Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think my computer is infected I keep getting popups and adds


  • Please log in to reply
13 replies to this topic

#1 MrMajeika

MrMajeika

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 23 December 2015 - 03:37 PM

I am runninng windows 7. My son tried to download some games and now I am experiencing some problems. First of all there has been what looks like a copy of chrome installed called chromium and it takes me to a page called cassiopea. When I try and use firefox or chrome I am redirected to an add page everyrime I click on something. I have had to post this from my phone as when I try to click on the post button it just opens a new tan. There was also some ps scanner thay was installed that I have now unistalled. My homepage has changed. Something called Tsearch has appeared in my browser

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 23 December 2015 - 03:50 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

 http://nicolascoolman.com/download/zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.



#3 MrMajeika

MrMajeika
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 23 December 2015 - 07:14 PM

# AdwCleaner v5.026 - Logfile created 23/12/2015 at 21:00:45
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Robert - ROBERT-PC
# Running from : C:\Users\Robert\Downloads\adwcleaner_5.026.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : YahooAUService
[-] Service Deleted : swdumon
[-] Service Deleted : swsedrvr_vt_1_10_0_25
[-] Service Deleted : swsesrvc_1.10.0.25

***** [ Folders ] *****

[-] Folder Deleted : C:\_acestream_cache_
[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\Program Files (x86)\Torrent Search
[-] Folder Deleted : C:\Program Files (x86)\DailyPcClean Support
[-] Folder Deleted : C:\Program Files (x86)\SwiftSearch_1.10.0.25
[-] Folder Deleted : C:\ProgramData\SetApp
[-] Folder Deleted : C:\ProgramData\SNT
[-] Folder Deleted : C:\ProgramData\Uniblue
[-] Folder Deleted : C:\ProgramData\Codec
[-] Folder Deleted : C:\ProgramData\d09f0a26cc2561dc
[-] Folder Deleted : C:\Users\Robert\AppData\Local\DriverToolkit
[-] Folder Deleted : C:\Users\Robert\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Robert\AppData\Local\DailyPcClean Support
[-] Folder Deleted : C:\Users\Robert\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
[-] Folder Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
[-] Folder Deleted : C:\Users\Robert\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Robert\AppData\Roaming\TSearch
[-] Folder Deleted : C:\Users\Robert\AppData\Roaming\acestream
[-] Folder Deleted : C:\Users\Robert\AppData\Roaming\.acestream
[-] Folder Deleted : C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
[-] Folder Deleted : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w3pqwqoj.default-1449927522170\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}
[-] Folder Deleted : C:\Users\Robert\Documents\DailyPCClean
[-] Folder Deleted : C:\windows\SysWOW64\C2MP

***** [ Files ] *****

[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage
[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage-journal
[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_chedotgame.com_0.localstorage
[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_chedotgame.com_0.localstorage-journal
[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w3pqwqoj.default-1449927522170\invalidprefs.js
[-] File Deleted : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w3pqwqoj.default-1449927522170\searchplugins\cassiopesa.xml
[-] File Deleted : C:\windows\SysNative\drivers\swdumon.sys
[-] File Deleted : C:\windows\SysNative\drivers\swsedrvr_vt_1_10_0_25.sys
[-] File Deleted : C:\windows\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Browser Manager
[-] Task Deleted : dsmonitor
[-] Task Deleted : Escolade
[-] Task Deleted : Update Service for Torrent Search
[-] Task Deleted : Update Service for Torrent Search2
[-] Task Deleted : SwiftSearch Auto Updater 1.10.0.25 Core
[-] Task Deleted : SwiftSearch Auto Updater 1.10.0.25 Pending Update

***** [ Registry ] *****

[-] Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Tny_Cassiopesa]
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKCU\SOFTWARE\Clients\Media\AceStream
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[-] Key Deleted : HKCU\SOFTWARE\Classes\.acelive
[-] Key Deleted : HKCU\SOFTWARE\Classes\.acemedia
[-] Key Deleted : HKCU\SOFTWARE\Classes\.acestream
[-] Key Deleted : HKCU\SOFTWARE\Classes\.tslive
[-] Key Deleted : HKCU\SOFTWARE\Classes\acestream
[-] Key Deleted : HKCU\SOFTWARE\Classes\AceStream.file
[-] Key Deleted : HKCU\SOFTWARE\Classes\Applications\ace_player.exe
[-] Key Deleted : HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
[-] Key Deleted : HKCU\Software\Classes\ACEStream.CDAudio
[-] Key Deleted : HKCU\Software\Classes\ACEStream.DVDMovie
[-] Key Deleted : HKCU\Software\Classes\ACEStream.OPENFolder
[-] Key Deleted : HKCU\Software\Classes\ACEStream.SVCDMovie
[-] Key Deleted : HKCU\Software\Classes\ACEStream.VCDMovie
[-] Key Deleted : HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
[-] Key Deleted : HKCU\Software\Classes\DVD\shell\PlayWithACEStream
[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [magicplayer@torrentstream.org]
[-] Key Deleted : HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5A83D7C9-4A14-4000-BC05-389268238753}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{59C0C5BD-2579-433A-BBB8-AFFD59642BAF}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6A83313B-E6B5-4F18-B49D-15EBE176A8B1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\AceStream
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\SwiftSearch_1.10.0.25
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Torrent Search
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SwiftSearch_1.10.0.25
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B775D286-0626-44E1-8F8A-8986F63415DD}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\pmdi8ids.default-1351194393250\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://www.cassiopessa.com/?f=1&a=csp_tuto16_15_52&cd=2XzuyEtN2Y1L1QzuzyyEyEyEyDtB0CtAyByCzyzz0C0E0CyCtN0D0Tzu0StCyEyDtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1[...]
[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w3pqwqoj.default-1449927522170\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://www.cassiopessa.com/?f=1&a=csp_tuto16_15_52&cd=2XzuyEtN2Y1L1QzuzyyEyEyEyDtB0CtAyByCzyzz0C0E0CyCtN0D0Tzu0StCyEyDtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1[...]
[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w3pqwqoj.default-1449927522170\prefs.js] [Preference] Deleted : user_pref("extensions.ff20459cda6e41a780bc8f4fefd9c575.localStoragecom.ab.advertisment.stored_code_fg", "\"\\\"(function(){function o(b,d){var a=t();if(a&&\\\\\\\"0\\\\\\\"!=a){d=d?d:\\\\\\\"head\\\\\[...]
[-] [C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Cassiopesa.com
[-] [C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.cassiopessa.com/?f=7&a=csp_tuto16_15_52&cd=2XzuyEtN2Y1L1QzuzyyEyEyEyDtB0CtAyByCzyzz0C0E0CyCtN0D0Tzu0StCyEyDtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0EyD0E0AyCyBtDtGtC0D0D0DtG0Azy0AtCtGtByEtD0DtGyB0FyE0BtDyEyEyC0A0CyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAtAtBtDyD0A0CtGzztDtDtAtGyEzy0AyEtG0B0FtDyCtG0FyB0B0EtAyBzy0C0E0EyEtC2QtN0A0LzutB&cr=715856597&ir=
[-] [C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tuto16_15_52&cd=2XzuyEtN2Y1L1QzuzyyEyEyEyDtB0CtAyByCzyzz0C0E0CyCtN0D0Tzu0StCyEyDtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0EyD0E0AyCyBtDtGtC0D0D0DtG0Azy0AtCtGtByEtD0DtGyB0FyE0BtDyEyEyC0A0CyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAtAtBtDyD0A0CtGzztDtDtAtGyEzy0AyEtG0B0FtDyCtG0FyB0B0EtAyBzy0C0E0EyEtC2QtN0A0LzutB&cr=715856597&ir=
[-] [C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mfhnkgpdlogbknkhlgdjlejeljbhflim
[-] [C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.cassiopessa.com/?f=1&a=csp_tuto16_15_52&cd=2XzuyEtN2Y1L1QzuzyyEyEyEyDtB0CtAyByCzyzz0C0E0CyCtN0D0Tzu0StCyEyDtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0EyD0E0AyCyBtDtGtC0D0D0DtG0Azy0AtCtGtByEtD0DtGyB0FyE0BtDyEyEyC0A0CyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAtAtBtDyD0A0CtGzztDtDtAtGyEzy0AyEtG0B0FtDyCtG0FyB0B0EtAyBzy0C0E0EyEtC2QtN0A0LzutB&cr=715856597&ir=

