Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-Malware/Spyware Software Won't Remove Razor Web!


  • Please log in to reply
15 replies to this topic

#1 hishaamsiddiqi

hishaamsiddiqi

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:05 AM

Posted 15 June 2015 - 12:55 AM

Hello everyone!
 
I used BleepingComputer many, many years ago to save me from some nasty viruses, hopefully this wonderful community can save me again :)
 
Here's what I think happened: I downloaded this software from DVDVideoSoft, was half awake and accidentally did the recommende download instead of custom, and I think some malware/spyware was installed with it.
 
The symptoms include multiple pop up ads when browsing the internet, new ads on side bars and in Google searches, all of which say "Razor Web" on the bottom.
 
I've tried several solutions to removing Razor Web according to online guides with no success:
 
- going to Uninstall Program under Control Panel shows no Razor Web or unknown programs so it's hidden well
 
- Spybot Search & Destroy finds a handful of threats but for some reason always crashes when I attempt to "fix selected"
 
-Avast Antivirus Scan (which is my default anti virus software) finds no threats when scanning
 
-Malwarebytes Anti-Malware does a complete scan, fixes threats, and yet the ads persist
 
-AdwCleaner does a complete scan, fixes threats, and yet the ads persist
 
-JRT (Junkware Removal Tool) does a complete scan, fixes threats, and yet the ads persist
 
-HitmanPro finds a lot of threats yet my trial is over and requires payment to fix the threats

 
At this point I'm no longer sure what to do, 3/6 programs have fixed threats and yet the ads persist, and the other 3 programs either don't work or require payment.
 
I'd appreciate any help!
 
All the best.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 15 June 2015 - 04:24 PM

Remove - Spybot Search & Destroy reboot, reinstall it at a later time.....

 

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Edited by InadequateInfirmity, 15 June 2015 - 04:24 PM.


#3 hishaamsiddiqi

hishaamsiddiqi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:05 AM

Posted 16 June 2015 - 01:52 AM

Hello!

 

Thank you for your response. I have ran all the programs you asked me to. Below are the logs. 

 

eScanAV

 

15 Jun 2015 21:48:50 [0184] - **********************************************************

15 Jun 2015 21:48:50 [0184] - MWAV - eScanAV AntiVirus Toolkit.
15 Jun 2015 21:48:50 [0184] - Copyright © MicroWorld Technologies
15 Jun 2015 21:48:50 [0184] - **********************************************************
15 Jun 2015 21:48:50 [0184] - Source: C:\Users\Hishaam\Downloads\mwav.exe
15 Jun 2015 21:48:50 [0184] - Version 14.0.178 (C:\USERS\HISHAAM\APPDATA\LOCAL\TEMP\MEXE.COM)
15 Jun 2015 21:48:50 [0184] - Log File: C:\Users\Hishaam\AppData\Local\Temp\MWAV.LOG
15 Jun 2015 21:48:50 [0184] - MWAV Registered: TRUE
15 Jun 2015 21:48:50 [0184] - User Account: Hishaam (Administrator Mode)
15 Jun 2015 21:48:50 [0184] - OS Type: Windows Workstation [InstallType: Client]
15 Jun 2015 21:48:50 [0184] - OS: Windows 7 64-Bit [OS Install Date: 28 Mar 2012 06:36:56]
15 Jun 2015 21:48:50 [0184] - Ver: Personal Service Pack 1 (Build 7601)
15 Jun 2015 21:48:50 [0184] - System Up Time: 28 Minutes, 33 Seconds
15 Jun 2015 21:48:50 [0184] - Parent Process Name : C:\Users\Hishaam\Downloads\mwav.exe
15 Jun 2015 21:48:50 [0184] - Windows Root  Folder: C:\Windows
15 Jun 2015 21:48:50 [0184] - Windows Sys32 Folder: C:\Windows\system32
15 Jun 2015 21:48:50 [0184] - DHCP NameServer: 192.168.1.1
15 Jun 2015 21:48:50 [0184] - Interface0 DHCPNameServer: 192.168.1.1
15 Jun 2015 21:48:50 [0184] - Interface1 DHCPNameServer: 8.8.8.8 8.8.4.4
15 Jun 2015 21:48:50 [0184] - Interface2 DHCPNameServer: 192.168.1.1
15 Jun 2015 21:48:50 [0184] - ProxyServer: localhost:8080
15 Jun 2015 21:48:50 [0184] - ProxyOverride: 
15 Jun 2015 21:48:50 [0184] - Proxy Connection: DISABLED
15 Jun 2015 21:48:50 [0184] - Local Fixed Drives: c:\,d:\
15 Jun 2015 21:48:50 [0184] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
15 Jun 2015 21:48:50 [0184] - [CREATED ZIP FILE: C:\Users\Hishaam\AppData\Local\Temp\pinfect.zip]
15 Jun 2015 21:48:50 [0184] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
15 Jun 2015 21:48:52 [0184] - ** Deleted Value "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings/ProxyServer". Its value was: "localhost:8080"
15 Jun 2015 21:48:52 [0184] - ** Changed Value of "Path"
15 Jun 2015 21:48:52 [0184] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Hishaam\AppData\Local\Temp\ESCANDB.LOG]
15 Jun 2015 21:48:53 [0184] - Loaded/Created FileScan Cache Database...
15 Jun 2015 21:48:53 [0184] - Loading AV Library [DB]...
15 Jun 2015 21:49:17 [0184] - ArchiveScan: DISABLED
15 Jun 2015 21:49:18 [0184] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
15 Jun 2015 21:49:18 [0184] - MWAV doing self scanning...
15 Jun 2015 21:49:18 [0184] - MWAV files are clean.
15 Jun 2015 21:52:57 [0184] - ArchiveScan: DISABLED
15 Jun 2015 21:52:57 [0184] - Virus Database Date: 02 Mar 2015
15 Jun 2015 21:52:57 [0184] - Virus Database Count: 6701505
15 Jun 2015 21:52:57 [0184] - Sign Version: 7.59505 [518257]
 
