Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups replace a new window


  • Please log in to reply
31 replies to this topic

#1 AFei

AFei

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 May 2015 - 11:52 AM

 Whenever I click download or a button that opens a new window, the pop up replaces the new window. I have to close it and reopen it again to continue my navigation. Most of them saying to reinstall java, or even  to download an antivirus. Occasionally that confirm navigation appears as well, and I can't close it at all.  It goes into an endless loop and it won't let me exit anything until I do Ctrl Alt delete or close the browser completely. 

Ive tried alot of free antivirus, and malware viruses, all the free ones since I can't buy any virus removal software, but they don't find the virus. All of them find things and delete them but not the main virus involved.
Untitled_1.png


Edited by AFei, 15 May 2015 - 11:57 AM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 15 May 2015 - 12:18 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 May 2015 - 06:14 PM

 

15 May 2015 15:34:20 [160c] - **********************************************************

15 May 2015 15:34:20 [160c] - MWAV - eScanAV AntiVirus Toolkit.
15 May 2015 15:34:20 [160c] - Copyright © MicroWorld Technologies
15 May 2015 15:34:20 [160c] - **********************************************************
15 May 2015 15:34:20 [160c] - Source: C:\Users\CALVIN~1\DOWNLO~1\mwav.exe
15 May 2015 15:34:20 [160c] - Version 14.0.178 (C:\USERS\CALVIN FEI\APPDATA\LOCAL\TEMP\MEXE.COM)
15 May 2015 15:34:20 [160c] - Log File: C:\Users\Calvin Fei\AppData\Local\Temp\MWAV.LOG
15 May 2015 15:34:20 [160c] - MWAV Registered: TRUE
15 May 2015 15:34:20 [160c] - User Account: Calvin Fei (Administrator Mode)
15 May 2015 15:34:20 [160c] - OS Type: Windows Workstation [InstallType: Client]
15 May 2015 15:34:20 [160c] - OS: Windows 8.1 64-Bit [OS Install Date: 13 Nov 2013 19:28:42]
15 May 2015 15:34:20 [160c] - Ver: Personal Build 9200
15 May 2015 15:34:20 [160c] - System Up Time: 4 Minutes, 25 Seconds
 
 
15 May 2015 15:34:20 [160c] - Parent Process Name : C:\Users\Calvin Fei\Downloads\mwav.exe
15 May 2015 15:34:20 [160c] - Windows Root  Folder: C:\Windows
15 May 2015 15:34:20 [160c] - Windows Sys32 Folder: C:\Windows\system32
15 May 2015 15:34:20 [160c] - DHCP NameServer: 192.168.1.1
15 May 2015 15:34:20 [160c] - Interface0 DHCPNameServer: 192.168.1.1
15 May 2015 15:34:20 [160c] - Local Fixed Drives: c:\,d:\
15 May 2015 15:34:20 [160c] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
15 May 2015 15:34:20 [160c] - [CREATED ZIP FILE: C:\Users\Calvin Fei\AppData\Local\Temp\pinfect.zip]
15 May 2015 15:34:20 [160c] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
15 May 2015 15:34:22 [160c] - ** Changed Value of "Path"
15 May 2015 15:34:22 [160c] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Calvin Fei\AppData\Local\Temp\ESCANDB.LOG]
15 May 2015 15:34:22 [160c] - Loaded/Created FileScan Cache Database...
15 May 2015 15:34:22 [160c] - Loading AV Library [DB]...
15 May 2015 15:34:40 [160c] - ArchiveScan: DISABLED
15 May 2015 15:34:40 [160c] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
15 May 2015 15:34:40 [160c] - MWAV doing self scanning...
15 May 2015 15:34:40 [160c] - MWAV files are clean.
15 May 2015 15:34:57 [160c] - ArchiveScan: DISABLED
15 May 2015 15:34:57 [160c] - Virus Database Date: 02 Mar 2015
15 May 2015 15:34:57 [160c] - Virus Database Count: 6701505
15 May 2015 15:34:57 [160c] - Sign Version: 7.59505 [518257]
 
15 May 2015 15:35:16 [160c] - **********************************************************
15 May 2015 15:35:16 [160c] - MWAV - eScanAV AntiVirus Toolkit.
15 May 2015 15:35:16 [160c] - Copyright © MicroWorld Technologies
15 May 2015 15:35:16 [160c] - 
15 May 2015 15:35:16 [160c] - Support: support@escanav.com
15 May 2015 15:35:16 [160c] - Web: http://www.escanav.com
15 May 2015 15:35:16 [160c] - **********************************************************
15 May 2015 15:35:16 [160c] - Version 14.0.178[DB] (C:\USERS\CALVIN FEI\APPDATA\LOCAL\TEMP\MEXE.COM)
15 May 2015 15:35:16 [160c] - Log File: C:\Users\Calvin Fei\AppData\Local\Temp\MWAV.LOG
15 May 2015 15:35:16 [160c] - User Account: Calvin Fei (Administrator Mode)
15 May 2015 15:35:16 [160c] - Parent Process Name : C:\Users\Calvin Fei\Downloads\mwav.exe
15 May 2015 15:35:16 [160c] - Windows Root  Folder: C:\Windows
15 May 2015 15:35:16 [160c] - Windows Sys32 Folder: C:\Windows\system32
15 May 2015 15:35:16 [160c] - OS: Windows 8.1 64-Bit [OS Install Date: 13 Nov 2013 19:28:42]
15 May 2015 15:35:16 [160c] - Ver: Personal Build 9200
15 May 2015 15:35:16 [160c] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
15 May 2015 15:35:16 [0fc0] - Options Selected by User:
15 May 2015 15:35:16 [0fc0] - Memory Check: Enabled
15 May 2015 15:35:16 [0fc0] - Registry Check: Enabled
15 May 2015 15:35:16 [0fc0] - StartUp Folder Check: Enabled
15 May 2015 15:35:16 [0fc0] - System Folder Check: Enabled
15 May 2015 15:35:16 [0fc0] - Services Check: Enabled
15 May 2015 15:35:16 [0fc0] - Scan Spyware: Enabled
15 May 2015 15:35:16 [0fc0] - Scan Archives: Disabled
15 May 2015 15:35:16 [0fc0] - Drive Check: Enabled
15 May 2015 15:35:16 [0fc0] - All Drive Check :Disabled
15 May 2015 15:35:16 [0fc0] - Drive Selected = C:\
15 May 2015 15:35:16 [0fc0] - Folder Check: Disabled
15 May 2015 15:35:16 [0fc0] - SCAN: All_Files [ANSI]
15 May 2015 15:35:16 [0fc0] - MWAV Mode( B): Scan and Clean files (for viruses, adware and spyware)
 