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [17183 bytes] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by Robert (Administrator) on 23/12/2015 at 21:12:19.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 21

Failed to delete: C:\windows\svchost.exe (File)
Successfully deleted: C:\ProgramData\esellerate (Folder)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\{094C5756-74CA-41C0-92F2-A48312B87190} (Empty Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\{5A52847F-6ED5-4AAD-8606-E488C694D349} (Empty Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\{7D0256F4-A780-4CDD-BF52-01AE66743950} (Empty Folder)
Successfully deleted: C:\Users\Robert\AppData\Roaming\browsers (Folder)
Successfully deleted: C:\Users\Robert\AppData\Roaming\media freeware (Folder)
Successfully deleted: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\pmdi8ids.default-1351194393250\extensions\staged (Folder)
Successfully deleted: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w3pqwqoj.default-1449927522170\extensions\{FF20459C-DA6E-41A7-80BC-8F4FEFD9C575}\chrome\_locales\es_419 (Folder)
Successfully deleted: C:\Users\Robert\AppData\Roaming\spi (Folder)
Successfully deleted: C:\windows\system32\Tasks\DriverToolkit Autorun (Task)
Successfully deleted: C:\windows\system32\Tasks\EasySpeedUpManager (Task)
Successfully deleted: C:\windows\Tasks\DriverToolkit Autorun.job (Task)
Successfully deleted: C:\Program Files (x86)\convert audio free (Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001 (File)
Successfully deleted: C:\Users\Robert\AppData\Local\Temp\vitruvian-installer-install-v0003 (File)
Successfully deleted: C:\Users\Robert\AppData\Local\Temp\vitruvian-installer-processes-v0002 (File)
Successfully deleted: C:\Users\Robert\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001 (File)
Successfully deleted: C:\windows\SysWOW64\sho3B7C.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho67C7.tmp (File)

user_pref(browser.search.defaultenginename, Cassiopesa);
user_pref(extensions.ff20459cda6e41a780bc8f4fefd9c575.localStoragecom.ab.advertising.rdr2.redirect_blacklist, \^hxxps?:\\\\/\\\\/(www\\\\.)?(searchengines\\\\.ru|searcheng
user_pref(extensions.ff20459cda6e41a780bc8f4fefd9c575.localStoragecom.ab.advertising.rdr2.redirects_blacklist_visited, {\searchengines.ru\:false,\searchengines.guru\:fa
user_pref(extensions.ff20459cda6e41a780bc8f4fefd9c575.localStoragecom.ab.advertisment.stored_code_bg, \\\\function main(){function S(){var a=\\\\\\\hxxp://api.testreques



Registry: 2

Successfully deleted: HKLM\Software\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/12/2015 at 21:23:49.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v4.1
Time: 2015_12_23_21_28_48
OS: Windows 7 Home Premium - x64 Bit
Account Name: Robert
Adware Definition: Adware Definition: Dec-19-2015-1
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted ->> Folder ->> C:\program files (x86)\\SopCast

Deleted ->> Folder ->> C:\users\Robert\AppData\Local\Threat Expert\Browser Defender

Deleted ->> Folder ->> C:\users\All Users\Microsoft\Windows\Start Menu\Programs\SopCast

Deleted ->> Folder ->> C:\users\Robert\AppData\Local\VirtualStore\Program Files (x86)\SopCast

Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E385FD0D-C375-426E-A980-C6C0C2017958}\ ->> LocalService : Browser Defender Update Service

Removal Failed ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCTBD\0000\ ->> DeviceDesc : PC Tools Browser Defender Driver

Removal Failed ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PCTBD\0000\ ->> DeviceDesc : PC Tools Browser Defender Driver

Removal Failed ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCTBD\0000\ ->> DeviceDesc : PC Tools Browser Defender Driver

Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ ->> TCP Query User{904E3EC3-A2AE-47AF-8072-B2469F6EBDD5}C:\program files (x86)\sopcast\sopcast.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\sopcast\sopcast.exe|Name=SopCast Main Application|Desc=SopCast Main Application|Defer=User|

Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ ->> UDP Query User{D2C6B7C2-9949-4DE0-A79B-287D3930D65C}C:\program files (x86)\sopcast\sopcast.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\sopcast\sopcast.exe|Name=SopCast Main Application|Desc=SopCast Main Application|Defer=User|

Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ ->> TCP Query User{93679FC7-01F9-4061-8FFC-133F945F662C}C:\program files (x86)\sopcast\sopcast.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\sopcast\sopcast.exe|Name=SopCast Main Application|Desc=SopCast Main Application|Defer=User|

Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ ->> UDP Query User{9BA5C953-E401-4869-8218-F24EB8017766}C:\program files (x86)\sopcast\sopcast.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\sopcast\sopcast.exe|Name=SopCast Main Application|Desc=SopCast Main Application|Defer=User|

Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\SopCast\ ->> DisplayName : SopCast 3.5.0

Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\SopCast\ ->> UninstallString : C:\Program Files (x86)\SopCast\uninst.exe

Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\SopCast\ ->> DisplayIcon : C:\Program Files (x86)\SopCast\SopCast.exe

Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\SopCast\ ->> URLInfoAbout : www.sopcast.com

Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\SopCast\ ->> Publisher : www.sopcast.com

Deleted ->> Registry Value Name ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ ->> TCP Query User{904E3EC3-A2AE-47AF-8072-B2469F6EBDD5}C:\program files (x86)\sopcast\sopcast.exe

Deleted ->> Registry Value Name ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ ->> UDP Query User{D2C6B7C2-9949-4DE0-A79B-287D3930D65C}C:\program files (x86)\sopcast\sopcast.exe

Deleted ->> Registry Value Name ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ ->> TCP Query User{93679FC7-01F9-4061-8FFC-133F945F662C}C:\program files (x86)\sopcast\sopcast.exe

Deleted ->> Registry Value Name ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ ->> UDP Query User{9BA5C953-E401-4869-8218-F24EB8017766}C:\program files (x86)\sopcast\sopcast.exe

Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\PCTools\Security\Browser Defender

Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\SopCast

Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SopCast

Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\WebCakeUpdaterService

Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\SopCast

 

 

~ ZHPCleaner v2015.12.23.405 by Nicolas Coolman (2015/12/23)
~ Run by Robert (Administrator)  (23/12/2015 22:20:14)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Robert\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Robert\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (1)
DELETED: [w3pqwqoj.default-1449927522170] - user_pref("browser.search.defaultenginename", "Cassiopesa");  =>PUP.Optional.Cassiopesa


