Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots of popups, Extra Web pages opening


  • Please log in to reply
15 replies to this topic

#1 Robs2014

Robs2014

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 15 May 2015 - 08:27 PM



I havery noticed in the last few days when I try to surf the Web tons of extra Web pages open and popup. It is getting worse and slowing down the pc also. This is a Windows 7 home premium 64bit.

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 PM

Posted 15 May 2015 - 08:34 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 Robs2014

Robs2014
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 16 May 2015 - 12:30 AM

  Ran into an issue. I did all items up to this one Step 1: eScanAV.

 

 

When I do the right click and run as an Administrator it starts and unpacks, then I get this popup error message that says I do not have the right to perform the install.  I click on it and get another popup that dives me the options to 1.) reinstall 2.) say it installed fine or 3.) cancel.

 

 

Ideas? What should I do now?

 

 

Thanks



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 PM

Posted 16 May 2015 - 05:22 AM

Skip that step.



#5 Robs2014

Robs2014
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 17 May 2015 - 12:18 AM

Ok ran the rest and here are the logs requested.

 

 

Zemana:

Zemana AntiMalware 2.11.2.514 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/5/16
Operating System      : Windows 7 64-bit
Processor             : 2X Intel® Pentium® CPU P6300 @ 2.27GHz
BIOS Mode             : Legacy
CUID                  : 0030AEDE5101134C151ACD
Scan Type             : Deep Scan
Duration              : 19m 46s
Scanned Objects       : 35375
Detected Objects      : 32
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Domain Info           : WORKGROUP,1,2


Detected Objects
-------------------------------------------------------
Salus CA
   Status             : Scanned
   Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0FE058851352BCFB14955C214FFC7810ED3978DA\Blob
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detection          : Suspicious Root CA
   Cleaning Action    : Delete
   Traces             :
                Registry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0FE058851352BCFB14955C214FFC7810ED3978DA\Blob

Proxy Enabled (User)
   Status             : Scanned
   Object             : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detection          : Suspicious Setting
   Cleaning Action    : Repair
   Traces             :
                Registry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable

Proxy Server (User)
   Status             : Scanned
   Object             : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detection          : Suspicious Setting
   Cleaning Action    : Delete
   Traces             :
                Registry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer

DiscountExt
   Status             : Scanned
   Object             : %appdata%\mozilla\firefox\profiles\u3xay1e7.default\extensions\kkb_yhsqtrxluse@yerfvhlmdkxzxjelzwa.edu
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detection          : PUA.FirefoxExt!Gr
   Cleaning Action    : Repair
   Traces             :
                Extension - DiscountExt

isoburner_setup.exe
   Status             : Scanned
   Object             : %homedrive%\boot disks xp\isoburner_setup.exe
   MD5                : E1B77758C3E49D1E4DAA4A68882A46D0
   Publisher          : OutBrowse
   Size               : 992024
   Version            : 1.0.0.1
   Detection          : Malware:Win32/Zelion!Mlrl
   Cleaning Action    : Quarantine
   Traces             :
                File - %homedrive%\boot disks xp\isoburner_setup.exe

Client.exe
   Status             : Scanned
   Object             : %programfiles%\user extensions\client.exe
   MD5                : B2723DFC89F152E1F8E9A18DD6EC7AEF
   Publisher          : -
   Size               : 78848
   Version            : 1.0.0.0
   Detection          : Malware:Win32/Bundpill.A!Emel
   Cleaning Action    : Quarantine
   Traces             :
                File - %programfiles%\user extensions\client.exe
                Process - 4760 - C:\Program Files (x86)\user extensions\Client.exe
                Process - 3796 - C:\Program Files (x86)\user extensions\Client.exe
                Process - 1164 - C:\Program Files (x86)\user extensions\Client.exe
                Process - 4768 - C:\Program Files (x86)\user extensions\Client.exe


ninja-setup-3.0.6.exe
   Status             : Scanned
   Object             : %userprofile%\desktop\2015 scan tools\ninja-setup-3.0.6.exe
   MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
   Publisher          : -
   Size               : 2507200
   Version            : 0.0.0.0
   Detection          : Adware:Win32/OpenCandy
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\desktop\2015 scan tools\ninja-setup-3.0.6.exe


NNiceOfffers
   Status             : Scanned
   Object             : %localappdata%\google\chrome\user data\default\extensions\cfljfaadageacikfebmmlmeoblbfbemo\1.1\blwma0uw2.js
   MD5                : A0A9450B379A5F778F62C3EEEAD11E78
   Publisher          : -
   Size               : 18070
   Version            : -
   Detection          : Adware:Generic/Fitzia.A!Ttti
   Cleaning Action    : Repair
   Traces             :
                File - %localappdata%\google\chrome\user data\default\extensions\cfljfaadageacikfebmmlmeoblbfbemo\1.1\blwma0uw2.js
                Extension - NNiceOfffers

Share on Google Plus
   Status             : Scanned
   Object             : %localappdata%\google\chrome\user data\default\extensions\gfkobenbpcjmmejiokpopekegkpogbdn\127\s3ivx.js
   MD5                : C07548BA9B7ED9159CD1C4E1FA63D622
   Publisher          : -
   Size               : 18114
   Version            : -
   Detection          : Adware:Generic/Fitzia.A!Klta
   Cleaning Action    : Repair
   Traces             :
                File - %localappdata%\google\chrome\user data\default\extensions\gfkobenbpcjmmejiokpopekegkpogbdn\127\s3ivx.js
                Extension - Share on Google Plus

NNiceOfffers
   Status             : Scanned
   Object             : %appdata%\mozilla\firefox\profiles\u3xay1e7.default\extensions\ljgi3zx@1.org\content\bg.js
   MD5                : 62BB269DECE7C048F50A5CB3F8048258
   Publisher          : -
   Size               : 17757
   Version            : -
   Detection          : Adware:Generic/Hellium.A!Mkei
   Cleaning Action    : Repair
   Traces             :
                File - %appdata%\mozilla\firefox\profiles\u3xay1e7.default\extensions\ljgi3zx@1.org\content\bg.js
                Extension - NNiceOfffers