15 May 2015 15:35:16 [0fc0] - Scanning DNS Records...
15 May 2015 15:35:16 [0fc0] - Scanning Master Boot Record (User)...
15 May 2015 15:35:16 [0fc0] - Scanning Logical Boot Records...
15 May 2015 15:35:17 [0fc0] - ***** Scanning For Hidden Rootkit Processes *****
15 May 2015 15:35:17 [0fc0] - ***** Scanning For Hidden Rootkit Services *****
15 May 2015 15:35:17 [0fc0] - Name: AnviCsbSvc (HIDDEN)
15 May 2015 15:35:17 [0fc0] - Display Name: Anvi Cloud System Booster Speed Service
15 May 2015 15:35:17 [0fc0] - Image Path: C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
15 May 2015 15:35:17 [0fc0] - Start: 2
 
15 May 2015 15:35:17 [0fc0] - Name: avgntflt (HIDDEN)
15 May 2015 15:35:17 [0fc0] - Display Name: avgntflt
15 May 2015 15:35:17 [0fc0] - Image Path: system32\DRIVERS\avgntflt.sys
15 May 2015 15:35:17 [0fc0] - Group: FSFilter Anti-Virus
15 May 2015 15:35:17 [0fc0] - Start: 4
 
15 May 2015 15:35:17 [0fc0] - Name: Avira.OE.ServiceHost (HIDDEN)
15 May 2015 15:35:17 [0fc0] - Display Name: Avira Service Host
15 May 2015 15:35:17 [0fc0] - Image Path: "C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe"
15 May 2015 15:35:17 [0fc0] - Start: 2
 
15 May 2015 15:35:17 [0fc0] - Name: avkmgr (HIDDEN)
15 May 2015 15:35:17 [0fc0] - Display Name: avkmgr
15 May 2015 15:35:17 [0fc0] - Image Path: \SystemRoot\system32\DRIVERS\avkmgr.sys
15 May 2015 15:35:17 [0fc0] - Group: Avira
15 May 2015 15:35:17 [0fc0] - Start: 4
 
15 May 2015 15:35:17 [0fc0] - Service Name: AnviCsbSvc
15 May 2015 15:35:17 [0fc0] - Service Image: C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
15 May 2015 15:35:17 [0fc0] - Service Name: avgntflt
15 May 2015 15:35:17 [0fc0] - Service Image: system32\DRIVERS\avgntflt.sys
15 May 2015 15:35:17 [0fc0] - Service Name: Avira.OE.ServiceHost
15 May 2015 15:35:17 [0fc0] - Service Image: "C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe"
15 May 2015 15:35:17 [0fc0] - Service Name: avkmgr
15 May 2015 15:35:17 [0fc0] - Service Image: \SystemRoot\system32\DRIVERS\avkmgr.sys
 
15 May 2015 15:35:17 [0fc0] - ***** Scanning Memory Files *****
 
15 May 2015 15:35:19 [0fc0] - ***** Scanning Registry Files *****
15 May 2015 15:35:20 [0fc0] - Scanning File C:\Windows\SysWOW64\spool\DRIVERS\x64\3\E_YATIKAE.EXE
15 May 2015 15:35:20 [0fc0] - ERROR(2)!!! ScanFile Fails for C:\Windows\SysWOW64\spool\DRIVERS\x64\3\E_YATIKAE.EXE...
15 May 2015 15:35:20 [0fc0] - Scanning File C:\Windows\SysWOW64\spool\DRIVERS\x64\3\E_YATIKAE.EXE
15 May 2015 15:35:20 [0fc0] - ERROR(2)!!! ScanFile Fails for C:\Windows\SysWOW64\spool\DRIVERS\x64\3\E_YATIKAE.EXE...
15 May 2015 15:35:20 [0fc0] - ERROR(3)!!! Invalid Entry  Maintance = "C:\Program Files\\net1.exe" windowsStartup (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
 