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (27)
MOVED file: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eoebpcbiklhocbchcfjlejdfhfaimfoh_0.localstorage-journal    =>Hijacker.Browser ["update_url" : "https://clients2.google.com/servic]
MOVED file: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eoebpcbiklhocbchcfjlejdfhfaimfoh_0.localstorage    =>Hijacker.Browser
MOVED file: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ialilpegnnfigbcggpbbdecdgencbfge_0.localstorage-journal    =>Hijacker.Browser ["update_url" : "https://clients2.google.com/servic]
MOVED file: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ialilpegnnfigbcggpbbdecdgencbfge_0.localstorage    =>Hijacker.Browser
MOVED file: C:\Windows\Prefetch\3DBUBBLESOUND.EXE-985CBA49.pf    =>PUP.Optional.BubbleSound
MOVED file: C:\Windows\Prefetch\DAILYPCCLEAN.EXE-0F2B9D21.pf    =>PUP.Optional.DailyPCClean
MOVED file: C:\Windows\Prefetch\DAILYPCCLEAN.EXE-51AAAA70.pf    =>PUP.Optional.DailyPCClean
MOVED file: C:\Windows\Prefetch\DAILYPCCLEAN.TMP-59A721EA.pf    =>PUP.Optional.DailyPCClean
MOVED file: C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-4E8A9600.pf    =>PUP.Optional.BubbleSound
MOVED file: C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-9066234E.pf    =>PUP.Optional.BubbleSound
MOVED file: C:\Windows\Prefetch\PREDM.EXE-F362A32C.pf    =>PUP.Optional.Downware
MOVED file: C:\Windows\Prefetch\PREDM.TMP-2A0C930E.pf    =>PUP.Optional.Downware
MOVED file: C:\ProgramData\InstallMate\{29F8C73F-515F-4B84-A96F-197DF21BE5C9}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate® Setup]  =>PUP.Optional.Tarma
MOVED file: C:\ProgramData\InstallMate\{29F8C73F-515F-4B84-A96F-197DF21BE5C9}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate® Setup Library]  =>PUP.Optional.Tarma
MOVED file^: C:\ProgramData\InstallMate\{0D44A143-88C2-407A-A291-C0E0D6A783B5}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate® Setup]  =>PUP.Optional.Tarma
MOVED file^: C:\ProgramData\InstallMate\{0D44A143-88C2-407A-A291-C0E0D6A783B5}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate® Setup Library]  =>PUP.Optional.Tarma
MOVED file: C:\Users\Robert\Downloads\iLividSetupV1.exe [Bandoo Media Inc. - iLivid Installation]  =>PUP.Optional.Bandoo
MOVED file: C:\Users\Robert\AppData\Local\Temp\bjhrjtGYErrnArEr.exe [Company Inc. - ]  =>.Superfluous.SystemaLimited
MOVED file: C:\Users\Robert\AppData\Local\Temp\ts_10051.exe [Company Inc. - ]  =>.Superfluous.SystemaLimited
MOVED file: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage    =>PUP.Optional.PutLocker
MOVED file: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage-journal    =>PUP.Optional.PutLocker
MOVED folder: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoebpcbiklhocbchcfjlejdfhfaimfoh  =>Hijacker.Browser ["update_url" : "https://clients2.google.com/servic]
MOVED folder: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ialilpegnnfigbcggpbbdecdgencbfge  =>Hijacker.Browser ["update_url" : "https://clients2.google.com/servic]
MOVED folder: C:\ProgramData\InstallMate  =>PUP.Optional.Tarma
MOVED folder: C:\Users\Administrator\AppData\Local\Torch  =>.Superfluous.Torch
MOVED folder: C:\Users\ASPNET\AppData\Local\Torch  =>.Superfluous.Torch
MOVED folder: C:\Users\Guest\AppData\Local\Torch  =>.Superfluous.Torch


---\\  Registry ( Key, Value, Data) (6)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebCake Desktop ["C:\Users\Robert\AppData\Roaming\WebCake\WebCakeDesktop.exe" (Not File)]  =>PUP.Optional.WebCake
DELETED key*: HKEY_USERS\S-1-5-21-3534789133-3684532335-1148534474-1001\SOFTWARE\PartyGaming []  =>Casino.OnlineGames
DELETED key*: HKEY_USERS\S-1-5-21-3534789133-3684532335-1148534474-1001\SOFTWARE\RegisteredApplicationsEx []  =>PUP.Optional.SfKpCouponApp
DELETED key: HKCU\Software\PartyGaming []  =>Casino.OnlineGames
DELETED key: HKCU\Software\RegisteredApplicationsEx []  =>PUP.Optional.SfKpCouponApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VK OK AdBlock [Company Inc.]  =>.Superfluous.SystemaLimited


---\\  Summary of the elements found (14)
















---\\  Other deletions. (37)
~ Registry Keys Tracing deleted (37)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 1449
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 34


~ End of clean in 00h01mn33s
===================
ZHPCleaner-[R]-23122015-22_21_47.txt
ZHPCleaner-[S]-23122015-22_19_41.txt

 

Zemana AntiMalware 2.19.2.737 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/12/23
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i3 CPU M 370 @ 2.40GHz
BIOS Mode              : Legacy
CUID                   : 0050F3DA707DC646F0EB7C
Scan Type              : Deep Scan
Duration               : 79m 20s
Scanned Objects        : 275562
Detected Objects       : 20
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

csrss.exe
Status             : Scanned
Object             : %systemroot%\csrss.exe
MD5                : DE9B2D0EBCC43BF58EE24EA8F8C1ED82
Publisher          : -
Size               : 1559319
Version            : 1.0.0.0
Detection          : Malware:Win64/Edizz.A!Kemm
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\csrss.exe
                Process - 3148 - C:\Windows\csrss.exe

tor_1.exe
Status             : Scanned
Object             : %userprofile%\downloads\tor browser\app\tor_1.exe
MD5                : 89B20EEBB078D568A75478273CCE0813
Publisher          : -
Size               : 2087636
Version            : -
Detection          : Malware:Win32/Tazzi.A!Amlk
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\tor browser\app\tor_1.exe

Football_Manager_2006_Full_PC_Game.exe
Status             : Scanned
Object             : %userprofile%\downloads\football_manager_2006_full_pc_game.exe
MD5                : 2BC1B7CAF0E486889A6AA6F89F16E1EC
Publisher          : Anviko AITI, TOV
Size               : 3622464
Version            : -
Detection          : Malware:Win32/Quarand!Eemc
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\football_manager_2006_full_pc_game.exe

Football_Manager_2005_Full_PC_Game.exe.part
Status             : Scanned
Object             : %userprofile%\downloads\football_manager_2005_full_pc_game.exe.part
MD5                : 4F0CA2E91FF132F8884CC19043B63B58
Publisher          : Anviko AITI, TOV
Size               : 3615784
Version            : -
Detection          : Malware:Win32/Quarand!Eemc
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\football_manager_2005_full_pc_game.exe.part

Football.Manager.2012.v12.0.4.Update.exe
Status             : Scanned
Object             : %userprofile%\downloads\football.manager.2012.v12.0.4.update-skidrow - tam\football.manager.2012.v12.0.4.update.exe
MD5                : 681E7214A9FA975317BA94AF7A7C3696
Publisher          : -
Size               : 54272
Version            : 0.0.0.0
Detection          : Malware:Win32/Tazzi.A!Amte
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\football.manager.2012.v12.0.4.update-skidrow - tam\football.manager.2012.v12.0.4.update.exe

hXUhtwI.exe
Status             : Scanned
Object             : %programfiles%\vk ok adblock\hxuhtwi.exe
MD5                : 870F49EA9D4A885FCE070866C3ED4331
Publisher          : MOSCOW COMPANY
Size               : 62184
Version            : -
Detection          : Adware:Win32/BulkHeur.78a447!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %programfiles%\vk ok adblock\hxuhtwi.exe
                Scheduled Task - Update Service for VK OK AdBlock2.job
                Scheduled Task - Update Service for VK OK AdBlock.job
                Scheduled Task - C:\windows\System32\Tasks\Update Service for VK OK AdBlock
                Scheduled Task - C:\windows\System32\Tasks\Update Service for VK OK AdBlock2

ts_10051.exe
Status             : Scanned
Object             : %appdata%\zhp\quarantine\ts_10051.exe
MD5                : E53C5A39AD1A287681B9047951CD43A0
Publisher          : "SISTEMA LTD"
Size               : 2435392
Version            : 1.0.0.69
Detection          : Adware:Win32/Sistema!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %appdata%\zhp\quarantine\ts_10051.exe

iLividSetupV1.exe
Status             : Scanned
Object             : %appdata%\zhp\quarantine\ilividsetupv1.exe
MD5                : 30DD4309274A647C26766DB007030D60
Publisher          : Bandoo Media Inc
Size               : 2060760
Version            : 1.92.871.32734
Detection          : Adware:Win32/BandooMedia!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %appdata%\zhp\quarantine\ilividsetupv1.exe

bjhrjtGYErrnArEr.exe
Status             : Scanned
Object             : %appdata%\zhp\quarantine\bjhrjtgyerrnarer.exe
MD5                : BCE6DA52CCE17905486FC968ECCE57E4
Publisher          : MOSCOW COMPANY
Size               : 1670200
Version            : 1.3.20.0
Detection          : Adware:Win32/BulkHeur.78a447!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %appdata%\zhp\quarantine\bjhrjtgyerrnarer.exe

vk_ok_adblock.exe
Status             : Scanned
Object             : %temp%\vk_ok_adblock.exe
MD5                : ECA7DFB4985B8D15C709AB346D869E9E
Publisher          : MOSCOW COMPANY
Size               : 117480
Version            : -
Detection          : Adware:Win32/BulkHeur.78a447!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\vk_ok_adblock.exe

