Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recurring adware/malware installation


  • Please log in to reply
20 replies to this topic

#1 midnight028

midnight028

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 30 April 2015 - 08:06 PM

I have had this problem for a while now. Random programs keep installing even though I have deleted most of the suspicious files. There are some I cannot because they have "already been deleted" or "cannot because they are used by another program". It even affects browsing on IE - image searching and clicking on the full image option will redirect me to a random site.

 

Some of the programs being installed are:

 

Ninjaloader

Crossbrowse

YT downloader (sp?)

some other random ones

 

I have ran JRT and mini-tool-box so far. Logs are below: As for ADWcleaner, I don't know if there is an issue with the file itself but it will not let me run it. It says I have an outdated version. It then prompts me to click OK so it can get the newer one, then says there is an error. Please help with this, can't afford a new PC. Thanks.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Windows 7 Home Premium x64
Ran by midnight on Thu 04/30/2015 at 17:25:10.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Crossbrowse
Successfully deleted: [Task] C:\Windows\tasks\Crossbrowse.job

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\Users\midnight\appdata\local\crossbrowse

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/30/2015 at 17:31:53.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by midnight (administrator) on 30-04-2015 at 17:41:14
Running from "C:\Users\midnight\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : midnight
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-24-D6-27-BE-04
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6c1b:6cf6:ed49:5124%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, April 29, 2015 2:17:45 AM
   Lease Expires . . . . . . . . . . : Monday, June 07, 2151 12:09:36 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 218112763
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-76-78-46-00-24-BE-45-30-02
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-24-BE-45-30-02
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  router.belkin
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4002:c06::64
   74.125.196.113
   74.125.196.102
   74.125.196.100
   74.125.196.139
   74.125.196.138
   74.125.196.101

Pinging google.com [74.125.196.113] with 32 bytes of data:
Reply from 74.125.196.113: bytes=32 time=101ms TTL=37
Reply from 74.125.196.113: bytes=32 time=75ms TTL=37

Ping statistics for 74.125.196.113:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 75ms, Maximum = 101ms, Average = 88ms
Server:  router.belkin
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=87ms TTL=45
Reply from 98.138.253.109: bytes=32 time=87ms TTL=45

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 87ms, Maximum = 87ms, Average = 87ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 24 d6 27 be 04 ......Intel® WiFi Link 5100 AGN
 10...00 24 be 45 30 02 ......Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.2    276
      192.168.2.2  255.255.255.255         On-link       192.168.2.2    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.2    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::6c1b:6cf6:ed49:5124/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/28/2015 02:12:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17728, time stamp: 0x55024724
Faulting module name: Flash32_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529d7e1
Exception code: 0xc0000005
Fault offset: 0x006aacca
Faulting process id: 0x6c0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (04/27/2015 01:19:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17728, time stamp: 0x55024724
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b3e0
Exception code: 0xc0000374
Fault offset: 0x000cea0b
Faulting process id: 0x25bc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (04/26/2015 09:54:40 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/23/2015 04:01:14 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2144

Start Time: 01d07dafcb1203da

Termination Time: 109

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (04/21/2015 10:47:25 PM) (Source: Microsoft-Windows-RestartManager) (User: MIDNIGHT)
Description: Application or service 'Internet Explorer' could not be shut down.

Error: (04/20/2015 03:18:24 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/20/2015 03:08:45 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/14/2015 04:10:27 PM) (Source: Windows Search Service) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (04/13/2015 03:21:43 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/05/2015 10:14:30 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

System errors:
=============
Error: (04/30/2015 05:26:58 PM) (Source: Service Control Manager) (User: )
Description: The VAIO Content Folder Watcher service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/30/2015 05:26:54 PM) (Source: Service Control Manager) (User: )
Description: The VAIO Power Management service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/30/2015 05:26:54 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/30/2015 05:26:53 PM) (Source: Service Control Manager) (User: )
Description: The IviRegMgr service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/30/2015 05:26:53 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/30/2015 05:26:51 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/30/2015 05:26:48 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Matrix Storage Event Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/30/2015 05:26:48 PM) (Source: Service Control Manager) (User: )
Description: The VAIO Event Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/30/2015 05:26:48 PM) (Source: Service Control Manager) (User: )
Description: The Protexis Licensing V2 service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/30/2015 05:26:27 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (04/28/2015 02:12:00 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1772855024724Flash32_17_0_0_169.ocx17.0.0.1695529d7e1c0000005006aacca6c001d081f7a2b75155C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_17_0_0_169.ocx35823ffb-edeb-11e4-a1c8-0024be453002

Error: (04/27/2015 01:19:36 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1772855024724ntdll.dll6.1.7601.187985507b3e0c0000374000cea0b25bc01d080c2d68af2c6C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll239ac58d-ecb6-11e4-b09d-002643aa2bfc

Error: (04/26/2015 09:54:40 PM) (Source: Windows Backup)(User: )
Description: H:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (04/23/2015 04:01:14 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.17728214401d07dafcb1203da109C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (04/21/2015 10:47:25 PM) (Source: Microsoft-Windows-RestartManager)(User: MIDNIGHT)
Description: 1C:\Program Files (x86)\Internet Explorer\iexplore.exeInternet Explorer01117199600

Error: (04/20/2015 03:18:24 AM) (Source: Windows Backup)(User: )
Description: H:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (04/20/2015 03:08:45 AM) (Source: Windows Backup)(User: )
Description: H:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (04/14/2015 04:10:27 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Error: (04/13/2015 03:21:43 PM) (Source: Windows Backup)(User: )
Description: H:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (04/05/2015 10:14:30 PM) (Source: Windows Backup)(User: )
Description: H:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