15 May 2015 15:35:20 [0fc0] - ***** Scanning StartUp Folders *****
15 May 2015 15:36:05 [15b8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0bcc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0ad0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0b24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0588] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [02e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0f34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [15b8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0bcc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0ad0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0b24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0588] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [02e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\ConstaSurf-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0f34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\ConstaSurf-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [15b8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0bcc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0ad0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0b24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0588] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [15b8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0f34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [02e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0bcc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0004.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0ad0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0b24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0588] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [15b8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0f34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [06b4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [02e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0bcc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0ad0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0b24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0588] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [15b8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0f34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [06b4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [02e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0004.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0bcc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0ad0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0b24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0588] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [15b8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0f34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [06b4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [02e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectInput-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0bcc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectInput-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0ad0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0b24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0588] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [15b8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0f34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [06b4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [02e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Paint-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [15b8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0b24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [06b4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0ad0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0bcc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Paint-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0f34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0588] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [02e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [15b8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0b24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [06b4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0ad0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [15b8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0007.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0f34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0004.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0588] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0005.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [02e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0006.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0bcc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0f34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [06b4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0ad0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [15b8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0002.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0b24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0008.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0588] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0004.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [02e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0005.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0bcc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0006.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0b24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WinRAR-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [06b4] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0ad0] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [15b8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WinRAR-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0f34] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0007.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0588] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0000.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [02e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0001.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0b24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0003.zip not Scanned. Possibly password protected...
15 May 2015 15:36:05 [0bcc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0002.zip not Scanned. Possibly password protected...
 
15 May 2015 15:36:05 [0fc0] - ***** Scanning Service Files *****
15 May 2015 15:36:05 [0f34] - Scanning File C:\ProgramData\..\bootmgr
15 May 2015 15:36:07 [0fc0] - ERROR(2)!!! Invalid Entry \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\cleanhlp.
15 May 2015 15:36:09 [0fc0] - ERROR(2)!!! Invalid Entry C:\Windows\system32\lxducoms.exe -service. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\lxdu_device.
15 May 2015 15:36:09 [0fc0] - ERROR(2)!!! Invalid Entry c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\McAfee SiteAdvisor Service.
15 May 2015 15:36:12 [0fc0] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
15 May 2015 15:36:14 [0fc0] - ***** Scanning Registry and File system for Adware/Spyware *****
15 May 2015 15:36:14 [0fc0] - Loading Spyware Signatures from new External Database [Name: C:\Users\CALVIN~1\AppData\Local\Temp\spydb.avs, Size: 464717]...
15 May 2015 15:36:14 [0fc0] - Indexed Spyware Databases Successfully Created...
 
15 May 2015 15:36:17 [0fc0] - Offending Folder found: C:\Users\Calvin Fei\AppData\LocalLow\spiral\rsrc\item\gear\pvp\lockdown\guardian
15 May 2015 15:36:17 [0fc0] - Deltree of Folder C:\Users\Calvin Fei\AppData\LocalLow\spiral\rsrc\item\gear\pvp\lockdown\guardian...
15 May 2015 15:36:17 [0fc0] - Object "guardian Spyware/Adware" found in File System! Action Taken: Entries Removed.
 
15 May 2015 15:36:17 [0fc0] - Offending Folder found: C:\Users\Calvin Fei\AppData\LocalLow\spiral\rsrc\ui\icon\uplink
15 May 2015 15:36:17 [0fc0] - Deltree of Folder C:\Users\Calvin Fei\AppData\LocalLow\spiral\rsrc\ui\icon\uplink...
15 May 2015 15:36:17 [0fc0] - Object "Uplink Adware" found in File System! Action Taken: Entries Removed.
 
15 May 2015 15:36:17 [0fc0] - Offending Folder found: C:\Users\Calvin Fei\AppData\LocalLow\spiral\rsrc\ui\uplink
15 May 2015 15:36:17 [0fc0] - Deltree of Folder C:\Users\Calvin Fei\AppData\LocalLow\spiral\rsrc\ui\uplink...
15 May 2015 15:36:17 [0fc0] - Object "Uplink Adware" found in File System! Action Taken: Entries Removed.
 
 
15 May 2015 15:36:18 [0fc0] - ***** Scanning Registry Files *****
15 May 2015 15:36:18 [0fc0] - Scanning File C:\Windows\SysWOW64\spool\DRIVERS\x64\3\E_YATIKAE.EXE
15 May 2015 15:36:18 [0fc0] - ERROR(2)!!! ScanFile Fails for C:\Windows\SysWOW64\spool\DRIVERS\x64\3\E_YATIKAE.EXE...
15 May 2015 15:36:18 [0fc0] - Scanning File C:\Windows\SysWOW64\spool\DRIVERS\x64\3\E_YATIKAE.EXE
15 May 2015 15:36:18 [0fc0] - ERROR(2)!!! ScanFile Fails for C:\Windows\SysWOW64\spool\DRIVERS\x64\3\E_YATIKAE.EXE...
15 May 2015 15:36:18 [0fc0] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://www.google.com
15 May 2015 15:36:18 [0fc0] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
15 May 2015 15:36:18 [0fc0] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
15 May 2015 15:36:18 [0fc0] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
15 May 2015 15:36:18 [0fc0] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
15 May 2015 15:36:18 [0fc0] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
15 May 2015 15:36:18 [0fc0] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
15 May 2015 15:36:18 [0fc0] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
 