Updater.exe
   Status             : Scanned
   Object             : %programfiles%\user extensions\updater.exe
   MD5                : C2802638D2DC74BBC5D4B5D9E431E95B
   Publisher          : -
   Size               : 76288
   Version            : 1.0.0.0
   Detection          : Malware:Win32/Cognito.A!Tkta
   Cleaning Action    : Quarantine
   Traces             :
                File - %programfiles%\user extensions\updater.exe

Uninstall.exe
   Status             : Scanned
   Object             : %programfiles%\user extensions\uninstall.exe
   MD5                : C9B74512654FB7B2D6D0D4CFD32B48F8
   Publisher          : -
   Size               : 74752
   Version            : 1.0.0.0
   Detection          : Malware:Win32/Blackoat.A!Keea
   Cleaning Action    : Quarantine
   Traces             :
                File - %programfiles%\user extensions\uninstall.exe

GoogleUpdate.dll
   Status             : Scanned
   Object             : %programfiles%\google\chrome\application\googleupdate.dll
   MD5                : 5349D453074BA96ECA6E4BB0FEC386CE
   Publisher          : -
   Size               : 686592
   Version            : 37.0.2013.0
   Detection          : Trojan:Win32/Bailoat.A!Rtar
   Cleaning Action    : Quarantine
   Traces             :
                File - %programfiles%\google\chrome\application\googleupdate.dll

Prompt Downloader.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\prompt downloader.exe
   MD5                : FB304E4ADF23B083C80F17DFB70C9E85
   Publisher          : -
   Size               : 1147392
   Version            : -
   Detection          : Adware:Win32/MultiPlug
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\prompt downloader.exe


ca_setup.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\ca_setup.exe
   MD5                : EA2EF30C99ECECB1EDA9AA128631FF31
   Publisher          : -
   Size               : 8244106
   Version            : 1.0.0.0
   Detection          : Malware:Win32/Generic!Late
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\ca_setup.exe

MediaPlayerClassic.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\mediaplayerclassic.exe
   MD5                : C6078B49030E9E83EB337BDB05ACB9C1
   Publisher          : Useful Software
   Size               : 269632
   Version            : 1.0.1.0
   Detection          : Adware:Win32/Verti
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\mediaplayerclassic.exe

isomount_setup-35288471.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\isomount_setup-35288471.exe
   MD5                : 2CE8C17D9384341AF5A6C6B7683416DF
   Publisher          : ProInstall Applications SRL
   Size               : 232216
   Version            : 1.5.0.4
   Detection          : Downloader:Win32/Generic
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\isomount_setup-35288471.exe

FF_Updater_Setup(1).exe
   Status             : Scanned
   Object             : %userprofile%\downloads\ff_updater_setup(1).exe
   MD5                : 384EE1DA3F00A7391F7BD21C2AD42990
   Publisher          : Xpress Installer
   Size               : 1147640
   Version            : 0.0.0.0
   Detection          : Adware:Win32/Quarand!Kaee
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\ff_updater_setup(1).exe

FF_Updater_Setup.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\ff_updater_setup.exe
   MD5                : 55D2EB31689CA96EA1C644FC956ED509
   Publisher          : Xpress Installer
   Size               : 1144568
   Version            : 0.0.0.0
   Detection          : Adware:Win32/Quarand!Kaee
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\ff_updater_setup.exe

7zip (2).exe
   Status             : Scanned
   Object             : %userprofile%\downloads\7zip (2).exe
   MD5                : 8D63880D452ACCA7BE04D856D7B06157
   Publisher          : Useful Software
   Size               : 250696
   Version            : 1.0.0.20
   Detection          : Adware:Win32/Verti
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\7zip (2).exe

7zip.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\7zip.exe
   MD5                : 8D63880D452ACCA7BE04D856D7B06157
   Publisher          : Useful Software
   Size               : 250696
   Version            : 1.0.0.20
   Detection          : Adware:Win32/Verti
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\7zip.exe

7zip (1).exe
   Status             : Scanned
   Object             : %userprofile%\downloads\7zip (1).exe
   MD5                : 8D63880D452ACCA7BE04D856D7B06157
   Publisher          : Useful Software
   Size               : 250696
   Version            : 1.0.0.20
   Detection          : Adware:Win32/Verti
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\7zip (1).exe


Cleaning Result
-------------------------------------------------------
Cleaned               : 27
Reported as safe      : 0
Failed                : 0

 

JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.2 (05.15.2015:1)
OS: Windows 7 Home Premium x64
Ran by A1 on Sat 05/16/2015 at 16:15:19.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Check Updates
Successfully deleted: [Task] C:\Windows\system32\tasks\GeniusBox
Successfully deleted: [Task] C:\Windows\system32\tasks\Validate Installation