CodeIntegrity Errors:
===================================
  Date: 2013-12-04 18:42:16.718
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-04 18:42:16.608
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-01 20:05:48.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:48.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:48.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:48.154
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:47.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:47.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:47.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:47.512
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (Version: 3.4.0.2540)
Adobe Audition 3.0 (Version: 3.0)
Adobe Audition 3.0 Vista Compatibility
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 17 ActiveX (Version: 17.0.0.169)
Adobe Flash Player 17 NPAPI (Version: 17.0.0.169)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader XI (11.0.10) (Version: 11.0.10)
Adobe Refresh Manager (Version: 1.8.0)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
AIO_Scan (Version: 130.0.365.000)
Alps Pointing-device for VAIO
Apple Application Support (Version: 3.1)
Apple Mobile Device Support (Version: 8.0.5.6)
Apple Software Update (Version: 2.1.3.127)
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.1.85)
ArcSoft WebCam Companion 3 (Version: 3.0.21.390)
ASIO4ALL
Audacity 1.3.4 (Unicode)
AVS Audio Converter version 6.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
C4200 (Version: 130.0.365.000)
c4200_Help (Version: 82.0.210.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Full Existing (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Full New (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Light (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Previews Common (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0710.1127.18698)
Catalyst Control Center InstallProxy (Version: 2009.0710.1127.18698)
Catalyst Control Center Localization All (Version: 2009.0710.1127.18698)
CCC Help Chinese Standard (Version: 2009.0720.2144.37243)
CCC Help Chinese Traditional (Version: 2009.0720.2144.37243)
CCC Help Czech (Version: 2009.0720.2144.37243)
CCC Help Danish (Version: 2009.0720.2144.37243)
CCC Help Dutch (Version: 2009.0720.2144.37243)
CCC Help English (Version: 2009.0720.2144.37243)
CCC Help Finnish (Version: 2009.0720.2144.37243)
CCC Help French (Version: 2009.0720.2144.37243)
CCC Help German (Version: 2009.0720.2144.37243)
CCC Help Greek (Version: 2009.0720.2144.37243)
CCC Help Hungarian (Version: 2009.0720.2144.37243)
CCC Help Italian (Version: 2009.0720.2144.37243)
CCC Help Japanese (Version: 2009.0720.2144.37243)
CCC Help Korean (Version: 2009.0720.2144.37243)
CCC Help Norwegian (Version: 2009.0720.2144.37243)
CCC Help Polish (Version: 2009.0720.2144.37243)
CCC Help Portuguese (Version: 2009.0720.2144.37243)
CCC Help Russian (Version: 2009.0720.2144.37243)
CCC Help Spanish (Version: 2009.0720.2144.37243)
CCC Help Swedish (Version: 2009.0720.2144.37243)
CCC Help Thai (Version: 2009.0720.2144.37243)
CCC Help Turkish (Version: 2009.0720.2144.37243)
ccc-core-static (Version: 2009.0710.1127.18698)
ccc-utility64 (Version: 2009.0710.1127.18698)
CDDRV_Installer (Version: 4.60)
Click to Disc (Version: 1.2.70.06160)
Click to Disc Editor (Version: 2.0.02)
ConvertHelper 2.2
Copy (Version: 130.0.428.000)
Corel WinDVD (Version: 8.8.0.282)
Definition Update for Microsoft Office 2013 (KB2965273) 64-Bit Edition
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.465.000)
DocProc (Version: 13.0.0.0)
Dolby Control Center (Version: 1.2.0702)
Dropbox (Version: 1.1.35)
erLT (Version: 1.20.0137)
Facebook Plug-In
FL Studio 9
GEAR driver installer for AMD64 and Intel EM64T (Version: 2.003.1)
Google Chrome (Version: 42.0.2311.90)
Google Drive (Version: 1.20.8672.3137)
Google Talk Plugin (Version: 5.41.2.0)
Google Update Helper (Version: 1.3.25.11)
Google Update Helper (Version: 1.3.26.9)
GPBaseService2 (Version: 130.0.371.000)
Hardcore
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Print Diagnostic Utility (Version: 1.51.0000)
HP Product Detection (Version: 11.14.0001)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.005.002.002)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
IL Download Manager
Intel® Matrix Storage Manager
IrfanView (remove only) (Version: 4.27)
iTunes (Version: 12.0.1.26)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 8 Update 31 (Version: 8.0.310)
Java Auto Updater (Version: 2.8.31.13)
Java™ 6 Update 15 (64-bit) (Version: 6.0.150)
Java™ SE Development Kit 6 Update 15 (64-bit) (Version: 1.6.0.150)
Junk Mail filter update (Version: 14.0.8089.726)
KhalInstallWrapper (Version: 2.00.0000)
LAME v3.98.3 for Audacity
Live 7.0.3
Logitech SetPoint (Version: 4.80)
Malwarebytes Anti-Malware version 2.0.4.1028 (Version: 2.0.4.1028)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506)
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Silverlight (Version: 5.1.30514.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50903)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MixMeister Studio 7.2.2
MotoHelper MergeModules (Version: 1.2.0)
Mozilla Firefox 36.0.4 (x86 en-US) (Version: 36.0.4)
Mozilla Maintenance Service (Version: 29.0.1)
Mplayer 0.6.9 (Version: 0.6.9)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Music Transfer (Version: 1.3.01.13160)
Norton 360 (Version: 21.7.0.11)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenOffice.org 3.1 (Version: 3.1.9420)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506)
PDF Settings CS5 (Version: 10.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PoiZone
Primo (Version: 1.00.0000)
PS_AIO_Software_min (Version: 130.0.365.000)
QuickBooks Financial Center (Version: 1.30.0000)
QuickBooks Premier Edition 2009 (Version: 19.0.4001.703)
QuickTime 7 (Version: 7.76.80.95)
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.5897)
Realtek High Definition Audio Driver (Version: 6.0.1.5886)
Regi (Version: 1.00.0000)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy Media Creator 10 LJ (Version: 10.3)
Roxio Easy Media Creator Home (Version: 10.3.121)
Runtime (Version: 1.00.0000)
Sawer
Scan (Version: 140.0.80.000)
Seagate Drive Settings Installer (Version: 1.00.0000)
SeaTools for Windows (Version: 1.2.0.5)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Setting Utility Series (Version: 5.0.0.07300)
Shop for HP Supplies (Version: 13.0)
Skype™ 7.1 (Version: 7.1.105)
SmartWebPrinting (Version: 140.0.186.000)
SmartWi Connection Utility (Version: 4.8.4.20090902.2130)
SolutionCenter (Version: 130.0.373.000)
Sony Home Network Library (Version: 2.0.0.07280)
Sony Picture Utility (Version: 4.2.12.16210)
Spotify (Version: 1.0.3.101.gbfa97dfe)
Status (Version: 130.0.469.000)
SupportSoft Assisted Service (Version: 15)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 130.0.648.000)
Toxic Biohazard
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for Microsoft Access 2013 (KB2965276) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2965275) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2956174) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2825678) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880487) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880977) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition
Update for Microsoft Office 2013 (KB2920754) 64-Bit Edition
Update for Microsoft Office 2013 (KB2920769) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956154) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956169) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956171) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956177) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965218) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965255) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965262) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965268) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2956185) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2965264) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2965270) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2013 (KB2965257) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2965256) 64-Bit Edition
Update for Microsoft Project 2013 (KB2965279) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition
VAIO Care (Version: 5.1.0.13200)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.5.0.06261)
VAIO Content Metadata Intelligent Network Service Manager (Version: 3.5.0.06260)
VAIO Content Metadata Manager Settings (Version: 3.5.0.06260)
VAIO Content Metadata XML Interface Library (Version: 3.5.0.06180)
VAIO Content Monitoring Settings (Version: 2.4.0.06120)
VAIO Control Center (Version: 4.0.0.06120)
VAIO Data Restore Tool (Version: 1.1.01.06290)
VAIO DVD Menu Data Basic (Version: 1.0.00.08130)
VAIO Entertainment Platform (Version: 3.5.0.07230)
VAIO Event Service (Version: 5.0.0.07010)
VAIO Help and Support (Version: 9.00.0729.ENUS)
VAIO Media plus (Version: 2.0.0.07280)
VAIO Media plus Opening Movie (Version: 2.0.0.07030)
VAIO Movie Story (Version: 1.5.00.06191)
VAIO Movie Story Template Data (Version: 1.5.00.06010)
VAIO OOBE and Startup Assistant (Version: 1.00.0811.ENUS)
VAIO Original Function Settings (Version: 2.0.0.07010)
VAIO Power Management (Version: 4.0.0.08240)
VAIO Presentation Support (Version: 2.0.0.05270)
VAIO Survey (Version: 6.00.0722)
VAIO Update 4 (Version: 4.2.0.07300)
VAIO Wallpaper Contents (Version: 2.0.0.06010)
VD64Inst (Version: 1.00.0000)
Virtual DJ - Atomix Productions
VirtualCloneDrive
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 2.1.3 (Version: 2.1.3)
Vuze (Version: 5.0.0.0)
WebM Media Foundation Components (Version: 1.0.1.2)
WebReg (Version: 130.0.132.017)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinRAR archiver
Xvid Video Codec (Version: 1.3.2)
Zoosk Messenger (Version: 4.128.3)
Zuma Deluxe RA

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 4063.02 MB
Available physical RAM: 2452.06 MB
Total Pagefile: 8124.24 MB
Available Pagefile: 6263.14 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.39 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:290.01 GB) (Free:74.15 GB) NTFS

========================= Users: ========================================

User accounts for \\MIDNIGHT

Administrator            Guest                    midnight                

**** End of log ****



BC AdBot (Login to Remove)

 


#2 midnight028

midnight028
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 30 April 2015 - 09:22 PM

sorry I forgot to include I am running windows 7 64bit. Norton subscription has expired, any other info needed do let me know.

#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 30 April 2015 - 09:24 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#4 midnight028

midnight028
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 01 May 2015 - 08:21 PM

01 May 2015 14:38:08 [17c0] - **********************************************************
01 May 2015 14:38:08 [17c0] - MWAV - eScanAV AntiVirus Toolkit.
01 May 2015 14:38:08 [17c0] - Copyright © MicroWorld Technologies
01 May 2015 14:38:08 [17c0] - **********************************************************
01 May 2015 14:38:08 [17c0] - Source: C:\Users\midnight\Desktop\mwav.exe
01 May 2015 14:38:08 [17c0] - Version 14.0.178 (C:\USERS\MIDNIGHT\APPDATA\LOCAL\TEMP\MEXE.COM)
01 May 2015 14:38:08 [17c0] - Log File: C:\Users\midnight\AppData\Local\Temp\MWAV.LOG
01 May 2015 14:38:08 [17c0] - MWAV Registered: TRUE
01 May 2015 14:38:08 [17c0] - User Account: midnight (Administrator Mode)
01 May 2015 14:38:08 [17c0] - OS Type: Windows Workstation [InstallType: Client]
01 May 2015 14:38:08 [17c0] - OS: Windows 7 64-Bit [OS Install Date: 21 Nov 2009 19:31:05]
01 May 2015 14:38:08 [17c0] - Ver: Personal Service Pack 1 (Build 7601)
01 May 2015 14:38:08 [17c0] - System Up Time: 12 Minutes, 54 Seconds

01 May 2015 14:38:08 [17c0] - Parent Process Name : C:\Users\midnight\Desktop\mwav.exe
01 May 2015 14:38:08 [17c0] - Windows Root  Folder: C:\Windows
01 May 2015 14:38:08 [17c0] - Windows Sys32 Folder: C:\Windows\system32
01 May 2015 14:38:08 [17c0] - DHCP NameServer: 192.168.2.1
01 May 2015 14:38:08 [17c0] - Interface0 DHCPNameServer: 192.168.2.1
01 May 2015 14:38:08 [17c0] - Interface1 DHCPNameServer: 192.168.2.1
01 May 2015 14:38:08 [17c0] - Local Fixed Drives: c:\
01 May 2015 14:38:08 [17c0] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
01 May 2015 14:38:08 [17c0] - [CREATED ZIP FILE: C:\Users\midnight\AppData\Local\Temp\pinfect.zip]
01 May 2015 14:38:09 [17c0] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
01 May 2015 14:38:11 [17c0] - ** Changed Value of "Path"
01 May 2015 14:38:11 [17c0] - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "CRSBRWSHTML" to "htmlfile"
01 May 2015 14:38:11 [17c0] - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "CRSBRWSHTML" to "htmlfile"
01 May 2015 14:38:11 [17c0] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\midnight\AppData\Local\Temp\ESCANDB.LOG]
01 May 2015 14:38:13 [17c0] - Loaded/Created FileScan Cache Database...
01 May 2015 14:38:13 [17c0] - Loading AV Library [DB]...
01 May 2015 14:39:18 [17c0] - ArchiveScan: DISABLED
01 May 2015 14:39:19 [17c0] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].
01 May 2015 14:39:19 [17c0] - MWAV doing self scanning...
01 May 2015 14:39:20 [17c0] - MWAV files are clean.
01 May 2015 14:39:26 [17c0] - ArchiveScan: DISABLED
01 May 2015 14:39:26 [17c0] - Virus Database Date: 02 Mar 2015
01 May 2015 14:39:26 [17c0] - Virus Database Count: 6701505
01 May 2015 14:39:26 [17c0] - Sign Version: 7.59505 [518257]
01 May 2015 14:39:35 [17c0] - Downloading AntiVirus and Anti-Spyware Databases...
01 May 2015 14:47:38 [17c0] - Update Successful...
01 May 2015 14:48:40 [17c0] - Indexed Spyware Databases Successfully Created...
01 May 2015 14:48:40 [17c0] - Old Sign Version: 7.59505 New Sign Version: 7.60379
01 May 2015 14:49:52 [17c0] - Reload of AntiVirus Signatures successfully done.
01 May 2015 14:49:52 [17c0] - Virus Database Date: 01 May 2015
01 May 2015 14:49:52 [17c0] - Virus Database Count: 5751628
01 May 2015 14:49:52 [17c0] - Sign Version: 7.60379 [519131]
 
