Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help****i think i have been hijacked


  • Please log in to reply
27 replies to this topic

#1 moh-hal

moh-hal

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 03 March 2016 - 06:16 AM

recently i had a security problem after i discovered that windows defender was off, though i cannot remember that i turned it off; any way the problem was that i had this group of apps or programs that install itself automatically, every time i uninstall through control panel, all of them comes again one after one, so i have red through some articles online and one suggested that i run malware byte, so i did.

the malware byte showed this messages several times:( malicious website blocked, IP: 185.17.184.11), and found lots of malwares and pups, then i installed AVG to ran whole system check. AVG results showed some infections, i have noticed that one of them was DNS changer trojan, so i managed to block the IP through the frewall. after cleaning all this mess with AVG i had another problem which is windows button stopped working and all apps on the right hand side in task bar as well. i ran SFC command, found corrupted files but was unable to fix some of them; i have the logs details for that if it will help, then i tried to ran DISM command and after restarting the PC kept logging me through a temporary profile. i managed to get the the infected account again after several uninstalling and installing of windows updates.

NOW, there is two main problems:

First: how do i know if i cleared all viruses that caused all of that and is it safe now from hijacking or not??? 

Second: how do i fix windows button and other features that are not working.

 

 

Current PC Info: windows 10, AVG antivirus, AdwCleaner, Malware-bytes, i have all logs from last scans

 



BC AdBot (Login to Remove)

 


#2 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:02:09 AM

Posted 03 March 2016 - 08:24 AM

Hi,
 
Please post all of those logs (AdwCleaner, Malwarebytes, and AVG). Additionally, please follow this:
3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Installed Programs;
      x9ZZcqh.png
  • Once this is done, click on Go and wait for the scan to complete.
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#3 jason1997

jason1997

  • Banned Spammer
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 03 March 2016 - 08:25 AM

Save all of your personal files on an external hard drive and reset your system, this is the safest way to make sure the malware has been completely removed, although you have blocked the IP it has already infected your pc files and you cannot be certain which files are infected without a good anti-virus software such as norton 360 or kaspersky. If you can install an anti-virus on your pc then I would do that but if the malware is so bad that your pc is not functioning correctly then reset your windows. You can keep your documents and do a reset but then you dont know if the malware is still on your pc so i recommend saving all your files on an external hard drive then resetting your windows. To do this you need to launch the pc and startup repair. You can do this on most pc's by pressing f11 then just follow the guide and make sure to click on the options that completely wipe your pc, if you have saved your files on an external hdd then wiping your pc is safe to do, it'll be like you've just bought it off the shelf. If you put your files back on the pc and the malware comes back then check all of those files. Only put the files you need on the external hdd. I would suggest that before moving these files on to your fresh system that you install a good anti-virus software so that the malware is detected as soon as the files are transferred over. This means they wont have chance to infect the rest of your system, hope this helps



#4 moh-hal

moh-hal
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 03 March 2016 - 09:38 AM

Thank you guys for reply

i ran minitoolbox

here is the log:

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by mohamed (administrator) on 04-03-2016 at 01:02:31
Running from "C:\Users\mohamed\Downloads"
Microsoft Windows 10 Pro  (X64)
Model: SVF15N18PGB Manufacturer: Sony Corporation
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
========================= IP Configuration: ================================
 
Intel® Wireless-N 7260 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Mariam
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 3C-07-71-75-CA-45
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 0C-8B-FD-F0-8E-5E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 0E-8B-FD-F0-8E-5D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Wireless-N 7260
   Physical Address. . . . . . . . . : 0C-8B-FD-F0-8E-5D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::9de5:cebc:443f:943%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, 4 March 2016 12:50:38 AM
   Lease Expires . . . . . . . . . . : Saturday, 5 March 2016 12:50:38 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 386698237
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-4D-FB-01-3C-07-71-75-CA-45
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  192-168-1-1.tpgi.com.au
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2404:6800:4006:803::200e
 220.244.136.24
 220.244.136.45
 220.244.136.59
 220.244.136.44
 220.244.136.30
 220.244.136.29
 220.244.136.49
 220.244.136.40
 220.244.136.25
 220.244.136.34
 220.244.136.55
 220.244.136.54
 220.244.136.35
 220.244.136.39
 220.244.136.50
 220.244.136.20
 
