Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

what is megasoft security


  • Please log in to reply
24 replies to this topic

#1 bennykyu

bennykyu

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 23 June 2015 - 08:32 AM

what is megasoft security?it come together with some software i dl recently, my pc performance drops when its appears on my pc, what should i do?



BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 23 June 2015 - 04:10 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 bennykyu

bennykyu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 24 June 2015 - 11:11 AM

MWVA
 
24 Jun 2015 23:28:36 [1208] - **********************************************************
24 Jun 2015 23:28:36 [1208] - MWAV - eScanAV AntiVirus Toolkit.
24 Jun 2015 23:28:36 [1208] - Copyright ?MicroWorld Technologies
24 Jun 2015 23:28:36 [1208] - **********************************************************
24 Jun 2015 23:28:36 [1208] - Source: C:\Users\Benny\Downloads\mwav.exe
24 Jun 2015 23:28:36 [1208] - Version 14.0.189 (C:\USERS\BENNY\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
24 Jun 2015 23:28:36 [1208] - Log File: C:\Users\Benny\AppData\Local\Temp\MWAV.LOG
24 Jun 2015 23:28:36 [1208] - MWAV Registered: TRUE
24 Jun 2015 23:28:36 [1208] - User Account: Benny (Administrator Mode)
24 Jun 2015 23:28:36 [1208] - OS Type: Windows Workstation [InstallType: Client]
24 Jun 2015 23:28:36 [1208] - OS: Windows 8 64-Bit [OS Install Date: 10 Nov 2013 14:52:14]
24 Jun 2015 23:28:36 [1208] - Ver: Professional Build 9200
24 Jun 2015 23:28:36 [1208] - System Up Time: 45 Minutes, 40 Seconds
 
 
24 Jun 2015 23:28:36 [1208] - Windows Root  Folder: C:\Windows
24 Jun 2015 23:28:36 [1208] - Windows Sys32 Folder: C:\Windows\system32
24 Jun 2015 23:28:36 [1208] - DHCP NameServer: 192.168.1.254
24 Jun 2015 23:28:36 [1208] - Interface0 DHCPNameServer: 192.168.0.1
24 Jun 2015 23:28:36 [1208] - Interface1 DHCPNameServer: 192.168.1.254
24 Jun 2015 23:28:36 [1208] - Interface2 DHCPNameServer: 10.211.254.254 8.8.8.8
24 Jun 2015 23:28:36 [1208] - Local Fixed Drives: c:\,d:\
24 Jun 2015 23:28:36 [1208] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
24 Jun 2015 23:28:36 [1208] - [CREATED ZIP FILE: C:\Users\Benny\AppData\Local\Temp\pinfect.zip]
24 Jun 2015 23:28:36 [1208] - Command Line Options Given: /xsign
24 Jun 2015 23:28:36 [1208] - Latest Date of files inside MWAV: Wed Jun 24 17:21:23 2015.
24 Jun 2015 23:28:38 [1208] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Benny\AppData\Local\Temp\ESCANDB.LOG]
24 Jun 2015 23:28:38 [1208] - Loaded/Created FileScan Cache Database...
24 Jun 2015 23:28:38 [1208] - Loading AV Library [DB]...
24 Jun 2015 23:28:58 [1208] - ArchiveScan: DISABLED
24 Jun 2015 23:28:59 [1208] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].
24 Jun 2015 23:28:59 [1208] - MWAV doing self scanning...
24 Jun 2015 23:33:15 [1208] - MWAV files are clean.
24 Jun 2015 23:33:15 [1208] - ArchiveScan: DISABLED
24 Jun 2015 23:33:15 [1208] - Virus Database Date: 24 Jun 2015
24 Jun 2015 23:33:15 [1208] - Virus Database Count: 5704914
24 Jun 2015 23:33:15 [1208] - Sign Version: 7.61223 [519975]
24 Jun 2015 23:33:18 [1208] - Downloading AntiVirus and Anti-Spyware Databases...
24 Jun 2015 23:33:20 [1208] - Nothing new to download.  Updates are the latest.
 