15 May 2015 15:36:18 [0fc0] - ***** Scanning System32 Folders *****
 
 
15 May 2015 15:36:24 [0fc0] - ***** Scanning Drive C:\ *****
15 May 2015 15:39:45 [0ad0] - Scanning File C:\System Volume Information\{22c751e2-eadb-11e4-8323-74d02b932fda}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 May 2015 15:39:45 [0f34] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
15 May 2015 15:39:45 [0b24] - Scanning File C:\System Volume Information\{74f81c5d-f44c-11e4-8326-74d02b932fda}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 May 2015 15:39:45 [0bcc] - Scanning File C:\System Volume Information\{d9c241f5-f893-11e4-8326-74d02b932fda}{3808876b-c176-4e48-b7ae-04046e6cc752}
15 May 2015 15:41:09 [0588] - C:\Users\Calvin Fei\OneDrive\Cave_mixdown.wav not Scanned. Possibly password protected...
15 May 2015 15:41:09 [0ad0] - C:\Users\Calvin Fei\OneDrive\Creeky bridge_mixdown2.wav not Scanned. Possibly password protected...
15 May 2015 15:41:09 [02e8] - C:\Users\Calvin Fei\OneDrive\Jungle wo music_mixdown.wav not Scanned. Possibly password protected...
15 May 2015 15:41:09 [0bcc] - C:\Users\Calvin Fei\OneDrive\Thunder2_wo  music.wav not Scanned. Possibly password protected...
15 May 2015 15:41:09 [02e8] - C:\Users\Calvin Fei\OneDrive\VBS 5th grade script V4-carissa.docx not Scanned. Possibly password protected...
 
15 May 2015 15:44:07 [0fc0] - ***** Checking for specific ITW Viruses *****
 
15 May 2015 15:44:07 [0fc0] - ***** Scanning complete. *****
 
15 May 2015 15:44:07 [0fc0] - Total Objects Scanned: 449846
15 May 2015 15:44:07 [0fc0] - Total Critical Objects: 3
15 May 2015 15:44:07 [0fc0] - Total Disinfected Objects: 0
15 May 2015 15:44:07 [0fc0] - Total Objects Renamed: 0
15 May 2015 15:44:07 [0fc0] - Total Deleted Objects: 3
15 May 2015 15:44:07 [0fc0] - Total Errors: 8
15 May 2015 15:44:07 [0fc0] - Time Elapsed: 00:08:50
15 May 2015 15:44:07 [0fc0] - Virus Database Date: 02 Mar 2015
15 May 2015 15:44:07 [0fc0] - Virus Database Count: 6701505
15 May 2015 15:44:07 [0fc0] - Sign Version: 7.59505 [518257]
 
15 May 2015 15:44:07 [0fc0] - Scan Completed.
 

 

Zemana AntiMalware 2.11.2.514 (Installed)

-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/5/15
Operating System      : Windows 8.1 64-bit
Processor             : 8X Intel® Core™ i7-4770K CPU @ 3.50GHz
BIOS Mode             : Legacy
CUID                  : 00A3EB0D069F994587F1EB
Scan Type             : Deep Scan
Duration              : 3m 34s
Scanned Objects       : 107605
Detected Objects      : 4
Excluded Objects      : 0
Read Level            : Normal
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Domain Info           : WORKGROUP,1,2
 
 
Detected Objects
-------------------------------------------------------
Wajam_root_cer
   Status             : Scanned
   Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C66653483C678E9346E74DD304C0943FC3FA64ED\Blob
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detection          : Suspicious Root CA
   Cleaning Action    : Delete
   Traces             :
                Registry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C66653483C678E9346E74DD304C0943FC3FA64ED\Blob
 
GoogleUpdate.dll
   Status             : Scanned
   Object             : %programfiles%\google\chrome\application\googleupdate.dll
   MD5                : 5115AD386D3CF3440BE01880110F2655
   Publisher          : -
   Size               : 686592
   Version            : 37.0.2013.0
   Detection          : Trojan:Win32/Bailoat.A!Rtar
   Cleaning Action    : Quarantine
   Traces             :
                File - %programfiles%\google\chrome\application\googleupdate.dll
                Library - 4852 - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
cbsidlm-cbsi213-Undelete_360_PORTABLE-SEO-75442438.exe
   Status             : Scanned
   Object             : D:\Downloads 2\cbsidlm-cbsi213-Undelete_360_PORTABLE-SEO-75442438.exe
   MD5                : 5A275A569DCE6E2F2F0284D82D31310B
   Publisher          : CBS Interactive
   Size               : 699016
   Version            : 5.4.0.213
   Detection          : PUA:Win32/Quarand!Ikee
   Cleaning Action    : Quarantine
   Traces             :
                File - D:\Downloads 2\cbsidlm-cbsi213-Undelete_360_PORTABLE-SEO-75442438.exe
 
ninja-setup-3.0.6.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\ninja-setup-3.0.6.exe
   MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
   Publisher          : -
   Size               : 2507200
   Version            : 0.0.0.0
   Detection          : Adware:Win32/OpenCandy
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\ninja-setup-3.0.6.exe
 
Flyff_US_V19_20120710.exe
   Status             : Failed
   Object             : D:\Carissa\Flyff_US_V19_20120710.exe
   MD5                : 07EBEA915184806716B67F013F771B48
   Publisher          : -
   Size               : 49664
   Version            : 0.0.0.0
   Detection          : 
   Cleaning Action    : Quarantine
   Traces             :
                File - D:\Carissa\Flyff_US_V19_20120710.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 4
Reported as safe      : 0
Failed                : 0
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.1 (05.14.2015:1)
OS: Windows 8.1 x64
Ran by Calvin Fei on Fri 05/15/2015 at 16:10:27.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1590305528-712570172-1881221382-1001
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\wininit.ini
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Calvin Fei\AppData\Roaming\mozilla\firefox\profiles\cpm66cib.default\prefs.js
 
user_pref(extensions.RzUzGl6auoUcphUK.scode, (function(){try{if(window.self.location.href.indexOf(\rjC5qTwEqTC5rjg9qdkFrja4rdY\)>-1){return;}}catch(e){}try{var d=[[\tria
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/15/2015 at 16:11:38.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v4.204 - Logfile created 15/05/2015 at 16:14:42
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Calvin Fei - CALVIN
# Running from : C:\Users\Calvin Fei\Downloads\adwcleaner_4.204.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\{3d9339db-d7e7-0e3c-3d93-339dbd7ee76f}
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:59692;hxxps=127.0.0.1:59692
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
 