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{04C90EE7-890D-48CD-9B2C-509300DC7F1D}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{0A9D2DE7-BB53-42EE-BC1B-27C1AAB76079}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{0FA3B892-9716-457F-92CA-D9C7995AED47}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{0FE29771-E760-4335-9E0C-E9D98B05D798}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{10617642-8163-4FAF-B5D2-8905804296E6}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{115847CB-4032-472B-ABF9-D5283CC8D9D3}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{11F3F24E-2A05-4766-9CAD-31C71903EE05}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{1216D4A2-A426-4B2E-8D9F-EED1FB71E952}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{1343773A-D92C-425F-A94A-9132F6C8173C}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{1473474D-2BEA-465C-AC99-3E5F79434463}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{1578E527-405E-458D-9F01-C5716AD4F0AE}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{15FA9478-512D-49DC-8E95-F36BF5F6B9C3}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{1A90CE93-B9C9-4649-A87B-4267E2FE841D}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{1DCE3EE4-8511-46E9-8B7A-5DF2A76C6732}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{1E2D5B55-4AE1-49C4-A182-D025BD08319B}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{1F741A61-E7E4-4CB1-B2C4-4DAD57459506}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{245A6AE3-0760-4B92-8E2D-04A30C02E01D}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{2CD47E61-B864-478B-A20E-89D2BEAD4DA4}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{2D6F6AB4-8B62-4CCE-9E4C-CAB279A15813}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{2FFA345E-D25C-4D35-BEB8-3BB2CCB08229}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{34F6CB4D-02B2-4B79-A841-8075BE86FDA0}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{35674FC7-02C5-400D-A132-ACF27A71DF18}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{36FC2B8E-EEA1-407A-B223-F0DD98CD7FF8}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{37C61B31-50C8-462B-8D9B-16DC3FF59129}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{37CE2E8C-5884-4D33-9713-D772CC4F420E}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{37D89E32-0174-412E-9E31-FE7C239B501D}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{37DE18A9-F915-4964-AAD8-0C4EAAD2AD10}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{3973D080-4983-4EFE-9366-FD74C370FE86}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{39C650AA-CEE6-4792-ABE2-9DEB3A20879B}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{3BC8D0F0-96B8-4384-8A1C-2F1304769CC7}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{3BF20637-021A-43D9-A4E5-EFA2BAAE50D6}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{3C085814-FE89-45C5-BE0A-ED164E46465C}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{3CE10765-9C6C-4D34-A913-D5097EA203DD}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{3E19DE31-BE8A-4004-BE23-32240FD27E94}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{3FA1B076-EE5B-4038-8459-C4CC8BB5E8D5}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{41B4E463-3208-44EE-9D5A-A25EF1709480}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{420BC97C-9E89-4F3B-8A3C-2B2234898B5E}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{42A35315-0B31-4727-83F6-C70554271931}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{434B6A73-BE59-4BFB-8BFB-B491E7C71750}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{4475300C-0AE8-4655-ABCD-F9E67C60C1CF}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{461BA2D6-776C-4591-BCF6-7E39FD57C120}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{4836EBCA-442C-4697-BCEC-BA7BC4300A0D}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{492C3832-2866-402E-AF5C-F60CC5543543}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{4A022AE5-AC40-41FB-8E6E-9E5134561E94}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{4A4F8E3F-6DC0-42DA-8250-92D6074E924A}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{4BA3F6D7-4BEF-45B1-9625-9992D3CB1B09}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{4C00EC7A-540D-47C6-9D0B-8B70189E4AAE}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{4C09FB49-AC97-4F50-BB41-413B62B93B42}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{4CE255BC-FFBF-4FA7-9D35-0458CFF92033}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{4D4C7D3D-4E4A-4CE2-8B78-B3EDA40C3779}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{52EEEDD9-9378-479B-B6E4-75B433365E90}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{541E5D99-87CA-4C0C-AE9E-CB3A8484CD5B}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{5687393B-A8F3-4039-97F3-17B0009E5D47}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{578DD718-F456-447A-BCE4-8A9349D6BC5C}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{58CD1686-B858-43F9-BF4A-D07379EA23C9}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{59DF3073-3D81-46A6-9342-37B3DD5FF554}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{5C58A0ED-46FE-47E9-8673-4FB5BE3F96D1}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{5EC255CA-5620-4678-9000-54E191B8493E}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{6187505C-7666-40A6-A343-8F4A4648017C}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{6205AC64-34A4-4DC4-96EB-64992ACF78D3}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{62894F20-EABC-4BCB-94DA-35AC211BDB67}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{6936C8A5-C44C-47B8-960B-B502AA6B5B73}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{6974FEBF-F399-4CDB-8403-78C4296A62BA}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{6A34B3BF-A479-45A2-B585-0158DBFBE38E}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{6B9EF948-A066-47A0-9837-2B3672D46345}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{6D317BA0-657F-4310-BC20-58B7080999AF}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{6E38ED7B-E836-4699-AB26-2B6225E3D26E}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{6F8A208A-C5B9-4A89-A238-359F6731E07A}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{71EC12C6-2E15-4EBB-A17D-E038EB1DA7FE}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{73865A58-F891-445F-A091-6AC56610BB2A}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{74ABEB31-D396-40E8-895A-10097799E3B3}