 
Pinging google.com [220.244.136.24] with 32 bytes of data:
Reply from 220.244.136.24: bytes=32 time=4ms TTL=59
Reply from 220.244.136.24: bytes=32 time=3ms TTL=59
 
Ping statistics for 220.244.136.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 4ms, Average = 3ms
Server:  192-168-1-1.tpgi.com.au
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=180ms TTL=49
Reply from 206.190.36.45: bytes=32 time=179ms TTL=49
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 179ms, Maximum = 180ms, Average = 179ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...3c 07 71 75 ca 45 ......Realtek PCIe GBE Family Controller
 15...0c 8b fd f0 8e 5e ......Microsoft Wi-Fi Direct Virtual Adapter
 18...0e 8b fd f0 8e 5d ......Microsoft Hosted Network Virtual Adapter
 10...0c 8b fd f0 8e 5d ......Intel® Wireless-N 7260
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.7     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.7    276
      192.168.1.7  255.255.255.255         On-link       192.168.1.7    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.7    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.7    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.7    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 10    276 fe80::9de5:cebc:443f:943/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
=========================== Installed Programs ============================
 
ACID Music Studio 9.0 (HKLM-x32\...\{78EB80B0-18A0-11E2-9761-F04DA23A5C58}) (Version: 9.0.35 - Sony)
Ad-Aware Web Companion (HKLM-x32\...\{7ADC1B3B-06CB-4EC2-80A7-F063B2C5FE42}) (Version: 2.0.1013.2086 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
AMH CD-ROM (HKLM-x32\...\AMH CD-ROM) (Version: 1.01.2013 - AMH)
APCWE (HKLM-x32\...\{482404FA-0F6E-49FE-8FF2-F0AF1BC2E234}) (Version: 2.12.10.40 - Pearson VUE)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVG (HKLM\...\{D7B22C74-20D7-450F-A265-A1D1A81B8B62}) (Version: 16.51.7496 - AVG Technologies) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.41.1.56922 - AVG Technologies)
AVG 2016 (HKLM\...\{D181BF91-057A-4889-BF0B-812D1BC2410C}) (Version: 16.0.4537 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.51.7496 - AVG Technologies)
AVG Zen (HKLM\...\{CEDC1C27-A73A-4779-9121-DB77A8AE2003}) (Version: 1.41.29 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.0 - Canon Inc.)
ChessBase Reader (HKLM-x32\...\{DE1044D3-B7A3-45F0-AE4C-9F68BDD7B596}) (Version: 12.42.0.0 - ChessBase)
DVD Architect Studio 5.0 (HKLM-x32\...\{42C509F1-C451-11E1-AEC9-F04DA23A5C58}) (Version: 5.0.161 - Sony)
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
eMIMS Desktop 1.0.1508.0 (HKLM-x32\...\{2b936e30-1077-4f20-881e-ffec69a81f13}_is1) (Version: 1.0.1508.0 - MIMS)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
ESDL (HKLM-x32\...\{9A2CA016-1C4C-4D44-BF70-C2C8639C34A4}) (Version: 1.0.0 - Sony Corporation) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FDUx86 (HKLM-x32\...\{3490653F-2789-46A1-B1BF-6BD4CF4131AB}) (Version: 1.0.0 - Sony Corporation) Hidden
FMW 1 (HKLM\...\{0AB3CCB3-5C0B-4C65-9FA4-CFEF6283F7F1}) (Version: 1.62.2 - AVG Technologies) Hidden
gBurner (HKLM-x32\...\gBurner) (Version: 3.5 - Power Software Ltd)
GeForce Experience NvStream Client Components (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC) (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iCare Data Recovery Pro (HKLM-x32\...\{F7EAB243-4D0C-47F5-A4F1-74D350E45489}_is1) (Version: 7.8.2 - iCare Recovery)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® WiDi (HKLM\...\{90621A56-901E-417D-A8CB-E8E3A6793C29}) (Version: 4.1.19.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
LavasoftTcpService (HKLM-x32\...\{5916A24B-59A4-4FDB-9753-499CB1F65362}) (Version: 2.3.4.2 - Lavasoft) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go (HKLM-x32\...\{8D92969D-A6A3-44C8-9D63-D377E94F44B5}) (Version: 2.6.205 - Sony)
Media Go Video Playback Engine 2.0.106.08290 (HKLM-x32\...\{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}) (Version: 2.0.106.08290 - Sony)
MergeModule_x64 (HKLM\...\{20E0665F-E4EE-4E2A-8E86-EFC65129FE41}) (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - اللغة العربية (HKLM-x32\...\{90150000-001F-0401-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office ScreenTip Language 2013 - اللغة العربية (HKLM-x32\...\{90150000-00BD-0401-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{1C8AC59F-6464-11E2-A0C0-F04DA23A5C58}) (Version: 12.0.756 - Sony)
MyDriveConnect 4.0.4.2260 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.4.2260 - TomTom)