 
-\\ Google Chrome v42.0.2311.152
 
 
*************************
 
AdwCleaner[R0].txt - [3930 bytes] - [21/05/2014 12:32:05]
AdwCleaner[R1].txt - [2370 bytes] - [21/05/2014 12:41:09]
AdwCleaner[R2].txt - [2558 bytes] - [04/06/2014 22:00:52]
AdwCleaner[R3].txt - [2547 bytes] - [05/07/2014 15:34:31]
AdwCleaner[R4].txt - [2524 bytes] - [29/03/2015 00:33:38]
AdwCleaner[R5].txt - [1388 bytes] - [31/03/2015 02:04:41]
AdwCleaner[R6].txt - [2095 bytes] - [15/05/2015 16:13:42]
AdwCleaner[S0].txt - [2259 bytes] - [04/06/2014 22:02:29]
AdwCleaner[S1].txt - [2513 bytes] - [05/07/2014 15:35:25]
AdwCleaner[S2].txt - [2620 bytes] - [29/03/2015 01:08:47]
AdwCleaner[S3].txt - [1462 bytes] - [31/03/2015 02:05:14]
AdwCleaner[S4].txt - [1804 bytes] - [15/05/2015 16:14:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1863  bytes] ##########
 

 

 

I post them all in order and did what you suggested. It seem though so far after testing a page, the pop ups are gone. Probably the antiviruses did the trick. 


Edited by AFei, 15 May 2015 - 06:19 PM.


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 15 May 2015 - 06:19 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


 


Edited by InadequateInfirmity, 15 May 2015 - 06:21 PM.


#5 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 May 2015 - 06:28 PM


 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 

 
Adware Removal Tool v3.9
Time: 2015_05_15_16_22_36
OS: Windows 8 - 64 Bit
Account Name: Calvin Fei
U0L0S9
 
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
Deleted - File - C:\program files\Adobe\Adobe Premiere Pro CS6\Settings\EveScripts\ClipSpeedDialog.eve
Deleted - File - C:\program files (x86)\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm
Deleted - File - C:\program files (x86)\SketchUp\SketchUp 2013\Materials\Colors-Named\0129_WhiteSmoke.skm
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
 
\\ Finished
 


 

~ ZHPCleaner v2015.5.15.237 by Nicolas Coolman (2015\05\15)

~ Run by Calvin Fei (Administrator)  (15/05/2015 16:32:46)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Calvin Fei\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Calvin Fei\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 81, 64-bit  (Build 9600)
 
 
---\\  Services (0)
~ No malicious items found.
 
 
---\\  Browser internet (2)
DELETED data: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings [Bad : Port=59692 <-Loopback>]  (Hijacker.Proxy)
DELETED data: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings [Bad : Port=59692 <-Loopback>]  (Hijacker.Proxy)
 
 
---\\  Hosts file (0)
~ No malicious items found.
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious items found.
 
 
---\\  Explorer ( File, Folder) (274)
MOVED file: C:\Users\Calvin Fei\Downloads\SpyHunter-Installer.exe [Enigma Software Group USA, LLC. - Enigma Installer] (PUP.EnigmaSoftware)
MOVED file: C:\Users\Calvin Fei\Downloads\Unspoken_action_by_missrocketqueen.atn   (Adware.Sambreel)
MOVED file: C:\Users\Calvin Fei\AppData\Roaming\appdataFr3.bin   (PUP.Optional)
MOVED folder*: C:\ProgramData\18029411755257049630 (Adware.CrossRider)
MOVED folder*: C:\Users\Calvin Fei\AppData\Local\CrashRpt (SUP.CrashReports)
MOVED folder*: C:\Windows\Installer\MSI1243.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1292.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI12D1.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1301.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1341.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1380.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI13B0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI13EF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI141F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1439.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1582.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1735.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI176.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1821.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI18D4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI18F6.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1914.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1935.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1965.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1995.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1A00.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1A30.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1E37.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1F22.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1F61.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1FB0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1FD6.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1FF0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2015.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI202F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI205.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI205F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI208F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI20CF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI20FF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2111.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI213E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2151.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2605.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2644.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2674.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2682.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI26B4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI26C1.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2701.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2731.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2770.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI27B0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI27EF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI281F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI285F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI28CB.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2999.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2BDA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2D04.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2D16.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2D46.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2D76.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2DB5.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2E2E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2F96.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2FB8.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3237.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI32C0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3383.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI33C3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3413.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3443.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI34DA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI34E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI34E8.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI34FF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI353F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI354A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI357E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI357A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI35BE.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI35B9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI35EE.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI35F9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3628.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI366F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI398E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3A94.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI42F3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI4323.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI4362.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI444E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI45B6.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI4877.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI49A1.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI4EB3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI50A8.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI53A7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI543.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI55FA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5BBC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5C49.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5CFD.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5D3D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI64DE.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI655D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI658D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI65AA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI665E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI669E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI66C6.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI66DE.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI671E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6715.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6755.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI678.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6785.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI67C4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6804.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6834.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6873.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI68A3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI68C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6A98.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6C5E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6C9E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6CDD.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6D1D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6D4D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6D6A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6D8C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6DA9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6DBC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6DD9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6DFC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6E09.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6E2B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI72F2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI7322.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI7352.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI7382.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI986.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9A77.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9CE.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9E03.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA112.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA16.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA374.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA8D4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA9BF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIAA83.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIAAC2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIAF2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB2D3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB312.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB4B5.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB591.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB654.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB684.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB770.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB7B0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB834.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB873.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB8B3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB8E3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB922.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB952.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB991.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB9C1.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBA01.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBB6.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBCF1.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBD40.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBD70.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBDAF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBDDF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBE1E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBE5E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBE6.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBE8E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBEBE.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBEC8.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBEF7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBF27.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBF67.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIC394.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIC3C4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIC403.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIC433.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICA4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICBFE.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICCF0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICD2F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICD80.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICDBF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICE2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICE9B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICEFA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICF39.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICF79.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICFB8.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID0FA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID11.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID34D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID45F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID4A5.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID6AA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID701.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID80B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID8CF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID90E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDA0A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDA4A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDB5E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDD98.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDDD7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDE07.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDF8A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDFDA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE019.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE049.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE088.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE0C8.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE107.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE137.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE177.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE2F9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE36A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE5F1.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE63C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE64D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE67D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE6AD.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE6EC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE6EC.tmp-0 (Empty)
MOVED folder*: C:\Windows\Installer\MSIE79F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE7DF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE821.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE8A0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE8BC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE8FB.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE92D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE99C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE9CC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE9D9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE9FC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEA3B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEA6B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEBAF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEDA4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEE2C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEE6C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEEAB.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEEDB.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEF1B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEF4B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEF89.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEF8A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEFCA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEFF9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF0D2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF20C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF374.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF4B1.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF4F0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF520.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF550.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF5C8.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF6E3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF88C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF9E5.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIFD6C.tmp- (Empty)
 
