Unchecky  To avoid bundled software.

Adblock Plus  To browse the web ad free.

Malwarebytes Anti-Exploit To block Zero day attacks.

Malwarebytes | StartUpLITE To disable un-needed start ups.

 

 

 

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users