Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plsapp.dll infection no internet connection


  • Please log in to reply
25 replies to this topic

#1 lordnykon

lordnykon

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 19 July 2015 - 10:17 PM

Hello All

 

I noticed during virus scan checks that when I remove the plsapp.dll I have no internet afterwards? So naturally I went to the virus vault and added it to the exceptions as a work around for the time being. Well now I'm tired of my connection dropping every time my scan removes this file even though I've added this to the exceptions? I love the work you all do here and would love to learn what I did that caused this to happen and prevent it happening again not only for myself but others also.

 

Please help

 

Thanks In Advance



BC AdBot (Login to Remove)

 


#2 flightsim297

flightsim297

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 19 July 2015 - 10:46 PM

Hello and welcome to Bleeping Computer! 

 

From my research of the plsapp.dll file, it seems to be from a program called PureLeads. However, I still need you to do some preliminary tests:

 

1. Download Mini Toolbox and save it to your desktop. Run it, and please checkmark the following options. Note if you do use a proxy, be warned that this tool will reset your Firefox and Internet Explorer proxy settings.

 

  • Flush DNS
  • Report IE proxy settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Setings
  • List content of Hosts
  • List IP configuration
  • List WinSock Entries
  • List last 10 Event Viewer logs
  • List installed programs
  • List Devices
  • List Users Partitions, and Memory Size
  • List Minidump Files
  • List Restore Points

Hit Go  and post the result of the file Result.txt. It should be on your desktop.

 

_______________________________________________________________

 

The next program we are going to run is called Security CheckDownload and save the file to your Desktop.

A command prompt window will appear when you open it.

This is NORMAL.

 After this a text document will open automatically called checkup.txt at the top . Post that into your next reply. 


Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


#3 lordnykon

lordnykon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 19 July 2015 - 11:13 PM

First off thank you for helping with my issue, here's the mini toolbox log. I'm running the security check now and will post ASAP

 

MiniToolBox by Farbar  Version: 01-07-2015
Ran by home (administrator) on 19-07-2015 at 21:10:06
Running from "C:\Users\home\Downloads"
Microsoft Windows 7 Starter  Service Pack 1 (X86)
Model: A780L Manufacturer: BIOSTAR Group
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : home-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-30-67-91-60-44
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:640:c200:d0:230:67ff:fe91:6044(Preferred) 
   Lease Obtained. . . . . . . . . . : Sunday, July 19, 2015 8:01:08 PM
   Lease Expires . . . . . . . . . . : Sunday, July 19, 2015 9:11:12 PM
   IPv6 Address. . . . . . . . . . . : 2601:640:c200:d0:45de:7c71:ea5a:2683(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::45de:7c71:ea5a:2683%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.11(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, July 19, 2015 8:01:04 PM
   Lease Expires . . . . . . . . . . : Sunday, July 26, 2015 8:01:03 PM
   Default Gateway . . . . . . . . . : fe80::ce35:40ff:fec8:529e%11
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 234893415
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-A3-39-F5-00-30-67-91-60-44
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{113E532E-AAEE-4EDD-8C0F-D64EA2FD0DFD}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    google.com
Addresses:  2607:f8b0:4005:800::1007
 216.58.192.14
 
 
Pinging google.com [2607:f8b0:4010:801::1006] with 32 bytes of data:
Reply from 2607:f8b0:4010:801::1006: time=32ms 
Reply from 2607:f8b0:4010:801::1006: time=32ms 
 
Ping statistics for 2607:f8b0:4010:801::1006:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 32ms, Average = 32ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
Reply from 2001:4998:44:204::a7: time=102ms 
Reply from 2001:4998:44:204::a7: time=104ms 
 