Nero 8 Micro (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.20.0 - UpdatePack.nl)
NFC Connection Utility (HKLM\...\{F3FC1B12-45AA-4ACE-AD9F-DFD87BE9457E}) (Version: 1.0.0.14100 - Sony Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
PBS Offline 1.0 (HKLM-x32\...\PBS Offline) (Version: 1.0 - Australian Department of Health and Ageing)
Pearson VUE Tutorial and Demo (HKLM-x32\...\{AB693641-099A-478E-844A-643CB05F426B}) (Version: 2.12.5.74 - Pearson VUE)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{4C93E894-BE17-463B-A789-4CAB706987A0}) (Version: 8.0.21.11211 - Sony Corporation)
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7101 - Realtek Semiconductor Corp.)
Remote Keyboard (HKLM-x32\...\{6466EF6E-700E-470F-94CB-D0050302C84E}) (Version: 1.2.0.09270 - Sony Corporation) Hidden
Restore (HKLM-x32\...\{ECCEB4D0-7080-4F8A-B498-E40A32A4FBED}) (Version: 1.0.0 - Sony Corporation) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.2.002.0 - Seagate)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (HKLM\...\{CBA577D0-C972-4A26-B948-A315DF3ECE0E}) (Version: 1.0.1.11110 - Sony Corporation) Hidden
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{7A263871-BEEC-11E1-AC53-F04DA23A5C58}) (Version: 10.0.178 - Sony)
SSLx64 (HKLM\...\{312395BC-7CC2-434C-A660-30250276A926}) (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (HKLM-x32\...\{63C43435-F428-42BA-8E7B-5848749D9262}) (Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Remote Keyboard with PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.1.05220 - Sony Corporation)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.3.11280 - Sony Corporation)
VAIO BIOS Data Transfer Utility (HKLM-x32\...\{5D772F4A-53DE-4E1F-83F5-B08DFF106C60}) (Version: 1.0.0.02050 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{036400BD-B717-4D50-ACDC-96480C99EDD3}) (Version: 8.4.4.09186 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.3.8.13060 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)
VAIO Easy Connect (HKLM-x32\...\{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 8.4.4.07220 - Sony Corporation) Hidden
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.4.1.09050 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{D34F2C90-2CBA-4DEE-84D3-FB73005D5903}) (Version: 2.4.0.06280 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.2.00.07040 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.3.0.05230 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.2.00.07040 - Sony Corporation) Hidden
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.3.01.11140 - Sony Corporation)
VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)
VAIO Touch Search (HKLM\...\{F792DDDD-71C8-419E-AE05-46B0CDB1BEC8}) (Version: 1.1.0.1511 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)
VCCMMx64 (HKLM\...\{B812401D-BAB2-4E33-9AC7-9862BC8CAF64}) (Version: 1.0.0 - Sony Corporation) Hidden
VCCMMx86 (HKLM-x32\...\{CC87BAAD-AA25-4727-9B7C-E0876722B784}) (Version: 1.0.0 - Sony Corporation) Hidden
VCCx64 (HKLM\...\{25ECAFCB-DCFB-4FCE-A5B2-772A57F59860}) (Version: 1.0.0 - Sony Corporation) Hidden
VCCx64 (HKLM\...\{AB447E3B-7A95-4CA6-8ECD-B25C96314B67}) (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (HKLM-x32\...\{AFDC0CC0-39E8-42C0-9823-2C1C182676DC}) (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (HKLM-x32\...\{B31938C7-7E97-49EE-8F88-951E156268A3}) (Version: 1.0.0 - Sony Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VIx64 (HKLM\...\{D55EAC07-7207-44BD-B524-0F063F327743}) (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (HKLM-x32\...\{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}) (Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VPMx64 (HKLM\...\{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}) (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (HKLM-x32\...\{B24BB74E-8359-43AA-985A-8E80C9219C70}) (Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (HKLM\...\{6B7DE186-374B-4873-AEC1-7464DA337DD6}) (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (HKLM-x32\...\{9D12A8B5-9D41-4465-BF11-70719EB0CD02}) (Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (HKLM-x32\...\{B8991D99-88FD-41F2-8C32-DB70278D5C30}) (Version: 1.0.0 - Sony Corporation) Hidden
WD Boost (HKLM\...\{A99D925D-C01F-4384-98A2-7FEC295C6E15}) (Version: 3.34.0.0 - Western Digital Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XperiaLinkx86 (HKLM-x32\...\{EE402ACB-8269-4E44-9CA1-D81FDC4B4545}) (Version: 1.0.0 - Sony Corporation) Hidden
 