24 Jun 2015 23:33:49 [1208] - **********************************************************
24 Jun 2015 23:33:49 [1208] - MWAV - eScanAV AntiVirus Toolkit.
24 Jun 2015 23:33:49 [1208] - Copyright ?MicroWorld Technologies
24 Jun 2015 23:33:49 [1208] - 
24 Jun 2015 23:33:49 [1208] - Support: support@escanav.com
24 Jun 2015 23:33:49 [1208] - Web: http://www.escanav.com
24 Jun 2015 23:33:49 [1208] - **********************************************************
24 Jun 2015 23:33:49 [1208] - Version 14.0.189[DB] (C:\USERS\BENNY\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
24 Jun 2015 23:33:49 [1208] - Log File: C:\Users\Benny\AppData\Local\Temp\MWAV.LOG
24 Jun 2015 23:33:49 [1208] - User Account: Benny (Administrator Mode)
24 Jun 2015 23:33:49 [1208] - Windows Root  Folder: C:\Windows
24 Jun 2015 23:33:49 [1208] - Windows Sys32 Folder: C:\Windows\system32
24 Jun 2015 23:33:49 [1208] - OS: Windows 8 64-Bit [OS Install Date: 10 Nov 2013 14:52:14]
24 Jun 2015 23:33:49 [1208] - Ver: Professional Build 9200
24 Jun 2015 23:33:49 [1208] - Latest Date of files inside MWAV: Wed Jun 24 17:21:23 2015.
24 Jun 2015 23:33:49 [1208] - Priority: NORMAL
 
24 Jun 2015 23:33:49 [1368] - Options Selected by User:
24 Jun 2015 23:33:49 [1368] - Memory Check: Enabled
24 Jun 2015 23:33:49 [1368] - Registry Check: Enabled
24 Jun 2015 23:33:49 [1368] - StartUp Folder Check: Enabled
24 Jun 2015 23:33:49 [1368] - System Folder Check: Enabled
24 Jun 2015 23:33:49 [1368] - Services Check: Enabled
24 Jun 2015 23:33:49 [1368] - Scan Spyware: Enabled
24 Jun 2015 23:33:49 [1368] - Scan Archives: Disabled
24 Jun 2015 23:33:49 [1368] - Drive Check: Enabled
24 Jun 2015 23:33:49 [1368] - All Drive Check :Disabled
24 Jun 2015 23:33:49 [1368] - Drive Selected = C:\
24 Jun 2015 23:33:49 [1368] - Folder Check: Disabled
24 Jun 2015 23:33:49 [1368] - SCAN: All_Files [UNICODE]
24 Jun 2015 23:33:49 [1368] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
24 Jun 2015 23:33:49 [1368] - Scanning DNS Records...
24 Jun 2015 23:33:49 [1368] - Scanning Master Boot Record (User)...
24 Jun 2015 23:33:49 [1368] - Scanning Logical Boot Records...
24 Jun 2015 23:33:50 [1368] - ***** Scanning For Hidden Rootkit Processes *****
24 Jun 2015 23:33:50 [1368] - ***** Scanning For Hidden Rootkit Services *****
 
24 Jun 2015 23:33:52 [1368] - ***** Scanning Memory Files *****
 
24 Jun 2015 23:34:04 [1368] - ***** Scanning Registry Files *****
24 Jun 2015 23:34:09 [1368] - ERROR(3)!!! Invalid Entry Andy = C:\Program Files\Andy\HandyAndy.exe (in key HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
24 Jun 2015 23:34:09 [1368] - ERROR(3)!!! Invalid Entry Lync = "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
24 Jun 2015 23:34:10 [1368] - ERROR(3)!!! Invalid Entry GarenaPlus = "D:\Garena Plus\GarenaMessenger.exe" -autolaunch (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
24 Jun 2015 23:34:10 [1368] - ERROR(3)!!! Invalid Entry  Maintance = "C:\Program Files\\net1.exe" windowsStartup (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
 
24 Jun 2015 23:34:10 [1368] - ***** Scanning StartUp Folders *****
24 Jun 2015 23:34:20 [09c0] - Scanning File C:\Users\Benny\Desktop\μTorrent.lnk
24 Jun 2015 23:34:23 [0dc0] - Scanning File C:\Users\Benny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\μTorrent.lnk
24 Jun 2015 23:34:27 [0a84] - Scanning File C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\μTorrent.lnk
 
24 Jun 2015 23:36:04 [1368] - ***** Scanning Service Files *****
24 Jun 2015 23:36:14 [1368] - ERROR(2)!!! Invalid Entry C:\Windows\system32\GameMon.des -service. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\npggsvc.
24 Jun 2015 23:36:20 [1368] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
24 Jun 2015 23:36:21 [1368] - ERROR(2)!!! Invalid Entry \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\VBoxNetFlt.
 