 
---\\  Registry ( Key, Value, Data) (2)
REPLACED data: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope \\\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} (Hijacker.SearchScopes)
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B675E1BD2922F60345C5CFD9C53D2BA7 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window] (PUP.Vosteran)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 8306
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 278
 
 
End of clean at 16:32:59
===================
ZHPCleaner-[R]-15052015-16_32_59.txt
ZHPCleaner-[S]-15052015-16_32_28.txt
 

 

Results of screen317's Security Check version 1.001  

   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
 Java 7 Update 67  
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.169  
 Mozilla Firefox (37.0.2) 
 Google Chrome (42.0.2311.152) 
````````Process Check: objlist.exe by Laurent````````
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 

 

MiniToolBox by Farbar  Version: 11-05-2015 01

Ran by Calvin Fei (administrator) on 15-05-2015 at 16:38:24
Running from "C:\Users\Calvin Fei\Downloads"
Microsoft Windows 8.1  (X64)
Model: All Series Manufacturer: ASUS
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
Hosts file not detected in the default directory
========================= IP Configuration: ================================
 
Intel® Ethernet Connection I217-V = Ethernet (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Calvin
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Ethernet Connection I217-V
   Physical Address. . . . . . . . . : 74-D0-2B-93-2F-DA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::30d1:ae0:5a4c:7035%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.186(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, May 15, 2015 4:15:07 PM
   Lease Expires . . . . . . . . . . : Saturday, May 16, 2015 4:15:07 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 57987115
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-16-0E-AE-74-D0-2B-93-2F-DA
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:38a9:fc9:bad5:ecdb(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::38a9:fc9:bad5:ecdb%4(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-16-0E-AE-74-D0-2B-93-2F-DA
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  Linksys33525
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4010:800::1001
 74.125.224.4
 74.125.224.5
 74.125.224.6
 74.125.224.7
 74.125.224.8
 74.125.224.9
 74.125.224.14
 74.125.224.0
 74.125.224.1
 74.125.224.2
 74.125.224.3
 
 
Pinging google.com [74.125.224.3] with 32 bytes of data:
Reply from 74.125.224.3: bytes=32 time=24ms TTL=54
Reply from 74.125.224.3: bytes=32 time=14ms TTL=54
 
Ping statistics for 74.125.224.3:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 14ms, Maximum = 24ms, Average = 19ms
Server:  Linksys33525
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=61ms TTL=50
Reply from 98.138.253.109: bytes=32 time=61ms TTL=50
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 61ms, Maximum = 61ms, Average = 61ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...74 d0 2b 93 2f da ......Intel® Ethernet Connection I217-V
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.186     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.186    266
    192.168.1.186  255.255.255.255         On-link     192.168.1.186    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.186    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.186    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.186    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  4    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  4    306 2001::/32                On-link
  4    306 2001:0:9d38:90d7:38a9:fc9:bad5:ecdb/128
                                    On-link
  3    266 fe80::/64                On-link
  4    306 fe80::/64                On-link
  3    266 fe80::30d1:ae0:5a4c:7035/128
                                    On-link
  4    306 fe80::38a9:fc9:bad5:ecdb/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    266 ff00::/8                 On-link
  4    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/15/2015 04:15:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.3165, time stamp: 0x52677452
Faulting module name: nvxdsync.exe, version: 8.17.13.3165, time stamp: 0x52677452
Exception code: 0xc0000005
Fault offset: 0x000000000000dabe
Faulting process id: 0x3dc
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5
 
Error: (05/15/2015 04:15:09 PM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (05/15/2015 04:14:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_DeviceAssociationService, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x000000000003d85e
Faulting process id: 0x3a8
Faulting application start time: 0xsvchost.exe_DeviceAssociationService0
Faulting application path: svchost.exe_DeviceAssociationService1
Faulting module path: svchost.exe_DeviceAssociationService2
Report Id: svchost.exe_DeviceAssociationService3
Faulting package full name: svchost.exe_DeviceAssociationService4
Faulting package-relative application ID: svchost.exe_DeviceAssociationService5
 
Error: (05/15/2015 04:09:22 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee SiteAdvisor Service since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (05/15/2015 04:09:22 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service lxdu_device since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (05/15/2015 03:30:02 PM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (05/15/2015 03:28:19 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 42.0.2311.152 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1468
 
Start Time: 01d08f5e504f58ad
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: afbef6c1-fb51-11e4-8327-74d02b932fda