**** End of log ****
 


#5 moh-hal

moh-hal
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 03 March 2016 - 09:41 AM

Adwcleaner log:

 

# AdwCleaner v5.037 - Logfile created 03/03/2016 at 12:19:48
# Updated 28/02/2016 by Xplode
# Database : 2016-02-28.2 [Local]
# Operating system : Windows 10 Pro  (x64)
# Username : mohamed - MARIAM
# Running from : C:\Users\mohamed\Downloads\adwcleaner_5.037.exe
# Option : Clean
 
***** [ Services ] *****
 
[-] Service Deleted : bsdriver
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\SOUND+
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Program Files (x86)\YTDownloader
[-] Folder Deleted : C:\Program Files (x86)\Winsere
[-] Folder Deleted : C:\Program Files (x86)\WinTaske
[-] Folder Deleted : C:\Program Files (x86)\Free Youtube Downloader
[-] Folder Deleted : C:\Program Files (x86)\A8F155D0-1456468129-11E2-9332-3C077175CA45
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\Conduit
[-] Folder Deleted : C:\ProgramData\Free Youtube Downloader
[-] Folder Deleted : C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[-] Folder Deleted : C:\ProgramData\4ac979ef-12b1-1
[-] Folder Deleted : C:\ProgramData\4ac979ef-5d31-0
[-] Folder Deleted : C:\ProgramData\7bf95d18-1e61-1
[-] Folder Deleted : C:\ProgramData\7bf95d18-5c03-0
[-] Folder Deleted : C:\ProgramData\843ee79b-10f3-0
[-] Folder Deleted : C:\ProgramData\843ee79b-72f3-1
[-] Folder Deleted : C:\ProgramData\e0689c8d-1911-1
[-] Folder Deleted : C:\ProgramData\e0689c8d-6df7-0
[-] Folder Deleted : C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Youtube Downloader
[-] Folder Deleted : C:\Users\mohamed\AppData\Local\Installer\Install_19546
[-] Folder Deleted : C:\Users\mohamed\AppData\Local\Installer\Install_8236
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\wtu-secure-search.xml
[-] File Deleted : C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[-] File Deleted : C:\Users\mohamed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Youtube Downloader.lnk
[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[-] File Deleted : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] File Deleted : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fmgckcapmffomaifonnhgkfdgljnkpgi
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\BackgroundContainer
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B81759E6-5669-4DB3-A3A7-6CD76555DE1D}_is1
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [5533 bytes] - [03/03/2016 12:19:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [329 bytes] - [03/03/2016 11:46:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [5336 bytes] - [03/03/2016 12:05:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5751 bytes] ##########


