Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.fraud


  • Please log in to reply
20 replies to this topic

#1 DBreban

DBreban

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 14 May 2015 - 05:17 AM

Hi

 

My computer is running extremely slowly. My files start with win32.fraud. I use anti malware software. I remove the threats and they keep returning. What should I do?

 

Thanks.



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:08 PM

Posted 14 May 2015 - 05:19 AM

Hi there,

Let's take a look.

MiniToolbox by Farbar

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#3 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 14 May 2015 - 05:34 AM

iniToolBox by Farbar  Version: 11-05-2015 01
Ran by danie_000 (administrator) on 14-05-2015 at 20:22:40
Running from "C:\Users\danie_000\Downloads"
Microsoft Windows 8.1  (X64)
Model: Aspire V5-132 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Broadcom 802.11n Network Adapter = Wi-Fi (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set subinterface interface=??� subinterface=ethernet_5 mtu=1477
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : bedroom
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : FA-2F-A8-AB-DD-D5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
   Physical Address. . . . . . . . . : F8-2F-A8-AB-DD-D5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e5ab:b94a:7390:c75b%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.13(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, 14 May 2015 8:07:24 PM
   Lease Expires . . . . . . . . . . : Thursday, 14 May 2015 9:07:30 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 66596776
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-60-F3-EE-00-0E-C6-F3-39-73
   DNS Servers . . . . . . . . . . . : 198.142.0.51
                                       211.29.132.12
                                       198.142.235.14
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{8D9144E7-7F26-4604-8BB7-FBCF7191C555}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:874:f47:8593:a9b9(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::874:f47:8593:a9b9%10(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 318767104
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-60-F3-EE-00-0E-C6-F3-39-73
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dns.mel.optusnet.com.au
Address:  198.142.0.51
 
Name:    google.com
Addresses:  2404:6800:4003:806::1003
 198.142.186.158
 198.142.186.172
 198.142.186.182
 198.142.186.187
 198.142.186.178
 198.142.186.153
 198.142.186.168
 198.142.186.157
 198.142.186.152
 198.142.186.183
 198.142.186.173
 198.142.186.167
 198.142.186.148
 198.142.186.162
 198.142.186.163
 198.142.186.177
 
 
Pinging google.com [198.142.186.182] with 32 bytes of data:
Reply from 198.142.186.182: bytes=32 time=26ms TTL=61
Reply from 198.142.186.182: bytes=32 time=70ms TTL=61
 
Ping statistics for 198.142.186.182:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 70ms, Average = 48ms
Server:  dns.mel.optusnet.com.au
Address:  198.142.0.51
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=231ms TTL=48
Reply from 98.138.253.109: bytes=32 time=214ms TTL=46
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 214ms, Maximum = 231ms, Average = 222ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...fa 2f a8 ab dd d5 ......Microsoft Wi-Fi Direct Virtual Adapter
  3...f8 2f a8 ab dd d5 ......Broadcom 802.11n Network Adapter
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.13     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.13    281
     192.168.0.13  255.255.255.255         On-link      192.168.0.13    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.13    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.13    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.13    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 10    306 2001::/32                On-link
 10    306 2001:0:9d38:6abd:874:f47:8593:a9b9/128
                                    On-link
  3    281 fe80::/64                On-link
 10    306 fe80::/64                On-link
 10    306 fe80::874:f47:8593:a9b9/128
                                    On-link
  3    281 fe80::e5ab:b94a:7390:c75b/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
 10    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update Object List value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update First Help value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update First Counter value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update Last Help value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update Last Counter value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update Last Help value of SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Cannot update Last Counter value of SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
Error: (05/14/2015 05:09:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: Offercast3410_AVG_.exe, version: 3.4.10.15057, time stamp: 0x54e7d184
Faulting module name: ntdll.dll, version: 6.3.9600.16384, time stamp: 0x52159015
Exception code: 0xc0000005
Fault offset: 0x0001dbc6
Faulting process id: 0x13e8
Faulting application start time: 0xOffercast3410_AVG_.exe0
Faulting application path: Offercast3410_AVG_.exe1
Faulting module path: Offercast3410_AVG_.exe2
Report Id: Offercast3410_AVG_.exe3
Faulting package full name: Offercast3410_AVG_.exe4
Faulting package-relative application ID: Offercast3410_AVG_.exe5
 