01 May 2015 14:50:40 [17c0] - **********************************************************
01 May 2015 14:50:40 [17c0] - MWAV - eScanAV AntiVirus Toolkit.
01 May 2015 14:50:40 [17c0] - Copyright © MicroWorld Technologies
01 May 2015 14:50:40 [17c0] -
01 May 2015 14:50:40 [17c0] - Support: support@escanav.com
01 May 2015 14:50:40 [17c0] - Web: http://www.escanav.com
01 May 2015 14:50:40 [17c0] - **********************************************************
01 May 2015 14:50:40 [17c0] - Version 14.0.178[DB] (C:\USERS\MIDNIGHT\APPDATA\LOCAL\TEMP\MEXE.COM)
01 May 2015 14:50:40 [17c0] - Log File: C:\Users\midnight\AppData\Local\Temp\MWAV.LOG
01 May 2015 14:50:40 [17c0] - User Account: midnight (Administrator Mode)
01 May 2015 14:50:40 [17c0] - Parent Process Name : C:\Users\midnight\Desktop\mwav.exe
01 May 2015 14:50:40 [17c0] - Windows Root  Folder: C:\Windows
01 May 2015 14:50:40 [17c0] - Windows Sys32 Folder: C:\Windows\system32
01 May 2015 14:50:40 [17c0] - OS: Windows 7 64-Bit [OS Install Date: 21 Nov 2009 19:31:05]
01 May 2015 14:50:40 [17c0] - Ver: Personal Service Pack 1 (Build 7601)
01 May 2015 14:50:40 [17c0] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
01 May 2015 14:50:40 [176c] - Options Selected by User:
01 May 2015 14:50:40 [176c] - Memory Check: Enabled
01 May 2015 14:50:40 [176c] - Registry Check: Enabled
01 May 2015 14:50:40 [176c] - StartUp Folder Check: Enabled
01 May 2015 14:50:40 [176c] - System Folder Check: Enabled
01 May 2015 14:50:40 [176c] - Services Check: Enabled
01 May 2015 14:50:40 [176c] - Scan Spyware: Enabled
01 May 2015 14:50:40 [176c] - Scan Archives: Disabled
01 May 2015 14:50:40 [176c] - Drive Check: Enabled
01 May 2015 14:50:40 [176c] - All Drive Check :Disabled
01 May 2015 14:50:40 [176c] - Drive Selected = C:\
01 May 2015 14:50:40 [176c] - Folder Check: Disabled
01 May 2015 14:50:40 [176c] - SCAN: All_Files [ANSI]
01 May 2015 14:50:40 [176c] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
01 May 2015 14:50:40 [176c] - Scanning DNS Records...
01 May 2015 14:50:40 [176c] - Scanning Master Boot Record (User)...
01 May 2015 14:50:41 [176c] - Scanning Logical Boot Records...
01 May 2015 14:50:41 [176c] - ***** Scanning For Hidden Rootkit Processes *****
01 May 2015 14:50:41 [176c] - ***** Scanning For Hidden Rootkit Services *****
01 May 2015 14:50:48 [176c] - Walk through registry failed!
 
01 May 2015 14:50:48 [176c] - ***** Scanning Memory Files *****
 
01 May 2015 14:51:04 [176c] - ***** Scanning Registry Files *****
01 May 2015 14:51:09 [176c] - ERROR(3)!!! Invalid Entry StubPath = "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level (in key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components). Action Taken: Removing it.
 
01 May 2015 14:51:11 [176c] - ***** Scanning StartUp Folders *****
01 May 2015 15:02:12 [1338] - Scanning File C:\ProgramData\d99b059d3936491e93e7cc1d9f5dee9d\d99b059d3936491e93e7cc1d9f5dee9d.exe
01 May 2015 15:02:12 [1338] - File C:\ProgramData\d99b059d3936491e93e7cc1d9f5dee9d\d99b059d3936491e93e7cc1d9f5dee9d.exe infected by "Gen:Variant.Mikey.12448 (DB)" Virus! Action Taken: File Deleted.

 
01 May 2015 15:03:37 [176c] - ***** Scanning Service Files *****
01 May 2015 15:04:01 [176c] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
01 May 2015 15:04:11 [176c] - ***** Scanning Registry and File system for Adware/Spyware *****
01 May 2015 15:04:11 [176c] - Loading Spyware Signatures from new External Database [Name: C:\Users\midnight\AppData\Local\Temp\spydb.avs, Size: 464724]...
01 May 2015 15:04:11 [176c] - Indexed Spyware Databases Successfully Created...
 
01 May 2015 15:04:21 [176c] - Offending file found: C:\Windows\DOWNLO~1\popcaploader.dll
01 May 2015 15:04:21 [176c] - System found infected with Downloader-AK Trojan-Downloader (popcaploader.dll)! Action taken: File Deleted.
01 May 2015 15:04:21 [176c] - Object "Downloader-AK Trojan-Downloader" found in File System! Action Taken: File Deleted.

01 May 2015 15:04:33 [176c] - Offending file found: C:\Users\midnight\Desktop\ADT\adt-bundle-windows-x86_64-20130219\eclipse\plugins\org.eclipse.cdt.core.win32.x86_64_5.2.0.201202111925\os\win32\x86_64\starter.exe
01 May 2015 15:04:33 [176c] - System found infected with PrecisionPop Spyware/Adware (starter.exe)! Action taken: File Deleted.
01 May 2015 15:04:33 [176c] - Object "PrecisionPop Spyware/Adware" found in File System! Action Taken: File Deleted.

01 May 2015 15:04:33 [176c] - Offending file found: C:\Users\midnight\Desktop\PSX\memcards\delete.me
01 May 2015 15:04:33 [176c] - System found infected with Lop.com Spyware/Adware (delete.me)! Action taken: File Deleted.
01 May 2015 15:04:33 [176c] - Object "Lop.com Spyware/Adware" found in File System! Action Taken: File Deleted.

01 May 2015 15:04:47 [176c] - Offending file found: C:\Users\midnight\Documents\VirtualDJ\Plugins\VideoTransition\grid.dll
01 May 2015 15:04:47 [176c] - System found infected with Jqs.exe Generic Malware (grid.dll)! Action taken: File Deleted.
01 May 2015 15:04:47 [176c] - Object "Jqs.exe Generic Malware" found in File System! Action Taken: File Deleted.

01 May 2015 15:04:52 [176c] - Offending file found: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\Logs\LU.dat
01 May 2015 15:04:52 [176c] - System found infected with ImIServer IEPlugin Spyware/Adware (LU.dat)! Action taken: File Deleted.
01 May 2015 15:04:52 [176c] - Object "ImIServer IEPlugin Spyware/Adware" found in File System! Action Taken: File Deleted.

01 May 2015 15:04:53 [176c] - Offending file found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\limewire
01 May 2015 15:04:53 [176c] - System found infected with Limewire Spyware/Adware (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\limewire)! Action taken: File Deleted.
01 May 2015 15:04:53 [176c] - Object "Limewire Spyware/Adware" found in File System! Action Taken: File Deleted.

 
01 May 2015 15:04:53 [176c] - ***** Scanning Registry Files *****
01 May 2015 15:04:54 [176c] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
01 May 2015 15:04:54 [176c] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
01 May 2015 15:04:54 [176c] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
01 May 2015 15:04:54 [176c] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
01 May 2015 15:04:54 [176c] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
01 May 2015 15:04:54 [176c] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
01 May 2015 15:04:54 [176c] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.google.com/
01 May 2015 15:04:54 [176c] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
 
01 May 2015 15:04:54 [176c] - ***** Scanning System32 Folders *****
 
 
01 May 2015 15:06:43 [176c] - ***** Scanning Drive C:\ *****
01 May 2015 15:06:45 [1338] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_491\predm.exe.vir
01 May 2015 15:06:45 [119c] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\converter.exe.vir
01 May 2015 15:06:45 [1680] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelper.exe.vir
01 May 2015 15:06:45 [1278] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadAPI.dll.vir
01 May 2015 15:06:45 [1338] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_491\predm.exe.vir infected by "Adware.Eorezo.BZ (DB)" Virus! Action Taken: File Renamed.