15 Jun 2015 21:53:43 [0184] - **********************************************************
15 Jun 2015 21:53:43 [0184] - MWAV - eScanAV AntiVirus Toolkit.
15 Jun 2015 21:53:43 [0184] - Copyright © MicroWorld Technologies
15 Jun 2015 21:53:43 [0184] - 
15 Jun 2015 21:53:43 [0184] - Support: support@escanav.com
15 Jun 2015 21:53:43 [0184] - Web: http://www.escanav.com
15 Jun 2015 21:53:43 [0184] - **********************************************************
15 Jun 2015 21:53:43 [0184] - Version 14.0.178[DB] (C:\USERS\HISHAAM\APPDATA\LOCAL\TEMP\MEXE.COM)
15 Jun 2015 21:53:43 [0184] - Log File: C:\Users\Hishaam\AppData\Local\Temp\MWAV.LOG
15 Jun 2015 21:53:43 [0184] - User Account: Hishaam (Administrator Mode)
15 Jun 2015 21:53:43 [0184] - Parent Process Name : C:\Users\Hishaam\Downloads\mwav.exe
15 Jun 2015 21:53:43 [0184] - Windows Root  Folder: C:\Windows
15 Jun 2015 21:53:43 [0184] - Windows Sys32 Folder: C:\Windows\system32
15 Jun 2015 21:53:43 [0184] - OS: Windows 7 64-Bit [OS Install Date: 28 Mar 2012 06:36:56]
15 Jun 2015 21:53:43 [0184] - Ver: Personal Service Pack 1 (Build 7601)
15 Jun 2015 21:53:43 [0184] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
15 Jun 2015 21:53:43 [14a0] - Options Selected by User:
15 Jun 2015 21:53:43 [14a0] - Memory Check: Enabled
15 Jun 2015 21:53:43 [14a0] - Registry Check: Enabled
15 Jun 2015 21:53:43 [14a0] - StartUp Folder Check: Enabled
15 Jun 2015 21:53:43 [14a0] - System Folder Check: Enabled
15 Jun 2015 21:53:43 [14a0] - Services Check: Enabled
15 Jun 2015 21:53:43 [14a0] - Scan Spyware: Enabled
15 Jun 2015 21:53:43 [14a0] - Scan Archives: Disabled
15 Jun 2015 21:53:43 [14a0] - Drive Check: Enabled
15 Jun 2015 21:53:43 [14a0] - All Drive Check :Disabled
15 Jun 2015 21:53:43 [14a0] - Drive Selected = C:\
15 Jun 2015 21:53:43 [14a0] - Folder Check: Disabled
15 Jun 2015 21:53:43 [14a0] - SCAN: All_Files [ANSI]
15 Jun 2015 21:53:43 [14a0] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
15 Jun 2015 21:53:43 [14a0] - Scanning DNS Records...
15 Jun 2015 21:53:43 [14a0] - Scanning Master Boot Record (User)...
15 Jun 2015 21:53:43 [14a0] - Scanning Logical Boot Records...
15 Jun 2015 21:53:45 [14a0] - ***** Scanning For Hidden Rootkit Processes *****
15 Jun 2015 21:53:45 [14a0] - ***** Scanning For Hidden Rootkit Services *****
 
15 Jun 2015 21:53:46 [14a0] - ***** Scanning Memory Files *****
 
15 Jun 2015 21:53:55 [14a0] - ***** Scanning Registry Files *****
 
15 Jun 2015 21:53:58 [14a0] - ***** Scanning StartUp Folders *****
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Soda PDF 7\Installation\statistic.xml not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Animation Shop 3-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0858] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1118] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0003.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [159c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [03f8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0858] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1118] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [159c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0003.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0728] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [03f8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0003.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0858] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CoreMetrics-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1118] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CoreMetrics-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CoreMetrics-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0728] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0003.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [159c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [03f8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1118] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0003.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0728] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0858] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [03f8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0728] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\LinkSynergy-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\LinkSynergy-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [03f8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1118] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\LinkSynergy-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0858] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [159c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0728] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0003.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [03f8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1118] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectInput-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0858] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectInput-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [159c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectInput-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectInput-0003.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0728] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Paint-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [03f8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Paint Shop Pro 8-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1118] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Paint Shop Pro 8-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0858] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Paint Shop Pro 8-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [03f8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0003.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [159c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Paint Shop Pro 8-0003.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0728] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0858] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [159c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1118] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0728] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0858] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0003.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [03f8] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [159c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0000.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1118] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0001.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0728] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0002.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0003.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger1.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0728] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger14.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [03f8] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger11.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [159c] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger12.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0858] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger10.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger15.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger16.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger17.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0728] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger18.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [03f8] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger19.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [159c] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger2.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1118] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger20.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0858] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger21.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger22.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger23.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1118] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger3.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0728] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger25.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [03f8] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger26.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger24.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0858] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger4.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0dfc] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger5.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [17e8] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger6.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1118] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger7.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [0728] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger8.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [03f8] - C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger9.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [159c] - C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud.zip not Scanned. Possibly password protected...
15 Jun 2015 22:34:20 [1788] - C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud1.zip not Scanned. Possibly password protected...
 
15 Jun 2015 22:34:20 [14a0] - ***** Scanning Service Files *****
15 Jun 2015 22:34:20 [14a0] - Scanning File C:\Windows\system32\drivers\1394ohci.sys
15 Jun 2015 22:34:20 [14a0] - ERROR(2)!!! ScanFile Fails for C:\Windows\system32\drivers\1394ohci.sys...
15 Jun 2015 22:34:21 [14a0] - ERROR(2)!!! Invalid Entry \??\C:\Users\Hishaam\AppData\Local\Temp\ALSysIO64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\ALSysIO.
15 Jun 2015 22:34:31 [14a0] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
15 Jun 2015 22:34:33 [14a0] - ***** Scanning Registry and File system for Adware/Spyware *****
15 Jun 2015 22:34:34 [14a0] - Loading Spyware Signatures from new External Database [Name: C:\Users\Hishaam\AppData\Local\Temp\spydb.avs, Size: 464717]...
15 Jun 2015 22:34:34 [14a0] - Indexed Spyware Databases Successfully Created...
 
15 Jun 2015 22:34:35 [14a0] - Offending file found: C:\Users\Hishaam\AppData\Roaming\Mozilla\Firefox\Profiles\9abf5nvj.default\zotero\storage\342JKI6R\channels.js
15 Jun 2015 22:34:35 [14a0] - System found infected with ClipGenie Spyware/Adware (channels.js)! Action taken: File Deleted.
15 Jun 2015 22:34:35 [14a0] - Object "ClipGenie Spyware/Adware" found in File System! Action Taken: File Deleted.
 
15 Jun 2015 22:34:39 [14a0] - Offending file found: C:\Users\Hishaam\AppData\Roaming\Mozilla\Firefox\Profiles\9abf5nvj.default\zotero\storage\76BM5H6D\channels.js
15 Jun 2015 22:34:39 [14a0] - System found infected with ClipGenie Spyware/Adware (channels.js)! Action taken: File Deleted.
15 Jun 2015 22:34:39 [14a0] - Object "ClipGenie Spyware/Adware" found in File System! Action Taken: File Deleted.
 
