Jump to content

alirezatm

Members
  • Posts

    4
  • Joined

Reputation

0 Neutral

Recent Profile Visitors

534 profile views
  1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.6.4 (09.28.2015:1) OS: Windows 7 Ultimate x86 Ran by Alireza on Fri 10/30/2015 at 13:59:20.68 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 10/30/2015 at 14:05:42.77 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v5.015 - Logfile created 30/10/2015 at 14:11:04 # Updated 26/10/2015 by Xplode # Database : 2015-10-29.1 [server] # Operating system : Windows 7 Ultimate Service Pack 1 (x86) # Username : Alireza - ALIREZA-PC # Running from : C:\Users\Alireza\Downloads\adwcleaner_5.015.exe # Option : Scan # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** Folder Found : C:\Users\Alireza\AppData\Local\FreeFixer Folder Found : C:\Users\Alireza\AppData\Roaming\FreeFixer ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [709 bytes] ########## ~ ZHPCleaner v2015.10.28.370 by Nicolas Coolman (2015/10/28) ~ Run by Alireza (Administrator) (30/10/2015 14:42:51) ~ Site : http://www.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\Alireza\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Alireza\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601) ---\\ Services (0) ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (1) MOVED file: C:\Users\Alireza\Downloads\How do I remove 'Ads by DNSUnlocker' pop up virus (DNS Unlocker removal).flv =>PUP.Optional.DNSUnlocker ---\\ Registry ( Key, Value, Data) (4) DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\KMService [C:\Windows\System32\srvany.exe] =>PUP.Optional.Office DELETED key*: HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [iTool] =>Toolbar.Ask DELETED key*: HKLM\SOFTWARE\Microsoft\Tracing\iSafeDownloader_RASAPI32 [] =>PUP.Optional.SoftwareEngine DELETED key*: HKLM\SOFTWARE\Microsoft\Tracing\iSafeDownloader_RASMANCS [] =>PUP.Optional.SoftwareEngine ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Google Chrome) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 931 ~ Items found : 0 ~ Items cancelled : 0 ~ Items repaired : 6 ~ End of clean in 1 minutes =================== ZHPCleaner-[R]-30102015-14_44_25.txt ZHPCleaner--30102015-14_38_42.txt
  2. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/29/2015 Scan Time: 4:22 PM Logfile: malwarebytes.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.06.03.03 Rootkit Database: v2015.06.02.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Alireza Scan Type: Threat Scan Result: Completed Objects Scanned: 298683 Time Elapsed: 33 min, 52 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) C:\Users\Alireza\Downloads\Programs\ccsetup509pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
  3. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01 Ran by Alireza (administrator) on ALIREZA-PC (27-09-2015 20:39:01) Running from C:\Users\Alireza\Downloads\Programs Loaded Profiles: Alireza (Available Profiles: Alireza) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2015-01-28] (ESET) HKU\S-1-5-21-1550678623-1760868364-3899539589-1001\...\Run: [iDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3907152 2015-08-14] (Tonec Inc.) HKU\S-1-5-21-1550678623-1760868364-3899539589-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{4D1BD09C-09CF-49DC-ABB1-45AC7D4FE658}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{8B9DCF5D-3141-41E5-BB5F-0D383D89F841}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1550678623-1760868364-3899539589-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-08-21] (Internet Download Manager, Tonec Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Alireza\AppData\Roaming\Mozilla\Firefox\Profiles\ynk2cpwc.default-1443373167332 FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-07-29] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-07-29] (NVIDIA Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1550678623-1760868364-3899539589-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found FF HKU\S-1-5-21-1550678623-1760868364-3899539589-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF Extension: IDM integration - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015-08-21] FF