Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect infection


  • Please log in to reply
13 replies to this topic

#1 Strange_Alex

Strange_Alex

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 16 January 2017 - 09:21 PM

Hi, I am using Firefox Beta (51.0b14), on Windows 7 and these are my extensions: Troubleshooter , Wikiwand , Adblock Plus , Dictionary Extension , Enable Copy Cut and Paste , Gmail Notifier , Resurrect Pages , Test Pilot , The FreeDictionary Lookup.

 

Also I have Ghostery and Session Manager installed, the problem is that, from a few days I am being redirected mainly by optmz and plusnetwork , also I am being redirected to yahoo search just "after" my Google search finishes. I have NPAV (Net Protector Antivirus) installed on my Dell Inspiron laptop, which does remove all kinds of viruses but has not detected any from the time this problem started.

 

Thanks for Help

 

 

Mod Edit

Moved to Am I infected

NickAu


Edited by NickAu, 16 January 2017 - 10:12 PM.
Mod edit


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:39 AM

Posted 16 January 2017 - 10:45 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Strange_Alex

Strange_Alex
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 16 January 2017 - 11:08 PM

Hi,

 

The First result:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Microsoft VM for Java  
 Java 8 Update 111  
 Java version 32-bit out of Date!
 Adobe Flash Player     24.0.0.194  
 Mozilla Firefox (51.0)
 Google Chrome (55.0.2883.87)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 



#4 Strange_Alex

Strange_Alex
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 16 January 2017 - 11:10 PM

The Second "FSS" :

 

Farbar Service Scanner Version: 27-01-2016
Ran by user (administrator) on 17-01-2017 at 09:39:31
Running from "E:\zzzzz\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****



#5 Strange_Alex

Strange_Alex
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 16 January 2017 - 11:12 PM

the third:

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by user (administrator) on 17-01-2017 at 09:41:43
Running from "E:\zzzzz\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Model: Inspiron N5010 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel® WiFi Link 1000 BGN = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set subinterface interface=?%% subinterface=ethernet_2 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : user-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.name

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 8C-A9-82-5E-56-3B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN
   Physical Address. . . . . . . . . : 8C-A9-82-5E-56-3A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8ce5:6f95:7edc:7950%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 17 January 2017 9:25:22 AM
   Lease Expires . . . . . . . . . . : 17 January 2017 11:25:22 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 311208322
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-76-6F-79-F0-4D-A2-D0-5F-28
   DNS Servers . . . . . . . . . . . : fd00::1
                                       fd00::1
                                       8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : F0-4D-A2-D0-5F-28
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  fd00::1


Pinging google.com [172.217.26.174] with 32 bytes of data:
Reply from 172.217.26.174: bytes=32 time=70ms TTL=50
Reply from 172.217.26.174: bytes=32 time=70ms TTL=50

Ping statistics for 172.217.26.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 70ms, Maximum = 70ms, Average = 70ms
Server:  UnKnown
Address:  fd00::1


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=251ms TTL=47
Reply from 98.139.183.24: bytes=32 time=249ms TTL=47

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 249ms, Maximum = 251ms, Average = 250ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...8c a9 82 5e 56 3b ......Microsoft Virtual WiFi Miniport Adapter
 13...8c a9 82 5e 56 3a ......Intel® WiFi Link 1000 BGN
 10...f0 4d a2 d0 5f 28 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.4    281
      192.168.0.4  255.255.255.255         On-link       192.168.0.4    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.4    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13    281 fe80::/64                On-link
 13    281 fe80::8ce5:6f95:7edc:7950/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 56 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 57 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 58 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 59 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/16/2017 02:44:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
Exception code: 0xc0000005
Fault offset: 0x0006ce5c
Faulting process id: 0x17ac
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (01/15/2017 01:14:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
Exception code: 0xc0000005
Fault offset: 0x0006ce5c
Faulting process id: 0xc98
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (01/14/2017 09:29:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/14/2017 09:29:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/14/2017 09:28:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/14/2017 09:28:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/13/2017 02:36:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/13/2017 02:35:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/13/2017 02:20:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: ZVMonNT.exe, version: 1.2016.9.13, time stamp: 0x57d806c4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x4f52504d
Faulting process id: 0x1218
Faulting application start time: 0xZVMonNT.exe0
Faulting application path: ZVMonNT.exe1
Faulting module path: ZVMonNT.exe2
Report Id: ZVMonNT.exe3

Error: (01/12/2017 06:27:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
Exception code: 0xc0000005
Fault offset: 0x0006ce5c
Faulting process id: 0x148c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3


System errors:
=============
Error: (01/17/2017 07:00:50 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/16/2017 03:25:15 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/15/2017 04:35:55 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DRMS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2B5B26B8-1FAF-4EB1-AE25-1D91C374ADA9}.
The master browser is stopping or an election is being forced.