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{7AC74F3F-F221-4D24-925D-A26BCA7BE595}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{7BF68A4D-9276-4BC9-A781-0752A244E0C7}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{7C2BF73E-CF05-4D34-AD36-1F56DCA5FDD8}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{7EAF1DD3-AB8F-4461-95B9-B393B7E74EFF}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{7F5A9AD9-20BF-4541-AFE4-0D5F3BE7B345}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{80BB97F9-D2DF-4BA3-A6BD-0B2518E08606}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{85D87F3F-E977-4F5C-8EF4-698D46D4901F}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{86E23992-0E9C-4CA0-9E69-18BCF7B7D1F0}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{880B1725-B65A-41B9-B915-80CE25E002F5}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{8821062E-58F5-41F2-B3CE-F1BECB285B37}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{8AD91FE0-8C8A-44E5-B341-666C2ECE4CDC}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{8BD988D9-702D-4B7B-80C9-EF6AB6A07076}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{9040E4BB-8B3D-41B7-8215-7ACBB35ACEFF}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{91B4C639-E3FB-419D-B302-1DC6CAFF0F10}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{941305D4-9A21-4798-A9EC-2F109839768D}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{9688672F-75B6-4CB4-850F-0F438A6F98D9}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{98993199-64AC-4E23-91E1-92A80E738E53}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{9967487F-72D5-416E-B08C-C5921E55E145}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{9CE77AAB-7321-467A-9120-DE261C3FBFAB}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{9F755291-3D1A-4A6F-9DB8-DB039401A381}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{9FAB87D4-6850-4FE7-B57B-631221938F4C}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{A06D566B-EA27-4B7D-B30D-C1FA2A53B623}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{A212244C-A628-4CF3-8485-CD44301491E8}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{A327D86A-EAB7-4417-9950-619D2A401F54}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{A7CFA359-B4E0-4F6B-889E-7E5EEBF2860D}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{B0D0E45E-5AD5-45E1-97C4-7BC48048DC20}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{B0ECED96-98B3-4B33-AEE4-9656484D5F39}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{B242F753-671B-406B-A6A0-A724253013E9}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{B28C392D-6F16-4919-8CC9-01BF1F7C6F35}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{B2AC06D6-1BA3-468A-B8CE-DB989BD6161F}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{B2ED4098-A153-4609-9308-EAB19501517B}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{B671B8F6-B81A-4F69-9546-1B5985E00236}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{BB0E8721-3845-40CD-A67E-755EA1BC4797}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{BC47C927-F06D-4D7E-AEF9-E9EE44FF5FE8}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{C146872A-5312-44F8-89C7-20DCD1EE5AEF}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{C327D2AA-65D3-4561-80FC-F9B54DDADB4A}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{C4AAA0ED-FEBA-4EB4-80CF-E42202BB6A1D}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{C667B644-D923-488A-88D7-45D2BD80671D}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{C791AD21-26F3-4E5E-AD35-A3CDC8186EAC}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{CB3D4326-18EB-40ED-991F-8A613F653FD3}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{CB9A04AC-10C3-439B-A5CF-7EC5AD0013E7}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{CDAD9312-2936-418E-9750-E2552C9F0CD5}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{D06AA39C-956F-45AB-9235-C65E1755EC5A}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{D22BFB22-5687-4F0E-A585-D09B302B2C82}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{D2F73DCB-BD7B-4B2F-AA99-F16E8E8B51E4}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{D3941E1F-FF86-4B15-8AF9-473B03A193CB}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{D4C84E1E-11F5-4C39-9552-C1756AD2BA46}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{D5404ACA-2522-4877-AA5A-A2C20DD35B3E}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{D5516539-D016-418F-BDF3-2ACBCC09E74F}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{D949282B-73EF-42F4-95E9-C61E0A5B15B6}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{D997F28C-F8A2-4746-8125-E618AFD3F322}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{D9AFED3D-3F5A-4ABE-9C27-0696821CFCE8}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{DA34B7CC-BB9B-40C5-A725-326A16592A83}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{DABA20EE-FEB8-412B-9FBA-D88245BB6517}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{DB085167-5A1C-44DC-8CE2-29A4F0BCC551}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{DBDB1422-F731-4CA4-8D01-D5AECA602D44}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{DD645B82-9B0A-4D6D-ADF4-94A831F898E5}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{DD6B7577-67EF-4783-B216-C51E18FF56E4}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{E0EAB3B5-C10F-4B22-AEF5-6923F01F15E9}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{E1C2A574-1065-48F9-BFE1-BD0604B092FD}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{E5649034-FE99-4E76-A20D-CA8589A5B5BE}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{E75BD2C1-7BCB-467A-B358-881E8B77BC87}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{E86D59C2-B91F-41A9-969B-227DE863C841}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{EA985F02-3DD3-45A9-9BAA-B2F7EFE1FFF2}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{EB75314F-8DD7-4308-BFE3-FF0E6CBC9E8D}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{EEE6D4DE-A43A-487C-88F3-51788942F1B5}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{EF1C1B0C-6F14-40FA-8E08-93A3D22EE485}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{F237C4E9-C8E6-413A-8C34-4C6B93E59B88}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{F24EC4F4-1965-46F1-BDC4-EA015DE80134}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{F45B54A8-D52C-426C-A326-A5A99375C7BF}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{F541C3FA-12B9-4502-BE36-B03A12B2E45A}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{F576BD47-2634-4104-9975-DD4601EBFF6D}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{F61587F0-0BE3-4874-8FBC-516AE90B1B98}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{FA24FA07-9CEA-4C76-B91F-23CFAA843C7E}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{FA6E03C6-9031-4192-AF4C-0BC06A069E71}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{FAB7F57A-0A8F-4D4E-B9B7-93ABC3010F1F}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{FB1211C2-C327-4ED4-89F9-568CDC8551BC}