455.exe
Status             : Scanned
Object             : %temp%\is-f2ql0.tmp\455.exe
MD5                : 1338B6E0C696B54481EF15F76C02D74A
Publisher          : -
Size               : 1327081
Version            : 0.0.0.0
Detection          : Adware:Win32/EoRezo!Sig
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\is-f2ql0.tmp\455.exe

465.exe
Status             : Scanned
Object             : %temp%\is-f2ql0.tmp\465.exe
MD5                : F05FFE495C8411BB06211FB5EB137083
Publisher          : -
Size               : 1328230
Version            : 0.0.0.0
Detection          : Adware:Win32/EoRezo!Sig
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\is-f2ql0.tmp\465.exe

package_BubbleSound_installer_multilang.exe
Status             : Scanned
Object             : %temp%\is-f2ql0.tmp\package_bubblesound_installer_multilang.exe
MD5                : BC8CF99DAA3A1C3CBEDAAD8000070834
Publisher          : -
Size               : 1326620
Version            : 0.0.0.0
Detection          : Adware:Win32/EoRezo!Sig
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\is-f2ql0.tmp\package_bubblesound_installer_multilang.exe

gentlemjmp_ieu.exe
Status             : Scanned
Object             : %temp%\is-8p6et.tmp\gentlemjmp_ieu.exe
MD5                : 54D0BEC06A85EC1A52128BA08A5CB175
Publisher          : -
Size               : 56832
Version            : 0.0.0.0
Detection          : Malware:Win32/Bailoat.A!Akat
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\is-8p6et.tmp\gentlemjmp_ieu.exe

csrss[1].exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\temporary internet files\content.ie5\r9st4xly\csrss[1].exe
MD5                : DE9B2D0EBCC43BF58EE24EA8F8C1ED82
Publisher          : -
Size               : 1559319
Version            : 1.0.0.0
Detection          : Malware:Win64/Edizz.A!Kemm
Cleaning Action    : Quarantine
Traces             :
                File - %localappdata%\microsoft\windows\temporary internet files\content.ie5\r9st4xly\csrss[1].exe

component (2).exe
Status             : Scanned
Object             : %temp%\component (2).exe
MD5                : EED685D7784468AC0F880F802D42701B
Publisher          : SwiftSearch
Size               : 1188472
Version            : 1.10.0.25
Detection          : Adware:Win32/SwiftSearch!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\component (2).exe

component (1).exe
Status             : Scanned
Object             : %temp%\component (1).exe
MD5                : 5AAAC118C3F8F6A178B0CC19CD73080F
Publisher          : -
Size               : 5054433
Version            : 0.0.0.0
Detection          : Adware:Win32/EoRezo!Sig
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\component (1).exe

uninstall.exe
Status             : Scanned
Object             : %programfiles%\vk ok adblock\uninstall.exe
MD5                : 59BECF758E0DEFDD513FB0CE6E796B36
Publisher          : MOSCOW COMPANY
Size               : 1502248
Version            : 1.3.20.0
Detection          : Adware:Win32/BulkHeur.78a447!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %programfiles%\vk ok adblock\uninstall.exe

sqlite3.dll
Status             : Scanned
Object             : %programfiles%\bluesprig\jetclean\sqlite3.dll
MD5                : 3E95C44C325B078FA1ED880DD5883016
Publisher          : BlueSprig, Inc.
Size               : 576952
Version            : -
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %programfiles%\bluesprig\jetclean\sqlite3.dll

_SetupPoker_ca409f_en.exe
Status             : Scanned
Object             : %homedrive%\poker\william hill poker\_setuppoker_ca409f_en.exe
MD5                : FF04D02AFA370561DBE2820D3055E26B
Publisher          : PLAYTECH LIMITED
Size               : 414464
Version            : 9.4.20.0
Detection          : Malware:Win32/Quarand!Eitc
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\poker\william hill poker\_setuppoker_ca409f_en.exe


Cleaning Result
-------------------------------------------------------
Cleaned               : 20
Reported as safe      : 0
Failed                : 0
 



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 23 December 2015 - 07:34 PM

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.

 

 

MiniToolBox Scan

 

 

Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

 

 

 

 

Eset Online Scanner.

 

 

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  •  

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


#5 MrMajeika

MrMajeika
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 24 December 2015 - 06:07 PM

SecurityCheck by glax24 v.1.4.0.32 [01.11.15]
WebSite: www.safezone.cc
DateLog: 24.12.2015 19:17:34
Path starting: C:\Users\Robert\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Robert
VersionXML: 2.20is-21.12.2015
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 15.06.2011 12:45:42
LicenseStatus: Windows® 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [365.7 Gb] Used: [257.2 Gb] Free: [108.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18124
User Account Control enabled
Automatic download and scheduled installation
Date install updates: 2015-12-13 01:55:48
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Microsoft Security Essentials (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
Disabled the domain profile of Windows Firewall
Disabled the public profile of Windows Firewall
Disabled the standard profile for Windows Firewall
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Microsoft Security Essentials (enabled and up to date)
Windows Defender (disabled and out of date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Microsoft Security Essentials v.4.8.204.0
-------------------------- [ SecurityUtilities ] --------------------------
SUPERAntiSpyware v.5.1.1002
Malwarebytes Anti-Malware version 2.2.0.1024 v.2.2.0.1024
Secunia PSI (3.0.0.9016) v.3.0.0.9016
SpywareBlaster 5.2 v.5.2.0
Zemana AntiMalware v.2.19.737
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Silverlight v.5.1.41105.0
VLC media player 2.1.2 v.2.1.2 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype Translate v.1.0.0.43 Warning! Download Update
^Optional update.^
Skype™ 7.16 v.7.16.102 Warning! Download Update
^Optional update.^
--------------------------------- [ P2P ] ---------------------------------
BitTorrent v.7.9.5.41373 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 66 v.8.0.660.18
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 20 ActiveX v.20.0.0.228
Adobe Flash Player 20 NPAPI v.20.0.0.235
Adobe Shockwave Player 12.1 v.12.1.0.150 Warning! Download Update
Adobe Acrobat Reader DC v.15.009.20079
------------------------------- [ Browser ] -------------------------------
Google Chrome v.47.0.2526.106
Mozilla Firefox 43.0.1 (x86 en-US) v.43.0.1
----------------------------- [ EmailClient ] -----------------------------
Windows Live Mail v.15.4.3502.0922
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.43.0.1.5828
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE v.6.0.0.1080
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE v.6.0.0.1210
c:\Program Files\Microsoft Security Client\MsMpEng.exe v.4.8.204.0
c:\Program Files\Microsoft Security Client\NisSrv.exe v.4.8.204.0
---------------------------- [ UnwantedApps ] -----------------------------
Skype Click to Call v.6.13.13771 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------
 
 
MiniToolBox by Farbar  Version: 02-11-2015
Ran by Robert (administrator) on 24-12-2015 at 19:19:24
Running from "C:\Users\Robert\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: R530/R730/R540 Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Belkin N Wireless USB Adapter = Wireless Network Connection 4 (Connected)
Qualcomm Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Hardware not present)
Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 5 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Robert-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dwsd.local

Wireless LAN adapter Wireless Network Connection 5:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 94-44-52-C3-76-98
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 4:

   Connection-specific DNS Suffix  . : dwsd.local
   Description . . . . . . . . . . . : Belkin N Wireless USB Adapter
   Physical Address. . . . . . . . . : 94-44-52-C3-76-98
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fdec:542b:9061:0:4859:36a3:f114:78c(Preferred)
   Temporary IPv6 Address. . . . . . : fdec:542b:9061:0:8893:f784:b19f:b48b(Preferred)
   Link-local IPv6 Address . . . . . : fe80::4859:36a3:f114:78c%26(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.152(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 24 December 2015 19:14:09
   Lease Expires . . . . . . . . . . : 25 December 2015 05:14:09
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.254
   DHCPv6 IAID . . . . . . . . . . . : 647251026
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-FB-13-43-00-24-54-3F-B7-5E
   DNS Servers . . . . . . . . . . . : fdec:542b:9061:0:7e4c:a5ff:fed9:3608
                                       208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : 00-24-54-E9-C4-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  fdec:542b:9061:0:7e4c:a5ff:fed9:3608