Error: (05/14/2015 05:08:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
 
Error: (05/14/2015 04:34:12 PM) (Source: MsiInstaller) (User: BEDROOM)
Description: Product: abDocs -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2318. The arguments are: C:\Program Files (x86)\Acer\abDocs\html\common.signinup\css\192dpi\Images\btn_txt_M_p.png, ,
 
 
System errors:
=============
Error: (05/14/2015 08:08:05 PM) (Source: DCOM) (User: BEDROOM)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}bedroomdanie_000S-1-5-21-3580644552-3250266391-2824013116-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/14/2015 08:08:04 PM) (Source: DCOM) (User: BEDROOM)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}bedroomdanie_000S-1-5-21-3580644552-3250266391-2824013116-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/14/2015 08:08:04 PM) (Source: DCOM) (User: BEDROOM)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}bedroomdanie_000S-1-5-21-3580644552-3250266391-2824013116-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/14/2015 08:08:04 PM) (Source: DCOM) (User: BEDROOM)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}bedroomdanie_000S-1-5-21-3580644552-3250266391-2824013116-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/14/2015 08:08:04 PM) (Source: DCOM) (User: BEDROOM)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}bedroomdanie_000S-1-5-21-3580644552-3250266391-2824013116-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/14/2015 08:06:45 PM) (Source: DCOM) (User: BEDROOM)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (05/14/2015 08:06:34 PM) (Source: DCOM) (User: BEDROOM)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (05/14/2015 08:06:34 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1068
 
Error: (05/14/2015 08:06:02 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1068
 
Error: (05/14/2015 08:05:31 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Object ListSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance8130000000E0E0000
 
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: First HelpSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1213000000111D0000F90D0000
 
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: First CounterSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1213000000101D0000E50D0000
 
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Last HelpSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1213000000C31D0000D10D0000
 
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Last CounterSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1213000000C21D0000BD0D0000
 
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Last HelpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib1213000000C31D0000A80D0000
 
Error: (05/14/2015 07:21:40 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Last CounterSOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib1213000000C21D0000940D0000
 
Error: (05/14/2015 05:09:57 PM) (Source: Application Error)(User: )
Description: Offercast3410_AVG_.exe3.4.10.1505754e7d184ntdll.dll6.3.9600.1638452159015c00000050001dbc613e801d08e14d6508983C:\WINDOWS\TEMP\7zSEDD8.tmp\Offercast3410_AVG_.exeC:\WINDOWS\SYSTEM32\ntdll.dll3a043bd3-fa08-11e4-825f-d71c5ac67780
 
Error: (05/14/2015 05:08:55 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Windows\Temp\7zSEDD8.tmp\Offercast3410_AVG_.exe
 
Error: (05/14/2015 04:34:12 PM) (Source: MsiInstaller)(User: BEDROOM)
Description: Product: abDocs -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2318. The arguments are: C:\Program Files (x86)\Acer\abDocs\html\common.signinup\css\192dpi\Images\btn_txt_M_p.png, , (NULL)(NULL)(NULL)(NULL)(NULL)
 