Successfully deleted: [Empty Folder] C:\Users\a1\appdata\local\{FEDC45DE-365F-43AD-9FE2-E9E759DBB96D}
Successfully deleted: [Folder] C:\Program Files (x86)\NNiceOfffers



~~~ FireFox

Successfully deleted the following from C:\Users\a1\AppData\Roaming\mozilla\firefox\profiles\u3xay1e7.default\prefs.js

user_pref(extensions.MRDBK2vA7pEiL7Ca.scode, (function(){try{if(window.location.href.indexOf(\pdsGrjr5rjs6rHY8rHC8rHUFpa\)>-1){return;}}catch(e){}try{var d=[[\www.viracu
user_pref(extensions.MRDBK2vA7pEiL7Ca.url, hxxp://resolverfiber.link/sync2/?q=hfZ9oe4PB7hMhfsMCyVUojsErdn7tMqLDe49CNU0llrMCMlNhd9Fqja9rjsFrdnHrdwMBzqUojw8rdnFrHaGqdkHqGh7hf
Emptied folder: C:\Users\a1\AppData\Roaming\mozilla\firefox\profiles\u3xay1e7.default\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/16/2015 at 16:19:34.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner:

# AdwCleaner v4.204 - Logfile created 16/05/2015 at 16:54:38
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : a1 - a1-HP
# Running from : C:\Users\a1\Downloads\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\{c8f68caa-fef4-ffe0-c8f6-68caafef32ab}
Folder Deleted : C:\Program Files (x86)\CoupMania
Folder Deleted : C:\Users\a1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Folder Deleted : C:\Users\a1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Folder Deleted : C:\Users\a1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Folder Deleted : C:\Users\a1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Folder Deleted : C:\Users\a1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

***** [ Scheduled tasks ] *****

Task Deleted : Check Updates
Task Deleted : GeniusBox
Task Deleted : Validate Installation

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\geniusboxinstalled
Key Deleted : HKLM\SOFTWARE\LookSafe
Key Deleted : HKLM\SOFTWARE\GeniusBox
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GeniusBox
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v36.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.91


*************************

AdwCleaner[R0].txt - [24663 bytes] - [17/05/2014 03:15:46]
AdwCleaner[R1].txt - [1094 bytes] - [26/05/2014 02:34:12]
AdwCleaner[R2].txt - [12697 bytes] - [23/01/2015 15:52:12]
AdwCleaner[R3].txt - [1240 bytes] - [24/01/2015 15:43:49]
AdwCleaner[R4].txt - [5329 bytes] - [20/02/2015 04:22:25]
AdwCleaner[R5].txt - [2254 bytes] - [15/04/2015 13:14:04]
AdwCleaner[R6].txt - [2362 bytes] - [06/05/2015 10:08:00]
AdwCleaner[R7].txt - [3276 bytes] - [16/05/2015 16:46:49]
AdwCleaner[S0].txt - [24786 bytes] - [17/05/2014 03:17:25]
AdwCleaner[S1].txt - [1160 bytes] - [26/05/2014 02:35:57]
AdwCleaner[S2].txt - [12855 bytes] - [23/01/2015 16:01:11]
AdwCleaner[S3].txt - [1304 bytes] - [24/01/2015 15:56:43]
AdwCleaner[S4].txt - [5333 bytes] - [20/02/2015 04:25:54]
AdwCleaner[S5].txt - [2356 bytes] - [15/04/2015 13:30:00]
AdwCleaner[S6].txt - [2369 bytes] - [06/05/2015 10:10:11]
AdwCleaner[S7].txt - [2791 bytes] - [16/05/2015 16:54:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2850  bytes] ##########
 



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 PM

Posted 17 May 2015 - 05:34 AM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#7 Robs2014

Robs2014
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 17 May 2015 - 11:49 PM

Here are the logs:

 

 

Adware log:

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_05_17_19_17_40
OS: Windows 7 - 64 Bit
Account Name: A1
U0L0S15

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - Folder - C:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\babylonia
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3369881880-248188746-486031332-1001\Software\AVG Secure Search:http_reporter_queue
Deleted - RegistryValue(P) - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions:{2eecd738-5844-4a99-b4b6-146bf802613b}
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions:{98889811-442d-49dd-99d7-dc866be87dbc}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished

 

ZHP Cleaner log:

 

~ ZHPCleaner v2015.5.17.241 by Nicolas Coolman (2015\05\17)
~ Run by A1 (Administrator)  (17/05/2015 19:56:22)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\A1\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\A1\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (0)
~ No malicious items found.


---\\  Hosts file (0)
~ No malicious items found.


---\\  Scheduled automatic tasks. (2)
DELETED task: [SimpleFiles Update Service] [C:\Program Files (x86)\SimpleFilesUpdater\SimpleFilesUpdater.exe (Not File) ] (Adware.SimpleFiles)
DELETED task: [Video Performer Manager] [C:\Windows\system32\sc.exe] (PUP.VideoPerformer)


---\\  Explorer ( File, Folder) (12)
MOVED file: C:\Windows\Installer\5fa664.msi [Babylon Ltd - Windows Installer XML (3.5.2519.0)] (PUP.Babylon)
MOVED folder*: C:\Program Files (x86)\AVG Web TuneUp (Toolbar.AVGSafeGuard)
MOVED folder*: C:\Program Files (x86)\LookSafe Utility (PUP.LookSafe)
MOVED folder*: C:\Program Files (x86)\SystemContinue (Adware.Graftor)
MOVED folder*: C:\ProgramData\AVG Web TuneUp (Toolbar.AVGSafeGuard)
MOVED folder*: C:\Users\A1\AppData\LocalLow\AVG Web TuneUp (Toolbar.AVGSafeGuard)
MOVED folder*: C:\Users\A1\AppData\Local\AVG Web TuneUp (Toolbar.AVGSafeGuard)
MOVED folder*: C:\Users\A1\AppData\Local\com (PUP.Optional)
MOVED folder*: C:\Users\A1\AppData\Local\{8329DD06-408E-4327-AA3C-E87488007334} (Empty)
MOVED folder*: C:\Users\A1\AppData\Local\{98642911-5745-4CE3-8430-35275B116F89} (Empty)
MOVED folder*: C:\Windows\Installer\MSI4C7A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIFAEB.tmp- (Empty)


---\\  Registry ( Key, Value, Data) (13)
REPLACED data: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope \\\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} (Hijacker.SearchScopes)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160} [] (Adware.CrossRider)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_dec12 ["C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 (Not File)] (Toolbar.AVGSearch)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_ROC_JULY_P1 ["C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 (Not File)] (Toolbar.AVGSearch)