Ping statistics for 2001:4998:44:204::a7:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 102ms, Maximum = 104ms, Average = 103ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 30 67 91 60 44 ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.11     20
         10.0.0.0    255.255.255.0         On-link         10.0.0.11    276
        10.0.0.11  255.255.255.255         On-link         10.0.0.11    276
       10.0.0.255  255.255.255.255         On-link         10.0.0.11    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.0.11    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.0.11    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    276 ::/0                     fe80::ce35:40ff:fec8:529e
  1    306 ::1/128                  On-link
 11    276 2601:640:c200:d0::/60    fe80::ce35:40ff:fec8:529e
 11     28 2601:640:c200:d0::/64    On-link
 11    276 2601:640:c200:d0:230:67ff:fe91:6044/128
                                    On-link
 11    276 2601:640:c200:d0:45de:7c71:ea5a:2683/128
                                    On-link
 11    276 fe80::/64                On-link
 11    276 fe80::45de:7c71:ea5a:2683/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/19/2015 08:46:53 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (07/19/2015 08:02:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/19/2015 08:01:05 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (07/19/2015 07:59:22 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (07/19/2015 07:55:49 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (07/19/2015 04:57:19 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (07/19/2015 04:02:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/19/2015 03:57:19 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (07/19/2015 02:57:21 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (07/19/2015 02:38:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 43.0.2357.130, time stamp: 0x5584cfea
Faulting module name: chrome.dll, version: 43.0.2357.130, time stamp: 0x5584cb97
Exception code: 0x80000003
Fault offset: 0x004eea8a
Faulting process id: 0x12b0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
 
System errors:
=============
Error: (07/19/2015 08:46:53 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
 
Error: (07/19/2015 08:03:32 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (07/19/2015 07:59:52 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (07/19/2015 07:57:42 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (07/19/2015 02:57:21 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
 
Error: (07/19/2015 02:14:10 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (07/19/2015 02:06:06 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (07/19/2015 02:05:52 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (07/19/2015 01:57:55 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (07/19/2015 01:57:18 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
 
 
Microsoft Office Sessions:
=========================
Error: (07/19/2015 08:46:53 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005
 
Error: (07/19/2015 08:02:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/19/2015 08:01:05 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000
 
Error: (07/19/2015 07:59:22 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000
 
Error: (07/19/2015 07:55:49 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005
 
Error: (07/19/2015 04:57:19 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005
 
Error: (07/19/2015 04:02:45 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files\HTC\HTC Sync Manager\NOutlookAccessX64.exe
 
Error: (07/19/2015 03:57:19 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005
 
Error: (07/19/2015 02:57:21 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005
 