 
=========================== Installed Programs ============================
 
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.07.2004 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.08.2003.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.03.2004.4 - Acer Incorporated)
Acer Games (HKCU\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.06.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Aloha TriPeaks (HKLM-x32\...\WTA-1bd83936-bbb3-4ad4-a859-d87559d2adb8) (Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.07.2004.0 - Acer Incorporated)
AVG 2015 (HKLM\...\{3A1B060C-5D3F-4FFA-914E-6292A6F7464E}) (Version: 15.0.4342 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\{B38CFE4C-C9C4-460B-8353-F56DF2AC3877}) (Version: 15.0.5941 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies)
AVG SafeGuard by Ask (HKLM-x32\...\{4156472D-5350-4444-00A7-A75C790C1C00}) (Version: 12.28.0.1065 - APN, LLC)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-63c241c5-981d-4bbc-a6be-a049d42f8221) (Version: 2.2.0.110 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-e13e80e3-d322-493b-948b-fa54a5b4ad40) (Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (HKLM-x32\...\WTA-caca4d83-69a7-4ca5-9c96-485f5828ebd8) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-0a6cbd89-cc70-4724-965d-30eaad37a781) (Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.397 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Peggle Nights (HKLM-x32\...\WTA-fa1e89ce-2a5a-40a8-a1b5-8313bc11f3b2) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-b2b974c5-fccc-483b-a188-0abde983eaf2) (Version: 2.2.0.98 - WildTangent) Hidden
Pokki (HKCU\...\Pokki) (Version: 0.265.14.261 - Pokki)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Realtek USB Fast Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{D2B61BE0-B18B-4091-81B4-F234F4C30DFD}) (Version: 8.11.808.2013 - Realtek)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-98f1a19f-943b-4cf4-8572-d9e1bcf2b2a8) (Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (HKLM-x32\...\WTA-bcac9567-76ce-45ff-bce1-3e60d15351c8) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.20 - WildTangent) Hidden
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 84%
Total physical RAM: 1930.17 MB
Available physical RAM: 306.65 MB
Total Pagefile: 3082.17 MB
Available Pagefile: 725.68 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.28 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Acer) (Fixed) (Total:449.39 GB) (Free:426.8 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\BEDROOM
 
Administrator            danie_000                Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
14-05-2015 06:50:33 Installed AVG 2015
 
**** End of log ****
 
 

 Results of screen317's Security Check version 1.001  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
AVG AntiVirus 2015                   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Google Chrome (42.0.2311.152) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:08 PM

Posted 14 May 2015 - 05:38 AM

Hi there,

Please uninstall Spybot Search & Destroy - its effectiveness is poor, and TeaTimer interferes with malware removal.

You are running two antivirus solutions - McAfee LiveSafe and AVG 2015. Please remove one and keep the other.

Do you play WildTangent games?

Please uninstall the following software from Programs and Features:

AVG SafeGuard by Ask (HKLM-x32\...\{4156472D-5350-4444-00A7-A75C790C1C00}) (Version: 12.28.0.1065 - APN, LLC)
Pokki (HKCU\...\Pokki) (Version: 0.265.14.261 - Pokki)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)

If you run into any issues, let me know.

Please inform me when you have finished all the steps.

Regards,
Alex

#5 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 14 May 2015 - 05:54 AM

I don't play WildTangent games.

 

I have completed the steps you requested. I open google chrome and now have things called "omniboxes" and "oursurfing" popping up.



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:08 PM

Posted 14 May 2015 - 06:12 AM

Hi there,

Please uninstall this to get rid of WildTangent games:

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

Which antivirus did you keep - McAfee or AVG?

Please run this.

AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Regards,
Alex

#7 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 14 May 2015 - 06:22 AM

I kept AVG. 

 

 AdwCleaner v4.203 - Logfile created 14/05/2015 at 21:18:26
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : danie_000 - BEDROOM
# Running from : C:\Users\danie_000\Downloads\adwcleaner_4.203.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage
File Found : C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage-journal
File Found : C:\WINDOWS\Reimage.ini
Folder Found : C:\ProgramData\apn
Folder Found : C:\Users\DANIE_~1\AppData\Local\Temp\apn
 
***** [ Scheduled tasks ] *****
 
Task Found : LaunchPreSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : HKCU\Software\Reimage
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKCU\Software\Reimage
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Reimage
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16384
 