Error: (01/14/2017 06:44:50 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.

Error: (01/14/2017 06:44:50 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.

Error: (01/14/2017 06:44:49 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.

Error: (01/14/2017 06:44:48 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.

Error: (01/14/2017 11:12:15 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR8.

Error: (01/13/2017 08:32:34 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.

Error: (01/13/2017 08:32:34 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.


Microsoft Office Sessions:
=========================
Error: (11/26/2013 09:39:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 129993 seconds with 600 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2017-01-17 09:39:07.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Net Protector 2016\ZVFORT32.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-17 09:25:22.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Net Protector 2016\ZVFORT32.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-17 07:48:28.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Net Protector 2016\ZVFORT32.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-17 07:41:35.370
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Net Protector 2016\ZVFORT32.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-17 07:28:04.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Net Protector 2016\ZVFORT32.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-16 22:32:54.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Net Protector 2016\ZVFORT32.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-16 20:28:53.871
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Net Protector 2016\ZVFORT32.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-16 20:22:20.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Net Protector 2016\ZVFORT32.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-16 18:30:19.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Net Protector 2016\ZVFORT32.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-16 17:08:51.314
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Net Protector 2016\ZVFORT32.DLL because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\{00203668-8170-44A0-BE44-B632FA4D780F}) (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe PageMaker 7.0 (HKLM\...\Adobe PageMaker 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001824211354}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
calibre (HKLM\...\{52F17A7B-2E8B-4CD6-BFBA-1FCA836B98B4}) (Version: 2.42.0 - Kovid Goyal)
CyberLink PowerDVD 10 (HKLM\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1516 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1516 - CyberLink Corp.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Free PDF to Word Converter 4.2.3.183 (HKLM\...\Free PDF to Word Converter_is1) (Version: 4.2.3.183 - Smart Soft)
GOM Player (HKLM\...\GOM Player) (Version: 2.1.40.5106 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Idea Net Setter (HKLM\...\Idea Flame Idea Net Setter_is1) (Version:  - Idea)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.111.14 - Oracle Corporation) Hidden
Kiwix 0.9 rc2 (HKLM\...\Kiwix) (Version: 0.9 rc2 - Kiwix)
K-Lite Codec Pack 8.9.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.9.5 - )
LenovoUsbDriver 1.0.12 (HKLM\...\LenovoUsbDriver) (Version: 1.0.12 - Lenovo)
Macromedia Flash MX (HKLM\...\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}) (Version: 6 - Macromedia)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Enterprise Edition (HKLM\...\Visual Studio 6.0 Enterprise Edition) (Version:  - )
Microsoft VM for Java (HKLM\...\MsJavaVM) (Version:  - )
Microsoft Web Publishing Wizard 1.53 (HKLM\...\WebPost) (Version:  - )
Mobile Assistant (HKLM\...\{48D6D221-9262-4159-9DBF-E40DA8478648}) (Version: 1.4.1.10090 - Lenovo)
Mozilla Firefox 51.0 (x86 en-US) (HKLM\...\Mozilla Firefox 51.0 (x86 en-US)) (Version: 51.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 51.0.0.6221 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1033}) (Version: 7.03.1303 - Nero AG)
neroxml (HKLM\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden
Net Protector 2017M (HKLM\...\NPManual) (Version:  - Biz Secure Labs Pvt. Ltd.)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Oxford Advanced Learner's Dictionary - 8th Edition (HKLM\...\NSIS_oald8) (Version:  - )
Photon 3G (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE)
Photoshine 4.0 (HKLM\...\Photoshine_is1) (Version:  - Photo Editor Software, Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Prince of Persia The Sands of Time (HKLM\...\{8C453F13-6877-4D34-8816-009ABDE306DB}) (Version: 1.00.181 - )
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.658 - Lenovo)
Shipra's Dictionary 1.0 (HKLM\...\Shipra's_Dictionary_1.0) (Version:  - )
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Total Video Converter 3.71 100812 (HKLM\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
TradeTiger (HKLM\...\{4C9F76D8-D27A-4499-97C8-DB8841B77E9E}) (Version: 2.4.22 - Sharekhan)
TradeTiger 2.1 (HKLM\...\{BC17E749-418A-46F8-BAF9-756CD026A186}) (Version: 2.1 - Sharekhan)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7600 - Broadcom Corporation)
Windows Driver Package - Intel (NETwLv32) net  (10/07/2010 13.4.0.139) (HKLM\...\695CFD288064D5B9D072C610E63BDD3D3E4DE666) (Version: 10/07/2010 13.4.0.139 - Intel)
Windows Driver Package - Intel (NETwNs32) net  (11/09/2010 14.0.0.113) (HKLM\...\BD0DF87A050F43F2591C32F9F072CF2BFF2715BB) (Version: 11/09/2010 14.0.0.113 - Intel)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip (HKLM\...\WinZip) (Version:  9.0  (6028) - WinZip Computing, Inc.)