#6 moh-hal

moh-hal
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 03 March 2016 - 09:42 AM

malware-bytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 3/03/2016 6:42 AM, SYSTEM, MARIAM, Protection, Malware Protection, Starting, 
Protection, 3/03/2016 6:42 AM, SYSTEM, MARIAM, Protection, Malware Protection, Started, 
Protection, 3/03/2016 6:42 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 6:42 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Update, 3/03/2016 6:45 AM, SYSTEM, MARIAM, Manual, Remediation Database, 2015.9.16.1, 2016.2.22.2, 
Update, 3/03/2016 6:45 AM, SYSTEM, MARIAM, Manual, Rootkit Database, 2015.9.18.1, 2016.2.27.1, 
Update, 3/03/2016 6:45 AM, SYSTEM, MARIAM, Manual, IP Database, 2015.9.21.2, 2016.3.1.1, 
Update, 3/03/2016 6:45 AM, SYSTEM, MARIAM, Manual, Domain Database, 2015.9.22.3, 2016.3.2.4, 
Update, 3/03/2016 6:45 AM, SYSTEM, MARIAM, Manual, Malware Database, 2015.9.22.5, 2016.3.2.5, 
Protection, 3/03/2016 6:45 AM, SYSTEM, MARIAM, Protection, Refresh, Starting, 
Protection, 3/03/2016 6:45 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopping, 
Protection, 3/03/2016 6:45 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopped, 
Protection, 3/03/2016 6:45 AM, SYSTEM, MARIAM, Protection, Refresh, Success, 
Protection, 3/03/2016 6:45 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 6:45 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Detection, 3/03/2016 7:26 AM, SYSTEM, MARIAM, Protection, Malware Protection, File, PUP.Optional.YesSearches, C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe, Quarantine, [9b6251312475d165c314b43bb44dc43c]
Update, 3/03/2016 9:08 AM, SYSTEM, MARIAM, Scheduler, Domain Database, 2016.3.2.4, 2016.3.2.5, 
Protection, 3/03/2016 9:08 AM, SYSTEM, MARIAM, Protection, Refresh, Starting, 
Protection, 3/03/2016 9:08 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopping, 
Protection, 3/03/2016 9:08 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopped, 
Protection, 3/03/2016 9:08 AM, SYSTEM, MARIAM, Protection, Refresh, Success, 
Protection, 3/03/2016 9:08 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 9:08 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Detection, 3/03/2016 9:29 AM, SYSTEM, MARIAM, Protection, Malware Protection, File, PUP.Optional.PriceFountain, C:\Windows\System32\Tasks\Price Fountain, Quarantine, [b94497ebbadf0a2c730095da51b3e917]
Update, 3/03/2016 10:06 AM, SYSTEM, MARIAM, Scheduler, Malware Database, 2016.3.2.5, 2016.3.2.6, 
Protection, 3/03/2016 10:06 AM, SYSTEM, MARIAM, Protection, Refresh, Starting, 
Protection, 3/03/2016 10:06 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopping, 
Protection, 3/03/2016 10:06 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopped, 
Protection, 3/03/2016 10:07 AM, SYSTEM, MARIAM, Protection, Refresh, Success, 
Protection, 3/03/2016 10:07 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 10:07 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, healerweb.net, 62691, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, healerweb.net, 62691, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, enterpizesoft.info, 62692, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, enterpizesoft.info, 62692, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, sethealer.net, 62693, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, sethealer.net, 62693, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, softtechno.org, 62694, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, softtechno.org, 62694, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, sethealer.net, 62700, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, softtechno.org, 62701, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, enterpizesoft.info, 62702, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, sethealer.net, 62704, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, softtechno.org, 62705, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, enterpizesoft.info, 62708, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, healerweb.net, 62719, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:34 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Domain, 185.17.184.11, healerweb.net, 62721, Outbound, C:\Windows\System32\svchost.exe, 
Detection, 3/03/2016 10:35 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, IP, 82.163.143.166, 54182, Outbound, C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe, 
Detection, 3/03/2016 10:35 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, IP, 82.163.143.166, 54182, Outbound, C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe, 
Detection, 3/03/2016 10:35 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, IP, 82.163.143.166, 54183, Outbound, C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe, 
Detection, 3/03/2016 10:35 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, IP, 82.163.143.166, 62747, Outbound, C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe, 
Scan, 3/03/2016 10:40 AM, SYSTEM, MARIAM, Manual, Start:3/03/2016 6:47 AM, Duration:2 hr 53 min 13 sec, Threat Scan, Completed, 15 Malware Detections, 236 Non-Malware Detections, 
Detection, 3/03/2016 10:42 AM, SYSTEM, MARIAM, Protection, Malware Protection, File, PUP.Optional.ConduitTB.Gen, C:\Users\mohamed\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll, Quarantine Failed, 5, Access is denied.  , [ef0f60228316e452763c9acc768e20e0]