24 Jun 2015 23:36:25 [1368] - ***** Scanning Registry and File system for Adware/Spyware *****
24 Jun 2015 23:36:25 [1368] - Loading Spyware Signatures from new External Database [Name: C:\Users\Benny\AppData\Local\Temp\spydb.avs, Size: 464724]...
24 Jun 2015 23:36:25 [1368] - Indexed Spyware Databases Successfully Created...
 
 
24 Jun 2015 23:36:27 [1368] - ***** Scanning Registry Files *****
 
24 Jun 2015 23:36:28 [1368] - ***** Scanning System32 Folders *****
 
 
24 Jun 2015 23:37:33 [1368] - ***** Scanning Drive C:\ *****
24 Jun 2015 23:37:50 [1344] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Administrator\A...\manifest.json.vir
24 Jun 2015 23:37:50 [0dc0] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Administrator\A...\manifest.json.vir
24 Jun 2015 23:37:50 [0dc0] - File C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mlaimdplnjgcacjpjmfhfdpoenmakfnh\2.1\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:50 [0dc0] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Administrator\A...\manifest.json.vir
24 Jun 2015 23:37:50 [0a84] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Administrator\A...\manifest.json.vir
24 Jun 2015 23:37:50 [1344] - File C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nniacbfmhgefkjmgmbjmcmhppfnebmaa\1.0\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:50 [0dc0] - File C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlaimdplnjgcacjpjmfhfdpoenmakfnh\2.1\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:50 [0a84] - File C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nniacbfmhgefkjmgmbjmcmhppfnebmaa\1.0\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:51 [0a84] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Administrator\A...\manifest.json.vir
24 Jun 2015 23:37:51 [0a84] - File C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nniacbfmhgefkjmgmbjmcmhppfnebmaa\1.0\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:51 [1344] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Administrator\A...\manifest.json.vir
24 Jun 2015 23:37:51 [0dc0] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Administrator\A...\manifest.json.vir
24 Jun 2015 23:37:51 [0a84] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Administrator\A...\manifest.json.vir
24 Jun 2015 23:37:51 [0a84] - File C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mlaimdplnjgcacjpjmfhfdpoenmakfnh\2.1\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:51 [1344] - File C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mlaimdplnjgcacjpjmfhfdpoenmakfnh\2.1\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:51 [0dc0] - File C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\nniacbfmhgefkjmgmbjmcmhppfnebmaa\1.0\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:51 [1344] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:51 [0dc0] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:51 [1344] - File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mlaimdplnjgcacjpjmfhfdpoenmakfnh\2.1\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:51 [0dc0] - File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nniacbfmhgefkjmgmbjmcmhppfnebmaa\1.0\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:51 [0a84] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:51 [0a84] - File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nniacbfmhgefkjmgmbjmcmhppfnebmaa\1.0\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:51 [1344] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:51 [1344] - File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mlaimdplnjgcacjpjmfhfdpoenmakfnh\2.1\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:53 [0a84] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:53 [09c0] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:53 [0a84] - File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\Local\torch\User Data\Default\Extensions\mlaimdplnjgcacjpjmfhfdpoenmakfnh\2.1\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:53 [09c0] - File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\Local\torch\User Data\Default\Extensions\nniacbfmhgefkjmgmbjmcmhppfnebmaa\1.0\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:58 [1344] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:58 [1344] - File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mlaimdplnjgcacjpjmfhfdpoenmakfnh\2.1\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:58 [1344] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:58 [1344] - File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nniacbfmhgefkjmgmbjmcmhppfnebmaa\1.0\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:58 [0a84] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:58 [0dc0] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:58 [0a84] - File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlaimdplnjgcacjpjmfhfdpoenmakfnh\2.1\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:58 [0dc0] - File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nniacbfmhgefkjmgmbjmcmhppfnebmaa\1.0\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:58 [0dc0] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:58 [1344] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:58 [0dc0] - File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mlaimdplnjgcacjpjmfhfdpoenmakfnh\2.1\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:58 [1344] - File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nniacbfmhgefkjmgmbjmcmhppfnebmaa\1.0\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:58 [0a84] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:58 [0a84] - File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\mlaimdplnjgcacjpjmfhfdpoenmakfnh\2.1\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:58 [1344] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\L...\manifest.json.vir
24 Jun 2015 23:37:58 [1344] - File C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\nniacbfmhgefkjmgmbjmcmhppfnebmaa\1.0\manifest.json.vir infected by "Adware.Mplug.JG (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:37:59 [0a84] - Scanning File C:\AdwCleaner\Qu...\{c34eeaf7-ee8f-4174-92f5-03998d76c469}w64.sys.vir