========================= Devices: ================================

Name: WNPPORTFR
Description: WNPPORTFR
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WNPPORTFR
Device ID: ROOT\LEGACY_WNPPORTFR\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SBMNTR
Description: SBMNTR
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sbmntr
Device ID: ROOT\LEGACY_SBMNTR\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 2934.69 MB
Available physical RAM: 1038.01 MB
Total Virtual: 5867.66 MB
Available Virtual: 3554.93 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:102.68 GB) (Free:57.28 GB) NTFS
2 Drive d: () (Fixed) (Total:97.66 GB) (Free:33.46 GB) NTFS
3 Drive e: (Kiwix) (Fixed) (Total:97.66 GB) (Free:34.96 GB) NTFS
4 Drive f: (Indiaantivirus) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\USER-PC

Administrator            Guest                    user                     
VUSR_USER-PC             

========================= Restore Points ==================================

12-01-2017 12:15:12 Scheduled Checkpoint

**** End of log ****
 



#6 Strange_Alex

Strange_Alex
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 16 January 2017 - 11:20 PM

Also, Malware Bytes cannot be run on my computer because of NPAV (antivirus) interference, which pops up even after ending tree from task manager.



#7 Strange_Alex

Strange_Alex
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 16 January 2017 - 11:24 PM

It says unable to register the DLL/OCX: RegSvr32 failed with exit code 0x3 for (...\mbshlext.dll)



#8 Strange_Alex

Strange_Alex
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 17 January 2017 - 05:10 AM

And now, I am being redirected to wee2vah as well...



#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:39 AM

Posted 17 January 2017 - 09:37 PM

Uninstall NPAV temporarily and try to install MBAM again.

You can reinstall NPAV afterwards.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 Strange_Alex

Strange_Alex
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 17 January 2017 - 09:53 PM

It's Paid, (if only there was a way out)



#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:39 AM

Posted 17 January 2017 - 10:41 PM

Try this instead...

 

Download SUPERAntiSpyware Free Edition:
http://www.superantispyware.com/

 

  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • Toward the end of installation Super will ask you if you want to accept "Trial" version. Click on "Decline" button.
  • When installation finishes Supper will start. Also an icon will be created on your desktop.
  • Click on "Click here to check for updates" link. Click OK button.
    NOTE. If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.
  • Click "Scan your computer".
  • Leave all options as they're and click "Complete Scan"
  • After the scan is complete click on "Continue" button.
  • Scan Results box will appear with potentially harmful items that were detected.
  • Make sure everything has a checkmark next to it and click "Continue".
  • A notification will appear that "Threat Removal Complete". Click "Continue" button.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click "System Tools" then "Scan logs".
  • Under Scan Logs, click on magnified glass icon next to the log you want to see.
  • A text file will open in Notepad.
  • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Post SUPERAntiSpyware log.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 Strange_Alex

Strange_Alex
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 18 January 2017 - 04:01 AM

Thanks this works:

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/18/2017 at 02:27 PM

Application Version : 6.0.1232
Database Version : 13316

Scan type       : Complete Scan
Total Scan Time : 00:14:20

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 667
Memory threats detected   : 1
Registry items scanned    : 41661
Registry threats detected : 0
File items scanned        : 6050
File threats detected     : 16