15 Jun 2015 22:34:40 [14a0] - Offending file found: C:\Users\Hishaam\AppData\Roaming\Mozilla\Firefox\Profiles\9abf5nvj.default\zotero\storage\82E9TCTH\channels.js
15 Jun 2015 22:34:40 [14a0] - System found infected with ClipGenie Spyware/Adware (channels.js)! Action taken: File Deleted.
15 Jun 2015 22:34:40 [14a0] - Object "ClipGenie Spyware/Adware" found in File System! Action Taken: File Deleted.
 
15 Jun 2015 22:34:43 [14a0] - Offending file found: C:\Users\Hishaam\AppData\Roaming\Mozilla\Firefox\Profiles\9abf5nvj.default\zotero\storage\B7A4E24Q\channels.js
15 Jun 2015 22:34:43 [14a0] - System found infected with ClipGenie Spyware/Adware (channels.js)! Action taken: File Deleted.
15 Jun 2015 22:34:43 [14a0] - Object "ClipGenie Spyware/Adware" found in File System! Action Taken: File Deleted.
 
15 Jun 2015 22:34:47 [14a0] - Offending file found: C:\Users\Hishaam\AppData\Roaming\Mozilla\Firefox\Profiles\9abf5nvj.default\zotero\storage\H8MHZZ5I\data.png
15 Jun 2015 22:34:47 [14a0] - System found infected with Fix Tool Corrupted Adware/Spyware (data.png)! Action taken: File Deleted.
15 Jun 2015 22:34:47 [14a0] - Object "Fix Tool Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
 
15 Jun 2015 22:34:48 [14a0] - Offending file found: C:\Users\Hishaam\AppData\Roaming\Mozilla\Firefox\Profiles\9abf5nvj.default\zotero\storage\IMJXSUH2\43
15 Jun 2015 22:34:48 [14a0] - System found infected with XPAntivirus (43)! Action taken: File Deleted.
15 Jun 2015 22:34:48 [14a0] - Object "XPAntivirus" found in File System! Action Taken: File Deleted.
 
15 Jun 2015 22:34:53 [14a0] - Offending file found: C:\Users\Hishaam\AppData\Roaming\Mozilla\Firefox\Profiles\9abf5nvj.default\zotero\storage\QUAZA87H\channels.js
15 Jun 2015 22:34:53 [14a0] - System found infected with ClipGenie Spyware/Adware (channels.js)! Action taken: File Deleted.
15 Jun 2015 22:34:53 [14a0] - Object "ClipGenie Spyware/Adware" found in File System! Action Taken: File Deleted.
 
15 Jun 2015 22:34:53 [14a0] - Offending file found: C:\Users\Hishaam\AppData\Roaming\Mozilla\Firefox\Profiles\9abf5nvj.default\zotero\storage\QX3EX24F\channels.js
15 Jun 2015 22:34:53 [14a0] - System found infected with ClipGenie Spyware/Adware (channels.js)! Action taken: File Deleted.
15 Jun 2015 22:34:53 [14a0] - Object "ClipGenie Spyware/Adware" found in File System! Action Taken: File Deleted.
 
15 Jun 2015 22:34:56 [14a0] - Offending file found: C:\Users\Hishaam\AppData\Roaming\Mozilla\Firefox\Profiles\9abf5nvj.default\zotero\storage\U423TBMD\channels.js
15 Jun 2015 22:34:56 [14a0] - System found infected with ClipGenie Spyware/Adware (channels.js)! Action taken: File Deleted.
15 Jun 2015 22:34:56 [14a0] - Object "ClipGenie Spyware/Adware" found in File System! Action Taken: File Deleted.
 
15 Jun 2015 22:34:57 [14a0] - Offending file found: C:\Users\Hishaam\AppData\Roaming\Mozilla\Firefox\Profiles\9abf5nvj.default\zotero\storage\UXZV5U7Z\channels.js
15 Jun 2015 22:34:57 [14a0] - System found infected with ClipGenie Spyware/Adware (channels.js)! Action taken: File Deleted.
15 Jun 2015 22:34:57 [14a0] - Object "ClipGenie Spyware/Adware" found in File System! Action Taken: File Deleted.
 
15 Jun 2015 22:34:58 [14a0] - Offending file found: C:\Users\Hishaam\AppData\Roaming\Mozilla\Firefox\Profiles\9abf5nvj.default\zotero\storage\VRTNJCZ7\data.png
15 Jun 2015 22:34:58 [14a0] - System found infected with Fix Tool Corrupted Adware/Spyware (data.png)! Action taken: File Deleted.
15 Jun 2015 22:34:58 [14a0] - Object "Fix Tool Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
 
 
15 Jun 2015 22:35:02 [14a0] - ***** Scanning Registry Files *****
15 Jun 2015 22:35:03 [14a0] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
15 Jun 2015 22:35:03 [14a0] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
15 Jun 2015 22:35:03 [14a0] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
15 Jun 2015 22:35:03 [14a0] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
15 Jun 2015 22:35:03 [14a0] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
15 Jun 2015 22:35:03 [14a0] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
15 Jun 2015 22:35:03 [14a0] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.google.com
15 Jun 2015 22:35:03 [14a0] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.google.com
15 Jun 2015 22:35:03 [14a0] - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.google.com
15 Jun 2015 22:35:03 [14a0] - ** Value in 64-bit HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.google.com
 
15 Jun 2015 22:35:03 [14a0] - ***** Scanning System32 Folders *****
 
 
15 Jun 2015 22:35:18 [14a0] - ***** Scanning Drive C:\ *****
15 Jun 2015 22:35:23 [1788] - Scanning File C:\HP\HPQWare\Favs\sr-Latn-CS\all\HP\Poridte si Skype – stažení zdarma.url
15 Jun 2015 22:37:22 [1788] - C:\Program Files (x86)\Soda PDF 7\localization\en\messages.dat not Scanned. Possibly password protected...
15 Jun 2015 22:37:22 [0858] - C:\Program Files (x86)\Soda PDF 7\localization\de\messages.dat not Scanned. Possibly password protected...
15 Jun 2015 22:37:22 [03f8] - C:\Program Files (x86)\Soda PDF 7\localization\es\messages.dat not Scanned. Possibly password protected...
15 Jun 2015 22:37:22 [1788] - C:\Program Files (x86)\Soda PDF 7\localization\fr\messages.dat not Scanned. Possibly password protected...
15 Jun 2015 22:37:22 [03f8] - C:\Program Files (x86)\Soda PDF 7\localization\it\messages.dat not Scanned. Possibly password protected...
15 Jun 2015 22:37:22 [0dfc] - C:\Program Files (x86)\Soda PDF 7\localization\ja\messages.dat not Scanned. Possibly password protected...
15 Jun 2015 22:37:23 [159c] - C:\Program Files (x86)\Soda PDF 7\localization\pt\messages.dat not Scanned. Possibly password protected...
15 Jun 2015 22:37:23 [1788] - C:\Program Files (x86)\Soda PDF 7\localization\ru\messages.dat not Scanned. Possibly password protected...
15 Jun 2015 22:37:24 [17e8] - ScanFile (C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe) took 5180 ms
15 Jun 2015 22:48:55 [17e8] - Scanning File C:\Users\Hishaam\Pictures\Architecture\Ra° charm i verkstaden-2.jpg
 