24 Jun 2015 23:37:59 [0a84] - File C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{c34eeaf7-ee8f-4174-92f5-03998d76c469}w64.sys.vir infected by "Adware.SwiftBrowse.CH (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:38:09 [09c0] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\Roam...\winupd.exe.vir
24 Jun 2015 23:38:10 [09c0] - File C:\AdwCleaner\Quarantine\C\Users\Benny\AppData\Roaming\Updater\winupd.exe.vir infected by "Trojan.GenericKD.2503242 (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:44:02 [0dc0] - ScanFile (C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.dll) took 14742 ms
24 Jun 2015 23:45:33 [0a84] - Scanning File C:\Program Files (x86)\BaiduAddr\{E6855CDD-72EC-FC...\ASBarBroker.exe
24 Jun 2015 23:45:33 [0a84] - File C:\Program Files (x86)\BaiduAddr\{E6855CDD-72EC-FC73-E85F-2AF9C10BBDE6}\ASBarBroker.exe infected by "Trojan.Generic.11694418 (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:46:04 [0a84] - Scanning File C:\Program Files (x86)\Common Files\Thunder Network...\media_data.dll
24 Jun 2015 23:46:04 [1344] - ScanFile (C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.255_1111\msvcp90.dll) took 8845 ms
24 Jun 2015 23:46:32 [1344] - Scanning File C:\Program Files (x86)\Megasoft Security\jptask.exe
24 Jun 2015 23:46:32 [1344] - File C:\Program Files (x86)\Megasoft Security\jptask.exe infected by "Trojan.GenericKD.2509143 (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:47:04 [09c0] - ScanFile (C:\Program Files (x86)\System Ninja\System Ninja.exe) took 6724 ms
24 Jun 2015 23:47:21 [1344] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
24 Jun 2015 23:47:21 [0dc0] - Scanning File ...\{4d505fe9-1a7f-11e5-befa-1c6f652f68ce}{3808876b-c176-4e48-b7ae...
24 Jun 2015 23:49:51 [09c0] - ScanFile (C:\Users\Benny\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\AC\Temp\NVIDIA Corporation\NV_Cache\571ec03455894f2858498f603ebc4773_fce8394c8fd8a83d_f8c53ad5f322e2e8_0_0.toc) took 5039 ms
24 Jun 2015 23:50:39 [0a84] - C:\Users\Benny\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\60fe74b155d10b87\120712-0049\Att\200057b1\Manual for Math (T) indiv privatel candid term 3.pdf not Scanned. Possibly password protected...
24 Jun 2015 23:51:15 [0a84] - ScanFile (C:\Users\Benny\AppData\Local\Steam\htmlcache\f_000046) took 10436 ms
24 Jun 2015 23:51:17 [09c0] - ScanFile (C:\Users\Benny\AppData\Local\Steam\htmlcache\f_000054) took 11310 ms
24 Jun 2015 23:51:17 [1344] - ScanFile (C:\Users\Benny\AppData\Local\Steam\htmlcache\f_00005d) took 11310 ms
24 Jun 2015 23:51:21 [0a84] - Scanning File C:\Users\Benny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\μTorrent.lnk
24 Jun 2015 23:51:22 [1344] - Scanning File C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\μTorrent.lnk
24 Jun 2015 23:51:24 [09c0] - Scanning File C:\Users\Benny\Desktop\μTorrent.lnk
24 Jun 2015 23:51:44 [1344] - Scanning File C:\Users\Benny\Downloads\d2c pudge items\d2c p...\pudge_set_08.02.exe
24 Jun 2015 23:51:44 [1344] - File C:\Users\Benny\Downloads\d2c pudge items\d2c pudge items\2\pudge_set_08.02.exe infected by "Trojan.Generic.12510358 (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:51:46 [09c0] - Scanning File C:\Users\Benny\Downloads\d2c pudge items\d2c pudge ...\new_meat_4.exe
24 Jun 2015 23:51:46 [09c0] - File C:\Users\Benny\Downloads\d2c pudge items\d2c pudge items\1\new_meat_4.exe infected by "Trojan.Generic.12510358 (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:51:46 [0a84] - Scanning File C:\Users\Benny\Downloads\d2c pudge items\d2c pud...\new_meat_set1.exe
24 Jun 2015 23:51:46 [0a84] - File C:\Users\Benny\Downloads\d2c pudge items\d2c pudge items\4\new_meat_set1.exe infected by "Trojan.Generic.12510358 (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:51:47 [09c0] - Scanning File C:\Users\Benny\Downloads\Dota2 FREE Pudge Courie...\skeleton_hook.exe
24 Jun 2015 23:51:47 [09c0] - File C:\Users\Benny\Downloads\Dota2 FREE Pudge Courier and Dragonclaw SKELETON chain\Dota2 FREE Pudge Courier and Dragonclaw SKELETON chain\Dragonclaw SKELETON chain\skeleton_hook.exe infected by "Trojan.Generic.12510358 (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:51:48 [1344] - Scanning File C:\Users\Benny\Downloads\d2c pudge items\d2c pud...\new_meat_set2.exe
24 Jun 2015 23:51:48 [1344] - File C:\Users\Benny\Downloads\d2c pudge items\d2c pudge items\5\new_meat_set2.exe infected by "Trojan.Generic.12510358 (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:51:50 [0dc0] - Scanning File C:\Users\Benny\Downloads\d2c pudge items\d2c pudge it...\Meat_Set.exe
24 Jun 2015 23:51:50 [0dc0] - File C:\Users\Benny\Downloads\d2c pudge items\d2c pudge items\3\Meat_Set.exe infected by "Trojan.Generic.12510358 (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:51:52 [0a84] - Scanning File C:\Users\Benny\Downloads\Dota2 FREE Pudge Cou...\minipudge+chiken.exe
24 Jun 2015 23:51:52 [0a84] - File C:\Users\Benny\Downloads\Dota2 FREE Pudge Courier and Dragonclaw SKELETON chain\Dota2 FREE Pudge Courier and Dragonclaw SKELETON chain\Mini Pudge Courier\minipudge+chiken.exe infected by "Trojan.Generic.12510358 (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:51:57 [0dc0] - Scanning File C:\Users\Benny\Downloads\minipudgechiken\minipudge+chiken.exe
24 Jun 2015 23:51:57 [0dc0] - File C:\Users\Benny\Downloads\minipudgechiken\minipudge+chiken.exe infected by "Trojan.Generic.12510358 (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:52:04 [1344] - Scanning File C:\Users\Benny\Downloads\roshan_gold_effect\GoldRoshan.exe
24 Jun 2015 23:52:04 [1344] - File C:\Users\Benny\Downloads\roshan_gold_effect\GoldRoshan.exe infected by "Trojan.Generic.12510358[ZP] (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:52:17 [0dc0] - Scanning File C:\Users\Benny\Downloads\tiny_skins\tini_ice\tini_ice.exe
24 Jun 2015 23:52:17 [0dc0] - File C:\Users\Benny\Downloads\tiny_skins\tini_ice\tini_ice.exe infected by "Trojan.Generic.12510358 (DB)" Virus! Action Taken: File Renamed.
 