DELETED key*: HKEY_USERS\S-1-5-21-3369881880-248188746-486031332-1001\Software\AVG Web TuneUp [] (Toolbar.AVGSafeGuard)
DELETED key: HKCU\Software\AVG Web TuneUp [] (Toolbar.AVGSafeGuard)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.10 (Not File)] (Toolbar.AVGSearch)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConsumerInputUpdate.exe [] (PUP.ConsumerInput)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\AVG Secure Search Update [] (Toolbar.AVGSearch)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\AVG Web TuneUp [] (Toolbar.AVGSafeGuard)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp [AVG Technologies] (Toolbar.AVGSafeGuard)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.10 (Not File)] (Toolbar.AVGSearch)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{{95B7759C-8C7F-4BF1-B163-73684A933233}} [C:\Program Files (x86)\AVG Web TuneUp (Not File)] (Toolbar.AVGSafeGuard)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 760
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 27


End of clean at 19:56:40
===================
ZHPCleaner-[R]-17052015-19_56_40.txt
ZHPCleaner-[S]-17052015-19_44_22.txt
 

 

checkup.txt log:

 

 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Zemana AntiMalware    
 Java™ 6 Update 26  
 Java 7 Update 21  
 Java 8 Update 31  
 Java version 32-bit out of Date!
  Adobe Flash Player 16.0.0.287 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 36.0.1 Firefox out of Date!  
 Google Chrome (40.0.2214.91)
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

Eset Scan log:

 

 

C:\Users\All Users\Spybot - Search & Destroy\Recovery\AdPremierOpinion2.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro13.zip    Win32/Bagle.gen.zip worm    
C:\2014 Scripts\Templates\biz\1\athena13\themeforest-3670986-athena-simple-flexible-corporate-business-theme\Athena-v1-3\athena\images\social.png    PHP/Alter.A trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AllCheapPrice\ALlCheapPrice.exe.vir    a variant of Win32/AdWare.MultiPlug.BN application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BlockAndSurfS\173.dll.vir    a variant of Win32/AdWare.AddLyrics.BH application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BlockAndSurfS\BlockAndSurf.exe.vir    a variant of Win32/AdWare.AddLyrics.AR application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BlockAndSurfS\BlockAndSurfIC173.dll.vir    a variant of Win32/AdWare.AddLyrics.BB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BlockAndSurfS\BlockAndSurfIC173.exe.vir    a variant of Win32/AdWare.AddLyrics.BB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BlockAndSurfS\BlockAndSurfm.exe.vir    a variant of Win32/AdWare.AddLyrics.AT application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BlockAndSurfS\BlockAndSurfM10.exe.vir    a variant of Win32/AdWare.AddLyrics.AS application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BlockAndSurfS\Uninstall.exe.vir    a variant of Win32/AdWare.AddLyrics.AS application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BlockAndSurfS\x64\TandemRunner.exe.vir    a variant of Win64/Adware.AddLyrics.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BlockAndSurfS\x64\webinstr.sys.vir    Win64/Adware.AddLyrics.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BlockAndSurfS\x86\TandemRunner.exe.vir    a variant of Win32/Adware.AddLyrics.CI application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BlockAndSurfS\x86\webinstr.sys.vir    Win32/AdWare.AddLyrics.BJ application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cain\Cain.exe.vir    a variant of Win32/CainAbel potentially unsafe application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FoxTab\1.8.12.0\uninstall.exe.vir    a variant of Win32/InstallCore.YX potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_129\gamesdesktop_widget.exe.vir    a variant of Win32/AdWare.EoRezo.AU application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_129\gmsd_us_129.exe.vir    a variant of Win32/AdWare.EoRezo.AU application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_129\predm.exe.vir    Win32/Adware.EoRezo application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewSavuer\NewSavuer.exe.vir    a variant of Win32/AdWare.MultiPlug.BN application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.33\OptProMon.dll.vir    a variant of Win32/SProtector.Q potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegularDeallss\RegularDeallss.exe.vir    a variant of Win32/AdWare.MultiPlug.BN application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RREgularDeals\nEb35AqaQRhiDj.dll.vir    a variant of Win32/Adware.MultiPlug.EG application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RREgularDeals\nEb35AqaQRhiDj.exe.vir    a variant of Win32/AdWare.MultiPlug.BN application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RREgularDeals\nEb35AqaQRhiDj.x64.dll.vir    a variant of Win64/Adware.MultiPlug.F application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sendori\Sendori.Library.dll.vir    a variant of MSIL/Adware.Sendori.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TAAkeTheCoupOn\n1BjGAWF5fT8fh.dll.vir    a variant of Win32/Adware.MultiPlug.EG application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TAAkeTheCoupOn\n1BjGAWF5fT8fh.exe.vir    a variant of Win32/AdWare.MultiPlug.BN application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TAAkeTheCoupOn\n1BjGAWF5fT8fh.x64.dll.vir    a variant of Win64/Adware.MultiPlug.F application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Sendori\setup.exe.vir    Win32/AdWare.Sendori.C application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{4227444d-b2c6-9d8d-4227-7444db2c1136}\Prompt Downloader.exe.vir    a variant of Win32/Adware.MultiPlug.EP application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\A1\AppData\Local\gmsd_us_129\upgmsd_us_129.exe.vir    a variant of Win32/Adware.EoRezo.AJ application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\A1\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe.vir    a variant of Win32/DealPly.S potentially unwanted application  deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\A1\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir    Win32/Systweak.G potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\A1\AppData\Roaming\VOPackage\Uninstall.exe.vir    Win32/Adware.ConvertAd.AQ application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\A1\AppData\Roaming\VOPackage\VOPackage.exe.vir    a variant of Win32/Adware.ConvertAd.KZ.gen application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir  a variant of Win64/Systweak.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir    Win64/AdvancedSystemProtector.A potentially unwanted application    deleted - quarantined