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging google.com [2.127.237.232] with 32 bytes of data:
Reply from 2.127.237.232: bytes=32 time=11ms TTL=61
Reply from 2.127.237.232: bytes=32 time=12ms TTL=61

Ping statistics for 2.127.237.232:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 12ms, Average = 11ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  fdec:542b:9061:0:7e4c:a5ff:fed9:3608

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=132ms TTL=46
Reply from 98.138.253.109: bytes=32 time=130ms TTL=46

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 130ms, Maximum = 132ms, Average = 131ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 27...94 44 52 c3 76 98 ......Microsoft Virtual WiFi Miniport Adapter #2
 26...94 44 52 c3 76 98 ......Belkin N Wireless USB Adapter
 11...00 24 54 e9 c4 0b ......Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.152     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link     192.168.0.152    306
  169.254.255.255  255.255.255.255         On-link     192.168.0.152    281
      192.168.0.0    255.255.255.0         On-link     192.168.0.152    281
    192.168.0.152  255.255.255.255         On-link     192.168.0.152    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.152    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.152    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.152    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 26     33 fdec:542b:9061::/64      On-link
 26    281 fdec:542b:9061:0:4859:36a3:f114:78c/128
                                    On-link
 26    281 fdec:542b:9061:0:8893:f784:b19f:b48b/128
                                    On-link
 26    281 fe80::/64                On-link
 26    281 fe80::4859:36a3:f114:78c/128
                                    On-link
  1    306 ff00::/8                 On-link
 26    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/24/2015 07:17:38 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/23/2015 11:58:31 PM) (Source: nssm) (User: )
Description: WindowsC:\Windows\csrss.exeThe system cannot find the file specified.

Error: (12/23/2015 09:15:26 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/23/2015 09:05:25 PM) (Source: ESENT) (User: )
Description: WinMail (2356) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (12/23/2015 07:53:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 2.24.0.74, time stamp: 0x54034084
Faulting module name: svchost.exe, version: 2.24.0.74, time stamp: 0x54034084
Exception code: 0xc0000005
Fault offset: 0x000000000001789e
Faulting process id: 0x1b18
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (12/22/2015 11:50:34 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/22/2015 05:21:19 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (12/22/2015 05:21:19 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (12/22/2015 01:50:50 PM) (Source: Google Update) (User: Robert-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/22/2015 01:50:30 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.


System errors:
=============
Error: (12/24/2015 12:03:50 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (12/24/2015 12:03:23 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service hung on starting.

Error: (12/24/2015 12:02:50 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (12/24/2015 12:01:50 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (12/23/2015 11:58:52 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TFSysMon

Error: (12/23/2015 11:58:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/23/2015 11:58:31 PM) (Source: Service Control Manager) (User: )
Description: The Windows service terminated with service-specific error %%3.

Error: (12/23/2015 10:25:00 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TFSysMon

Error: (12/23/2015 10:24:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek11nSU service.

Error: (12/23/2015 09:55:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TFSysMon


Microsoft Office Sessions:
=========================
Error: (12/24/2015 07:17:38 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/23/2015 11:58:31 PM) (Source: nssm)(User: )
Description: WindowsC:\Windows\csrss.exeThe system cannot find the file specified.

Error: (12/23/2015 09:15:26 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/23/2015 09:05:25 PM) (Source: ESENT)(User: )
Description: WinMail2356WindowsMail0:

Error: (12/23/2015 07:53:44 PM) (Source: Application Error)(User: )
Description: svchost.exe2.24.0.7454034084svchost.exe2.24.0.7454034084c0000005000000000001789e1b1801d13dbb9bb7c3feC:\Windows\svchost.exeC:\Windows\svchost.exedeb2efdb-a9ae-11e5-8531-002454e9c40b

Error: (12/22/2015 11:50:34 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/22/2015 05:21:19 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2015 05:21:19 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2015 01:50:50 PM) (Source: Google Update)(User: Robert-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/22/2015 01:50:30 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.


CodeIntegrity Errors:
===================================
  Date: 2015-12-23 20:06:49.810
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-02 00:43:14.587
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Robert\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-04-02 00:43:14.546
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Robert\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

888poker (HKLM-x32\...\888poker) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
Belkin N Wireless USB Adapter Setup (HKLM-x32\...\{4EE9A620-46A0-4BCF-82AC-950D2BBED982}) (Version: 2.20 - Belkin)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Chess Buddy - Pogo Version 2.5 (HKLM-x32\...\Chess Buddy - Pogo Version_is1) (Version:  - Play Buddy)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Convert Audio Free FLAC to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free FLAC to MP3_is1) (Version: 1.0 - )
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Dusk Till Dawn Poker (HKLM-x32\...\Dusk Till Dawn Poker ) (Version:  - Boss Media AB)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
ffdshow v1.2.4496 [2012-12-13] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4496.0 - )
FM Scout (HKLM-x32\...\FMScout) (Version: 3.22 - nygreen.net)
Football Manager 2005 (HKLM-x32\...\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}) (Version: 5.0.0 - SEGA)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.48.2.WIN.FullTilt.COM - )
Full Tilt UK (HKLM-x32\...\{31967082-7E6A-42A3-9740-6F9065509BD6}) (Version: 5.30.15.WIN.FullTilt.UK - )
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5209 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.45.4.3 - Marvell)
Media Player Codec Pack 4.2.7 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.7 - Media Player Codec Pack)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MyDriveConnect 4.0.2.2123 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.2.2123 - TomTom)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Portforward Static IP Address 1.0.47 (HKLM-x32\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com)
Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1205.20 - Trusteer) Hidden
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1507.99 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
S Agent (HKLM\...\{860203FC-987D-4429-8A08-8332B21AD90E}) (Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden
S Service (HKLM-x32\...\{A48B04B8-12AF-4A71-8B3E-737FDEB0824F}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Story Album Viewer (HKLM-x32\...\{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
SamsungMovie (HKLM-x32\...\{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}) (Version: 1.0.0 - Samsung)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype Translate (HKCU\...\7e66679bf240e191) (Version: 1.0.0.43 - Skype Translate)
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.1.1002 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{E362724E-9320-4946-AF34-874E7B6B2927}) (Version: 6.0.7.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
tbbMeter Loader Service (HKLM-x32\...\{FDC85EE3-EDAA-47C9-9885-2A26FC41DC22}) (Version: 1.0.0 - thinkbroadband.com)
Tournament Indicator 2.1.2 (HKLM-x32\...\Tournament Indicator_is1) (Version:  - http://www.TournamentIndicator.com)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.99 - Trusteer)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WebCam Recorder (HKLM-x32\...\WebCam Recorder_is1) (Version:  - )
William Hill Poker (HKCU\...\William Hill Poker) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yaniv Card Game v2.8 (HKLM-x32\...\{55094C06-A9A9-48F7-AA85-51A6145B5833}) (Version: 2.8 - Drevans Software)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.737 - Zemana Ltd.)
Zipeg (HKCU\...\Zipeg) (Version: 2.9.3.1316 - http://zipeg.com)

========================= Devices: ================================

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*ISATAP\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*ISATAP\0001
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*ISATAP\0002
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Qualcomm Atheros AR9285 Wireless Network Adapter
Description: Qualcomm Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_7167144F&REV_01\4&18C876B8&0&00E0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 3892.55 MB
Available physical RAM: 1719.28 MB
Total Virtual: 7783.31 MB
Available Virtual: 5342.18 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:365.66 GB) (Free:108.54 GB) NTFS
2 Drive d: () (Fixed) (Total:80 GB) (Free:76.98 GB) NTFS

========================= Users: ========================================

User accounts for \\ROBERT-PC

Administrator            ASPNET                   Guest                    
Robert                   