01 May 2015 15:06:45 [1680] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelper.exe.vir infected by "Trojan.GenericKD.2077540 (DB)" Virus! Action Taken: File Renamed.

01 May 2015 15:06:45 [119c] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\converter.exe.vir infected by "Adware.Generic.1159578 (DB)" Virus! Action Taken: File Renamed.

01 May 2015 15:06:45 [1278] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadAPI.dll.vir infected by "Adware.Generic.1173772 (DB)" Virus! Action Taken: File Renamed.

01 May 2015 15:06:45 [1680] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\sbmntr.sys.vir
01 May 2015 15:06:45 [1680] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\sbmntr.sys.vir infected by "Adware.Generic.1148268 (DB)" Virus! Action Taken: File Renamed.

01 May 2015 15:06:46 [1278] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir
01 May 2015 15:06:46 [1278] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir infected by "Adware.Generic.1158411 (DB)" Virus! Action Taken: File Renamed.

01 May 2015 15:06:46 [1338] - Scanning File C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDownloader.exe.vir
01 May 2015 15:06:46 [1338] - File C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDownloader.exe.vir infected by "Adware.Generic.1226751 (DB)" Virus! Action Taken: File Renamed.

01 May 2015 15:08:00 [1278] - Scanning File C:\Program Files\Common Files\System\SysMenu.dll
01 May 2015 15:08:00 [1278] - File C:\Program Files\Common Files\System\SysMenu.dll infected by "Adware.Shopper.V (DB)" Virus! Action Taken: File Renamed.

01 May 2015 15:08:00 [1338] - Scanning File C:\Program Files\Common Files\System\SysMenu64.dll
01 May 2015 15:08:00 [1338] - File C:\Program Files\Common Files\System\SysMenu64.dll infected by "Adware.Generic.1142729 (DB)" Virus! Action Taken: File Renamed.

01 May 2015 15:25:40 [1680] - Scanning File C:\System Volume Information\{2602c01a-e573-11e4-b09d-002643aa2bfc}{3808876b-c176-4e48-b7ae-04046e6cc752}
01 May 2015 15:25:40 [1278] - Scanning File C:\System Volume Information\{396dfbbc-d2ae-11e4-89ad-002643aa2bfc}{3808876b-c176-4e48-b7ae-04046e6cc752}
01 May 2015 15:25:40 [1338] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
01 May 2015 15:25:40 [1680] - Scanning File C:\System Volume Information\{5428bfc6-e302-11e4-8a73-002643aa2bfc}{3808876b-c176-4e48-b7ae-04046e6cc752}
01 May 2015 15:25:40 [1338] - Scanning File C:\System Volume Information\{cbe8262c-dd84-11e4-89ad-002643aa2bfc}{3808876b-c176-4e48-b7ae-04046e6cc752}
01 May 2015 15:25:40 [1278] - Scanning File C:\System Volume Information\{81c37467-ee50-11e4-8156-0024be453002}{3808876b-c176-4e48-b7ae-04046e6cc752}
01 May 2015 15:25:40 [1338] - Scanning File C:\System Volume Information\{ee9c7955-ecbc-11e4-8b7f-002643aa2bfc}{3808876b-c176-4e48-b7ae-04046e6cc752}
01 May 2015 15:25:40 [1680] - Scanning File C:\System Volume Information\{ccff458c-ecc9-11e4-9cd7-0024be453002}{3808876b-c176-4e48-b7ae-04046e6cc752}
01 May 2015 15:26:14 [1338] - Scanning File C:\Users\midnight\AppData\Local\Installer\Install_10062\DCytdkietut_tutdk_setup.exe
01 May 2015 15:26:14 [1278] - Scanning File C:\Users\midnight\AppData\Local\Installer\Install_11387\DCytdkietut_tutdk_setup.exe
01 May 2015 15:26:14 [1278] - ScanFile (C:\Users\midnight\AppData\Local\Installer\Install_11387\DCytdkietut_tutdk_setup.exe) took 5195 ms
01 May 2015 15:26:14 [1338] - ScanFile (C:\Users\midnight\AppData\Local\Installer\Install_10062\DCytdkietut_tutdk_setup.exe) took 5491 ms
01 May 2015 15:26:15 [1338] - File C:\Users\midnight\AppData\Local\Installer\Install_10062\DCytdkietut_tutdk_setup.exe infected by "Gen:Variant.Adware.Graftor.171097 (DB)" Virus! Action Taken: File Renamed.

01 May 2015 15:26:15 [1278] - File C:\Users\midnight\AppData\Local\Installer\Install_11387\DCytdkietut_tutdk_setup.exe infected by "Gen:Variant.Adware.Graftor.171097 (DB)" Virus! Action Taken: File Renamed.

01 May 2015 15:32:55 [1680] - Scanning File C:\Users\midnight\Music\[beatmania] ZANZIBAR LONG - Delaware.mp4
01 May 2015 15:34:55 [1680] - ScanFile (C:\Users\Public\Documents\Ableton Live 7 [h33t][deepstatus]\Extras\Live Packs\impulse.zip) took 6458 ms
01 May 2015 15:37:48 [1278] - ScanFile (C:\Windows\Drivers\EXE\Graphics Driver (ATI)\Packages\Drivers\Display\W76A_INF\B_84524\atioglxx.dl_) took 6177 ms
01 May 2015 15:37:49 [1680] - ScanFile (C:\Windows\Drivers\EXE\Graphics Driver (ATI)\Packages\Drivers\Display\W7_INF\B_84524\atioglxx.dl_) took 5584 ms
01 May 2015 15:42:45 [1278] - ScanFile (C:\Windows\Installer\69ab7ebe.msp) took 5149 ms
01 May 2015 15:46:18 [1680] - ScanFile (C:\Windows\System32\atioglxx.dll) took 6318 ms
01 May 2015 15:51:47 [119c] - ScanFile (C:\Windows\winsxs\amd64_microsoft-windows-ehome-mcweblauncher_31bf3856ad364e35_6.1.7600.16385_none_5846a8771b202706\MediaCenterWebLauncher.exe) took 7364 ms
01 May 2015 15:55:56 [1278] - ScanFile (C:\Windows\winsxs\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_10.2.9200.16521_none_94b9c69101c503e9\iediagcmd.exe) took 5554 ms
01 May 2015 16:02:48 [1278] - ScanFile (C:\Windows\winsxs\amd64_microsoft-windows-sonic-createdisc_31bf3856ad364e35_6.1.7600.16385_none_9beb785f084a0caf\CreateDisc.dll) took 11029 ms
01 May 2015 16:05:20 [1680] - ScanFile (C:\Windows\winsxs\amd64_netfx-microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.22733_none_b8ec27b2df488ae0\Microsoft.VisualBasic.dll) took 8112 ms
01 May 2015 16:05:20 [119c] - ScanFile (C:\Windows\winsxs\amd64_netfx-microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.18523_none_cfb8ce4cc5a21132\Microsoft.VisualBasic.dll) took 7987 ms
01 May 2015 16:08:44 [1338] - ScanFile (C:\Windows\winsxs\Backup\x86_microsoft-windows-d2d_31bf3856ad364e35_7.1.7601.18327_none_9b0ce353451f4255_d2d1.dll_ef77984b) took 24320 ms
01 May 2015 16:08:44 [1338] - Scanning of C:\Windows\winsxs\Backup\x86_microsoft-windows-d2d_31bf3856ad364e35_7.1.7601.18327_none_9b0ce353451f4255_d2d1.dll_ef77984b Timed out!!!
01 May 2015 16:15:27 [1338] - ScanFile (C:\Windows\winsxs\msil_microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.22733_none_6b1e5248d77e003d\Microsoft.VisualBasic.dll) took 6084 ms
01 May 2015 16:15:27 [119c] - ScanFile (C:\Windows\winsxs\msil_microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.18523_none_81eaf8e2bdd7868f\Microsoft.VisualBasic.dll) took 6037 ms
01 May 2015 16:23:18 [119c] - ScanFile (C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.2.9600.16428_none_828666943772c435\msfeedssync.exe) took 5335 ms
01 May 2015 16:23:18 [1680] - ScanFile (C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_10.2.9200.16521_none_1e08ed1a92d83052\msfeedssync.exe) took 6006 ms
 
01 May 2015 16:27:52 [176c] - ***** Checking for specific ITW Viruses *****
 
01 May 2015 16:27:53 [176c] - ***** Scanning complete. *****
 
01 May 2015 16:27:53 [176c] - Total Objects Scanned: 403379
01 May 2015 16:27:53 [176c] - Total Critical Objects: 18
01 May 2015 16:27:53 [176c] - Total Disinfected Objects: 0
01 May 2015 16:27:53 [176c] - Total Objects Renamed: 11
01 May 2015 16:27:53 [176c] - Total Deleted Objects: 7
01 May 2015 16:27:53 [176c] - Total Errors: 1
01 May 2015 16:27:53 [176c] - Time Elapsed: 01:35:51
01 May 2015 16:27:53 [176c] - Virus Database Date: 01 May 2015
01 May 2015 16:27:53 [176c] - Virus Database Count: 5751628
01 May 2015 16:27:53 [176c] - Sign Version: 7.60379 [519131]
 