24 Jun 2015 23:52:17 [0a84] - Scanning File C:\Users\Benny\Downloads\tiny_skins\tini_green\tini_green.exe
24 Jun 2015 23:52:17 [0a84] - File C:\Users\Benny\Downloads\tiny_skins\tini_green\tini_green.exe infected by "Trojan.Generic.12510358 (DB)" Virus! Action Taken: File Renamed.
 
 
25 Jun 2015 00:09:40 [1368] - ***** Checking for specific ITW Viruses *****
 
25 Jun 2015 00:09:40 [1368] - ***** Scanning complete. *****
 
25 Jun 2015 00:09:40 [1368] - Total Objects Scanned: 216059
25 Jun 2015 00:09:40 [1368] - Total Critical Objects: 37
25 Jun 2015 00:09:40 [1368] - Total Disinfected Objects: 0
25 Jun 2015 00:09:40 [1368] - Total Objects Renamed: 37
25 Jun 2015 00:09:40 [1368] - Total Deleted Objects: 0
25 Jun 2015 00:09:40 [1368] - Total Errors: 6
25 Jun 2015 00:09:40 [1368] - Time Elapsed: 00:34:47
25 Jun 2015 00:09:40 [1368] - Virus Database Date: 24 Jun 2015
25 Jun 2015 00:09:40 [1368] - Virus Database Count: 5704914
25 Jun 2015 00:09:40 [1368] - Sign Version: 7.61223 [519975]
 
25 Jun 2015 00:09:40 [1368] - Scan Completed.


#4 bennykyu

bennykyu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 24 June 2015 - 11:13 AM

do i need to click on delete after junk have been scen using ninja?