**** End of log ****
 
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DailyPcClean Support\DailyPCClean.exe.vir    multiple threats    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DailyPcClean Support\predm.exe.vir    a variant of Win32/Adware.EoRezo.BG application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe.vir    a variant of Win32/Adware.Vitruvian.F application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe.vir    a variant of MSIL/Adware.Vitruvian.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\DailyPcClean Support\Download\myoffergroup_gb4.exe.vir    multiple threats    cleaned by deleting - quarantined
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RT01XP2Y\run[1].vbs    VBS/Kryptik.D trojan    cleaned by deleting - quarantined
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\THBBVGSR\svchost[1].exe    Win64/NSSM.A potentially unsafe application    cleaned by deleting - quarantined
C:\Users\Robert\AppData\Roaming\BitTorrent\updates\7.8.1_30016.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Robert\AppData\Roaming\BitTorrent\updates\7.9.2_38657.exe    a variant of Win32/OpenCandy.A potentially unsafe application    cleaned by deleting - quarantined
C:\Users\Robert\Downloads\ccsetup418.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Robert\Downloads\ccsetup504.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Robert\Downloads\ccsetup505.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Robert\Downloads\ccsetup506.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Robert\Downloads\ccsetup509.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Robert\Downloads\ccsetup512.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Windows\svchost.exe    Win64/NSSM.A potentially unsafe application    cleaned by deleting - quarantined
 
 
9-lab Removal Tool 1.0.0.38 BETA
9-lab.com

Database version: 125.36680

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.18124
Robert :: ROBERT-PC

24/12/2015 21:52:57
9lab-log-2015-12-24 (21-52-57).txt

Scan type: Full
Objects scanned: 56205
Time Elapsed: 50 m 52 s

Registry Keys detected: 3
Adware.RPL.Gen.bot [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E32743D3-5789-6E4F-3998-06FB87C9214B}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}]
Adware.RMPL.SProtect.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WS.Enabler]