PUP.Goobzo/Variant
    C:\PROGRAM FILES\COMMON FILES\SYSTEM\SYSMENU.DLL
    C:\PROGRAM FILES\COMMON FILES\SYSTEM\SYSMENU.DLL

Adware.Tracking Cookie
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@2o7[1].txtC:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@2o7[1].txt [ /2o7 ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@ads.yahoo[1].txtC:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@ads.yahoo[1].txt [ /ads.yahoo ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[1].txtC:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[1].txt [ /doubleclick ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[2].txtC:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[2].txt [ /doubleclick ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@serving-sys[2].txtC:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@serving-sys[2].txt [ /serving-sys ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@tripod[2].txtC:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@tripod[2].txt [ /tripod ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@m.webtrends[1].txtC:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@m.webtrends[1].txt [ /m.webtrends.com ]
    C:\USERS\USER\Cookies\user@2o7[1].txtC:\USERS\USER\Cookies\user@2o7[1].txt [ Cookie:user@2o7.net/ ]
    C:\USERS\USER\Cookies\user@m.webtrends[1].txtC:\USERS\USER\Cookies\user@m.webtrends[1].txt [ Cookie:user@m.webtrends.com/ ]
    www.wikiwand.com\TrackJS [ C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.hostgator.com\banner_click_id [ C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.servebom.com\u [ C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.servebom.com\ud [ C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dmtracker.com\v1st [ C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .onesignal.com\__cfduid [ C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

============================
 Unwanted Programs Detected
============================
    MySearchDial
    MoboGenie
    WSE_Astromenda
    YTDownloader
    AVG Safeguard Toolbar

============
 End of Log
============
 



#13 Strange_Alex

Strange_Alex
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 18 January 2017 - 05:09 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/18/2017 at 03:22 PM

Application Version : 6.0.1232
Database Version : 13316

Scan type       : Complete Scan
Total Scan Time : 00:42:14

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 547
Memory threats detected   : 0
Registry items scanned    : 41671
Registry threats detected : 0
File items scanned        : 35527
File threats detected     : 189

Adware.InstallCore/Variant
    C:\USERS\USER\APPDATA\LOCAL\TEMP\116912921.UNINSTALL\UNINSTALLER.EXE

Trojan.Agent/Gen-Gamepass
    C:\USERS\USER\APPDATA\LOCAL\TEMP\NET PROTECTOR 2016\CLSYSVOL.EXE
    C:\PROGRAM FILES\NET PROTECTOR 2016\CLSYSVOL.EXE

Trojan.Agent/Gen-Downloader
    C:\USERS\USER\APPDATA\LOCAL\TEMP\NET PROTECTOR 2016\NPQRTMGR.EXE
    C:\PROGRAM FILES\NET PROTECTOR 2016\NPQRTMGR.EXE
    C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\NET PROTECTOR 2017\UTILITIES\QURANTINE MANAGER.LNK

Adware.Avenue Media/Internet Optimizer
    C:\USERS\USER\APPDATA\LOCAL\TEMP\NET PROTECTOR 2016\OPTIMIZE.EXE

Trojan.Agent/Generic
    C:\USERS\USER\APPDATA\LOCAL\TEMP\NET PROTECTOR 2016\UPDATESET.EXE
    C:\PROGRAM FILES\NET PROTECTOR 2016\UPDATESET.EXE

Trojan.Agent/Gen-Swisyn
    C:\USERS\USER\APPDATA\LOCAL\TEMP\NET PROTECTOR 2016\VIRTO2.EXE
    C:\PROGRAM FILES\NET PROTECTOR 2016\VIRTO2.EXE
    C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\NET PROTECTOR 2017\CLEANERS\VIRTOB CLEANER.LNK

Trojan.Agent/Gen
    C:\USERS\USER\APPDATA\LOCAL\TEMP\NET PROTECTOR 2016\ZVSCAN\UNZIP.EXE
    C:\PROGRAM FILES\NET PROTECTOR 2016\ZVSCAN\UNZIP.EXE