#5 bennykyu

bennykyu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 24 June 2015 - 11:14 AM

 

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

i will do my step 2 tmr, midnight over here 



#6 bennykyu

bennykyu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 25 June 2015 - 10:20 AM

 

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

sry the web of Zemana antimalware is unavailable 


Edited by bennykyu, 25 June 2015 - 10:20 AM.


#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 25 June 2015 - 05:24 PM

Post all logs other than zemana...



#8 bennykyu

bennykyu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 30 June 2015 - 08:59 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.3 (06.30.2015:1)
OS: Windows 8 Pro x64
Ran by Benny on 30-Jun-15 at 21:55:11.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE05CF4A-7B0A-4775-B5E5-396244938679}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE05CF4A-7B0A-4775-B5E5-396244938679}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DE05CF4A-7B0A-4775-B5E5-396244938679}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\thunder network
Successfully deleted: [Folder] C:\Users\Benny\appdata\locallow\thunder network
Successfully deleted: [Folder] C:\Users\Benny\AppData\Roaming\ppslog
 
 
 
~~~ Chrome
 
 
[C:\Users\Benny\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Benny\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Benny\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Benny\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30-Jun-15 at 21:58:49.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 bennykyu

bennykyu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 30 June 2015 - 09:07 AM

# AdwCleaner v4.207 - Logfile created 30/06/2015 at 22:03:59
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 8 Pro  (x64)
# Username : Benny - BENNYKYU
# Running from : C:\Users\Benny\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Benny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Users\Benny\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhogbcndagiknbfomjgdeghehkljalhi
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16384
 
 
-\\ Google Chrome v43.0.2357.130
 
 
-\\ Chromium v
 
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [34198 bytes] - [23/06/2015 01:14:45]
AdwCleaner[R1].txt - [1363 bytes] - [30/06/2015 22:00:33]
AdwCleaner[R2].txt - [1422 bytes] - [30/06/2015 22:02:59]
AdwCleaner[S0].txt - [27767 bytes] - [23/06/2015 01:16:10]
AdwCleaner[S1].txt - [1355 bytes] - [30/06/2015 22:03:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1414  bytes] ##########


#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 30 June 2015 - 09:14 AM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#11 bennykyu

bennykyu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 30 June 2015 - 10:28 AM

i cant dl the adware removal tool, google said

The site ahead contains harmful programs

#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 30 June 2015 - 09:23 PM

Can you use another browser? The program is fine, if not then skip it and move on.



#13 bennykyu

bennykyu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 01 July 2015 - 10:40 AM

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
 
Adware Removal Tool v3.9
Time: 2015_07_01_23_33_21
OS: Windows 8 - 64 Bit
Account Name: Benny
U0L0S7
 
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2795008496-3076388416-987023280-1001\Software\ShopperPro:lastping_dealply
Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE:iWebar-nv-ie
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
 
\\ Finished


#14 bennykyu

bennykyu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 01 July 2015 - 10:43 AM

i clicked on  zhpcleaner repair button but nth happen



#15 bennykyu

bennykyu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 01 July 2015 - 10:59 AM

~ ZHPCleaner v2015.7.1.286 by Nicolas Coolman (2015\07\01)
~ Run by Benny (Administrator)  (01/07/2015 23:54:38)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Benny\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Benny\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 8, 64-bit  (Build 9200)
 
 
---\\  Services (0)
~ No malicious items found.
 
 
---\\  Browser internet (0)
~ No malicious items found.
 
 
---\\  Hosts file (0)
~ No malicious items found.
 
 
---\\  Scheduled automatic tasks. (1)
DELETED task: [AutoKMS] [C:\Windows\AutoKMS.exe] (HackTool.AutoKMS)
 
 
---\\  Explorer ( File, Folder) (353)
MOVED file: C:\Users\Benny\AppData\Roaming\AndyCleanupTool.exe   (Adware.Pirrit)
MOVED file: C:\Users\Benny\AppData\Roaming\AndyCleanVM.exe   (Adware.Pirrit)
MOVED file^: C:\Windows\AutoKMS.exe [CODYQX4 - Office 2010 KMS Activation At Startup] (HackTool.AutoKMS)
MOVED file: C:\Windows\Prefetch\SWIFTRECORD.PURBROWSE64.EXE-B59E2322.pf   (PUP.SwiftRecord)
MOVED file: C:\ProgramData\InstallMate\{FDB46960-B04A-4E50-ACBB-F86826574B96}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate? Setup] (PUP.Tarma)
MOVED file^: C:\ProgramData\InstallMate\{DCAEF25B-99B9-4391-A17A-D19B074DD0AD}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate? Setup] (PUP.Tarma)
MOVED file^: C:\ProgramData\InstallMate\{4681B82B-D03F-44D3-A638-981D9D629ADD}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate? Setup] (PUP.Tarma)
MOVED file^: C:\ProgramData\InstallMate\{14A66C31-FFC2-4565-A78E-B7E0CF454EC7}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate? Setup] (PUP.Tarma)
MOVED file^: C:\ProgramData\InstallMate\{0E872941-9343-44EA-A601-DB61D5640BB7}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate? Setup] (PUP.Tarma)
MOVED file^: C:\ProgramData\InstallMate\{FDB46960-B04A-4E50-ACBB-F86826574B96}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate? Setup Library] (PUP.Tarma)
MOVED file^: C:\ProgramData\InstallMate\{DCAEF25B-99B9-4391-A17A-D19B074DD0AD}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate? Setup Library] (PUP.Tarma)
MOVED file^: C:\ProgramData\InstallMate\{4681B82B-D03F-44D3-A638-981D9D629ADD}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate? Setup Library] (PUP.Tarma)
MOVED file^: C:\ProgramData\InstallMate\{14A66C31-FFC2-4565-A78E-B7E0CF454EC7}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate? Setup Library] (PUP.Tarma)
MOVED file^: C:\ProgramData\InstallMate\{0E872941-9343-44EA-A601-DB61D5640BB7}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate? Setup Library] (PUP.Tarma)
MOVED file**: C:\Users\Benny\Downloads\QvodSetup5.20.234.20140508.exe [Shenzhen Qvod Technology Co.,Ltd - 快播安装程序] (PUP.Qvod)
MOVED file**: C:\Users\Benny\Downloads\QvodSetup5.exe [Shenzhen QVOD Technology Co.,Ltd - QvodInstall Module] (PUP.Qvod)
MOVED folder*: C:\Program Files (x86)\TuubbEItAdBlockFur (Adware.Multiplug)
MOVED folder*: C:\ProgramData\InstallMate (PUP.Tarma)
MOVED folder*: C:\ProgramData\QvodPlayer (PUP.Qvod)
MOVED folder*: C:\ProgramData\TuubbEItAdBlockFur (Adware.Multiplug)
MOVED folder^: C:\ProgramData\AutoKMS (HackTool.AutoKMS)
MOVED folder*: C:\Windows\Installer\MSI1004.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI10AB.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1113.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1158.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1243.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI12DE.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI12D4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1300.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI13F9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1444.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI14D2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1511.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI15D2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI164B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1949.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI194D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1954.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1964.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1A8F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1B80.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1BAA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1BAC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1CD6.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1CD7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1D2D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1D7D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1E75.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1EF3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1EF0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1F24.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1F29.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI1FA0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI201B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2090.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI20BF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI20B8.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2186.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI21B3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI21E4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI222.