15 Jun 2015 22:56:15 [14a0] - ***** Checking for specific ITW Viruses *****
 
15 Jun 2015 22:56:16 [14a0] - ***** Scanning complete. *****
 
15 Jun 2015 22:56:16 [14a0] - Total Objects Scanned: 1284009
15 Jun 2015 22:56:16 [14a0] - Total Critical Objects: 11
15 Jun 2015 22:56:16 [14a0] - Total Disinfected Objects: 0
15 Jun 2015 22:56:16 [14a0] - Total Objects Renamed: 0
15 Jun 2015 22:56:16 [14a0] - Total Deleted Objects: 11
15 Jun 2015 22:56:16 [14a0] - Total Errors: 2
15 Jun 2015 22:56:16 [14a0] - Time Elapsed: 01:01:36
15 Jun 2015 22:56:16 [14a0] - Virus Database Date: 02 Mar 2015
15 Jun 2015 22:56:16 [14a0] - Virus Database Count: 6701505
15 Jun 2015 22:56:16 [14a0] - Sign Version: 7.59505 [518257]
 
15 Jun 2015 22:56:16 [14a0] - Scan Completed.
 

 

ZEMANA

 

Zemana AntiMalware 2.15.2.721 (Installed)

 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/15
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i5-2467M CPU @ 1.60GHz
BIOS Mode              : Legacy
CUID                   : 008CA4313F2F194987E74F
Scan Type              : Deep Scan
Duration               : 17m 0s
Scanned Objects        : 538311
Detected Objects       : 6
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------
 
Firefox Search
Status             : Scanned
Object             : Dictionary - http://dictionary.reference.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Firefox Search
 
Firefox Homepage
Status             : Scanned
Object             : http://www.outfox.tv?referid=180
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Firefox Homepage
 
Chrome Startup Url
Status             : Scanned
Object             : http://www.outfox.tv?referid=180
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Chrome Startup Url
 
ninja-setup-3.0.6.exe
Status             : Scanned
Object             : %userprofile%\downloads\ninja-setup-3.0.6.exe
MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher          : -
Size               : 2507200
Version            : 0.0.0.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\ninja-setup-3.0.6.exe
 
2eb444fc-a360-4ad0-b52c-ffb49c334b36.dll
Status             : Scanned
Object             : %programw6432%\avast software\avast\setup\2eb444fc-a360-4ad0-b52c-ffb49c334b36.dll
MD5                : 5BB431C199BCCC37AEAD85383BC1784E
Publisher          : -
Size               : 65536
Version            : -
Detection          : Malware:Win32/Generic!Erel
Cleaning Action    : Quarantine
Traces             :
                File - %programw6432%\avast software\avast\setup\2eb444fc-a360-4ad0-b52c-ffb49c334b36.dll
 
EndProcess.exe
Status             : Scanned
Object             : %homedrive%\hp\bin\endprocess.exe
MD5                : FB9F5EFC10280F3659DCE48069725C3C
Publisher          : -
Size               : 55296
Version            : -
Detection          : Malware:Win32/Fooster.A!Eake
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\hp\bin\endprocess.exe
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 6
Reported as safe      : 0
Failed                : 0
 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.8 (06.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by Hishaam on Mon 06/15/2015 at 23:36:37.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B7BE32567FA160728BF35754F38B5B77
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Hishaam\appdata\local\google\chrome\user data\default\local storage\hxxp_static.boostsaves.com_0.localstorage
Successfully deleted: [File] C:\Users\Hishaam\appdata\local\google\chrome\user data\default\local storage\hxxp_static.boostsaves.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Hishaam\appdata\local\google\chrome\user data\default\local storage\hxxps_static.boostsaves.com_0.localstorage
Successfully deleted: [File] C:\Users\Hishaam\appdata\local\google\chrome\user data\default\local storage\hxxps_static.boostsaves.com_0.localstorage-journal
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Hishaam\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Hishaam\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Hishaam\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Hishaam\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/15/2015 at 23:43:20.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Adware

 

# AdwCleaner v4.206 - Logfile created 15/06/2015 at 23:47:18

# Updated 01/06/2015 by Xplode
# Database : 2015-06-14.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Hishaam - HISHAAM-HP
# Running from : C:\Users\Hishaam\Downloads\adwcleaner_4.206 (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : mcaudrv_simple
[#] Service Deleted : ManyCam
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Windows\System32\drivers\mcaudrv_x64.sys
File Deleted : C:\Windows\System32\drivers\mcvidrv.sys
File Deleted : C:\Users\Hishaam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Deleted : C:\Users\Hishaam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v43.0.2357.124
 
 
*************************
 
AdwCleaner[R0].txt - [5266 bytes] - [31/12/2013 21:22:35]
AdwCleaner[R1].txt - [2326 bytes] - [13/06/2015 12:23:38]
AdwCleaner[R2].txt - [2385 bytes] - [13/06/2015 12:26:34]
AdwCleaner[R3].txt - [1101 bytes] - [13/06/2015 18:14:17]
AdwCleaner[R4].txt - [1614 bytes] - [15/06/2015 23:45:49]
AdwCleaner[S0].txt - [5351 bytes] - [31/12/2013 21:24:16]
AdwCleaner[S1].txt - [2497 bytes] - [13/06/2015 12:28:07]
AdwCleaner[S2].txt - [1559 bytes] - [15/06/2015 23:47:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1618  bytes] ##########
 


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 17 June 2015 - 08:43 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#5 hishaamsiddiqi

hishaamsiddiqi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:05 AM

Posted 18 June 2015 - 06:14 PM

Thank you for your response! I ran the programs as stated. Here are the log files.