 
-\\ Google Chrome v42.0.2311.152
 
[C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPF46C7647-CC01-4A94-8FCE-DF74344FF0FF&SSPV=
[C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://homepage-web.com/?s=acer&m=start
[C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Default_Search_Provider_Data] : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}",
         "usage_count": 0
      }
   },
   "extensions": {
      "settings": {
         "aapocclcgogkmnckokdopfmhonfmgoek": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "zm",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13076058423407028",
            "lastpingday": "13076060413904874",
            "location": 1,
            "manifest": {
               "api_console_project_id": "889782162350",
               "app": {
                  "launch": {
                     "local_path": "main.html"
                  }
               },
               "container": "GOOGLE_DRIVE",
               "current_locale": "en_GB",
               "default_locale": "en_US",
               "description": "Create and edit presentations",
               "icons": {
                  "128": "icon_128.png",
                  "16": "icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLOGW2Hoztw8m2z6SmCjm7y4Oe2o6aRqO+niYKCXhZab572by7acqFIFF0On3e3a967SwNijsTx2n+7Mt3KqWzEKtnwUZqzHYSsdZZK64vWIHIduawP0EICWRMf2RGIBEdDC6I1zErtcDiSrJWeRlnb0DHWXDXlt1YseM7RiON9wIDAQAB",
               "manifest_version": 2,
               "name": "Google Slides",
               "offline_enabled": true,
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "0.9"
            },
            "page_ordinal": "n",
            "path": "aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "abhclkjikecgolnnhoifpdkfdahkbbaa": {
            "lastpingday": "13076060413904874"
         },
         "ahfgeienlihckogmohjhadlkjgocpleb": {
            "active_permissions": {
               "api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "n",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "extension_can_script_all_urls": true,
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13076058334039925",
            "location": 5,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://chrome.google.com/webstore"
                  },
                  "urls": [ "hxxps://chrome.google.com/webstore" ]
               },
               "description": "Discover great apps, games, extensions and themes for Google Chrome.",
               "icons": {
                  "128": "webstore_icon_128.png",
                  "16": "webstore_icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB",
               "name": "Web Store",
               "permissions": [ "webstorePrivate", "management", "system.cpu", "system.display", "system.memory", "system.network", "system.storage" ],
               "version": "0.2"
            },
            "page_ordinal": "n",
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\42.0.2311.152\\resources\\web_store",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "aohghmighlieiainnegkcijnfilokake": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "w",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13076059241464980",
            "lastpingday": "13076060413904874",
            "location": 1,
            "manifest": {
               "api_console_project_id": "619683526622",
               "app": {
                  "launch": {
                     "local_path": "main.html"
                  }
               },
               "container": "GOOGLE_DRIVE",
               "current_locale": "en_GB",
               "default_locale": "en_US",
               "description": "Create and edit documents",
               "icons": {
                  "128": "icon_128.png",
                  "16": "icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB",
               "manifest_version": 2,
               "name": "Google Docs",
               "offline_enabled": true,
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "0.9"
            },
            "page_ordinal": "n",
            "path": "aohghmighlieiainnegkcijnfilokake\\0.9_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "apdfllckaahabafndbhieahigkjlhalf": {
            "ack_external": true,
            "active_permissions": {
               "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "yn",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13076058480247951",
            "lastpingday": "13076060413904874",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://drive.google.com/?usp=chrome_app"
                  },
                  "urls": [ "hxxp://docs.google.com/", "hxxp://drive.google.com/", "hxxps://docs.google.com/", "hxxps://drive.google.com/" ]
               },
               "background": {
                  "allow_js_access": false
               },
               "current_locale": "en_GB",
               "default_locale": "en_US",
               "description": "Google Drive: create, share and keep all your stuff in one place.",
               "icons": {
                  "128": "128.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB",
               "manifest_version": 2,
               "name": "Google Drive",
               "offline_enabled": true,
               "options_page": "hxxps://drive.google.com/settings",
               "permissions": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "6.4"
            },
            "page_ordinal": "n",
            "path": "apdfllckaahabafndbhieahigkjlhalf\\6.4_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "bbiaiheenpeffijnjadppldgnlkkpcfp": {
            "lastpingday": "13076060413904874"
         },
         "bepbmhgboaologfdajaanbcjmnhjmhfn": {
            "active_permissions": {
               "api": [ "audioCapture", "hotwordPrivate", "management", "power", "tabs", "webConnectable" ],
               "explicit_host": [ "*://*.google.co.uk/*", "*://*.google.com/*", "*://*.google.de/*", "*://*.google.fr/*", "*://*.google.ru/*" ],
               "manifest_permissions": [  ]
            },
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 9,
            "disable_reasons": 33,
            "events": [  ],
            "extension_can_script_all_urls": true,
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [ "audioCapture", "hotwordPrivate", "management", "power", "tabs", "webConnectable" ],