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI224C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI22A3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2348.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2386.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2421.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2474.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI24F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI258A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI259D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI262C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2688.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI279E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI290D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2924.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI29FF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2A0B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2A2E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2C4D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2C60.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2D0D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI2E8F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI30C2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI30F4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3166.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3256.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI32F4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI340C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI349D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3575.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI37C9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3843.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI398.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI39F1.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3A38.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3AC0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3B56.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3B63.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3BAE.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3BCF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3D69.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI3F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI4033.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI4103.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI42F7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI4368.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI43AD.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI46AF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI4742.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI477F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI47BF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI489.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI49E2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI4A3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5031.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI509B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI50D6.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI51FD.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI534E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI53B0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5698.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI571F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI577A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI595E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI59C0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5A60.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5B43.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5B7B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5CF3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5CF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5D66.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5E32.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5E9D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5F72.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI5FAA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI616E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI61D9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6353.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6379.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI648B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6691.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI66D4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6847.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI68A1.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI68A1.tmp-0 (Empty)
MOVED folder*: C:\Windows\Installer\MSI696.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6AEF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6C03.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6C3F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6D60.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6E41.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6EBF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6FA4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI7094.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI728F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI7298.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI7688.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI77EF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI78C1.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI7A2E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI7AA0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI7CB1.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI7D21.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI7DF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI7EE9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI7F06.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8009.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8109.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI812.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8144.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8268.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8349.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI843D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8437.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI846D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8683.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8761.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI881F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8A04.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8B15.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8B5C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8BE8.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8D62.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8EBE.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI8EE6.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9009.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9025.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9109.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9306.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI931C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9349.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI93A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI93E2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9510.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI95B7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI968B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI96.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9715.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI979C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9849.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI98FC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI99D4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9A1C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9A9C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9AA3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9AEF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9BB.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9C3F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9C7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9CAD.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9D3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9DA5.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9DB5.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9DF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9DF5.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9E4A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9EA8.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI9ED2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA008.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA186.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA2B9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA3A3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA3B5.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA44.