Error: (07/19/2015 02:38:57 PM) (Source: Application Error)(User: )
Description: chrome.exe43.0.2357.1305584cfeachrome.dll43.0.2357.1305584cb9780000003004eea8a12b001d0c26b4d7af961C:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\43.0.2357.130\chrome.dll8eec4b2a-2e5e-11e5-9eff-003067916044
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-19 16:03:34.759
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-19 16:03:34.739
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-19 16:03:34.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-19 16:03:34.690
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-19 16:03:34.669
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-19 16:03:34.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-19 16:03:34.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-17 02:24:07.212
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-17 02:24:07.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-17 02:24:07.181
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.210 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001824144531}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\{1C9453C9-C14E-482D-A872-8395755997ED}) (Version: 14.0.4821 - AVG Technologies) Hidden
AVG 2014 (HKLM\...\{524569AC-B3EE-468B-BFD5-19A89EA7CE8E}) (Version: 14.0.4365 - AVG Technologies) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4821 - AVG Technologies)
AVG PC TuneUp 2015 (en-US) (HKLM\...\{4AC74ED1-719B-46DA-8B8A-340FBF892291}) (Version: 15.0.1001.604 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM\...\{A996C182-3724-4DF1-A4BC-66154FE57DFE}) (Version: 15.0.1001.604 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM\...\AVG PC TuneUp) (Version: 15.0.1001.604 - AVG Technologies)
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.5.0.909 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
DVD Firmwares and Drivers 1.2.0.0 (HKLM\...\DVD Firmwares and Drivers_is1) (Version:  - Sakysoft s.r.l.)
FlashRip(Full Version) (HKLM\...\FlashRip(Full Version)_is1) (Version:  - )
flashripbasic (HKLM\...\FlashRip (Basic version)_is1) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.1.60.19 - Oracle, Inc.) Hidden
K-Lite Codec Pack 10.6.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
LightScribe System Software (HKLM\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Max Uninstaller version 3.0 (HKLM\...\{C7022C9B-4DE0-4A57-B395-ED3BFDB78D73}_is1) (Version: 3.0 - http://www.maxuninstaller.com/)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mp3splt-gtk (HKLM\...\mp3splt-gtk) (Version:  - )
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 2014 (HKLM\...\{CFF19D4A-F26D-4C6C-8535-A7C9107C9027}) (Version: 15.0.07100 - Nero AG)
Nero Audio Pack 1 (HKLM\...\{A7A0BF2E-31CC-49E3-9913-52C503EB969D}) (Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Blu-ray Player (HKLM\...\{9AAC4108-B87E-4B68-B5EB-5629819F6398}) (Version: 12.0.20064 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (HKLM\...\{36DA8969-4DCD-48FF-894A-6BD3936050C3}) (Version: 15.0.00015 - Nero AG) Hidden
Nero Burning Core (HKLM\...\{B166374C-105E-445E-8E5D-A86CA5742645}) (Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM (HKLM\...\{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}) (Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (HKLM\...\{FA78CC15-9F90-443B-BA61-A66595F06432}) (Version: 15.0.00021 - Nero AG) Hidden
Nero ControlCenter (HKLM\...\{ABC88553-8770-4B97-B43E-5A90647A5B63}) (Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (HKLM\...\{CDFE8F95-F80F-4115-9C3F-0E1FD8F9F58C}) (Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (HKLM\...\{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}) (Version: 11.0.23200 - Nero AG) Hidden
Nero Device Updates (HKLM\...\{8DCD39C9-861A-4067-84FD-F9DEC7A79C10}) (Version: 15.0.1002 - Nero AG) Hidden
Nero Disc Menus Basic (HKLM\...\{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}) (Version: 12.0.11500 - Nero AG) Hidden
Nero Disc to Device (HKLM\...\{3AD3C0C2-65A2-45AE-BFAF-7879CFFF7DA8}) (Version: 15.0.12032 - Nero AG) Hidden
Nero Effects Basic (HKLM\...\{29F67D84-3A70-456E-806A-52301B02070B}) (Version: 15.0.10011 - Nero AG) Hidden
Nero Express (HKLM\...\{ED7943A4-2FF0-4096-BBEA-DE3CC206E3D4}) (Version: 15.0.25001 - Nero AG) Hidden
Nero Express Help (CHM) (HKLM\...\{4CA46F9F-174C-4766-9EA2-2325DF414B9E}) (Version: 15.0.00021 - Nero AG) Hidden
Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nero Kwik Themes Basic (HKLM\...\{1B6F5E51-575E-4693-BCA2-7543570D076D}) (Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (HKLM\...\{D5115C78-2D22-4668-A5E2-6C87DED3ED1B}) (Version: 15.0.12000 - Nero AG) Hidden
Nero MediaHome (HKLM\...\{1D4FBA7F-5BE3-48B9-B82B-6E55FDA5BF74}) (Version: 1.22.3600 - Nero AG) Hidden
Nero MediaHome Help (CHM) (HKLM\...\{75CA8AAE-5346-4312-A9A8-5CF89955930F}) (Version: 15.0.00021 - Nero AG) Hidden
Nero PiP Effects Basic (HKLM\...\{ACE49D50-19CD-44A6-B192-46F985283B26}) (Version: 15.0.10008 - Nero AG) Hidden
Nero Recode (HKLM\...\{5B1886C1-6EFA-4D07-95D3-8B84C743CC71}) (Version: 15.0.25000 - Nero AG) Hidden
Nero Recode Help (CHM) (HKLM\...\{0CF7D22B-977C-43B2-9219-E03017FBAC6D}) (Version: 15.0.00021 - Nero AG) Hidden
Nero RescueAgent (HKLM\...\{581DCE84-1948-4891-A4A7-A1222CC137C5}) (Version: 15.0.2000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (HKLM\...\{F69D4104-5394-4F7C-801C-D96DC92E7F69}) (Version: 15.0.00015 - Nero AG) Hidden
Nero SharedVideoCodecs (HKLM\...\{2432E589-6256-4513-B0BF-EFA8E325D5F0}) (Version: 1.0.15005 - Nero AG) Hidden
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 11.0.13300.42.0 - Nero AG) Hidden
Nero Video Help (CHM) (HKLM\...\{5446D3AF-B060-49B6-9535-F300E1532022}) (Version: 15.0.00021 - Nero AG) Hidden
Nitro Pro 8 (HKLM\...\{8EEAF4C4-FCA7-4558-AF65-CCD3B9AD634D}) (Version: 8.0.10.7 - Nitro)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Paltalk Messenger  11.5 (HKLM\...\Paltalk Messenger) (Version: 11.5.580.16890 - AVM Software Inc.)
Prerequisite installer (HKLM\...\{5909A89E-C97F-407C-AE2B-47BDED86BF5D}) (Version: 15.0.0005 - Nero AG) Hidden
ReiBoot  (HKLM\...\ReiBoot) (Version:  - Tenorshare, Inc.)
TransMac version 11.2 (HKLM\...\TransMac_is1) (Version: 11.2 - Acute Systems)
TypingMaster Pro (HKLM\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.00 - TypingMaster Inc)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.6.3f1 - Unity Technologies ApS)
Videostream Port Fix (HKLM\...\{A36C0DAA-86C7-4D14-AEC0-86416A69ABDE}) (Version: 1.0.0 - Videostream, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VSO Video Converter 1 (HKLM\...\{{5289246A-D537-4823-88C2-38C17840E45A}_is1) (Version: 1.2.0.10 - VSO Software)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Streaming Audio Recorder(Build 2.0.0.21) (HKLM\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.0.0.21 - Wondershare Software Co.,Ltd.)
X360 Cover Downloader version 1.5.16 (HKLM\...\{1A9E1A31-1ECD-4C93-8617-20200C2A46EC}_is1) (Version: 1.5.16 - ..)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 61%
Total physical RAM: 1791.3 MB
Available physical RAM: 691.44 MB
Total Virtual: 3582.61 MB
Available Virtual: 2123.81 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:298.09 GB) (Free:144.01 GB) NTFS
3 Drive e: () (Fixed) (Total:74.5 GB) (Free:72.39 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\HOME-PC
 