Files detected: 206
[E20C7CC48B3A63DEB1834D6759A78FC9] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\3DBUBBLESOUND.EXE-985CBA49.pf]
[52F7ACB9B13307B523CF0217CEE8F895] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\chrome-extension_eoebpcbiklhocbchcfjlejdfhfaimfoh_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\chrome-extension_eoebpcbiklhocbchcfjlejdfhfaimfoh_0.localstorage-journal]
[E910A7700F71E662C939024D784C41B1] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\chrome-extension_ialilpegnnfigbcggpbbdecdgencbfge_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\chrome-extension_ialilpegnnfigbcggpbbdecdgencbfge_0.localstorage-journal]
[6EBFFF467C26875E49230C7223FD3B81] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\DAILYPCCLEAN.EXE-0F2B9D21.pf]
[DA9E830B6DDF4B0EBF38464307540CC1] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\DAILYPCCLEAN.EXE-51AAAA70.pf]
[47182946FEF53D8482D5335871A817E7] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\DAILYPCCLEAN.TMP-59A721EA.pf]
[E4CDE0DB862C3A4DE05A69DD392715E6] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\BrowsersFix.js]
[446683A5C4C36DF874D266AC0485A641] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\Content.js]
[EECF177F7184D6C7ABE71D4C7FC98A16] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\files\background.js]
[95CF686323D23A09E604478BA41AFF89] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\files\foreground.js]
[FAD4932238134CEF1BF1E85E066D8568] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\files\main.css]
[7D4E3A4C260F6DE38B25C903C18D9BAF] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\icons\icon128.png]
[E4C556D4BEF16902DA00E93213E44173] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\icons\icon16.png]
[A865B448D94E161A0D2880D6D51FC45E] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\icons\icon48.png]
[7B1E644C5B3040B3CE4A79F9E95BAE23] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\Kernel.js]
[F11FE0451B54F5F8DF50E7CC583BE990] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\manifest.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\am\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\ar\messages.json]
[BD0E70A2EDF0F65FE36C8C46D54DF7CC] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\be\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\bg\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\bn\messages.json]
[F3E3FD6AF0692E2E6E3B2151EF3B8391] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\ca\messages.json]
[E52C6A378C897A800EF28C1D6C567067] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\cs\messages.json]
[893BCB4FE630C0E4F29BA9947D4FE7F7] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\da\messages.json]
[47BEE64DDE55757FF7BD8A15E526EE0A] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\de\messages.json]
[F7110AFD6F89EB491BEDA0F36DE2FA73] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\el\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\en\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\en_GB\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\en_US\messages.json]
[AC65F1D29C0873AC34791304A0952B0E] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\es\messages.json]
[AC65F1D29C0873AC34791304A0952B0E] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\es_419\messages.json]
[E91A739EE0B581D0BF977B36D0428ED0] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\et\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\fa\messages.json]
[21A10F37226FC8210E404CB63294A3BE] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\fi\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\fil\messages.json]
[9B3FE5D6CC34D010DA90CF87C514E985] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\fr\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\gu\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\he\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\hi\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\hr\messages.json]
[3151A523B51B23C546B01A784FC5D750] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\hu\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\id\messages.json]
[B3EB8A62C1CD198ADD985F34D46744C2] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\it\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\ja\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\kn\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\ko\messages.json]
[F8E12BEE85F52DA0058840E6EDB1FA0F] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\lt\messages.json]
[3B49E70207CCA67CD81B17D2FAA52CB1] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\lv\messages.json]
[285D1DCD8729AEB24E9891336080C4CD] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\mk\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\ml\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\mr\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\ms\messages.json]
[E731A9C9667380A05BB02C51075E7FE1] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\nl\messages.json]
[FDC8D97158939D25838354B91B27F37B] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\no\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\pl\messages.json]
[28AB439B34C550FD0F89C09CD5930B57] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\pt\messages.json]
[28AB439B34C550FD0F89C09CD5930B57] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\pt_BR\messages.json]
[28AB439B34C550FD0F89C09CD5930B57] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\pt_PT\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\ro\messages.json]
[EFB20252288FD8DEF02A29ABF422B44C] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\ru\messages.json]
[40E8E90160E037C4619BBA438A11546B] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\sk\messages.json]
[69B36E905B8B2E037070FE8454744209] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\sl\messages.json]
[D56ACF7A1E644644BFF872553836ED2E] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\sq\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\sr\messages.json]
[5CF07DD906FFE8E443C02CC896F81423] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\sv\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\sw\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\ta\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\te\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\th\messages.json]
[8CCE66AFD5B97165EA6437291DE8882D] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\tr\messages.json]
[996E2D79D7CAFFAC828526DCB7FC1563] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\uk\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\vi\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\zh_CN\messages.json]
[F9A432EA18D221BD005C29C526054D86] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\eoebpcbiklhocbchcfjlejdfhfaimfoh\361.3.20_0\_locales\zh_TW\messages.json]
[3688374325B992DEF12793500307566D] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\hosts]
[80A529FB5C7C6C94CB82B98E9E88B9C9] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\http_putlocker.is_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\http_putlocker.is_0.localstorage-journal]
[61B38115D990627B7160A0B50613FE81] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\BrowsersFix.js]
[608CD8D16B2B3639C92F9A57F816DFFA] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\Content.js]
[4DE548F0EF12E58F26562FD0FA78E634] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\files\background.js]
[4112AD4FA1C1C4828140207C1DE74219] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\files\com.torrent.main\reset.png]
[B2065BF42B425D298EE45ADCBFF64236] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\files\com.torrent.main\reset_old.png]
[5B949CBD967A3DB775CCF63B2DEBB97B] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\files\com.torrent.main\search.png]
[69C02BBEDD0C2DFF2203CF62DE252FF6] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\files\com.torrent.main\search_old.png]
[6608E7CD727E94C3905410445B12A25F] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\files\foreground.js]
[0043F434EE5744CD93721E2ECF6485F2] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\files\popup.css]
[FCDA7C2BD163293F4DEF17E2B2FDEF60] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\files\popup.js]
[FBED9324CB5518ACA87CF6F7AF41BE8A] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\icons\icon128.png]
[3E0B15AB67D625A5B5F6E31171C1519B] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\icons\icon16.png]
[2970037C8D08AD6AABDB5FC625C0EFF1] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\icons\icon48.png]
[992C396416CFE823D08327CB7F17E6B0] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\Kernel.js]
[5DE6A3AB238516AEC0306B53D246F242] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\manifest.json]
[5DB944667CC36AD45EB832BC876CEA91] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\popup.html]
[C2E1C0C2680E6F3DBBDB65DD9E0EB13A] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\popup.js]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\am\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\ar\messages.json]
[9D32CA522F2CC87197569B2824BFAB21] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\be\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\bg\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\bn\messages.json]
[73994682025B68739749ADF44164F924] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\ca\messages.json]
[6FB4448378DBF53917C73EAFF45B8C32] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\cs\messages.json]
[59BE3D04538174D41C53E6AE5CED7CAD] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\da\messages.json]
[81C0F866FE482A3C8DC639FC3608275F] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\de\messages.json]
[1A06931B85F7B52B8C008E378F8AE7E7] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\el\messages.json]
[D6CA3F7CA9700699522F613109809FD8] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\en\messages.json]
[D6CA3F7CA9700699522F613109809FD8] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\en_GB\messages.json]
[D6CA3F7CA9700699522F613109809FD8] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\en_US\messages.json]
[F4D12CC7327268B89AE0167485BE22CE] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\es\messages.json]
[F4D12CC7327268B89AE0167485BE22CE] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\es_419\messages.json]
[4F4E3A5A9815EA06669FA8DD718BA3A3] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\et\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\fa\messages.json]
[FF4EEE202A9C2954CB5A4E110A511698] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\fi\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\fil\messages.json]
[83900A394F9F5BFAE03B19CA3CA1AA07] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\fr\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\gu\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\he\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\hi\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\hr\messages.json]
[834F156E18A9961DF8D4EF643AE75C0E] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\hu\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\id\messages.json]
[F8ED6D0C41F75E27D3BA443B6DA88B94] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\it\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\ja\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\kn\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\ko\messages.json]
[A7C39A4224253E0EFD4A2510384D3AEC] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\lt\messages.json]
[AEEB2D8DD96AE570277E6CF56F48C757] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\lv\messages.json]
[F6717E1CDA3D06C249A7C395CE92DCDA] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\mk\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\ml\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\mr\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\ms\messages.json]
[F3639FD41F6FC9869EAB7DFCD7AE55B7] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\nl\messages.json]
[BD1C60AC2FAACEBFF1D9A3B95A8ED3E1] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\no\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\pl\messages.json]
[2FF450D50C2359A074097C30A589B1BC] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\pt\messages.json]
[2FF450D50C2359A074097C30A589B1BC] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\pt_BR\messages.json]
[2FF450D50C2359A074097C30A589B1BC] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\pt_PT\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\ro\messages.json]
[6879E8550380FFD3E3AE9ABA4A8BE801] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\ru\messages.json]
[2878E33864B36CD3FC2779E0D7587ED6] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\sk\messages.json]
[7234988DE974D66FD711C0819A66A956] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\sl\messages.json]
[4D6371E4EC0A3A9F040F41A960B100DC] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\sq\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\sr\messages.json]
[E91B11328180A00D1C149F07D92FC384] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\sv\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\sw\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\ta\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\te\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\th\messages.json]
[A7F33B446175FFECB9838BE72FBC9D76] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\tr\messages.json]
[E4675FA453DF7B9234F80FDA9CA09A73] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\uk\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\vi\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\zh_CN\messages.json]
[5AFED7DA9B9F2F3C80988A226F682403] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\ialilpegnnfigbcggpbbdecdgencbfge\361.0.0.69_0\_locales\zh_TW\messages.json]
[30E3544C06C49748233763195B0DE323] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\InstallMate\{0D44A143-88C2-407A-A291-C0E0D6A783B5}\20140201163234.log]
[CDB83C5F8EF48383F7DB8F186D98F7BD] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\InstallMate\{0D44A143-88C2-407A-A291-C0E0D6A783B5}\Readme.txt]
[E2DB52C041AF5AD472B059F35C4FAB9D] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\InstallMate\{0D44A143-88C2-407A-A291-C0E0D6A783B5}\Setup.dat]
[E717F6CE3A7429BFA6D7F3CF66737A4B] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\InstallMate\{0D44A143-88C2-407A-A291-C0E0D6A783B5}\Setup.exe]
[FD7FFD6A90536AF8391733E3695E3740] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\InstallMate\{0D44A143-88C2-407A-A291-C0E0D6A783B5}\Setup.ico]
[AF7CE801C8471C5CD19B366333C153C4] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\InstallMate\{0D44A143-88C2-407A-A291-C0E0D6A783B5}\TsuDll.dll]
[F019CCBCB9FC34ECA585696D8EC5C585] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\InstallMate\{0D44A143-88C2-407A-A291-C0E0D6A783B5}\_Setup.dll]
[AFC2732C911E7BD6AC84715D7497E962] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\InstallMate\{29F8C73F-515F-4B84-A96F-197DF21BE5C9}\20140201163628.log]
[CDB83C5F8EF48383F7DB8F186D98F7BD] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\InstallMate\{29F8C73F-515F-4B84-A96F-197DF21BE5C9}\Readme.txt]
[71737D6D43883D13BE6F59F23E332D34] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\InstallMate\{29F8C73F-515F-4B84-A96F-197DF21BE5C9}\Setup.dat]
[FD7FFD6A90536AF8391733E3695E3740] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\InstallMate\{29F8C73F-515F-4B84-A96F-197DF21BE5C9}\Setup.ico]
[F019CCBCB9FC34ECA585696D8EC5C585] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\InstallMate\{29F8C73F-515F-4B84-A96F-197DF21BE5C9}\_Setup.dll]
[E645795B3A01BF8B3EC6B8848DFBFEDB] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\PACKAGE_BUBBLESOUND_INSTALLER-4E8A9600.pf]
[924EFB1B82CC74A1937F7581AD2FF7DB] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\PACKAGE_BUBBLESOUND_INSTALLER-9066234E.pf]
[09AE5AF1AEA160D6A901EF8D3E844770] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\PREDM.EXE-F362A32C.pf]
[ED852A1581AB7A03FD6054A7B748F493] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\PREDM.TMP-2A0C930E.pf]
[E717F6CE3A7429BFA6D7F3CF66737A4B] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\Setup.exe]
[AF7CE801C8471C5CD19B366333C153C4] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Quarantine\TsuDll.dll]
[F8B74AAB4D0939F1B0EDE65FFBA3E90E] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Tempo.txt]
[3D293775B11D861EBDAD5238C90F9D22] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\Trace.txt]
[0713B34EDCBCB6446466F782BDDC8084] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\ZHPCleaner-[R]-23122015-22_21_47.txt]
[CE47A180224AF72C0E0705F082A7FDB1] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\ZHPCleaner-[s]-23122015-22_19_41.txt]
[81D5C63ADED9AE97B2A2D7183774DF01] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\ZHPCleaner.txt]
[7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[457372AE08C78CA3074682352B24FF27] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\ZHPCleaner_Tempo.txt]
[57656F2F4120757E7164FD45D52FE634] Trojan.FPL.Rotbrow.vb [c:\users\robert\appdata\roaming\ZHP\ZHPQ_Files.txt]
[C2A98406C71B893B9986141DFCF41617] PUP.FPL.Gen.vb [C:\Program Files (x86)\OpenDownloaderManager\detoured.dll]
[3A3BB4D7039F602DA65A5E6A748ACCB8] PUP.FPL.Gen.vb [C:\Program Files (x86)\OpenDownloaderManager\fdmumsp.dll]
[7D211EA7F30D5CFC010A3015351925E1] PUP.FPL.Gen.vb [C:\Program Files (x86)\OpenDownloaderManager\flvsniff.dll]
[9F2C6A7D90792D56261A97E93243B371] PUP.FPL.Gen.vb [c:\users\robert\appdata\roaming\Open Download Manager\dlmgrsi.sav]
[CC1FB632C08A33F11278EFE67D7CA89F] PUP.FPL.Gen.vb [c:\users\robert\appdata\roaming\Open Download Manager\downloads.del.sav]
[98D3E5EE84E20CD3C90668D7B6192E89] PUP.FPL.Gen.vb [c:\users\robert\appdata\roaming\Open Download Manager\downloads.his.sav]
[E6DB29C22A306261D772A514D34873F3] PUP.FPL.Gen.vb [c:\users\robert\appdata\roaming\Open Download Manager\downloads.sav]
[8AB1EC0E4003204EAFDEC07DA9ED2803] PUP.FPL.Gen.vb [c:\users\robert\appdata\roaming\Open Download Manager\groups.sav]
[C7DE32D9724CFFE3E3F3C323F724D029] PUP.FPL.Gen.vb [c:\users\robert\appdata\roaming\Open Download Manager\history.sav]
[7DEA362B3FAC8E00956A4952A3D4F474] PUP.FPL.Gen.vb [c:\users\robert\appdata\roaming\Open Download Manager\schedules.sav]
[4A2CD43FC3C67126D6B4BC5235737F5D] PUP.FPL.Gen.vb [c:\users\robert\appdata\roaming\Open Download Manager\sites.sav]
[7D6DF40135EB13FDF4F77C599373315A] PUP.FPL.Gen.vb [c:\users\robert\appdata\roaming\Open Download Manager\spider.sav]
[DCBEA815CA0120FB29EF3B478EF259F5] PUP.FPL.Gen.vb [c:\users\robert\appdata\roaming\Open Download Manager\tips.dat]
[9971C8392C978E0EEE87F033B7E4DA2F] Malware.Win32.Gen.sm [C:\Program Files (x86)\Secunia\PSI\SUA\91fa336b2ac29ef07c32e849a032f313045e2d19\AdobeFlashPlayer_18.0.0.232_NPAPI_SPS.exe]
[4606B34CAB246283DFEAF5C1BD8AACE0] Malware.Win32.Gen.cs0 [C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\testapp.exe]
[55CAB7C5BE636CB823F64024C5D5230D] Malware.Win64.Gen.sm!s2 [C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RT01XP2Y\taskmgr[1].exe]
[16EAB3FEBD96CED6C12B47FEC7423CD8] Malware.Win32.Gen.cc!s1 [C:\Users\Robert\AppData\Roaming\ZHP\ZHPCleaner.exe]
[FF99F38F3C5B260D7A1F8AD4596F4512] Malware.Win32.Gen.cc!s1 [C:\Users\Robert\Desktop\ZHPCleaner.lnk]
[C16B1595E3C2FFC875EF28BF66EC557F] Malware.Win32.Gen.cc!s2 [C:\Users\Robert\Documents\SmitfraudFix\SmitfraudFix\swsc.exe]
[76F7569DB01B4D65431B0E6BBBDD261D] Malware.Win32.Gen.sm [C:\Users\Robert\Downloads\adwcleaner_5.026.exe]
[521104E0FF602840E969D6C3D03F41F1] Malware.Win32.Gen.cc!s1 [C:\Users\Robert\Downloads\MiniToolBox(1).exe]
[521104E0FF602840E969D6C3D03F41F1] Malware.Win32.Gen.cc!s1 [C:\Users\Robert\Downloads\MiniToolBox.exe]
[16EAB3FEBD96CED6C12B47FEC7423CD8] Malware.Win32.Gen.cc!s1 [C:\Users\Robert\Downloads\ZHPCleaner.exe]
[811F5C625680CF858891407DB7A8FC67] Malware.Win32.Gen.cld [C:\Users\Robert\Documents\SmitfraudFix\SmitfraudFix\WS2Fix.exe]
[4DD21A65DEBB6ABD501D95B00458DA12] Malware.Win32.Gen.cs0 [C:\Users\Robert\Downloads\sdasetup.exe]
[55CAB7C5BE636CB823F64024C5D5230D] Malware.Win64.Gen.sm!s2 [C:\Windows\taskmgr.exe]