Detection, 3/03/2016 10:42 AM, SYSTEM, MARIAM, Protection, Malware Protection, File, PUP.Optional.YesSearches, C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe, Quarantine Failed, 5, Access is denied.  , [906ec7bbebae62d47bb66d97be455ba5]
Protection, 3/03/2016 11:30 AM, SYSTEM, MARIAM, Protection, Malware Protection, Starting, 
Protection, 3/03/2016 11:30 AM, SYSTEM, MARIAM, Protection, Malware Protection, Started, 
Protection, 3/03/2016 11:30 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 11:30 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Scan, 3/03/2016 11:59 AM, SYSTEM, MARIAM, Manual, Start:3/03/2016 11:39 AM, Duration:19 min 38 sec, Threat Scan, Cancelled, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 3/03/2016 12:13 PM, SYSTEM, MARIAM, Scheduler, Failed, No Internet connection detected, 
Update, 3/03/2016 12:16 PM, SYSTEM, MARIAM, Scheduler, Failed, Unable to access update server, 
Update, 3/03/2016 12:17 PM, SYSTEM, MARIAM, Scheduler, Failed, No Internet connection detected, 
Protection, 3/03/2016 12:51 PM, SYSTEM, MARIAM, Protection, Malware Protection, Starting, 
Protection, 3/03/2016 12:51 PM, SYSTEM, MARIAM, Protection, Malware Protection, Started, 
Protection, 3/03/2016 12:51 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 12:51 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Update, 3/03/2016 12:57 PM, SYSTEM, MARIAM, Manual, IP Database, 2016.3.1.1, 2016.3.3.1, 
Update, 3/03/2016 12:57 PM, SYSTEM, MARIAM, Manual, Domain Database, 2016.3.2.5, 2016.3.3.1, 
Protection, 3/03/2016 12:57 PM, SYSTEM, MARIAM, Protection, Refresh, Starting, 
Protection, 3/03/2016 12:57 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopping, 
Protection, 3/03/2016 12:57 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopped, 
Protection, 3/03/2016 12:57 PM, SYSTEM, MARIAM, Protection, Refresh, Success, 
Protection, 3/03/2016 12:57 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 12:57 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Update, 3/03/2016 3:14 PM, SYSTEM, MARIAM, Scheduler, Malware Database, 2016.3.2.6, 2016.3.3.1, 
Protection, 3/03/2016 3:14 PM, SYSTEM, MARIAM, Protection, Refresh, Starting, 
Protection, 3/03/2016 3:14 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopping, 
Protection, 3/03/2016 3:14 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopped, 
Protection, 3/03/2016 3:14 PM, SYSTEM, MARIAM, Protection, Refresh, Success, 
Protection, 3/03/2016 3:14 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 3:14 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Protection, 3/03/2016 5:12 PM, SYSTEM, MARIAM, Protection, Malware Protection, Starting, 
Protection, 3/03/2016 5:12 PM, SYSTEM, MARIAM, Protection, Malware Protection, Started, 
Protection, 3/03/2016 5:12 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 5:12 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Protection, 3/03/2016 5:45 PM, SYSTEM, MARIAM, Protection, Malware Protection, Starting, 
Protection, 3/03/2016 5:45 PM, SYSTEM, MARIAM, Protection, Malware Protection, Started, 
Protection, 3/03/2016 5:45 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 5:45 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Update, 3/03/2016 6:31 PM, SYSTEM, MARIAM, Scheduler, Domain Database, 2016.3.3.1, 2016.3.3.2, 
Protection, 3/03/2016 6:31 PM, SYSTEM, MARIAM, Protection, Refresh, Starting, 
Protection, 3/03/2016 6:31 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopping, 
Protection, 3/03/2016 6:31 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopped, 
Protection, 3/03/2016 6:33 PM, SYSTEM, MARIAM, Protection, Refresh, Success, 
Protection, 3/03/2016 6:33 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 6:33 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Update, 3/03/2016 8:28 PM, SYSTEM, MARIAM, Scheduler, Malware Database, 2016.3.3.1, 2016.3.3.2, 
Protection, 3/03/2016 8:28 PM, SYSTEM, MARIAM, Protection, Refresh, Starting, 
Protection, 3/03/2016 8:28 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopping, 
Protection, 3/03/2016 8:28 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopped, 
Protection, 3/03/2016 8:28 PM, SYSTEM, MARIAM, Protection, Refresh, Success, 
Protection, 3/03/2016 8:28 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 8:29 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Protection, 3/03/2016 10:27 PM, SYSTEM, MARIAM, Protection, Malware Protection, Starting, 
Protection, 3/03/2016 10:27 PM, SYSTEM, MARIAM, Protection, Malware Protection, Started, 
Protection, 3/03/2016 10:27 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 10:27 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Update, 3/03/2016 11:06 PM, SYSTEM, MARIAM, Scheduler, Domain Database, 2016.3.3.2, 2016.3.3.3, 
Protection, 3/03/2016 11:06 PM, SYSTEM, MARIAM, Protection, Refresh, Starting, 
Protection, 3/03/2016 11:06 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopping, 
Protection, 3/03/2016 11:06 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopped, 
Protection, 3/03/2016 11:06 PM, SYSTEM, MARIAM, Protection, Refresh, Success, 
Protection, 3/03/2016 11:06 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 3/03/2016 11:06 PM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Scan, 3/03/2016 11:32 PM, SYSTEM, MARIAM, Manual, Start:3/03/2016 10:32 PM, Duration:1 hr 0 min 4 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)