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/15/2015 09:45:40 AM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 42.0.2311.135 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 18f8
 
Start Time: 01d08f21fd8d09ce
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: d1695de5-fb21-11e4-8327-74d02b932fda
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/15/2015 08:42:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/15/2015 08:40:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (05/15/2015 04:27:49 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/15/2015 04:27:31 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/15/2015 04:15:09 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (05/15/2015 04:14:50 PM) (Source: DCOM) (User: CALVIN)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (05/15/2015 04:14:44 PM) (Source: Service Control Manager) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/15/2015 04:14:44 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/15/2015 04:14:44 PM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/15/2015 04:14:44 PM) (Source: Service Control Manager) (User: )
Description: The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/15/2015 04:14:44 PM) (Source: Service Control Manager) (User: )
Description: The Network Connection Broker service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (05/15/2015 04:14:44 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (05/15/2015 04:15:12 PM) (Source: Application Error)(User: )
Description: nvxdsync.exe8.17.13.316552677452nvxdsync.exe8.17.13.316552677452c0000005000000000000dabe3dc01d08f64fb08772fC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe3c7dc498-fb58-11e4-8329-74d02b932fda
 
Error: (05/15/2015 04:15:09 PM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (05/15/2015 04:14:42 PM) (Source: Application Error)(User: )
Description: svchost.exe_DeviceAssociationService6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e3a801d08f5eadf10585C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll2a96e45a-fb58-11e4-8328-74d02b932fda
 
Error: (05/15/2015 04:09:22 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee SiteAdvisor Service since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (05/15/2015 04:09:22 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service lxdu_device since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (05/15/2015 03:30:02 PM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (05/15/2015 03:28:19 PM) (Source: Application Hang)(User: )
Description: chrome.exe42.0.2311.152146801d08f5e504f58ad4294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exeafbef6c1-fb51-11e4-8327-74d02b932fda
 
Error: (05/15/2015 09:45:40 AM) (Source: Application Hang)(User: )
Description: chrome.exe42.0.2311.13518f801d08f21fd8d09ce4294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exed1695de5-fb21-11e4-8327-74d02b932fda
 
Error: (05/15/2015 08:42:01 AM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (05/15/2015 08:40:04 AM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
 
=========================== Installed Programs ============================
 
4Card Recovery (HKLM-x32\...\{6FE4072A-E968-438D-967A-F641BE28B279}_is1) (Version: 2.0 - 4CardRecovery)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.0 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKCU\...\Amazon Cloud Drive) (Version: 1.0.2014.3030 - Amazon Digital Services, LLC.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.11.3116 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{80194F84-21CE-44CF-A46E-38D8CE448856}) (Version: 0.8.11.3116 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Calibrize 2.0 (HKLM-x32\...\Calibrize_is1) (Version:  - Colorjinn)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
DeblurMyImagePlugIn (HKLM-x32\...\DeblurMyImagePlugIn) (Version: 2.0 - Filip Krolupper)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Engraver 2.22 (64 Bit). (HKLM\...\EngraverII plug-in for Adobe Photoshop and compa~2602D862_is1) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON WF-7620 Series Printer Uninstall (HKLM\...\EPSON WF-7620 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-7620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-7620 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free Any Photo Recovery version 5.0 (HKLM-x32\...\{AmazingPhotoRecovery}_is1) (Version: 5.0 - www.Amazing-Share.com)
Free Zip Opener (HKLM-x32\...\Free Zip Opener) (Version: 1.0 - Free Zip Opener)
GIF Optimizer 2.0 (HKLM-x32\...\GIF Optimizer_is1) (Version:  - Leapic Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Krita Desktop (x64) 2.8.3.0 (HKLM\...\{C954F6B7-202B-4811-8A7E-1BFBCD3A09DD}) (Version: 2.8.3.0 - KO GmbH)
Livestream for Producers (HKLM-x32\...\{53466613-9260-4814-AE66-7F3A3FA978D3}) (Version: 0.0.64 - Livestream)
Livestream Procaster (HKLM-x32\...\{2515EAA9-AE9F-4F0A-8301-B40034838B8A}) (Version: 20.3.0 - Procaster)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.3 - Smith Micro)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 10.1.7200.5 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 10.1.7200.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Prevent Restore (HKLM\...\wfds) (Version: 4.10 - PrivacyRoot.com)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.8.100.4 - Red Giant, LLC)
Safe Startup (HKLM\...\stgu) (Version: 4.00 - PrivacyRoot.com)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
SavetheChildren App by We-Care.com v4.1.30.4 (HKLM-x32\...\{A9A33A1C-3A0F-4EBC-BA5E-0C405ADB7FF4}) (Version: 4.1.30.4 - We-Care.com)
Secret Disk (HKLM\...\sede) (Version: 2.17 - PrivacyRoot.com)
Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Snippage (HKLM-x32\...\{9889A710-7060-079C-FD40-4E2E438A4150}) (Version: 1.0.12 - UNKNOWN) Hidden
Snippage (HKLM-x32\...\Snippage.B28FB424FD6880E47B18D7D649F6CC93BDE9B29B.1) (Version: 1.0 r12 - UNKNOWN)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