 
After doing one of the first scans now when i have firefox open, the firefox icon is not shown at the bottom. Where the firefox symbol should be for the window that is open it shows sort of a white page with a box in the middle



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 24 December 2015 - 06:14 PM


 

After doing one of the first scans now when i have firefox open, the firefox icon is not shown at the bottom. Where the firefox symbol should be for the window that is open it shows sort of a white page with a box in the middle

 

 

 

 

Back up your bookmarks in Firefox, uninstall it then reinstall, import your bookmarks back. Make sure and update everything listed by security check, also tell me what issues remain. I would also like you to install u-Block Origin, install it for all of your browsers. Also install Ghostery for all of your browsers, set it to block all trackers and cookies.



#7 MrMajeika

MrMajeika
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 24 December 2015 - 06:26 PM

ok done that it seems to be ok now. What does ghostery do i don't really understand. Is there anything else to do? Also i am currently using Microsoft Security Essentials, MalwareBytes and SuperAntispyware. I also have spyware blaster installed. Do you recommend these?



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 24 December 2015 - 06:53 PM

Ghostery stops tracking cookies and things that shadow you on the internet, so you look at a lot of crap on the internet, all that does not matter until you log into a social media site.

 

Uninstall MSE that is total garbage, might be better off with something like one of the below. Anyone of the ones below is going to be better than MSE.

 

 

Panda Free Antivirus

Sophos Home

360 Total Security

 

You can continue to use Zemana for a second scanner, also you have malwarebytes, run scans with those once every couple weeks, or one a week, just alternate. Super Anti Spyware will be obsolete if you use Ghostery, just try that out for a week, if you scan with SAS after a week, you will see a huge reduction in tracking cookies. I will leave uninstalling that up to you, if you like it keep it.

 

Reset Host File.

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

4h9FxUX.png

 

 

Install Ccleaner - Clean up temp files.

 

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png

Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up then under the Windows Tab select each item then disable. Also under the scheduled task tab, you are safe to disable all task. Only disable items under the windows tab and scheduled task tab!

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:
 

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.

Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

 

Clean up more useless temp files and defrag your machine.

 

 

Also run a deep clean up with PrivaZer Then Defrag with TooWiz Smart Defrag (Do Not Defrag If SSD) Now reboot your machine and tell me how things are.

 

 

I would suggest putting yourself in full control of what is running on your machine with VooDoo Shield.

 

Qualys BrowserCheck To update plugins.

 

Web Of Trust  To Avoid  Shady Websites.

 

Unchecky To Avoid Bundled Software.

 

 

 

 

Now Lets Clean up the tools we used and remove old restore points.

 

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

 

 

Have a great day. :guitar:



#9 MrMajeika

MrMajeika
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 25 December 2015 - 12:18 PM

I completed all the steps before posting the logfile for RstHosts. I saved the log to my desktop but it is not there now. Computer seems to be ok

Also i tried downloading smart defrag but i keep getting an error message:

 

Unable to execute file:

C:Program Files (x86)\Toolwizz Smart Defrag FREE\SmartDefrag.exe

 

CreateProcess failed; code 740

The requested operation requires elevation


Edited by MrMajeika, 25 December 2015 - 12:27 PM.


#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 25 December 2015 - 12:29 PM

 

Unable to execute file:

C:Program Files (x86)\Toolwizz Smart Defrag FREE\SmartDefrag.exe

 

CreateProcess failed; code 740

The requested operation requires elevation

 

 

You need to right click and run as admin, are there any other issues with your computer???



#11 MrMajeika

MrMajeika
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 25 December 2015 - 12:56 PM

ok thanks. Don't seem to have any other issues. Thanks for all your help



#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 25 December 2015 - 01:00 PM

Merry Christmas. :guitar:



#13 MrMajeika

MrMajeika
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 25 December 2015 - 01:22 PM

Merry Christmas. One last thing, one of the scans reset my desktop background. It was an image I got from google along time ago. Is there any way to get it back? I don't know if i have the image saved on my computer



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 25 December 2015 - 02:06 PM

Not too  sure about that, here are some that might interest you though, right click em and set as back round, do not download anything. You could also search your machine, for any picture that is on it with the everything search engine.

 

You could try searching .jpg - .png - .jpeg


Edited by InadequateInfirmity, 25 December 2015 - 02:06 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users