#7 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:02:09 AM

Posted 03 March 2016 - 09:45 AM

Hi,

Thank you for the logs. Can you please post the MBAM scan log?

:step1: Since you already ran Malwarebytes, I would like to see your previous Scan log. Open Malwarebytes and go under the History tab. From there, click on Application logs in the left pane.
ySPxAut.png
Click on the most recent (usually at the top) Scan log to open it. From there, click on the Export button and select the first option, Copy to Clipboard
gK0lXt3.png
Paste the content of your clipboard in your next reply.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#8 moh-hal

moh-hal
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 03 March 2016 - 09:49 AM

notice that other other viruses are in virus vault, i don't know how to get log for them.

 

AVG log:

 

Whole Computer Scan

"High severity;""1"";""1"";""0"""
"Medium severity;""10"";""10"";""0"""
"Scanned:;""Scan Whole Computer"""
"Started:;""6/02/2016, 3:39:15 AM"""
"Finished:;""6/02/2016, 3:01:27 PM"""
"Number of items:;""729881"""
"Launched by:;""mohamed"""
 
"Name;""Description"";""Status"";""Status"";""Priority"""
"C:\Windows\SysWOW64\mfc45.dll;""Corrupted executable file"";""Secured"";""Healed"";""Medium"""
"C:\Users\mohamed\Downloads\'Non-Stop_(2014)_720p_BrRip_x264_-_YIFY'.exe;""Adware Generic5.AUSZ"";""Secured"";""Healed"";""Medium"""
"C:\Users\mohamed\Documents\MOHAMED\Games\Tekno MW3\TeknoMW3_dedicated.exe;""Virus found Win32/Blacked"";""Secured"";""Healed"";""High"""
"C:\Users\mohamed\AppData\Local\Temp\Runner.exe;""Found MalSign.SearchProtect.1DD"";""Secured"";""Healed"";""Medium"""
"C:\Users\mohamed\AppData\Roaming\How Inc\F0D1EE1D1B48490EA3EE8561BAF7C78D\OneSystemCare.exe;""Found MalSign.Generic.838"";""Secured"";""Healed"";""Medium"""
"C:\Users\mohamed\Documents\MARIAM\mariam passport\All other content\mariams computer\Downloads\winrar setup.exe;""Potentially unwanted application Downloader.AGDS"";""Secured"";""Healed"";""Medium"""
"C:\Users\mohamed\AppData\Local\NVIDIA\NvBackend\Packages\00006972\CoProc update.19130366.exe;""Corrupted executable file"";""Secured"";""Healed"";""Medium"""
"C:\Windows.old\Users\mohamed\AppData\Local\Temp\Runner.exe;""Found MalSign.SearchProtect.1DD"";""Secured"";""Healed"";""Medium"""
"C:\Windows.old\Users\mohamed\AppData\Local\Microsoft\Windows\INetCache\IE\2W063K1A\TBUpdaterLogic[1].dll;""Found MalSign.SearchProtect.1DD"";""Secured"";""Healed"";""Medium"""
"C:\Users\mohamed\Documents\MARIAM\mariam passport\All other content\mariams computer\All applications\AdbeRdr813_en_US.exe;""Corrupted executable file"";""Secured"";""Healed"";""Medium"""
"C:\Users\mohamed\Downloads\FreeYouTubeDownloaderOC.exe;""Could be an adware JS/MultiBundle"";""Secured"";""Healed"";""Medium"""


#9 moh-hal

moh-hal
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 03 March 2016 - 09:53 AM

is that the wright one?

 

MBAM Scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 4/03/2016 12:02 AM, SYSTEM, MARIAM, Scheduler, Malware Database, 2016.3.3.2, 2016.3.3.3, 
Protection, 4/03/2016 12:02 AM, SYSTEM, MARIAM, Protection, Refresh, Starting, 