Trapcode Suite v12.1.5 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.5 - Red Giant, LLC)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
UTAU 歌声合成ツール (HKLM-x32\...\{616A6B38-329A-4DD1-865A-24A89A1C95F0}) (Version: 1.1.1801 - 飴屋プロジェクト)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wipe (HKLM\...\wipe) (Version: 2015.04 - PrivacyRoot.com)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.11.1.514 - Zemana Ltd.)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 13%
Total physical RAM: 16319.11 MB
Available physical RAM: 14114.8 MB
Total Pagefile: 18623.11 MB
Available Pagefile: 16402.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.73 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:238.13 GB) (Free:124.88 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1488.11 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\CALVIN
 
Administrator            Calvin Fei               Guest                    
UpdatusUser              
 
 
**** End of log ****
 

 


Edited by AFei, 15 May 2015 - 06:38 PM.


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 15 May 2015 - 06:45 PM

  • Click here to download  RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.

r7b6F8y.png

After you run this tool, make a new scan with minitoolbox and tick only list hosts.  Post that log, in your next reply.

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 15 May 2015 - 06:52 PM

What is this???

UTAU 歌声合成ツール (HKLM-x32\...\{616A6B38-329A-4DD1-865A-24A89A1C95F0}) (Version: 1.1.1801 - 飴屋プロジェクト)
 

I would remove the following from your machine.

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Free Zip Opener (HKLM-x32\...\Free Zip Opener) (Version: 1.0 - Free Zip Opener)

 

Newer version of JAVA.

https://www.java.com/en/

 

7zip

http://www.7-zip.org/



#8 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 May 2015 - 07:03 PM

I have one more log from that to go that I didn't post yet which is ESET scanner. Its taking awhile.

That UTAU was supposed to be a free and legal version of Vocoloid. I actually don't know how to work it very well anyway.

http://en.wikipedia.org/wiki/Utau
 



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 15 May 2015 - 07:06 PM

Ok, never seen that before and the chinese/japenese characters sometimes mean bad news.....

 

Eset can take a while post when ready. :)



#10 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 May 2015 - 07:10 PM

 

C:\Users\All Users\klgomepaggepgokegehapidieddnbnea\sUgguU.js JS/Kryptik.ATB trojan

C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan cleaned by deleting - quarantined
C:\ProgramData\klgomepaggepgokegehapidieddnbnea\sUgguU.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
D:\Carissa\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000058 Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
D:\Carissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.100.504_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
D:\Carissa\Documents\DiskVista64\Downloads\dffsetup-d3drm.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
D:\Carissa\Documents\DiskVista64\Downloads\speedupmypc.exe Win32/SpeedUpMyPC potentially unwanted application deleted - quarantined
D:\Carissa\Documents\DiskVista64\Downloads\vpsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
D:\Carissa\Downloads\acaladvdripperprose.exe Win32/DownWare.W potentially unwanted application deleted - quarantined
D:\Carissa\Downloads\rcpa_050709251607623139.exe Win32/Systweak.D potentially unwanted application deleted - quarantined
 


#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 15 May 2015 - 07:14 PM

One threat was not cleaned by ESET......

 

C:\Users\All Users\klgomepaggepgokegehapidieddnbnea\sUgguU.js JS/Kryptik.ATB trojan

 

Malwarebytes AntiRootkit
 
 
Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.



#12 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 May 2015 - 07:15 PM

When I click the button for RST hosts, this pop up shows up. Is that fine?
 

I see there are extra steps now, so which do I do first?

 

Untitled_1.jpg


Edited by AFei, 15 May 2015 - 07:17 PM.


#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 15 May 2015 - 07:16 PM

Yes that is what you want. :)

 

Fichier hosts restaure avec succes = Hosts file restores successfully


Edited by InadequateInfirmity, 15 May 2015 - 07:17 PM.


#14 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 May 2015 - 07:25 PM

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 5/15/2015
Scan Time: 5:19:13 PM
Logfile: file3.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.15.05
Rootkit Database: v2015.05.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Calvin Fei
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 418587
Time Elapsed: 4 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.MultiPlug, C:\ProgramData\klgomepaggepgokegehapidieddnbnea, , [cf22fe95c5c54aec1b75472236cf7888], 
 
Files: 3
PUP.Optional.MultiPlug, C:\ProgramData\klgomepaggepgokegehapidieddnbnea\lsdb.js, , [cf22fe95c5c54aec1b75472236cf7888], 
PUP.Optional.MultiPlug, C:\ProgramData\klgomepaggepgokegehapidieddnbnea\background.html, , [cf22fe95c5c54aec1b75472236cf7888], 
PUP.Optional.MultiPlug, C:\ProgramData\klgomepaggepgokegehapidieddnbnea\content.js, , [cf22fe95c5c54aec1b75472236cf7888], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#15 AFei

AFei
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 May 2015 - 07:26 PM

 

MiniToolBox by Farbar  Version: 11-05-2015 01

Ran by Calvin Fei (administrator) on 15-05-2015 at 17:26:42
Running from "C:\Users\Calvin Fei\Downloads"
Microsoft Windows 8.1  (X64)
Model: All Series Manufacturer: ASUS
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================
 
::1             localhost
127.0.0.1       localhost
 
 
**** End of log ****
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users