HKU\S-1-5-21-1550678623-1760868364-3899539589-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Alireza\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Alireza\AppData\Roaming\IDM\idmmzcc5 [2015-09-27] Chrome: ======= CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found> CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-08-21] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2015-01-28] (ESET) S4 KMService; C:\Windows\system32\srvany.exe [8192 2010-06-29] () [File not signed] S4 RalinkRegistryWriter; C:\Program Files\TP-LINK\COMMON\RaRegistry.exe [185632 2010-06-25] (Ralink Technology, Corp.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [176448 2015-01-30] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37928 2015-01-30] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [51824 2015-01-30] (ESET) S3 esihdrv; C:\Windows\TEMP\esihdrv.sys [122240 2015-09-08] (ESET) R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [854368 2010-06-25] (Ralink Technology Corp.) R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-14] (Conexant Systems, Inc.) S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X] S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-27 20:38 - 2015-09-27 20:39 - 00000000 ____D C:\FRST 2015-09-27 20:22 - 2015-09-27 20:29 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\vlc 2015-09-27 20:21 - 2015-09-27 20:21 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk 2015-09-27 20:21 - 2015-09-27 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-09-27 20:20 - 2015-09-27 20:20 - 00000000 ____D C:\Program Files\VideoLAN 2015-09-27 20:10 - 2015-09-27 20:11 - 06336110 _____ C:\Users\Alireza\Downloads\How do I remove 'Ads by DNSUnlocker' pop up virus (DNS Unlocker removal).flv 2015-09-27 19:55 - 2015-09-27 20:01 - 00000000 ____D C:\Users\Alireza\AppData\Local\Mozilla 2015-09-27 19:54 - 2015-09-27 19:55 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\Mozilla 2015-09-27 19:54 - 2015-09-27 19:54 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-09-27 19:54 - 2015-09-27 19:54 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-09-27 19:54 - 2015-09-27 19:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-09-27 19:54 - 2015-09-27 19:54 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-09-27 19:30 - 2015-09-27 19:30 - 00007032 _____ C:\Users\Alireza\Documents\cc_20150927_193042.reg 2015-09-26 18:44 - 2015-09-26 18:44 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\Macromedia 2015-09-22 16:53 - 2015-09-22 16:53 - 00468649 __RSH C:\KJOHE 2015-09-10 19:14 - 2015-09-10 19:14 - 00015677 _____ C:\Users\Alireza\Downloads\Physic-3RdGrade-ScoreBoard-Summer94.xlsx 2015-09-10 17:58 - 2015-09-26 19:05 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-09-10 17:58 - 2015-09-25 18:13 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-09-10 17:58 - 2015-09-25 18:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-09-10 17:57 - 2015-09-10 17:57 - 00000000 ____D C:\Windows\system32\Macromed 2015-09-09 18:35 - 2015-01-20 08:39 - 00009216 _____ C:\Users\Alireza\AppData\Local\Z@!-d27b4d98-d4b7-4959-8d96-004ff4d9dc1b.tmp 2015-09-08 20:34 - 2015-09-08 20:34 - 00000000 ____D C:\Windows\pss 2015-09-08 20:03 - 2015-09-08 20:03 - 00000000 ____D C:\Users\Alireza\AppData\Local\.bomgartemp-70526758a454bb84419d76b6680dea82-shl-0-cs-0 2015-09-07 23:00 - 2015-09-07 23:00 - 00002174 _____ C:\Users\Alireza\Documents\cc_20150908_000002.reg 2015-09-07 18:23 - 2015-09-27 20:06 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\HexChat 2015-09-07 18:22 - 2015-09-07 18:22 - 00000000 ____D C:\ProgramData\Package Cache 2015-09-07 18:22 - 2015-09-07 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat 2015-09-07 18:21 - 2015-09-07 18:22 - 00000000 ____D C:\Program Files\HexChat 2015-09-07 18:18 - 2015-09-07 18:20 - 06655160 _____ (HexChat ) C:\Users\Alireza\Downloads\HexChat 2.10.2 x86.exe 2015-09-07 10:31 - 2015-09-27 20:31 - 00003930 _____ C:\Windows\setupact.log 2015-09-07 10:31 - 2015-09-07 10:31 - 00000000 _____ C:\Windows\setuperr.log 2015-09-07 10:30 - 2015-09-07 10:30 - 00002168 _____ C:\Windows\PFRO.log 2015-09-07 10:27 - 2015-09-07 10:31 - 00406272 