01 May 2015 16:27:53 [176c] - Scan Completed.

________________________________________________________

 

Zemana AntiMalware 2.10.2.18 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/5/1
Operating System      : Windows 7 64-bit
Processor             : 2X Intel® Core™2 Duo CPU   P8700 @ 2.53GHz
BIOS Mode             : Legacy
CUID                  : 00C6E3D1FB1CBA481EF520
Scan Type             : Deep Scan
Duration              : 35m 9s
Scanned Objects       : 98948
Detected Objects      : 9
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Engines               : Zemana, Avira, Eset, Bitdefender, AVG, Kaspersky

Detected Objects
-------------------------------------------------------
Generic Root Trust CA
   Status             : Scanned
   Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195\Blob
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detections         : Suspicious Root CA
   Cleaning Action    : Delete
   Traces             :
                Registry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195\Blob

Hosts File
   Status             : Scanned
   Object             : %systemroot%\system32\drivers\etc\hosts
   MD5                : 2DDCA716EFF6AB2F8D96DC3D39527386
   Publisher          : -
   Size               : 21
   Version            : -
   Detections         : Hosts Hijack
   Cleaning Action    : Repair
   Traces             :
                Hosts File - Hosts file is hidden

Mountain Bike 1.0.1
   Status             : Scanned
   Object             : %appdata%\mozilla\firefox\profiles\2cb5ij81.default\extensions\{1515d95d-95b6-4aa5-9440-050bf6b5758f}.xpi
   MD5                : E3CDAB14BD6FB7DBFBA8E3AD3171ABD0
   Publisher          : -
   Size               : 6762
   Version            : -
   Detections         : Avira: ADWARE/BrowseFox.ZW
   Cleaning Action    : Repair
   Traces             :
                File - %appdata%\mozilla\firefox\profiles\2cb5ij81.default\extensions\{1515d95d-95b6-4aa5-9440-050bf6b5758f}.xpi
                Extension - Mountain Bike 1.0.1

i4j_extf_11_5p83tu.exe
   Status             : Scanned
   Object             : %programfiles%\vuze\.install4j\i4j_extf_11_5p83tu.exe
   MD5                : AFB869D31D7884B85555961D047F284A
   Publisher          : Ask.com
   Size               : 54664
   Version            : -
   Detections         : Zemana: Adware:Win32/AskBrowserHijack!Ep
   Cleaning Action    : Quarantine
   Traces             :
                File - %programfiles%\vuze\.install4j\i4j_extf_11_5p83tu.exe

AzureusTor.exe.bak
   Status             : Scanned
   Object             : %appdata%\azureus\plugins\aznettor\azureustor.exe.bak
   MD5                : 6C6EA5E02FC8465DF805B96FB490FC55
   Publisher          : Azureus Software, Inc.
   Size               : 3769672
   Version            : -
   Detections         : Kaspersky: not-a-virus:Downloader.Win32.Agent.bwfn
   Cleaning Action    : Quarantine
   Traces             :
                File - %appdata%\azureus\plugins\aznettor\azureustor.exe.bak

81bedde-7f99adcc
   Status             : Scanned
   Object             : %localappdata%low\sun\java\deployment\cache\6.0\30\81bedde-7f99adcc
   MD5                : 60FC410D66F722DA4E65154A6EEB9DA2
   Publisher          : -
   Size               : 2568
   Version            : -
   Detections         : AVG: Exploit.Java_c.DEJ, Avira: EXP/CVE-2010-0840.A.32
   Cleaning Action    : Quarantine
   Traces             :
                File - %localappdata%low\sun\java\deployment\cache\6.0\30\81bedde-7f99adcc

3ebff58f-1e16f800
   Status             : Scanned
   Object             : %localappdata%low\sun\java\deployment\cache\6.0\15\3ebff58f-1e16f800
   MD5                : 0F43E8702C01CD2518CBB3447788141C
   Publisher          : -
   Size               : 11145
   Version            : -
   Detections         : Avira: EXP/11-3544.CX
   Cleaning Action    : Quarantine
   Traces             :
                File - %localappdata%low\sun\java\deployment\cache\6.0\15\3ebff58f-1e16f800

DCytdkietut_tutdk_setup.exe.mwt
   Status             : Scanned
   Object             : %localappdata%\installer\install_11387\dcytdkietut_tutdk_setup.exe.mwt
   MD5                : 52A5F3C0BFBFD22C930B3C2E108A9E9C
   Publisher          : Goobzo Ltd
   Size               : 1212392
   Version            : 2.7.9041.616
   Detections         : Avira: ADWARE/CrossRider.Gen, Bitdefender: Gen:Variant.Adware.Graftor.171097, Eset: a variant of Win32/SpeedBit.F application
   Cleaning Action    : Quarantine
   Traces             :
                File - %localappdata%\installer\install_11387\dcytdkietut_tutdk_setup.exe.mwt

DCytdkietut_tutdk_setup.exe.mwt
   Status             : Scanned
   Object             : %localappdata%\installer\install_10062\dcytdkietut_tutdk_setup.exe.mwt
   MD5                : 52A5F3C0BFBFD22C930B3C2E108A9E9C
   Publisher          : Goobzo Ltd
   Size               : 1212392
   Version            : 2.7.9041.616
   Detections         : Avira: ADWARE/CrossRider.Gen, Bitdefender: Gen:Variant.Adware.Graftor.171097, Eset: a variant of Win32/SpeedBit.F application
   Cleaning Action    : Quarantine
   Traces             :
                File - %localappdata%\installer\install_10062\dcytdkietut_tutdk_setup.exe.mwt

Cleaning Result
-------------------------------------------------------
Cleaned               : 9
Reported as safe      : 0
Failed                : 0

 

________________________________________________

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Windows 7 Home Premium x64
Ran by midnight on Fri 05/01/2015 at 18:08:02.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/01/2015 at 18:13:04.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v4.203 - Logfile created 01/05/2015 at 18:04:18
# Updated 30/04/2015 by Xplode
# Database : 2015-04-30.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : midnight - MIDNIGHT
# Running from : C:\Users\midnight\Downloads\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
Folder Deleted : C:\Users\midnight\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Key Deleted : HKLM\SOFTWARE\Classes\CRSBRWSHTML
Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKCU\Software\CrossBrowser
Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
Key Deleted : HKLM\SOFTWARE\Crossbrowse

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

-\\ Mozilla Firefox v36.0.4 (x86 en-US)

-\\ Google Chrome v42.0.2311.135

*************************

AdwCleaner[R0].txt - [3239 bytes] - [11/09/2013 20:58:53]
AdwCleaner[R1].txt - [4912 bytes] - [27/04/2015 02:48:50]
AdwCleaner[R2].txt - [1332 bytes] - [27/04/2015 03:19:52]
AdwCleaner[R3].txt - [2575 bytes] - [28/04/2015 02:30:48]
AdwCleaner[R4].txt - [2746 bytes] - [01/05/2015 18:02:53]
AdwCleaner[S0].txt - [3309 bytes] - [11/09/2013 21:00:52]
AdwCleaner[S1].txt - [4870 bytes] - [27/04/2015 02:50:36]
AdwCleaner[S2].txt - [1328 bytes] - [27/04/2015 03:34:34]
AdwCleaner[S3].txt - [2519 bytes] - [28/04/2015 02:33:43]
AdwCleaner[S4].txt - [2581 bytes] - [01/05/2015 18:04:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2640  bytes] ##########



#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 02 May 2015 - 04:53 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • http://www.eset.com/us/online-scanner/help/
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#6 midnight028

midnight028
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 02 May 2015 - 11:56 PM

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_05_02_17_23_41
OS: Windows 7 - 64 Bit
Account Name: midnight
U0L0S22

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - File - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.ini
Deleted - File - C:\program files (x86)\Image-Line\FL Studio 9\Data\Patches\Plugin presets\Generators\Wasp\PadSoftelectroVibe.fst
Deleted - Folder - C:\program files (x86)\Common Files\Wondershare
Deleted - Folder - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact
Deleted - Folder - C:\ProgramData\Application Data\Documents\Wondershare
Deleted - Folder - C:\ProgramData\Documents\Wondershare
Deleted - Folder - C:\Users\midnight\Appdata\Local\Wondershare
Deleted - Folder - C:\Users\midnight\Appdata\Local\Wondershare\WSHelper
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE:Wondershare
Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE:Wondershare
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished

 

_____________________________

 

~ ZHPCleaner v2015.5.2.206 by Nicolas Coolman (02/05/2015)
~ Run by midnight (Administrator)  (02/05/2015 17:54:54)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\midnight\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\midnight\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)

---\\  Services (0)
~ No malicious items found.

---\\  Browser internet (1)
REPLACED Proxy: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 ( 1 )

---\\  Hosts file (0)
~ No malicious items found.