 

Adware Removal Tool


 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 

 
Adware Removal Tool v3.9
Time: 2015_06_17_19_56_53
OS: Windows 7 - 64 Bit
Account Name: Hishaam
U0L0S53
 
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
Deleted - File - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
Deleted - File - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Deleted - File - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe_temp
Deleted - File - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.ini
Deleted - File - C:\program files (x86)\Wondershare\MobileGo for Android\WSHelperSetup.exe
Deleted - File - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\MobileGo for Android\Uninstall Wondershare MobileGo for Android.lnk
Deleted - File - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\MobileGo for Android\Wondershare MobileGo for Android.lnk
Deleted - File - C:\Users\Hishaam\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage
Deleted - File - C:\Users\Hishaam\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal
Deleted - File - C:\Users\Hishaam\Appdata\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
Deleted - File - C:\Users\Hishaam\Appdata\Roaming\Microsoft\Internet Explorer\Quick Launch\Wondershare MobileGo for Android.lnk
Deleted - File - C:\Users\Hishaam\Appdata\Roaming\Microsoft\Windows\SendTo\Wondershare MobileGo for Android.lnk
Deleted - File - C:\Users\Hishaam\Appdata\Roaming\Mozilla\Firefox\Profiles\9abf5nvj.default\zotero\storage\AN93K4PD\babylon_normal.jpg
Deleted - File - C:\Users\Hishaam\Appdata\Roaming\Mozilla\Firefox\Profiles\9abf5nvj.default\zotero\storage\CD5JN843\babylon_normal.jpg
Deleted - Folder - C:\program files (x86)\Common Files\Wondershare
Deleted - Folder - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact
Deleted - Folder - C:\program files (x86)\Wondershare
Deleted - Folder - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Deleted - Folder - C:\Users\Hishaam\Appdata\Local\Wondershare
Deleted - Folder - C:\Users\Hishaam\Appdata\Local\Wondershare\WSHelper
Deleted - Folder - C:\Users\Hishaam\Appdata\Roaming\Wondershare
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:tcp query user{c211739b-101a-44e9-a8a1-17ae15a8de39}c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:udp query user{1cceeee0-26b7-4647-9322-580ed9d5acdd}c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:tcp query user{6f6ccb54-225a-4346-86a4-5a4027af4020}c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:udp query user{787826f1-0873-47b6-b806-f6cb75f2b954}c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1:inno setup: app path
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1:installlocation
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1:displayname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1:displayicon
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1:uninstallstring
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1:quietuninstallstring
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1:publisher
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1:urlinfoabout
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1:helplink
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1:urlupdateinfo
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:tcp query user{c211739b-101a-44e9-a8a1-17ae15a8de39}c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:udp query user{1cceeee0-26b7-4647-9322-580ed9d5acdd}c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:tcp query user{6f6ccb54-225a-4346-86a4-5a4027af4020}c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:udp query user{787826f1-0873-47b6-b806-f6cb75f2b954}c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE:Wondershare
Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE:Wondershare
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
 
\\ Finished
 

 

ESET Scan


 

C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan cleaned by deleting - quarantined

 

 

Mini Toolbox

 


 

MiniToolBox by Farbar  Version: 11-05-2015 01

Ran by Hishaam (administrator) on 17-06-2015 at 23:29:20
Running from "C:\Users\Hishaam\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: HP Folio 13 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
Hosts file not detected in the default directory
========================= IP Configuration: ================================
 
Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter = Wireless Network Connection (Connected)
Bluetooth Personal Area Network = Local Area Connection (Media disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
EasyTether Network Adapter = Local Area Connection 3 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set subinterface interface=?; subinterface=ethernet_6 mtu=1477
set subinterface interface=?; subinterface=ethernet_7 mtu=1477
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Hishaam-HP
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home
 
Ethernet adapter Local Area Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : EasyTether Network Adapter
   Physical Address. . . . . . . . . : 02-00-54-74-68-72
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : C0-18-85-07-C4-A0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : B4-99-BA-F7-5D-30
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Personal Area Network
   Physical Address. . . . . . . . . : 7C-E9-D3-CB-50-86
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter
   Physical Address. . . . . . . . . : C0-18-85-07-C4-A0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::48a8:327f:831a:ea50%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.17(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, June 17, 2015 6:52:05 PM
   Lease Expires . . . . . . . . . . : Thursday, June 18, 2015 11:19:16 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 247470213
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-D6-AA-EE-C0-18-85-07-C4-A0
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5cf2:8c15:c34:2b3e:3f57:feee(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::c34:2b3e:3f57:feee%17(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{E6F1408F-5003-4EBA-99B4-6CEB7B7F9103}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{DD657BDD-444F-4D9B-8EAE-ED9F678028E0}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{AB100E8D-C02C-4C6F-9630-B41795389540}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4007:807::200e
 63.110.67.150
 63.110.67.148
 63.110.67.154
 63.110.67.149
 63.110.67.152
 63.110.67.151
 63.110.67.153
 63.110.67.155
 
 
Pinging google.com [63.110.67.148] with 32 bytes of data:
Reply from 63.110.67.148: bytes=32 time=7ms TTL=59
Reply from 63.110.67.148: bytes=32 time=7ms TTL=59
 
Ping statistics for 63.110.67.148:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 7ms, Maximum = 7ms, Average = 7ms
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=39ms TTL=52
Reply from 206.190.36.45: bytes=32 time=38ms TTL=52
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 38ms, Maximum = 39ms, Average = 38ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 19...02 00 54 74 68 72 ......EasyTether Network Adapter
 18...c0 18 85 07 c4 a0 ......Microsoft Virtual WiFi Miniport Adapter
 15...b4 99 ba f7 5d 30 ......Realtek PCIe GBE Family Controller
 14...7c e9 d3 cb 50 86 ......Bluetooth Personal Area Network
 11...c0 18 85 07 c4 a0 ......Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.17     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.17    286
     192.168.1.17  255.255.255.255         On-link      192.168.1.17    286
    192.168.1.255  255.255.255.255         On-link      192.168.1.17    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.17    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.17    286
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 17     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 17     58 2001::/32                On-link
 17    306 2001:0:5cf2:8c15:c34:2b3e:3f57:feee/128
                                    On-link
 11    286 fe80::/64                On-link
 17    306 fe80::/64                On-link
 17    306 fe80::c34:2b3e:3f57:feee/128
                                    On-link
 11    286 fe80::48a8:327f:831a:ea50/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
 11    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/17/2015 06:53:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17813, time stamp: 0x554a15f3
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000004ada4
Faulting process id: 0x17a8
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (06/17/2015 06:52:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/16/2015 10:23:11 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5044.  Message ID: [0x2509].
 
Error: (06/16/2015 10:13:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2015 11:56:32 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB2972107' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2972107_20150615_235620569-Microsoft .NET Framework 4.5.1-MSP0.txt.
 