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA49D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA4A3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA5DF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA5F9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA647.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA674.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA704.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA7FD.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA85B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA875.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA952.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIAAC5.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIAB36.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIAB77.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIABC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIACEC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIAD2D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIAD50.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIAE4F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIAF20.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIAFEC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB01E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB101.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB2E2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB316.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB382.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB415.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB4AC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB5A6.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB5D4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB73A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB76C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB89E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB8C2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB8D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB98C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBAE5.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBC1C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBC6F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBC72.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBC95.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBD68.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBDFF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIBEDB.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIC06.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIC08C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIC0C6.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIC0DF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIC1E7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIC274.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIC561.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIC6F8.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICB7E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICB9D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICBEE.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICC53.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICD5E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICD75.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICF22.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICF62.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICFC4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICFD2.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICFD5.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID005.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID109.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID1A8.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID27.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID2F3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID3AC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID3AA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID3C3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID4D7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID4F4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID51D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID69D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID6B1.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID765.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID7EF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID7F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID978.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDA0F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDA39.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDB5D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDB81.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDCA7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDD76.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDEC7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIDFA6.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE08C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE0CC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE0D6.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE0F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE1D3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE2D3.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE4D7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE56F.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE5E0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE6BC.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE6FB.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE716.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE92D.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIE9AA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEB9E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEC98.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIED46.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIED7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEDD9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEE7C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIEFB5.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF20A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF3B4.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF467.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF55B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF707.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF82A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF8B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF912.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIF9F7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIFB56.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIFBEA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIFCA0.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIFCB5.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIFD8E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIFDD7.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIFE5A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIFF3B.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIFF8E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIFF88.tmp- (Empty)
 
 
---\\  Registry ( Key, Value, Data) (12)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{0D273D6C-9CFB-DEC5-D6D3-5D65D36B3A9D} [TuubbEItAdBlockFur] (Adware.Multiplug)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{8508111E-C41C-9319-567C-833E198ABEAA} [suRf  and kieEEp] (Adware.Multiplug)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{B47FBFF3-1FF7-B59A-5BD3-48C4F1BB939C} [greatssaver] (Adware.Multiplug)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{C1174947-DBFC-39B4-E908-338608C498F4} [YoutubeAdblocker] (Adware.Multiplug)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QvodPlayer.exe [C:\Program Files (x86)\QvodPlayer\QvodPlayer.exe (Not File)] (PUP.Qvod)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] (Toolbar.Ask)
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\QvodPlayer.exe [C:\Program Files (x86)\QvodPlayer\QvodPlayer.exe (Not File)] (PUP.Qvod)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{7C6D5EE5-C859-4B49-8F7B-DE0927D1C3E9} [QvodShare Class] (PUP.Qvod)
DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{7C6D5EE5-C859-4B49-8F7B-DE0927D1C3E9}\InprocServer32 [C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll (Not File)] (PUP.Qvod)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82} [QvodMenu] (PUP.Qvod)
DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82}\InprocServer32 [C:\Program Files (x86)\QvodPlayer\QvodBand_x64.dll (Not File)] (PUP.Qvod)
DELETED value: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\RazerGameBooster [C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun] ()
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.
 
 
---\\ Statistics
~ Items scanned : 567
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 366
 
 
End of clean at 23:55:29
===================
ZHPCleaner-[R]-01072015-23_55_29.txt
ZHPCleaner-[S]-01072015-23_52_32.txt





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users