Administrator            Guest                    home                     
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
07-07-2015 08:35:06 Scheduled Checkpoint
14-07-2015 10:31:38 Scheduled Checkpoint
19-07-2015 08:01:34 Device Driver Package Install: Google, Inc.
19-07-2015 20:58:23 Restore Operation
 
**** End of log ****


#4 lordnykon

lordnykon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 19 July 2015 - 11:27 PM

here's the checkup log

 

Results of screen317's Security Check version 1.005  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 AVG PC TuneUp 2015  
 AVG PC TuneUp 2015 (en-US) 
 AVG PC TuneUp 2015  
 Java 7 Update 60  
 Java version 32-bit out of Date! 
 Adobe Flash Player 18.0.0.210  
 Google Chrome (43.0.2357.130) 
 Google Chrome (43.0.2357.134) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#5 flightsim297

flightsim297

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 19 July 2015 - 11:31 PM

Sorry, I accidentally posted it by accident. The full version will be up soon

I have noticed a few things:

1. First you have some activation problems. I am not sure why this is happening, but did you pirate your Windows?

2. You're Java version is out of date, please update it after we get rid of the malware

 

 

Now I will need you to run some additional utilities:

 

ESET Online Scanner

  1. Please download ESET Online Scanner from here and save it to your Desktop.
  2. Please read the terms of conditions, and click I accept.
  3. Check "Enable Detection of Potentially Unwanted Programs
  4. Click Advanced Settings and then please check the following items:

- Remove Found Threats

- Scan Archives

- Scan for Potentially Unsafe Programs

- Enable Anti-Stealth technology

 

5. Please press I have noticed a few things:

1. First you have some activation problems. I am not sure why this is happening, but did you pirate your Windows?

2. You're Java version is out of date, please update it after we get rid of the malware

 

 

Now I will need you to run some additional utilities:

 

ESET Online Scanner

  1. Please download ESET Online Scanner from here and save it to your desktop. (MAKE SURE TO DISABLE YOUR AV! ) Don't know how? See here
  2. Please read the terms of conditions, and click I accept.
  3. Check "Enable Detection of Potentially Unwanted Programs
  4. Click Advanced Settings and then please check the following items:
  • Remove Found Threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

After that, please click Scan. Once the scan is completed, click List Threats if there are any. Click export and save the file to your desktop. Paste that into your next reply.

 

____________________________________________________________________________________________

 

MalwareBytes Anti-Malware

  1. I see you have MalwareBytes already installed. Please open it up and follow the steps:
  2. First click Settings, then click Detection and Protection
  3. Check Scan for Rootkits, and for PUP Detections, select "Treat Detections as Malware"
  4. Go to the Dashboard and click Check For Updates
  5. After updating is complete, click Scan Now  at the Dashboard
  6. If malware is detected, click Apply Actions. If not, please say that in your next reply.
  7. If there is malware, you probably will have to Restart your PC.
  8. If you do, restart!
  9. After the computer starts up again, open MalwareBytes again.
  10. Click History, then Application Logs, and double-click the uppermost Scan log. 
  11. Click Export, then Copy to Clipboard, and paste that into your next reply.

Thanks for your patience. 


Edited by flightsim297, 19 July 2015 - 11:55 PM.

Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


#6 lordnykon

lordnykon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 19 July 2015 - 11:38 PM

This copy of windows was installed by a friend so most likely it's a copy, I'll run the next set of scans and will update JAVA when finished

 

Thanks



#7 lordnykon

lordnykon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 19 July 2015 - 11:40 PM

Not sure what else you wanted checked in advanced settings? I'll wait until you post instructions

 

Thanks



#8 lordnykon

lordnykon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 20 July 2015 - 08:47 AM

Here's the ESET log

 

 

C:\$Recycle.Bin\S-1-5-21-556616538-2184907517-3989350050-1000\$RJOOV30.zip a variant of Win32/Amonetize.DE potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-556616538-2184907517-3989350050-1000\$RMZFR59.crdownload a variant of Win32/Amonetize.DE potentially unwanted application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-556616538-2184907517-3989350050-1000\$RR06EY6.zip a variant of MSIL/Packed.Confuser.P suspicious application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-556616538-2184907517-3989350050-1000\$RREN4YS.zip a variant of Win32/Amonetize.DE potentially unwanted application deleted - quarantined
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\File System\011\t\00\00000001 a variant of MSIL/Packed.Confuser.P suspicious application deleted - quarantined
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\File System\013\t\00\00000001 a variant of Win32/Amonetize.EE potentially unwanted application cleaned by deleting - quarantined
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\File System\014\t\00\00000001 a variant of Win32/Amonetize.EE potentially unwanted application cleaned by deleting - quarantined
C:\Users\home\Desktop\adbfw112\tr.apk Android/Exploit.Towel.A trojan deleted - quarantined
C:\Users\home\Desktop\adbfw128\tr.apk Android/Exploit.Towel.A trojan deleted - quarantined
C:\Users\home\Desktop\Music\Auto.Hide.IP.v5.4.2.6.Cracked-BRD.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted - quarantined
C:\Users\home\Desktop\New folder\IPAD\SemiRestore.exe a variant of MSIL/Packed.Confuser.P suspicious application cleaned by deleting - quarantined
C:\Users\home\Desktop\tools\Piriform CCleaner Professional v5.03.5128 Multilingual\cr-piriform.rar Win32/Keygen.KG potentially unsafe application deleted - quarantined
C:\Users\home\Downloads\adbfw112.zip Android/Exploit.Towel.A trojan deleted - quarantined
C:\Users\home\Downloads\adbfw128.zip Android/Exploit.Towel.A trojan deleted - quarantined
C:\Users\home\Downloads\Line Disney Tsum Tsum Hack (1).exe a variant of MSIL/GameHack.AE potentially unsafe application cleaned by deleting - quarantined
C:\Users\home\Downloads\Line Disney Tsum Tsum Hack.exe a variant of MSIL/GameHack.AE potentially unsafe application cleaned by deleting - quarantined
C:\Users\home\Downloads\Piriform CCleaner Professional v5.03.5128 Multilingual.rar Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\home\Downloads\Alcohol 120% 2.0.2.5830 Final Retail+Crack-Admin\Alcohol120_retail_2.0.2.5830.exe Win32/SmartFileAdvisor.B potentially unwanted application deleted - quarantined
C:\Users\home\Downloads\Microsoft Office Professional Plus 2010\Activators\KMSpico\KMSpico_setup.exe a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application deleted - quarantined
C:\Users\home\Downloads\Piriform CCleaner Professional v5.03.5128 Multilingual\Piriform CCleaner Professional v5.03.5128 Multilingual\cr-piriform.rar Win32/Keygen.KG potentially unsafe application deleted - quarantined
C:\Users\home\Downloads\Piriform CCleaner Professional v5.03.5128 Multilingual\Piriform CCleaner Professional v5.03.5128 Multilingual\CORE\ccsetup503pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\home\Downloads\Windows XP Professional SP3 Black Edition March 2014 (x86) {Uploaded} @IGI [Team OS] {HKRG}\Windows XP Professional SP3 x86 - Black Edition 2014.3.16.iso a variant of Win32/Toolbar.Babylon.E potentially unwanted application deleted - quarantined
C:\Windows\System32\plsapp.dll a variant of Win32/AdWare.Sendori.A application cleaned by deleting - quarantined


#9 lordnykon

lordnykon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 20 July 2015 - 09:12 AM

No malware was detected with Malwarebytes



#10 flightsim297

flightsim297

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 21 July 2015 - 01:09 AM

You seem to have a lot of pirating utilities on your PC.
I will review the logs tonight, and give you my advice tomorrow.