Error: (06/15/2015 11:56:18 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB2979578v2' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2979578_20150615_235606670-Microsoft .NET Framework 4.5.1-MSP0.txt.
 
Error: (06/15/2015 11:56:05 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB2972216' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2972216_20150615_235547497-Microsoft .NET Framework 4.5.1-MSP0.txt.
 
Error: (06/15/2015 11:55:44 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB3037581' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB3037581_20150615_235528668-Microsoft .NET Framework 4.5.1-MSP0.txt.
 
Error: (06/15/2015 11:55:25 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB2898869' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2898869_20150615_235510743-Microsoft .NET Framework 4.5.1-MSP0.txt.
 
Error: (06/15/2015 11:55:05 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB3035490' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB3035490_20150615_235453973-Microsoft .NET Framework 4.5.1-MSP0.txt.
 
 
System errors:
=============
Error: (06/17/2015 11:29:10 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/17/2015 11:29:10 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/17/2015 11:28:52 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/17/2015 11:27:46 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/17/2015 11:27:26 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/17/2015 11:26:14 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/17/2015 11:25:51 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/17/2015 11:24:43 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/17/2015 11:24:43 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/17/2015 11:24:25 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Microsoft Office Sessions:
=========================
Error: (06/17/2015 06:53:10 PM) (Source: Application Error)(User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.1.7601.18869556366f2c0000005000000000004ada417a801d0a9698642b706C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dllc4f3b6b7-155c-11e5-a00d-7ce9d3cb5086
 
Error: (06/17/2015 06:52:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/16/2015 10:23:11 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5044.  Message ID: [0x2509].
 
Error: (06/16/2015 10:13:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2015 11:56:32 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.1KB29721071603C:\Windows\TEMP\KB2972107_20150615_235620569-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)
 
Error: (06/15/2015 11:56:18 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.1KB2979578v21603C:\Windows\TEMP\KB2979578_20150615_235606670-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)
 
Error: (06/15/2015 11:56:05 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.1KB29722161603C:\Windows\TEMP\KB2972216_20150615_235547497-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)
 
Error: (06/15/2015 11:55:44 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.1KB30375811603C:\Windows\TEMP\KB3037581_20150615_235528668-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)
 
Error: (06/15/2015 11:55:25 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.1KB28988691603C:\Windows\TEMP\KB2898869_20150615_235510743-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)
 
Error: (06/15/2015 11:55:05 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.1KB30354901603C:\Windows\TEMP\KB3035490_20150615_235453973-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)
 
 
=========================== Installed Programs ============================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.0.413 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (HKLM\...\{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}) (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-eb5c6e78-d2e0-4096-a46d-5dcc52c439b3) (Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2300 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.2300 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5822 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EasyTether (HKLM\...\{0C1903A4-8F36-4F34-AC70-A595ADB51F37}) (Version: 1.1.18 - Mobile Stream) Hidden
EasyTether (HKLM-x32\...\{c751b7eb-df27-4668-b05f-7457d2fa9e00}) (Version: 1.1.18 - Mobile Stream)
EasyTether ADB USB driver (HKLM\...\{F45DA6A7-AD7C-489A-B9E2-CCFC70A46A2A}) (Version: 1.0.1 - Mobile Stream)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E1311ACE-E2BB-41BC-A02C-7256E11E3A33}) (Version: 3.1.4 - Hewlett-Packard)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Fresco Logic USB3.0 Host Controller (HKLM\...\{01E66AC4-B28B-494C-993D-3CD17020BEBC}) (Version: 3.5.4.0 - Fresco Logic Inc.)
GMDesk (HKLM-x32\...\{6A9BD7FF-9F94-365A-8FD0-A27E9962BC7A}) (Version: 1.01 - UNKNOWN) Hidden
GMDesk (HKLM-x32\...\robertnyman.gmdesk.D5F5507284D8257BC26108689093DFA1D0D2BABB.1) (Version: 1.01 - UNKNOWN)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.8.208 - SurfRight B.V.)
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{00C14B63-9D12-4301-87AD-19D1D8E3C5D3}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{288591DE-4151-4E8E-A698-C6EFF5DF00F9}) (Version: 2.0.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP SimplePass PE 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6368.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.2.1001 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
ManyCam 4.0.77 (HKLM-x32\...\ManyCam) (Version: 4.0.77 - Visicom Media Inc.)
McAfee Scan and Repair 1.5.121 (HKLM-x32\...\McAfeeLiteScanner) (Version:  - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.316 - McAfee, Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
My Screen Recorder 3.0 (HKLM-x32\...\My Screen Recorder 3.0_is1) (Version:  - Deskshare Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.47.714.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Soda Manager (HKLM-x32\...\{2AEB6470-4B4B-435E-BF92-C40031A04BE0}) (Version: 7.0.0.21720 - LULU Software Limited) Hidden
Soda PDF 7 (HKLM-x32\...\Soda7) (Version: 7.2.12.23328 - LULU Software Limited)
Soda PDF 7 Asian Fonts Pack (HKLM-x32\...\{08714D21-5958-4B5E-8FAF-8C35038F0A6D}) (Version: 7.2.10.22987 - LULU Software Limited) Hidden
Soda PDF 7 Convert Module (HKLM-x32\...\{7D65DC42-5AF3-4DDE-9FF0-6213633FB01D}) (Version: 7.2.10.22987 - LULU Software Limited) Hidden
Soda PDF 7 Create Module (HKLM-x32\...\{21C153D2-CE0E-485D-8752-88BF7D39F226}) (Version: 7.2.10.22987 - LULU Software Limited) Hidden
Soda PDF 7 Edit Module (HKLM-x32\...\{BF776476-4BD7-4695-A5F5-CAD52647B66D}) (Version: 7.2.10.22987 - LULU Software Limited) Hidden
Soda PDF 7 Forms Module (HKLM-x32\...\{F382FBE5-8D27-40E8-BAA2-ADD44A68B546}) (Version: 7.2.10.22987 - LULU Software Limited) Hidden
Soda PDF 7 Insert Module (HKLM-x32\...\{3F9ED47F-AEA9-4D0D-B4D5-49AB62E453B4}) (Version: 7.2.10.22987 - LULU Software Limited) Hidden
Soda PDF 7 OCR Module (HKLM-x32\...\{34E81610-3D2B-4EB9-8560-F01A4D9C87A0}) (Version: 7.2.10.22987 - LULU Software Limited) Hidden
Soda PDF 7 Review Module (HKLM-x32\...\{2501071C-9EA0-44F9-8FD5-57903C5AF4A3}) (Version: 7.2.10.22987 - LULU Software Limited) Hidden
Soda PDF 7 Secure Module (HKLM-x32\...\{8E4D89F3-4C1E-4549-92FC-D0D4EC7C48F7}) (Version: 7.2.10.22987 - LULU Software Limited) Hidden
Soda PDF 7 View Module (HKLM-x32\...\{603DDF20-26F1-44AD-9422-221CEDF7D69D}) (Version: 7.2.10.22987 - LULU Software Limited) Hidden
Spotify (HKCU\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SurroundPhoto (HKLM-x32\...\{B97B1CDE-86CF-40BF-8209-26E5D946A2AC}) (Version:  - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
VideoFileDownload (HKLM-x32\...\vfd-ob) (Version: 1.0 - VideoFileDownload)
VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wipe (HKLM\...\wipe) (Version: 2015.05 - PrivacyRoot.com)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.15.721 - Zemana Ltd.)
Zoo Tycoon Demo (HKLM-x32\...\Zoo Tycoon Demo 1.0) (Version:  - )
 