               "explicit_host": [ "*://*.google.co.uk/*", "*://*.google.com/*", "*://*.google.de/*", "*://*.google.fr/*", "*://*.google.ru/*" ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13076059292637216",
            "lastpingday": "13076060413904874",
            "location": 1,
            "manifest": {
               "background": {
                  "page": "background.html"
               },
               "description": "This extension allows you to say ‘Ok Google’ and start speaking your search.",
               "externally_connectable": {
                  "ids": [ "dnhpdliibojhegemfjheidglijccjfmc" ],
                  "matches": [ "*://*.google.com/*", "*://*.google.ru/*", "*://*.google.co.uk/*", "*://*.google.fr/*", "*://*.google.de/*", "chrome://newtab/" ]
               },
               "icons": {
                  "128": "images/icon-128.png",
                  "16": "images/icon-16.png",
                  "48": "images/icon-48.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXIZX6oiu1YU4WTZBC5FCFw08u8fPtm75p6l9IzYaCCOjJh47sg1M5eatyBuVVvC2ahku3PzgquBZQZcRkr6kd9sa8jHUBeTQsvPv8yFicYlAqdguFtEK2kbXN2Ff5i61kIe79I6hZKlTJ6KsxiAcOPQpV1uIgJFyrFxTyC1u+WwIDAQAB",
               "manifest_version": 2,
               "minimum_chrome_version": "31",
               "name": "Google Voice Search Hotword (Beta)",
               "options_page": "options.html",
               "permissions": [ "*://*.google.com/*", "*://*.google.ru/*", "*://*.google.co.uk/*", "*://*.google.fr/*", "*://*.google.de/*", "audioCapture", "hotwordPrivate", "management", "power", "tabs" ],
               "platforms": [ {
                  "lang": "de",
                  "nacl_arch": "arm",
                  "sub_package_path": "_platform_specific/arm_de/"
               }, {
                  "lang": "de",
                  "nacl_arch": "x86-32",
                  "sub_package_path": "_platform_specific/x86-32_de/"
               }, {
                  "lang": "de",
                  "nacl_arch": "x86-64",
                  "sub_package_path": "_platform_specific/x86-64_de/"
               }, {
                  "lang": "en-GB",
                  "nacl_arch": "arm",
                  "sub_package_path": "_platform_specific/arm_en-gb/"
               }, {
                  "lang": "en-GB",
                  "nacl_arch": "x86-32",
                  "sub_package_path": "_platform_specific/x86-32_en-gb/"
               }, {
                  "lang": "en-GB",
                  "nacl_arch": "x86-64",
                  "sub_package_path": "_platform_specific/x86-64_en-gb/"
               }, {
                  "lang": "fr",
                  "nacl_arch": "arm",
                  "sub_package_path": "_platform_specific/arm_fr/"
               }, {
                  "lang": "fr",
                  "nacl_arch": "x86-32",
                  "sub_package_path": "_platform_specific/x86-32_fr/"
               }, {
                  "lang": "fr",
                  "nacl_arch": "x86-64",
                  "sub_package_path": "_platform_specific/x86-64_fr/"
               }, {
                  "lang": "ru",
                  "nacl_arch": "arm",
                  "sub_package_path": "_platform_specific/arm_ru/"
               }, {
                  "lang": "ru",
                  "nacl_arch": "x86-32",
                  "sub_package_path": "_platform_specific/x86-32_ru/"
               }, {
                  "lang": "ru",
                  "nacl_arch": "x86-64",
                  "sub_package_path": "_platform_specific/x86-64_ru/"
               }, {
                  "nacl_arch": "arm",
                  "sub_package_path": "_platform_specific/arm_/"
               }, {
                  "nacl_arch": "x86-32",
                  "sub_package_path": "_platform_specific/x86-32_/"
               }, {
                  "nacl_arch": "x86-64",
                  "sub_package_path": "_platform_specific/x86-64_/"
               } ],
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "0.1.1.5023",
               "web_accessible_resources": [ "audio/1_short_Open_16_16.wav" ]
            },
            "path": "bepbmhgboaologfdajaanbcjmnhjmhfn\\0.1.1.5023_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 0,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "blpcfgokakmgnkcojhhkbfbldkacnbeo": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "y",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 153,
            "events": [  ],
            "from_bookmark": true,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13076058524811314",
            "lastpingday": "13076060413904874",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "container": "tab",
                     "web_url": "hxxp://www.youtube.com/?feature=ytca"
                  },
                  "web_content": {
                     "enabled": true,
                     "origin": "hxxp://www.youtube.com"
                  }
               },
               "current_locale": "en_GB",
               "default_locale": "en",
               "description": "The world's most popular online video community.",
               "icons": {
                  "128": "128.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB",
               "manifest_version": 2,
               "name": "YouTube",
               "update_url": "hxxp://clients2.google.com/service/update2/crx",
               "version": "4.2.7"
            },
            "page_ordinal": "n",
            "path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "coobgpohoikkiipiblmjeljniedjpjpf": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "z",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 153,
            "events": [  ],
            "from_bookmark": true,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13076058445047798",
            "lastpingday": "13076060413904874",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxp://www.google.com/webhp?source=search_app"
                  },
                  "urls": [ "*://www.google.com/search", "*://www.google.com/webhp", "*://www.google.com/imgres" ]
               },
               "current_locale": "en_GB",
               "default_locale": "en",
               "description": "The fastest way to search the web.
 