However, I want you to uninstall the program called PureLeads, in Programs and Features. It seems to be the program that has the .dll problem you are experiencing problems with.

Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:34 PM

Posted 21 July 2015 - 02:32 AM

Hello,

Please uninstall AVG TuneUp, as using PC optimizers is not recommended (even by Microsoft).

You can see these for more information.Also you can uninstall these:

AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.5.0.909 - AVG Technologies)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)



#12 lordnykon

lordnykon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 21 July 2015 - 08:53 AM

Thank you both I didn't see the pureleads under processes so I had to go in the registry to delete there. I also uninstalled AVG and McAfee , not sure how McAfee got there since I use AVG. I'm not the only one who uses this PC so I'll have to see and limit who is downloading what but thanks again Alexstraza . Flightsim I'll await your instructions thanks 



#13 flightsim297

flightsim297

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 21 July 2015 - 12:14 PM

McAfee Security Scan Plus is normally bundled into software, like Adobe Flash. 

 

Please run ADWCleaner and download it to your desktop.

1. Close all programs!

2. Double click the ADWCleaner.exe file

3. Click Scan

4. When the scan completes, click Clean

5. Your PC will restart automatically.

6. Once your computer starts up again, a log file will open.

7. Paste that into your next reply.

 

_________________________________________

 

Next, please download the Junkware Removal Tool and save it to your desktop.

 

1. Please turn off your AV to prevent conflicts.

2. Please run JRT.exe and Run it as adminstrator!

3. It will start scanning automatically.

4. This may take some time! Please be patient.

5. Once it completes, a JRT.txt log will open. If it doesn't, then open the JRT.txt log on your desktop.

6. Paste that into your next reply.


Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


#14 lordnykon

lordnykon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 21 July 2015 - 08:30 PM

ADWCleaner log

 

# AdwCleaner v4.208 - Logfile created 21/07/2015 at 18:25:12
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Starter Service Pack 1 (x86)
# Username : home - HOME-PC
# Running from : C:\Users\home\Downloads\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Avg_Update_0215tb
Folder Deleted : C:\ProgramData\Avg_Update_0814tb
Folder Deleted : C:\ProgramData\Avg_Update_1114tb
Folder Deleted : C:\ProgramData\Avg_Update_1214tb
Folder Deleted : C:\Program Files\AVG Security Toolbar
Folder Deleted : C:\Program Files\SearchProtect
File Deleted : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.xpgamesaves.com_0.localstorage-journal
File Deleted : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Deleted : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_viraltimesherenow.mobi_0.localstorage
File Deleted : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_viraltimesherenow.mobi_0.localstorage-journal
File Deleted : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.about.com_0.localstorage
File Deleted : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.about.com_0.localstorage-journal
File Deleted : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
File Deleted : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : WSE_Vosteran
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TransMac_is1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Google Chrome v43.0.2357.134
 
 
*************************
 
AdwCleaner[R0].txt - [7798 bytes] - [02/10/2014 18:50:40]
AdwCleaner[R1].txt - [4538 bytes] - [21/07/2015 18:21:29]
AdwCleaner[S0].txt - [4547 bytes] - [21/07/2015 18:25:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4606  bytes] ##########


#15 lordnykon

lordnykon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:34 AM

Posted 21 July 2015 - 08:38 PM

Junkware log

 

 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Starter x86
Ran by home on Tue 07/21/2015 at 18:31:47.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_5C1FD3B428FF226D1BCB0DD9D605A11B
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\home\Appdata\Local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage
Successfully deleted: [File] C:\Users\home\Appdata\Local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\home\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage
Successfully deleted: [File] C:\Users\home\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Successfully deleted: [File] C:\Users\home\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.lyricsmode.com_0.localstorage
Successfully deleted: [File] C:\Users\home\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.lyricsmode.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\home\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\home\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\home\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.similarsitesearch.com_0.localstorage
Successfully deleted: [File] C:\Users\home\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.similarsitesearch.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\home\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.xpgamesaves.com_0.localstorage
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files\max uninstaller
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\home\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
 
[C:\Users\home\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\home\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gpdjojdkbbmdfjfahjcgigfpmkopogic
 
[C:\Users\home\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\home\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  gpdjojdkbbmdfjfahjcgigfpmkopogic
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/21/2015 at 18:35:47.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users