========================= Devices: ================================
 
Name: ManyCam Virtual Webcam
Description: ManyCam Virtual Webcam
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Visicom Media Inc.
Service: ManyCam
Device ID: ROOT\MEDIA\0001
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: ManyCam Virtual Microphone
Description: ManyCam Virtual Microphone
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Visicom Media Inc.
Service: mcaudrv_simple
Device ID: ROOT\MEDIA\0002
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 72%
Total physical RAM: 4041.43 MB
Available physical RAM: 1101.14 MB
Total Pagefile: 7204.3 MB
Available Pagefile: 4331.29 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.05 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:96.94 GB) (Free:4.63 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:18.01 GB) (Free:1.93 GB) NTFS
3 Drive g: () (Removable) (Total:14.83 GB) (Free:1.62 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\HISHAAM-HP
 
Administrator            Guest                    Hishaam                  
 
 
**** End of log ****
 

 

 

Security Check

 


 

Results of screen317's Security Check version 1.004  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Zemana AntiMalware    
 JavaFX 2.1.0    
 Java 7 Update 71  
 Java version 32-bit out of Date! 
  Adobe Flash Player 17.0.0.188 Flash Player out of Date!  
 Adobe Reader 10.1.14 Adobe Reader out of Date!  
 Google Chrome (43.0.2357.124) 
````````Process Check: objlist.exe by Laurent````````  
 Zemana AntiMalware ZAM.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 32% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

 

 

ZHP Cleaner

 


 

~ ZHPCleaner v2015.6.17.277 by Nicolas Coolman (2015\06\17)

~ Run by Hishaam (Administrator)  (17/06/2015 20:52:44)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Hishaam\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Hishaam\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious items found.
 
 
---\\  Browser internet (0)
~ No malicious items found.
 
 
---\\  Hosts file (0)
~ No malicious items found.
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious items found.
 
 
---\\  Explorer ( File, Folder) (4)
MOVED file: C:\Users\Hishaam\Downloads\SpyHunter-Installer.exe [Enigma Software Group USA, LLC. - Enigma Installer] (PUP.EnigmaSoftware)
MOVED folder*: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)
MOVED folder*: C:\Users\Hishaam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter (Crapware.SpyHunter)
MOVED folder*: C:\sh4ldr (Crapware.SpyHunter)
 
 
---\\  Registry ( Key, Value, Data) (7)
DELETED key*: HKEY_USERS\S-1-5-21-3743248492-2333700107-2656714065-1000\Software\DesktopContainer [] (PUP.OutfoxTV)
DELETED key: HKCU\Software\DesktopContainer [] (PUP.OutfoxTV)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant [YTBAutoSearchAssistant Class] (PUP.SearchAssist)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1 [YTBAutoSearchAssistant Class] (PUP.SearchAssist)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OutfoxTV [C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe (Not File)] (PUP.OutfoxTV)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\OutfoxTV [] (PUP.OutfoxTV)
DELETED value: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B7BE32567FA160728BF35754F38B5B77 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window] (PUP.CrossBrowse)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 5523
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 11
 
 
End of clean at 20:53:58
===================
ZHPCleaner-[R]-17062015-20_53_58.txt
ZHPCleaner-[S]-17062015-20_49_47.txt
 


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 18 June 2015 - 07:29 PM

I also suggest that you install Crystal Security.

http://www.crystalsecurity.eu/ Run a advanced scan with crystal security.

 

Then do the following.

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt

Edited by InadequateInfirmity, 18 June 2015 - 07:36 PM.


#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 18 June 2015 - 07:34 PM

Your machine is running low on space....

1 Drive c: () (Fixed) (Total:96.94 GB) (Free:4.63 GB) NTFS

 

I suggest a full clean with privazer http://privazer.com/

 

Also update java adobe flash and adobe reader.

 

https://www.java.com/en/

https://get.adobe.com/flashplayer/

https://get.adobe.com/reader/

 

Make sure and untick any additional offers when isntalling these programs, also prior to installing remove older versions...



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 18 June 2015 - 07:42 PM

I would really consider removing spybot as it is useless....

http://www.bleepingcomputer.com/forums/t/523119/spybot-search-and-destroy-shadow-of-its-former-self/



#9 hishaamsiddiqi

hishaamsiddiqi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:05 AM

Posted 19 June 2015 - 01:15 PM

Thank you for your response!
 
I have installed Crystal Security, ran the programs you asked me to, did a full clean with privazer, updated Adobe & Java, and removed Spybot.
 
Here are the logs:
 
Malware Bytes

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 6/18/2015
Scan Time: 11:58:12 PM
Logfile: Malwarebytes.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.19.01
Rootkit Database: v2015.06.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Hishaam
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404490
Time Elapsed: 13 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 6
PUP.Optional.PricePeep.A, C:\Users\Hishaam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Delete-on-Reboot, [0a8303b9107a0b2b438dd71df40ff60a], 
PUP.Optional.PricePeep.A, C:\Users\Hishaam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Delete-on-Reboot, [56371aa20b7f2214864a50a410f3b34d], 
PUP.Optional.BoostSaves.A, C:\Users\Hishaam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [325bf0cc47430531d9eabe4a9b69a15f], 
PUP.Optional.BoostSaves.A, C:\Users\Hishaam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, Delete-on-Reboot, [eda04d6ff69441f59330d434f212d828], 
PUP.Optional.Boost.A, C:\Users\Hishaam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [25689f1dabdfed49aad02af606fe936d], 
PUP.Optional.Boost.A, C:\Users\Hishaam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Delete-on-Reboot, [a7e6ac10484293a3f486f52b2dd7629e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
9LAB

 

9-lab Removal Tool 1.0.0.36 BETA

9-lab.com
 
Database version: 0.0
 
Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17843
Hishaam :: HISHAAM-HP
 
6/19/2015 12:15:48 AM
9lab-log-2015-06-19 (00-15-48).txt
 
Scan type: Full
Objects scanned: 42654
Time Elapsed: 24 m 26 s
 
Registry Values detected: 1
Risk.IEPath [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command (Default)]
 
 
  • mbar-log-{date} (xx-xx-xx).txt

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004

www.malwarebytes.org
 