Adware.Tracking Cookie
    content.oddcast.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9CY6784Z ]
    opf.ooyala.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9CY6784Z ]
    player.ooyala.com [ C:\USERS\USER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9CY6784Z ]
    sitestats.ets.org [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .adsensecustomsearchads.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .adskom.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .adskom.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .btrll.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .d41.co [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .airtel.demdex.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .lenovo.demdex.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .dotomi.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    va.v.liveperson.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .vizury.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    ca-as-1.agilone.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    in.doubleclickadexchange.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    renderer.qmerce.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .webengage.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .revcontent.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .webspectator.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .allw.mn [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .cracksat.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .embed.ly [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .embedly.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .helponclick.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .insticator.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .onesignal.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .redorbit.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .tru.am [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .webengage.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .simplereach.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    edge.simplereach.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .audience73.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .c.appier.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .webengage.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .redorbit.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .gravity.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .solvemedia.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .webengage.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .webengage.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    wurfl.io [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .rfihub.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .airtel.demdex.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .areyouahuman.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .areyouahuman.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .gssprt.jp [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .mmstat.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .rfihub.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .tracking.buyhatke.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    widget.campusexplorer.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    www.campusexplorer.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .bidswitch.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .clickagy.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    code.visitor-track.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .rfihub.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .mmstat.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .sp1.convertro.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .convertro.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .sp1.convertro.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .vizury.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .demdex.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .airtel.demdex.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .lenovo.demdex.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .pippio.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    api.embed.ly [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    cdn.embedly.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    tracking.vcommission.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .3135740712.log.optimizely.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .554924358.log.optimizely.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .epomads2.4shared.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .rfihub.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .everesttech.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    oudh.tripod.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    oudh.tripod.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .tripod.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    l.ooyala.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .genieessp.jp [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .genieesspv.jp [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .gssprt.jp [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .href.asia [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .gigya.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    track.vrtzads.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    tracking.vcommission.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .mookie1.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    feed.topadvert.ru [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    go.flx1.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .adk2x.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .im-apps.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    www.pixtrack.in [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .xg4ken.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .adk2x.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .adk2x.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .lenovo.demdex.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .adk2x.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .ithakaharbors.tt.omtrdc.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .makemytrip.tt.omtrdc.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .mookie1.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .qmerce.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .dsply.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    tracking.olx-st.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    wstat.ozon.ru [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    wstat.ozon.ru [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .ml314.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .pippio.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .vizury.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .recreativ.ru [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .recreativ.ru [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .recreativ.ru [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .adbrn.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .sp.adbrn.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .rfihub.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .airtel.d3.sc.omtrdc.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .amazoncustomerservice.d2.sc.omtrdc.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .flipkart.d1.sc.omtrdc.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .idgenterprise.d1.sc.omtrdc.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .jasper.112.2o7.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .oracle.112.2o7.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .turnerapac.d1.sc.omtrdc.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .valyoo.sc.omtrdc.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .omtrdc.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .omtrdc.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .omtrdc.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    track.resonance.ac.in [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .redirectingat.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    p2.keywee.co [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    pixel.keywee.co [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    www.i.matheranalytics.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .taboola.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .campusexplorer.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .taboola.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .taboola.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    trc.taboola.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    trc.taboola.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    trc.taboola.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    trc.taboola.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .zwa.adsb4track.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    trib.al [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .bidswitch.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .d.liadm.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .sp.adbrn.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .bidswitch.net [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .rfihub.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .dsply.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    in-track.flptrk.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .univide.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    www.clickmngr.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .dmtracker.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .gravity.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .obleepbn.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .vizury.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .vizury.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .vizury.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .web-stat.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .i-mobile.co.jp [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .adk2x.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .adk2x.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .zemanta.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVF462O2.DEFAULT\COOKIES.SQLITE ]

PUP.YTD/Variant
    C:\USERS\USER\YTDSETUP.EXE

Worm.AutoRun/Variant
    C:\PROGRAM FILES\GRETECH\GOMPLAYER\DODGE.DLL

Adware.Vitruvian/Variant
    C:\PROGRAM FILES\NET PROTECTOR 2016\XP_2003_VISTA_32_NPPORTFR.SYS

PUP.SwiftSearch/Variant
    C:\PROGRAM FILES\NET PROTECTOR 2016\XP_2003_VISTA_64_NPPORTFR.SYS

============
 End of Log
============
 



#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:39 AM

Posted 18 January 2017 - 09:02 PM

Good :)

 

Go ahead with two remaining scans: MBAR and rKill.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users