---\\  Scheduled automatic tasks. (4)
DELETED task: [AutoKMS] [C:\Windows\AutoKMS\AutoKMS.exe (Not File) ] (Trojan.AutoKMS)
DELETED task: [CPPXQF1] [C:\ProgramData\FlashBeat\FlashBeat.exe (Not File) ] (PUP.FlashBeat)
DELETED task: [IXTJLK] [C:\ProgramData\d99b059d3936491e93e7cc1d9f5dee9d\d99b059d3936491e93e7cc1d9f5dee9d.exe (Not File) ] (Heuristic.CrossRider)
DELETED task: [SMWUpd] [C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe (Not File) ] (PUP.Goobzo)

---\\  Explorer ( File, Folder) (12)
MOVED file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] (Trojan.AutoKMS)
MOVED file: C:\Windows\Prefetch\BLOCKANDSURF.EXE-1012B8C1.pf   (PUP.BlockAndSurf)
MOVED file: C:\Windows\Prefetch\FLASHBEAT.EXE-87F22F22.pf   (PUP.FlashBeat)
MOVED file: C:\Windows\Prefetch\K2BLOCKANDSURFP72.EXE-068E27FF.pf   (PUP.BlockAndSurf)
MOVED file: C:\Windows\AutoKMS\AutoKMS.log   (Trojan.AutoKMS)
MOVED file^: C:\Users\midnight\AppData\Local\Installer   (Adware.InstallPedia)
MOVED folder*: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)
MOVED folder*: C:\ProgramData\464d739894e84d8f99387ad42e10e5c1 (Adware.CrossRider)
MOVED folder*: C:\ProgramData\d99b059d3936491e93e7cc1d9f5dee9d (Adware.CrossRider)
MOVED folder*: C:\ProgramData\Microsoft Toolkit (Trojan.AutoKMS)
MOVED folder*: C:\Windows\AutoKMS (Trojan.AutoKMS)
MOVED folder*: C:\Users\midnight\AppData\Local\CrashRpt (SUP.CrashReports)

---\\  Registry ( Key, Value, Data) (16)
DELETED data: HKCR\htmlfile\Shell\Open\Command\\Default [Bad : [html] ]  (Broken.OpenCommand)
DELETED data: [X64] HKLM\SOFTWARE\Classes\.html\\Default [Bad : CRSBRWSHTML]  (PUP.CrossBrowse)
DELETED key*: HKEY_USERS\S-1-5-21-3060242036-1457108144-1228976908-1000\Software\Classes\.shtml [CRSBRWSHTML] (PUP.CrossBrowse)
DELETED key*: HKEY_USERS\S-1-5-21-3060242036-1457108144-1228976908-1000\Software\Classes\.umbrella [umbrella_auto_file] (Adware.IMBooster)
DELETED key*: HKEY_USERS\S-1-5-21-3060242036-1457108144-1228976908-1000\Software\Classes\.xht [CRSBRWSHTML] (PUP.CrossBrowse)
DELETED key*: HKEY_USERS\S-1-5-21-3060242036-1457108144-1228976908-1000\Software\Classes\.xhtml [CRSBRWSHTML] (PUP.CrossBrowse)
DELETED key*: HKEY_USERS\S-1-5-21-3060242036-1457108144-1228976908-1000\Software\Classes\umbrella_auto_file [] (Adware.IMBooster)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AVSAudioEditor4.EditorChannels [] (PUP.Torch)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AVSAudioEditor4.EditorChannels.1 [] (PUP.Torch)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe [C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe (Not File)] (PUP.Goobzo)
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\smu.exe [C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe (Not File)] (PUP.Goobzo)
DELETED value: [X64] HKLM\Software\Classes\.htm\OpenWithProgIDs\\CRSBRWSHTML [] (PUP.CrossBrowse)
DELETED value: [X64] HKLM\Software\Classes\.html\OpenWithProgIDs\\CRSBRWSHTML [] (PUP.CrossBrowse)
DELETED value: [X64] HKLM\Software\Classes\.shtml\OpenWithProgIDs\\CRSBRWSHTML [] (PUP.CrossBrowse)
DELETED value: [X64] HKLM\Software\Classes\.webp\OpenWithProgIDs\\CRSBRWSHTML [] (PUP.CrossBrowse)
DELETED value: [X64] HKLM\Software\Classes\.xht\OpenWithProgIDs\\CRSBRWSHTML [] (PUP.CrossBrowse)

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.

---\\ Statistics
~ Items scanned : 768
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 33

End of clean at 17:55:10
===================
ZHPCleaner-[R]-02052015-17_55_10.txt
ZHPCleaner-[S]-02052015-17_47_41.txt

 

________________________________

 

 Results of screen317's Security Check version 1.001 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31 
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.169 
 Adobe Reader XI 
 Mozilla Firefox 36.0.4 Firefox out of Date! 
 Google Chrome (42.0.2311.135)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Seagate DriveSettings Sync SeagateDriveSettingsService.exe
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

___________________________________________

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by midnight (administrator) on 02-05-2015 at 18:23:15
Running from "C:\Users\midnight\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : midnight
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-24-D6-27-BE-04
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6c1b:6cf6:ed49:5124%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, May 02, 2015 6:04:05 PM
   Lease Expires . . . . . . . . . . : Wednesday, June 09, 2151 12:51:38 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 218112763
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-76-78-46-00-24-BE-45-30-02
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-24-BE-45-30-02
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  router.belkin
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4002:c01::8a
   173.194.219.139
   173.194.219.138
   173.194.219.101
   173.194.219.102
   173.194.219.100
   173.194.219.113

Pinging google.com [173.194.219.139] with 32 bytes of data:
Reply from 173.194.219.139: bytes=32 time=71ms TTL=36
Reply from 173.194.219.139: bytes=32 time=75ms TTL=36

Ping statistics for 173.194.219.139:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 71ms, Maximum = 75ms, Average = 73ms
Server:  router.belkin
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.139.183.24
   98.138.253.109
   206.190.36.45

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=102ms TTL=44
Reply from 98.139.183.24: bytes=32 time=99ms TTL=44

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 99ms, Maximum = 102ms, Average = 100ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 24 d6 27 be 04 ......Intel® WiFi Link 5100 AGN
 10...00 24 be 45 30 02 ......Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.2    281
      192.168.2.2  255.255.255.255         On-link       192.168.2.2    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.2    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::6c1b:6cf6:ed49:5124/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/01/2015 02:25:59 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/01/2015 02:25:59 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/01/2015 02:25:59 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/01/2015 02:25:59 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (05/01/2015 02:25:56 PM) (Source: ESENT) (User: )
Description: taskhost (3032) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\midnight\AppData\Local\Microsoft\Windows\WebCache\V01076A1.log.

Error: (05/01/2015 02:25:56 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/01/2015 02:25:56 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/01/2015 02:25:56 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/01/2015 02:25:56 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/01/2015 02:25:56 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

System errors:
=============
Error: (05/02/2015 06:04:12 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/02/2015 06:04:07 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/02/2015 06:03:58 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (05/02/2015 06:03:58 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/02/2015 05:34:00 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/02/2015 05:30:17 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/02/2015 05:15:37 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (05/02/2015 05:57:35 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (05/01/2015 09:40:41 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (05/01/2015 06:10:54 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Software Protection service, but this action failed with the following error:
%%1056

Microsoft Office Sessions:
=========================
Error: (05/01/2015 02:25:59 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/01/2015 02:25:59 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/01/2015 02:25:59 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/01/2015 02:25:59 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (05/01/2015 02:25:56 PM) (Source: ESENT)(User: )
Description: taskhost3032WebCacheLocal: C:\Users\midnight\AppData\Local\Microsoft\Windows\WebCache\V01076A1.log-1811

Error: (05/01/2015 02:25:56 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (05/01/2015 02:25:56 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/01/2015 02:25:56 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (05/01/2015 02:25:56 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (05/01/2015 02:25:56 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