Database version:
  main:    v2015.06.19.01
  rootkit: v2015.06.15.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Hishaam :: HISHAAM-HP [administrator]
 
6/19/2015 12:47:32 AM
mbar-log-2015-06-19 (00-47-32).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 405910
Time elapsed: 9 minute(s), 53 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

 

 

system-log.txt

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17843
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 4237750272, free: 1238335488
 
Downloaded database version: v2015.06.19.01
Downloaded database version: v2015.06.15.01
Downloaded database version: v2015.06.15.01
=======================================
Initializing...
------------ Kernel report ------------
     06/19/2015 00:47:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Windows\System32\drivers\zamguard64.sys
\??\C:\Windows\System32\drivers\zam64.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\easytthr.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\FLxHCIc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\irstrtdv.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\FLxHCIh.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\bcbtums.sys
\??\C:\Windows\system32\drivers\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwdpan.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\WUDFRd.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\mrxdav.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.06.19.01
  rootkit: v2015.06.15.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006aa4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006aa4ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006aa4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800426a050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7C9697F5
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 203288576
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 203698176  Numsec = 37773312
 
    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 241471488  Numsec = 8595456
 
Disk Size: 128035676160 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007d29790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d2a040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007d29790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007b4d830, DeviceName: \Device\00000076\, DriverName: \Driver\RSPCIESTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
 
Partition information:
 
    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8192  Numsec = 31108096
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 15931539456 bytes
Sector size: 512 bytes
 
Done!
File "c:\programdata\avast software\avast\log\avastsvc.log" is compressed (flags = 1)
File "c:\programdata\avast software\avast\log\avastui.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\CommChannel.Protocol.log" is compressed (flags = 1)
File "c:\programdata\avast software\avast\log\grimefighter.log" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5340768B8FA0D72567D3A1716EEB53FEE73197BE.bin.VE1" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5340768B8FA0D72567D3A1716EEB53FEE73197BE.bin.VF" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 


#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 19 June 2015 - 08:24 PM

You never allowed 9-lab to update....

 

9-lab Removal Tool 1.0.0.36 BETA

9-lab.com
 
Database version: 0.0
Update run a full scan, post new log tell me how machine is running.


#11 hishaamsiddiqi

hishaamsiddiqi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:05 AM

Posted 19 June 2015 - 10:58 PM

Sorry about that, the program didn't have an update button and said it would update automatically. Here is the new log. Unfortunately there are still RazorWeb ads all over Chrome.

 


 

9-lab Removal Tool 1.0.0.36 BETA

9-lab.com
 
Database version: 106.32030
 
Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17843
Hishaam :: HISHAAM-HP
 
6/19/2015 8:00:35 PM
9lab-log-2015-06-19 (20-00-35).txt
 
Scan type: Full
Objects scanned: 43215
Time Elapsed: 33 m 34 s
 
Files detected: 10
[B9FF555660A02DC4D3EAFF58357BE02A] Trojan.FPL.Rotbrow.vb [c:\users\hishaam\appdata\roaming\ZHP\Quarantine]
[126C7977485C105B301B30C1A8CF53BD] Trojan.FPL.Rotbrow.vb [c:\users\hishaam\appdata\roaming\ZHP\Tempo.txt]
[0DF05904E6C806CD02E6B247E53B1194] Trojan.FPL.Rotbrow.vb [c:\users\hishaam\appdata\roaming\ZHP\Trace.txt]
[0AE4C571DE1D99A8AA204D5C7B8EEE59] Trojan.FPL.Rotbrow.vb [c:\users\hishaam\appdata\roaming\ZHP\ZHPCleaner-[R]-17062015-20_53_58.txt]
[734130A20328545524FD9D71FC8A02AB] Trojan.FPL.Rotbrow.vb [c:\users\hishaam\appdata\roaming\ZHP\ZHPCleaner-[S]-17062015-20_49_47.txt]
[9F7B3EE584ADB2ECE38A2903A843F1FE] Trojan.FPL.Rotbrow.vb [c:\users\hishaam\appdata\roaming\ZHP\ZHPCleaner.exe]
[7EAA88956799F03CFC4895638B81C730] Trojan.FPL.Rotbrow.vb [c:\users\hishaam\appdata\roaming\ZHP\ZHPCleaner.txt]
[7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vb [c:\users\hishaam\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[DC39DD9A34DF295FCBAE441D9C600A08] Trojan.FPL.Rotbrow.vb [c:\users\hishaam\appdata\roaming\ZHP\ZHPCleaner_Tempo.txt]
[32A6DF0AD80253D028934EC6CDDA1E27] Trojan.FPL.Rotbrow.vb [c:\users\hishaam\appdata\roaming\ZHP\ZHPQ_Files.txt]
 
 


#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 20 June 2015 - 12:59 PM

If you have not done so then please remove spybot as suggested.

 

Run a full scan with Reason Core Security

 

pd9wnxI.jpg

Remove infections reboot.

 

 

Run an advanced scan with  Crystal Security.

 

YwB0fU0.jpg

Remove infections reboot.

 

Reset your browser to default. (Chrome)


How to Reset Your Web Browser To Its Default Settings


Edited by InadequateInfirmity, 20 June 2015 - 01:01 PM.


#13 hishaamsiddiqi

hishaamsiddiqi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:05 AM

Posted 22 June 2015 - 12:25 PM

Hello, I ran full scans with both software, neither found anything to remove. I still have Razor Web ads popping up however.

 

 

 

oarn94.png



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 22 June 2015 - 01:38 PM

Save bookmarks in chrome.

http://www.wikihow.com/Export-Bookmarks-from-Chrome

 

Remove Chrome with Revo Free.

http://www.revouninstaller.com/revo_uninstaller_free_download.html

 

Reboot then reinstall chrome, if you are still having issues then reset your router back to factory settings,

http://setuprouter.com/networking/how-to-reset-your-router/

 

Let me know how things turn out.



#15 hishaamsiddiqi

hishaamsiddiqi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:05 AM

Posted 22 June 2015 - 06:50 PM

Hey thanks, that seemed to do the trick! I appreciate your help!

 

Would you say it's safe to uninstall all the various anti-malware programs we tried? Would you recommend I keep any of them? CCCleaner, Reason Core Security etc






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users