*************************
 
AdwCleaner[R0].txt - [22627 bytes] - [14/05/2015 21:18:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22687 bytes] ##########


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:08 PM

Posted 14 May 2015 - 06:32 AM

Hi there,

Please re-run AdwCleaner and choose Cleaning for all detections.

After that please run these.

Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
===

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Regards,
Alex

#9 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 14 May 2015 - 07:27 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.1 (05.14.2015:1)
OS: Windows 8.1 x64
Ran by danie_000 on Thu 14/05/2015 at 21:40:50.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3580644552-3250266391-2824013116-1001
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3580644552-3250266391-2824013116-500
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\WINDOWS\wininit.ini
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 14/05/2015 at 21:51:37.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 14/05/2015
Scan Time: 9:57:15 PM
Logfile: scan.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.14.02
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: danie_000
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331127
Time Elapsed: 27 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:08 PM

Posted 14 May 2015 - 07:30 AM

Hi there,

Please post the cleaning log from AdwCleaner also.

After that please run this to make sure we did not miss anything.

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#11 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 14 May 2015 - 07:43 AM

How I get the cleaning log from AdwCleaner?



#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:08 PM

Posted 14 May 2015 - 07:53 AM

Hi there,

AdwCleaner's logs are located in C:\AdwCleaner. The name is AdwCleaner[S#].txt.

Regards,
Alex

#13 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 14 May 2015 - 08:34 AM

# AdwCleaner v4.203 - Logfile created 14/05/2015 at 21:33:47

# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : danie_000 - BEDROOM
# Running from : C:\Users\danie_000\Downloads\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\DANIE_~1\AppData\Local\Temp\apn
File Deleted : C:\WINDOWS\Reimage.ini
File Deleted : C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage
File Deleted : C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : LaunchPreSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKCU\Software\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16384
 
 
-\\ Google Chrome v42.0.2311.152
 
[C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPF46C7647-CC01-4A94-8FCE-DF74344FF0FF&SSPV=
[C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://homepage-web.com/?s=acer&m=start
[C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
*************************
 
AdwCleaner[R0].txt - [22807 bytes] - [14/05/2015 21:18:26]
AdwCleaner[S0].txt - [3107 bytes] - [14/05/2015 21:33:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3166  bytes] ##########
 
C:\Program Files (x86)\AVG\AVG2015\Notification\avg_ask_tb.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted (after the next restart) - quarantined
C:\Users\danie_000\AppData\Local\Microsoft\Windows\INetCache\IE\V0S3NPO5\1[1].zip a variant of Win32/ELEX.CP potentially unwanted application deleted - quarantined
C:\Users\danie_000\Downloads\CCleaner.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
 


#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:08 PM

Posted 14 May 2015 - 08:36 AM

Looks good.

How is the computer running?

Alex

#15 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 14 May 2015 - 08:41 AM

It seems to running much more smoothly. I still have two "desktop.ini" icons on my desktop. Do you know why?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users