Protection, 4/03/2016 12:02 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopping, 
Protection, 4/03/2016 12:02 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Stopped, 
Protection, 4/03/2016 12:02 AM, SYSTEM, MARIAM, Protection, Refresh, Success, 
Protection, 4/03/2016 12:02 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 4/03/2016 12:02 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
Protection, 4/03/2016 12:51 AM, SYSTEM, MARIAM, Protection, Malware Protection, Starting, 
Protection, 4/03/2016 12:51 AM, SYSTEM, MARIAM, Protection, Malware Protection, Started, 
Protection, 4/03/2016 12:51 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Starting, 
Protection, 4/03/2016 12:51 AM, SYSTEM, MARIAM, Protection, Malicious Website Protection, Started, 
 
(end)


#10 moh-hal

moh-hal
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 03 March 2016 - 09:57 AM

oh sorry, i think the last reply was the last protection log, her is the last scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/03/2016
Scan Time: 10:32 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.03.02
Rootkit Database: v2016.02.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: mohamed
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 537110
Time Elapsed: 1 hr, 0 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 moh-hal

moh-hal
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 03 March 2016 - 10:25 AM

Untitled_zpskzzjlsdl.jpg



#12 jason1997

jason1997

  • Banned Spammer
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 03 March 2016 - 10:36 AM

Find those files in your system and delete them, should solve your problems



#13 moh-hal

moh-hal
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 03 March 2016 - 10:46 AM

it doesn't work manually, before i install AVG those programs kept reinstalling automatically. ever since i ran AVG it stopped reinstalling, does that mean it is cleaned?

 

also it says that it healed and moved to virus vault, and i can't see any of them in the original location

 

loool you are banned, spammer!!! even here :devil: lucky me


Edited by moh-hal, 03 March 2016 - 10:58 AM.


#14 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:02:09 AM

Posted 03 March 2016 - 11:07 AM

Hi,

Please do not follow jason1997's instructions, but do follow these:

:step1: Open AVG's Virus Vault (what you screenshotted above) and empty its contents by clicking "Empty Vault".
:step2: 3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool.
:step3: 0Wrv6UC.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply.
After you follow the above, do you still experience issues?

Edited by iangcarroll, 03 March 2016 - 11:07 AM.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#15 moh-hal

moh-hal
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 03 March 2016 - 12:00 PM

Is it normal for TFC to take this much time??
Also these files appeared on desktop while TFC is running

image_zpswlhuhwyd.jpeg


Edited by moh-hal, 03 March 2016 - 12:08 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users