C:\Program Files\Adware-Removal-Tool\ARTP3.exe    MSIL/FakeTool.PS trojan    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\AdPremierOpinion2.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro13.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\Users\A1\Desktop\2015 Scan tools\ccsetup505pro.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
 


Edited by Robs2014, 18 May 2015 - 08:46 AM.


#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 PM

Posted 18 May 2015 - 01:22 AM

How is your machine running?



#9 Robs2014

Robs2014
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 18 May 2015 - 09:19 AM

Seems to be doing better now. Thanks



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 PM

Posted 18 May 2015 - 01:52 PM

I would personally uninstall spybot search and destroy.

http://www.pcmag.com/article2/0,2817,2412372,00.asp

 

Also uninstall 

 

 Java™ 6 Update 26  
 Java 7 Update 21  
 Java 8 Update 31

 

 

Update your software. After you have allowed this program to update your installed software, please post a new security check log.

 

https://patchmypc.net/download

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 



#11 Robs2014

Robs2014
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 20 May 2015 - 11:24 PM

  Did the removals and updated the programs needed

 

 

here is the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/20/2015
Scan Time: 1:24:08 PM
Logfile: Malware.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.20.04
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: A1

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355701
Time Elapsed: 33 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 16
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0B55F99-F893-4F84-AE82-CAE0E70DFDFA}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{22D8077A-5A6B-4053-8799-8A288D60F8B8}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3429C8E8-686E-40FB-AB2E-1EE3A12ED764}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{968EDBEB-64FB-4E5F-9AB0-47B477C3AA7B}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EEAE9EB9-883A-447D-A4E4-E3A3B5BAEA51}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{22D8077A-5A6B-4053-8799-8A288D60F8B8}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3429C8E8-686E-40FB-AB2E-1EE3A12ED764}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{968EDBEB-64FB-4E5F-9AB0-47B477C3AA7B}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EEAE9EB9-883A-447D-A4E4-E3A3B5BAEA51}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{22D8077A-5A6B-4053-8799-8A288D60F8B8}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3429C8E8-686E-40FB-AB2E-1EE3A12ED764}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{968EDBEB-64FB-4E5F-9AB0-47B477C3AA7B}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EEAE9EB9-883A-447D-A4E4-E3A3B5BAEA51}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0B55F99-F893-4F84-AE82-CAE0E70DFDFA}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A0B55F99-F893-4F84-AE82-CAE0E70DFDFA}, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{d924d8dc}, Quarantined, [618396ff0882c6709bc674ff37cec739],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.ConsumerInput.C, C:\Users\a1\AppData\Roaming\Compete\Consumer Input, Quarantined, [06decacbc0ca46f09ecc39a3847f11ef],
PUP.Optional.ConsumerInput.C, C:\Users\a1\AppData\Roaming\Compete, Quarantined, [06decacbc0ca46f09ecc39a3847f11ef],
PUP.Optional.BrowserEnhance.A, C:\Program Files (x86)\BrowSSerEnahance, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources, Quarantined, [796b167f503ad85ef13a85eed233aa56],

Files: 30
PUP.Optional.ConsumerInput.C, C:\Users\a1\AppData\Roaming\Compete\Consumer Input\DCA_config_gladiolus000fox.dat, Quarantined, [06decacbc0ca46f09ecc39a3847f11ef],
PUP.Optional.ConsumerInput.C, C:\Users\a1\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_diagnostic_gladiolus000fox.dat, Quarantined, [06decacbc0ca46f09ecc39a3847f11ef],
PUP.Optional.ConsumerInput.C, C:\Users\a1\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_gladiolus000fox.dat, Quarantined, [06decacbc0ca46f09ecc39a3847f11ef],
PUP.Optional.ConsumerInput.C, C:\Users\a1\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_serp_gladiolus000fox.dat, Quarantined, [06decacbc0ca46f09ecc39a3847f11ef],
PUP.Optional.ConsumerInput.C, C:\Users\a1\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_shoppingcart_gladiolus000fox.dat, Quarantined, [06decacbc0ca46f09ecc39a3847f11ef],
PUP.Optional.ConsumerInput.C, C:\Users\a1\AppData\Roaming\Compete\Consumer Input\DCA_notification_gladiolus000fox.dat, Quarantined, [06decacbc0ca46f09ecc39a3847f11ef],
PUP.Optional.ConsumerInput.C, C:\Users\a1\AppData\Roaming\Compete\Consumer Input\DCA_privacy_gladiolus000fox.dat, Quarantined, [06decacbc0ca46f09ecc39a3847f11ef],
PUP.Optional.ConsumerInput.C, C:\Users\a1\AppData\Roaming\Compete\Consumer Input\DCA_voicebox_rules_gladiolus000fox.dat, Quarantined, [06decacbc0ca46f09ecc39a3847f11ef],
PUP.Optional.ConsumerInput.C, C:\Users\a1\AppData\Roaming\Compete\Consumer Input\DCA_whitelist_gladiolus000fox.dat, Quarantined, [06decacbc0ca46f09ecc39a3847f11ef],