CodeIntegrity Errors:
===================================
  Date: 2013-12-04 18:42:16.718
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-04 18:42:16.608
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-01 20:05:48.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:48.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:48.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:48.154
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:47.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:47.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:47.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 20:05:47.512
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (Version: 3.4.0.2540)
Adobe Audition 3.0 (Version: 3.0)
Adobe Audition 3.0 Vista Compatibility
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 17 ActiveX (Version: 17.0.0.169)
Adobe Flash Player 17 NPAPI (Version: 17.0.0.169)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader XI (11.0.10) (Version: 11.0.10)
Adobe Refresh Manager (Version: 1.8.0)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
AIO_Scan (Version: 130.0.365.000)
Alps Pointing-device for VAIO
Apple Application Support (Version: 3.1)
Apple Mobile Device Support (Version: 8.0.5.6)
Apple Software Update (Version: 2.1.3.127)
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.1.85)
ArcSoft WebCam Companion 3 (Version: 3.0.21.390)
ASIO4ALL
Audacity 1.3.4 (Unicode)
AVS Audio Converter version 6.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
C4200 (Version: 130.0.365.000)
c4200_Help (Version: 82.0.210.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Full Existing (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Full New (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Light (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Previews Common (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0710.1127.18698)
Catalyst Control Center InstallProxy (Version: 2009.0710.1127.18698)
Catalyst Control Center Localization All (Version: 2009.0710.1127.18698)
CCC Help Chinese Standard (Version: 2009.0720.2144.37243)
CCC Help Chinese Traditional (Version: 2009.0720.2144.37243)
CCC Help Czech (Version: 2009.0720.2144.37243)
CCC Help Danish (Version: 2009.0720.2144.37243)
CCC Help Dutch (Version: 2009.0720.2144.37243)
CCC Help English (Version: 2009.0720.2144.37243)
CCC Help Finnish (Version: 2009.0720.2144.37243)
CCC Help French (Version: 2009.0720.2144.37243)
CCC Help German (Version: 2009.0720.2144.37243)
CCC Help Greek (Version: 2009.0720.2144.37243)
CCC Help Hungarian (Version: 2009.0720.2144.37243)
CCC Help Italian (Version: 2009.0720.2144.37243)
CCC Help Japanese (Version: 2009.0720.2144.37243)
CCC Help Korean (Version: 2009.0720.2144.37243)
CCC Help Norwegian (Version: 2009.0720.2144.37243)
CCC Help Polish (Version: 2009.0720.2144.37243)
CCC Help Portuguese (Version: 2009.0720.2144.37243)
CCC Help Russian (Version: 2009.0720.2144.37243)
CCC Help Spanish (Version: 2009.0720.2144.37243)
CCC Help Swedish (Version: 2009.0720.2144.37243)
CCC Help Thai (Version: 2009.0720.2144.37243)
CCC Help Turkish (Version: 2009.0720.2144.37243)
ccc-core-static (Version: 2009.0710.1127.18698)
ccc-utility64 (Version: 2009.0710.1127.18698)
CCleaner (Version: 5.05)
CDDRV_Installer (Version: 4.60)
Click to Disc (Version: 1.2.70.06160)
Click to Disc Editor (Version: 2.0.02)
ConvertHelper 2.2
Copy (Version: 130.0.428.000)
Corel WinDVD (Version: 8.8.0.282)
Definition Update for Microsoft Office 2013 (KB2965273) 64-Bit Edition
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.465.000)
DocProc (Version: 13.0.0.0)
Dolby Control Center (Version: 1.2.0702)
Dropbox (Version: 1.1.35)
erLT (Version: 1.20.0137)
Facebook Plug-In
FL Studio 9
GEAR driver installer for AMD64 and Intel EM64T (Version: 2.003.1)
Google Chrome (Version: 42.0.2311.135)
Google Drive (Version: 1.20.8672.3137)
Google Talk Plugin (Version: 5.41.2.0)
Google Update Helper (Version: 1.3.25.11)
Google Update Helper (Version: 1.3.26.9)
GPBaseService2 (Version: 130.0.371.000)
Hardcore
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Print Diagnostic Utility (Version: 1.51.0000)
HP Product Detection (Version: 11.14.0001)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.005.002.002)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
IL Download Manager
Intel® Matrix Storage Manager
IrfanView (remove only) (Version: 4.27)
iTunes (Version: 12.0.1.26)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 8 Update 31 (Version: 8.0.310)
Java Auto Updater (Version: 2.8.31.13)
Java™ 6 Update 15 (64-bit) (Version: 6.0.150)
Java™ SE Development Kit 6 Update 15 (64-bit) (Version: 1.6.0.150)
Junk Mail filter update (Version: 14.0.8089.726)
KhalInstallWrapper (Version: 2.00.0000)
LAME v3.98.3 for Audacity
Live 7.0.3
Logitech SetPoint (Version: 4.80)
Malwarebytes Anti-Malware version 2.0.4.1028 (Version: 2.0.4.1028)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506)
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Silverlight (Version: 5.1.30514.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50903)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MixMeister Studio 7.2.2
MotoHelper MergeModules (Version: 1.2.0)
Mozilla Firefox 36.0.4 (x86 en-US) (Version: 36.0.4)
Mozilla Maintenance Service (Version: 29.0.1)
Mplayer 0.6.9 (Version: 0.6.9)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Music Transfer (Version: 1.3.01.13160)
Norton 360 (Version: 21.7.0.11)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenOffice.org 3.1 (Version: 3.1.9420)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506)
PDF Settings CS5 (Version: 10.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PoiZone
Primo (Version: 1.00.0000)
PS_AIO_Software_min (Version: 130.0.365.000)
QuickBooks Financial Center (Version: 1.30.0000)
QuickBooks Premier Edition 2009 (Version: 19.0.4001.703)
QuickTime 7 (Version: 7.76.80.95)
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.5897)
Realtek High Definition Audio Driver (Version: 6.0.1.5886)
Regi (Version: 1.00.0000)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy Media Creator 10 LJ (Version: 10.3)
Roxio Easy Media Creator Home (Version: 10.3.121)
Runtime (Version: 1.00.0000)
Sawer
Scan (Version: 140.0.80.000)
Seagate Drive Settings Installer (Version: 1.00.0000)
SeaTools for Windows (Version: 1.2.0.5)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Setting Utility Series (Version: 5.0.0.07300)
Shop for HP Supplies (Version: 13.0)
Skype™ 7.1 (Version: 7.1.105)
SmartWebPrinting (Version: 140.0.186.000)
SmartWi Connection Utility (Version: 4.8.4.20090902.2130)
SolutionCenter (Version: 130.0.373.000)
Sony Home Network Library (Version: 2.0.0.07280)
Sony Picture Utility (Version: 4.2.12.16210)
Spotify (Version: 1.0.3.101.gbfa97dfe)
Status (Version: 130.0.469.000)
SupportSoft Assisted Service (Version: 15)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 130.0.648.000)
Toxic Biohazard
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for Microsoft Access 2013 (KB2965276) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2965275) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2956174) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2825678) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880487) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880977) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition
Update for Microsoft Office 2013 (KB2920754) 64-Bit Edition
Update for Microsoft Office 2013 (KB2920769) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956154) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956169) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956171) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956177) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965218) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965255) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965262) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965268) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2956185) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2965264) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2965270) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2013 (KB2965257) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2965256) 64-Bit Edition
Update for Microsoft Project 2013 (KB2965279) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition
VAIO Care (Version: 5.1.0.13200)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.5.0.06261)
VAIO Content Metadata Intelligent Network Service Manager (Version: 3.5.0.06260)
VAIO Content Metadata Manager Settings (Version: 3.5.0.06260)
VAIO Content Metadata XML Interface Library (Version: 3.5.0.06180)
VAIO Content Monitoring Settings (Version: 2.4.0.06120)
VAIO Control Center (Version: 4.0.0.06120)
VAIO Data Restore Tool (Version: 1.1.01.06290)
VAIO DVD Menu Data Basic (Version: 1.0.00.08130)
VAIO Entertainment Platform (Version: 3.5.0.07230)
VAIO Event Service (Version: 5.0.0.07010)
VAIO Help and Support (Version: 9.00.0729.ENUS)
VAIO Media plus (Version: 2.0.0.07280)
VAIO Media plus Opening Movie (Version: 2.0.0.07030)
VAIO Movie Story (Version: 1.5.00.06191)
VAIO Movie Story Template Data (Version: 1.5.00.06010)
VAIO OOBE and Startup Assistant (Version: 1.00.0811.ENUS)
VAIO Original Function Settings (Version: 2.0.0.07010)
VAIO Power Management (Version: 4.0.0.08240)
VAIO Presentation Support (Version: 2.0.0.05270)
VAIO Survey (Version: 6.00.0722)
VAIO Update 4 (Version: 4.2.0.07300)
VAIO Wallpaper Contents (Version: 2.0.0.06010)
VD64Inst (Version: 1.00.0000)
Virtual DJ - Atomix Productions
VirtualCloneDrive
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 2.1.3 (Version: 2.1.3)
Vuze (Version: 5.0.0.0)
WebM Media Foundation Components (Version: 1.0.1.2)
WebReg (Version: 130.0.132.017)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinRAR archiver
Xvid Video Codec (Version: 1.3.2)
Zoosk Messenger (Version: 4.128.3)
Zuma Deluxe RA

========================= Devices: ================================

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 4063.02 MB
Available physical RAM: 2538.28 MB
Total Pagefile: 8124.24 MB
Available Pagefile: 5816.4 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.9 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:290.01 GB) (Free:83.64 GB) NTFS

========================= Users: ========================================

User accounts for \\MIDNIGHT

Administrator            Guest                    midnight                

**** End of log ****

_____________________

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelper.exe.vir.mwt a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\converter.exe.vir.mwt a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadAPI.dll.vir.mwt a variant of Win32/SpeedBit.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadHelper.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\sbmntr.sys.vir.mwt a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir.mwt a variant of Win32/ShopperPro.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDownloader.exe.vir.mwt a variant of Win32/SBWatchman.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\midnight\AppData\Roaming\C0E6AA78-1430208705-DE11-8812-0024BE453002\vnsz50DF.tmp.vir a variant of Win32/Adware.ConvertAd.KZ.gen application cleaned by deleting - quarantined
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan cleaned by deleting - quarantined
C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Users\dddbonebgooimgpilcfadbeegnoneloe\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Program Files\Common Files\System\SysMenu.dll.mwt a variant of Win32/SpeedBit.F potentially unwanted application deleted - quarantined
C:\Program Files\Common Files\System\SysMenu64.dll.mwt a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe Win32/Somoto.F potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll a variant of Win32/Bunndle potentially unsafe application deleted - quarantined
C:\Users\midnight\AppData\Local\Google\Chrome\User Data\Default\Users\dddbonebgooimgpilcfadbeegnoneloe\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\midnight\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\cf93d12-35442cf0 a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\Users\midnight\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

 



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 03 May 2015 - 01:56 PM

Norton 360 has a firewall, and your security check log indicates that you have windows firewall enabled as well. You will need to disable the windows firewall.