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-06 23:18 - 2015-09-06 23:18 - 00108824 _____ C:\Users\Alireza\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-06 23:16 - 2015-09-06 23:16 - 00132202 _____ C:\Users\Alireza\Documents\cc_20150907_001611.reg 2015-09-06 23:10 - 2015-09-27 19:28 - 00000000 ____D C:\Program Files\CCleaner 2015-09-06 23:10 - 2015-09-06 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-09-06 23:07 - 2015-09-06 23:07 - 00000000 ____D C:\Users\Alireza\AppData\Local\Google 2015-09-06 23:07 - 2015-09-06 23:07 - 00000000 ____D C:\Program Files\GUMEB98.tmp 2015-09-06 23:06 - 2015-09-07 14:13 - 00000000 ____D C:\Program Files\Google 2015-09-06 21:32 - 2015-09-06 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft 2015-09-06 21:32 - 2015-09-06 21:32 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-09-06 21:30 - 2015-09-06 21:30 - 00000000 ____D C:\ProgramData\Anvisoft 2015-09-06 21:30 - 2015-09-06 21:30 - 00000000 ____D C:\Program Files\Anvisoft 2015-09-05 19:17 - 2015-09-05 19:17 - 00000000 ____D C:\Users\Alireza\AppData\Local\Zemana 2015-09-05 19:14 - 2015-09-05 19:16 - 05078968 _____ ( ) C:\Users\Alireza\Downloads\Zemana.AntiMalware.Setup.exe 2015-09-05 13:55 - 2015-09-05 13:55 - 00011855 _____ C:\Users\Alireza\Downloads\Nojum-3RdGrade-ScoreBoard-Summer94.xlsx 2015-09-04 15:04 - 2015-09-04 15:04 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\Activision 2015-09-04 15:04 - 2015-09-04 15:04 - 00000000 ____D C:\ProgramData\Activision 2015-09-02 22:41 - 2015-09-02 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-09-02 22:41 - 2015-09-02 22:41 - 00000000 ____D C:\ProgramData\ESET 2015-09-02 22:41 - 2015-09-02 22:41 - 00000000 ____D C:\Program Files\ESET 2015-09-02 21:40 - 2015-09-02 23:01 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Alireza\Downloads\mbam-setup-2.1.8.1057.exe 2015-09-02 17:45 - 2008-10-15 05:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2015-09-02 17:45 - 2008-10-15 05:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2015-09-02 17:45 - 2008-10-15 05:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2015-09-02 17:42 - 2015-09-02 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABM 2015-09-02 17:35 - 2015-09-02 17:35 - 00000000 __SHD C:\Users\Alireza\AppData\Roaming\.# 2015-09-02 17:28 - 2015-09-02 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewTech 2015-09-02 13:09 - 2015-09-02 13:09 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2015-09-02 13:03 - 2015-09-02 13:10 - 00000000 ____D C:\ProgramData\HitmanPro 2015-09-01 22:30 - 2015-09-01 22:36 - 00000000 ____D C:\Users\Alireza\AppData\Local\FreeFixer 2015-09-01 22:30 - 2015-09-01 22:30 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\FreeFixer 2015-09-01 21:40 - 2015-09-01 21:40 - 00110080 _____ C:\Users\Alireza\Downloads\ویراسته MBTI (2).xls 2015-09-01 21:13 - 2015-09-01 21:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-09-01 20:37 - 2015-09-01 20:38 - 01654272 _____ C:\Users\Alireza\Downloads\adwcleaner_5.005.exe 2015-08-30 20:40 - 2015-08-30 20:40 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\Enigma Software Group 2015-08-30 20:23 - 2015-08-30 20:24 - 01977018 _____ C:\Users\Alireza\Downloads\DNS-Unlocker Ads - removal instructions.3gp 2015-08-30 20:01 - 2015-08-30 20:01 - 01618432 _____ C:\Users\Alireza\Downloads\adwcleaner_5.004.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-27 20:39 - 2009-07-14 08:04 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-27 20:39 - 2009-07-14 08:04 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-27 20:38 - 2010-11-21 00:31 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-27 20:31 - 2009-07-14 08:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-27 19:42 - 2015-08-26 11:39 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\IDM 2015-09-27 19:42 - 2015-08-26 11:39 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\DMCache 2015-09-27 19:20 - 2015-08-22 05:13 - 01130776 _____ C:\Windows\WindowsUpdate.log 2015-09-27 19:18 - 2015-08-21 17:51 - 00001417 _____ C:\Users\Alireza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-09-26 18:50 - 2015-08-27 13:44 - 00000000 ____D C:\Users\Alireza\AppData\Local\Adobe 