PUP.Optional.BrowserEnhance.A, C:\Program Files (x86)\BrowSSerEnahance\nnvtlvPFYKHj3E.tlb, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.BrowserEnhance.A, C:\Program Files (x86)\BrowSSerEnahance\nnvtlvPFYKHj3E.dat, Quarantined, [459f64315139a98d6b04d49ae520ae52],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\client.exe.config, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\certmanager.exe, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\cl_c24c94de-9381-47f1-a23e-d7dde42ed0ae.txt, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\makecert.exe, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\settings.config, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Tasks.exe, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\tasks.exe.config, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\ts_c24c94de-9381-47f1-a23e-d7dde42ed0ae.txt, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\uninstall.exe.config, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\un_c24c94de-9381-47f1-a23e-d7dde42ed0ae.txt, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\updater.exe.config, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\up_c24c94de-9381-47f1-a23e-d7dde42ed0ae.txt, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\certutil.exe, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\libnspr4.dll, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\libplc4.dll, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\libplds4.dll, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\nss3.dll, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\smime3.dll, Quarantined, [796b167f503ad85ef13a85eed233aa56],
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\softokn3.dll, Quarantined, [796b167f503ad85ef13a85eed233aa56],

Physical Sectors: 0
(No malicious items detected)


(end)



#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 PM

Posted 21 May 2015 - 12:18 AM

Can you  post a new ZHP and Adware Cleaner log please, then tell me how the machine is running.



#13 Robs2014

Robs2014
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 22 May 2015 - 03:20 AM

Here you go:

 

~ ZHPCleaner v2015.5.20.247 by Nicolas Coolman (2015\05\20)
~ Run by a1 (Administrator)  (22/05/2015 01:22:06)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\a1\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\a1\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (0)
~ No malicious items found.


---\\  Hosts file (0)
~ No malicious items found.


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious items found.


---\\  Registry ( Key, Value, Data) (4)
FOUND key: [X64] HKLM\SOFTWARE\Classes\Search.PugiObj [AVG Security Toolbar] (Toolbar.AVGSearch)
FOUND key: [X64] HKLM\SOFTWARE\Classes\Search.PugiObj.1 [AVG Security Toolbar] (Toolbar.AVGSearch)
FOUND key: [X64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj [AVG Web TuneUp] (Toolbar.AVGSafeGuard)
FOUND key: [X64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1 [AVG Web TuneUp] (Toolbar.AVGSafeGuard)


---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 65231
~ Items found : 4
~ Items cancelled : 0
~ Items repaired : 0


End of clean at 01:28:32
===================
ZHPCleaner-[R]-17052015-19_56_40.txt
ZHPCleaner-[S]-17052015-19_44_22.txt
ZHPCleaner-[S]-22052015-01_28_32.txt
 

 

 

# AdwCleaner v4.205 - Logfile created 22/05/2015 at 04:01:22
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : a1 - a1-HP
# Running from : C:\Users\a1\Downloads\adwcleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Avg_Update_1214tb

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Google Chrome v43.0.2357.65

[C:\Users\a1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\a1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [24663 bytes] - [17/05/2014 03:15:46]
AdwCleaner[R1].txt - [1094 bytes] - [26/05/2014 02:34:12]
AdwCleaner[R2].txt - [12697 bytes] - [23/01/2015 15:52:12]
AdwCleaner[R3].txt - [1240 bytes] - [24/01/2015 15:43:49]
AdwCleaner[R4].txt - [5329 bytes] - [20/02/2015 04:22:25]
AdwCleaner[R5].txt - [2254 bytes] - [15/04/2015 13:14:04]
AdwCleaner[R6].txt - [2362 bytes] - [06/05/2015 10:08:00]
AdwCleaner[R7].txt - [3276 bytes] - [16/05/2015 16:46:49]
AdwCleaner[R8].txt - [2092 bytes] - [22/05/2015 03:53:35]
AdwCleaner[S0].txt - [24786 bytes] - [17/05/2014 03:17:25]
AdwCleaner[S1].txt - [1160 bytes] - [26/05/2014 02:35:57]
AdwCleaner[S2].txt - [12855 bytes] - [23/01/2015 16:01:11]
AdwCleaner[S3].txt - [1304 bytes] - [24/01/2015 15:56:43]
AdwCleaner[S4].txt - [5333 bytes] - [20/02/2015 04:25:54]
AdwCleaner[S5].txt - [2356 bytes] - [15/04/2015 13:30:00]
AdwCleaner[S6].txt - [2369 bytes] - [06/05/2015 10:10:11]
AdwCleaner[S7].txt - [2930 bytes] - [16/05/2015 16:54:38]
AdwCleaner[S8].txt - [2023 bytes] - [22/05/2015 04:01:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2082  bytes] ##########
 



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 PM

Posted 22 May 2015 - 05:25 AM

Qualys BrowserCheck To update plugins.

Safe Browsing Tool Web of trust to keep away from shady sites.

Unchecky  To avoid bundled software.

Adblock Plus  To browse the web ad free.

Malwarebytes Anti-Exploit To block Zero day attacks.

Malwarebytes | StartUpLITE To disable un-needed start ups.

http://www.toolwiz.com/en/products/toolwiz-smart-defrag/ Defrag your machine.

adguard use with adblock for basically zero ads

https://chrome.google.com/webstore/detail/adguard-adblocker/bgnkhhnnamicmpeenaelnjfhikgbkllg?hl=en

https://addons.mozilla.org/en-uS/firefox/addon/adguard-adblocker/

 

 

 

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt



#15 Robs2014

Robs2014
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 27 May 2015 - 10:28 AM

Sorry for delay on response (Holiday weekend) :) Completed the above.

 

 

# DelFix v1.010 - Logfile created 27/05/2015 at 11:14:39
# Updated 26/04/2015 by Xplode
# Username : a1 - a1-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\JRT
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\a1\Desktop\rkill
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\logFile.txt
Deleted : C:\TDSSKiller.2.8.10.0_01.10.2012_01.47.55_log.txt
Deleted : C:\Users\a1\Desktop\JRT.txt
Deleted : C:\Users\a1\Desktop\Rkill.txt
Deleted : C:\Users\a1\Desktop\ZHPCleaner.lnk
Deleted : C:\Users\a1\Desktop\ZHPCleaner.txt
Deleted : C:\Users\a1\Downloads\AdwCleaner.exe
Deleted : C:\Users\a1\Downloads\adwcleaner_3.211.exe
Deleted : C:\Users\a1\Downloads\adwcleaner_4.108.exe
Deleted : C:\Users\a1\Downloads\adwcleaner_4.201.exe
Deleted : C:\Users\a1\Downloads\adwcleaner_4.205.exe
Deleted : C:\Users\a1\Downloads\esetsmartinstaller_enu(1).exe
Deleted : C:\Users\a1\Downloads\esetsmartinstaller_enu(2).exe
Deleted : C:\Users\a1\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\a1\Downloads\JRT(1).exe
Deleted : C:\Users\a1\Downloads\JRT.exe
Deleted : C:\Users\a1\Downloads\MiniToolBox(1).exe
Deleted : C:\Users\a1\Downloads\MiniToolBox.exe
Deleted : C:\Users\a1\Downloads\Result.txt
Deleted : C:\Users\a1\Downloads\SecurityCheck(1).exe
Deleted : C:\Users\a1\Downloads\SecurityCheck.exe
Deleted : C:\Users\a1\Downloads\ZHPCleaner.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users