 

 

http://windows.microsoft.com/en-us/windows/turn-windows-firewall-on-off

 

I would like you to run adware cleaner and ZHP cleaner once more and post the new results.



#8 midnight028

midnight028
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 03 May 2015 - 06:11 PM

Sorry about that. Here are those last two logs:

 

# AdwCleaner v4.203 - Logfile created 03/05/2015 at 15:28:11
# Updated 30/04/2015 by Xplode
# Database : 2015-05-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : midnight - MIDNIGHT
# Running from : C:\Users\midnight\Downloads\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

-\\ Mozilla Firefox v36.0.4 (x86 en-US)

-\\ Google Chrome v42.0.2311.135

*************************

AdwCleaner[R0].txt - [3239 bytes] - [11/09/2013 20:58:53]
AdwCleaner[R1].txt - [4912 bytes] - [27/04/2015 02:48:50]
AdwCleaner[R2].txt - [1332 bytes] - [27/04/2015 03:19:52]
AdwCleaner[R3].txt - [2575 bytes] - [28/04/2015 02:30:48]
AdwCleaner[R4].txt - [2746 bytes] - [01/05/2015 18:02:53]
AdwCleaner[R5].txt - [1396 bytes] - [03/05/2015 15:24:51]
AdwCleaner[S0].txt - [3309 bytes] - [11/09/2013 21:00:52]
AdwCleaner[S1].txt - [4870 bytes] - [27/04/2015 02:50:36]
AdwCleaner[S2].txt - [1328 bytes] - [27/04/2015 03:34:34]
AdwCleaner[S3].txt - [2519 bytes] - [28/04/2015 02:33:43]
AdwCleaner[S4].txt - [2728 bytes] - [01/05/2015 18:04:18]
AdwCleaner[S5].txt - [1322 bytes] - [03/05/2015 15:28:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1381  bytes] ##########

 

----------------------------------------------------------

 

~ ZHPCleaner v2015.5.3.207 by Nicolas Coolman (03/05/2015)
~ Run by midnight (Administrator)  (03/05/2015 15:51:04)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\midnight\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\midnight\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)

---\\  Services (0)
~ No malicious items found.

---\\  Browser internet (0)
~ No malicious items found.

---\\  Hosts file (0)
~ No malicious items found.

---\\  Scheduled automatic tasks. (0)
~ No malicious items found.

---\\  Explorer ( File, Folder) (1)
MOVED file^: C:\Users\midnight\AppData\Local\Installer   (Adware.InstallPedia)

---\\  Registry ( Key, Value, Data) (0)
~ No malicious items found.

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)
~ The system has been restarted.

---\\ Statistics
~ Items scanned : 878
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 1

End of clean at 15:51:23
===================
ZHPCleaner-[R]-02052015-17_55_10.txt
ZHPCleaner-[R]-03052015-15_51_23.txt
ZHPCleaner-[S]-02052015-17_47_41.txt
ZHPCleaner-[S]-03052015-15_48_15.txt



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 04 May 2015 - 05:05 PM

How are things now?



#10 midnight028

midnight028
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 04 May 2015 - 06:54 PM

They seem ok. No more random installs or redirecting. I think a lot of settings were just reset though but other than that it's better.



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 04 May 2015 - 08:54 PM

The copy of malwarebytes you have installed is an older version... Uninstall it...

 

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 



#12 midnight028

midnight028
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 05 May 2015 - 01:51 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/5/2015
Scan Time: 10:58:25 AM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.05.04
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: midnight

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 428347
Time Elapsed: 26 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 10
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\CLASSES\.htm, CRSBRWSHTML, Quarantined, [09ff335d72182d0962760e5534d17d83]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\CLASSES\.shtml, CRSBRWSHTML, Quarantined, [6c9cefa1becc73c3b82080e3966fb54b]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\CLASSES\.xht, CRSBRWSHTML, Quarantined, [4abe048c58327db927b1e182ea1b32ce]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\CLASSES\.xhtml, CRSBRWSHTML, Quarantined, [9078bed2ed9d152196421053b055bb45]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\REGISTEREDAPPLICATIONS|Crossbrowse, Software\Clients\StartMenuInternet\Crossbrowse\Capabilities, Quarantined, [a761eaa65634063061794a1907fe7987]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.htm, CRSBRWSHTML, Quarantined, [c3455a364b3f3cfa6b6dc69d9174d62a]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.shtml, CRSBRWSHTML, Quarantined, [33d5bfd1b2d894a26375174c7e8753ad]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.xht, CRSBRWSHTML, Quarantined, [ee1ab9d70783ef478f49234095704db3]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.xhtml, CRSBRWSHTML, Quarantined, [7d8bd3bd6327d5619c3c80e3be4721df]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\REGISTEREDAPPLICATIONS|Crossbrowse, Software\Clients\StartMenuInternet\Crossbrowse\Capabilities, Quarantined, [eb1d4c445f2bed4936a4ec777e87b64a]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 05 May 2015 - 03:00 PM

Download 9-Lab Removal Tool. from one of the links below.
http://9-lab.com/
CLICK HEREto determine whether you're running 32-bit or 64-bit for Windows.
 

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Install and update run a full scan with  Virit lite.

 

http://www.tgsoft.it/english/download_eng.asp



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 05 May 2015 - 03:03 PM

 
Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt


#15 midnight028

midnight028
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 06 May 2015 - 12:00 AM

9-lab Removal Tool 1.0.0.34 BETA
9-lab.com

Database version: 103.0

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17728
midnight :: MIDNIGHT

5/5/2015 4:08:00 PM
9lab-log-2015-05-05 (16-08-00).txt

Scan type: Full
Objects scanned: 57638
Time Elapsed: 54 m 30 s

Registry Keys detected: 5
Adware.RPL.Rotbrow.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1]
Adware.RPL.Rotbrow.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2]
Adware.RPL.Rotbrow.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1]
Adware.RPL.Rotbrow.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg]
Adware.RPL.Rotbrow.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AniGIFCtrl.AniGIF]

Files detected: 6
[7AD0A6A31F0DC6360D7080B0C7BA1717] Malware.Win32.Gen.sm!s2 [C:\Program Files (x86)\Common Files\Apple\Apple Application Support\blackra1n.exe]
[A266DA18F8A1B799666E7E5F3BEA58CA] Trojan.Win32.Stealer.2520.cc!ff [C:\Program Files (x86)\InstallShield Installation Information\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}\setup.exe]
[E3D0627449B4011AD4485EFD74268912] Malware.Win32.Gen.vb!s2 [C:\Program Files (x86)\Mplayer\AutoUpdate.exe]
[FBE4B277A98B94D38EB517EB01BA4B66] Malware.Win32.Swizzor.an [C:\Program Files (x86)\Vuze\.install4j\i4j_extf_17_5p83tu.exe]
[FBE4B277A98B94D38EB517EB01BA4B66] Malware.Win32.Swizzor.an [C:\Program Files (x86)\Vuze\.install4j\i4j_extf_19_5p83tu.exe]
[B46915223E17D0CBB7A6D8D9D9490A20] Malware.Win32.Gen.sm!s2 [C:\Users\midnight\Documents\iphone crapp\blackra1n - Shortcut.lnk]

-------------------------------------------------

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.06.01
  rootkit: v2015.04.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17728
midnight :: MIDNIGHT [administrator]

5/5/2015 9:22:10 PM
mbar-log-2015-05-05 (21-22-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 434893
Time elapsed: 27 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

--------------------------------------

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17728

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.526000 GHz
Memory total: 4260388864, free: 1733677056

Downloaded database version: v2015.05.06.01
Downloaded database version: v2015.04.21.01
Downloaded database version: v2015.04.22.01
=======================================
Initializing...
------------ Kernel report ------------
     05/05/2015 21:21:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1507000.00B\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1507000.00B\SYMEFA64.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1507000.00B\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1507000.00B\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Windows\System32\drivers\zam64.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20150130.001\IDSvia64.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20150106.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\netw5v64.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\risdsn64.sys
\SystemRoot\system32\DRIVERS\rimssn64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SFEP.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mwac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\sechost.dll
\Windows\System32\urlmon.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\nsi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\usp10.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\psapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\msvcrt.dll
\Windows\System32\gdi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\shell32.dll
\Windows\System32\msctf.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\imm32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.05.06.01
  rootkit: v2015.04.21.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005787060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005786520, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005787060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004778640, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800477b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F24B1036

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 16734208

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 16736256  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16941056  Numsec = 608199344

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80071ec060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007240b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80071ec060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800723e9a0, DeviceName: \Device\00000071\, DriverName: \Driver\risdptsk\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800720f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80071fbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800720f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007265050, DeviceName: \Device\00000072\, DriverName: \Driver\rimsptsk\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-16736256-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users