2015-09-23 18:32 - 2015-04-02 12:55 - 03673704 _____ C:\Users\Alireza\Desktop\psiphon3.exe 2015-09-23 18:29 - 2015-08-21 20:05 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\Psiphon3 2015-09-23 08:05 - 2009-07-14 06:07 - 00000000 ____D C:\Windows\system32\NDF 2015-09-22 16:54 - 2009-07-14 08:23 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-09-22 16:53 - 2015-08-21 17:49 - 00000020 __RSH C:\win7.ld 2015-09-12 21:00 - 2015-08-21 18:39 - 00007974 _____ C:\Windows\system32\RaCoInst.log 2015-09-10 17:49 - 2013-07-10 09:25 - 00000000 ____D C:\Users\Alireza\Desktop\To Do 2015-09-08 20:11 - 2015-08-21 18:08 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-07 22:59 - 2009-07-14 06:07 - 00000000 ____D C:\Windows\system32\LogFiles 2015-09-06 23:18 - 2015-08-26 12:37 - 00000000 ____D C:\Users\Alireza\AppData\Local\Paint.NET 2015-09-06 23:14 - 2015-08-22 06:09 - 00000000 ____D C:\Windows\Panther 2015-09-04 10:52 - 2013-06-21 16:54 - 00000000 ____D C:\Users\Alireza\Downloads\Compressed 2015-09-02 13:31 - 2009-07-14 06:07 - 00000000 ____D C:\Windows\LiveKernelReports 2015-09-02 13:09 - 2015-03-08 10:29 - 00000000 ____D C:\Users\Alireza\Downloads\SpyHunter.4.18.9.4384.Portable ==================== Files in the root of some directories ======= 2015-09-09 18:35 - 2015-01-20 08:39 - 0009216 _____ () C:\Users\Alireza\AppData\Local\Z@!-d27b4d98-d4b7-4959-8d96-004ff4d9dc1b.tmp Some files in TEMP: ==================== C:\Users\Alireza\AppData\Local\Temp\psiphon-tunnel-core.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-22 05:10 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-09-2015 01 Ran by Alireza (2015-09-27 20:40:58) Running from C:\Users\Alireza\Downloads\Programs Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2015-08-21 14:19:58) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1550678623-1760868364-3899539589-500 - Administrator - Disabled) Alireza (S-1-5-21-1550678623-1760868364-3899539589-1001 - Administrator - Enabled) => C:\Users\Alireza Guest (S-1-5-21-1550678623-1760868364-3899539589-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1550678623-1760868364-3899539589-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) Crash Time III_Farsi (HKLM\...\{338CE47E-A860-4B82-BCB0-CF36D809BEC2}_is1) (Version: - ASREBAZI, Inc.) ESET Smart Security (HKLM\...\{D66C9F03-5F7C-4A4F-A4D0-7D04FCD426AE}) (Version: 8.0.312.0 - ESET, spol s r. o.) HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat) Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.) Kung Fu Panda Persian (HKLM\...\{D60264D0-57C9-4F16-A23A-79F6560A6B1F}) (Version: 1.00.0000 - NewTech) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 41.0 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5919 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (HKLM\...\NVIDIAStereo) (Version: 7.17.12.5919 - NVIDIA Corporation) Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC) PES 2014 + U.P.D.A.T.E (HKLM\...\{112A7DB2-E420-4F95-B28C-0B57D30BF76D}) (Version: 1.0.0 - T.G.P) TP-LINK Wireless Utility (HKLM\...\{6FFEF5E1-F7B0-40DD-838D-557BD7EE4301}) (Version: 1.5.6.0 - TP-LINK) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 05-09-2015 19:49:34 Zemana AntiMalware 9/5/2015 8:49:32 PM 06-09-2015 21:31:26 Device Driver Package Install: Anvisoft Network Service 07-09-2015 18:22:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 08-09-2015 21:24:10 JRT Pre-Junkware Removal ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:34 - 2009-06-11 01:09 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {87062C47-EA83-4736-B836-A7CF115C82FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd) Task: {C13215A8-710C-4329-945B-C09E20F2DC85} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_134_pepper.exe [2015-09-25] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_134_pepper.exe ==================== Loaded Modules (Whitelisted) ============== 2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1550678623-1760868364-3899539589-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alireza\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: KMService => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: RalinkRegistryWriter => 2 MSCONFIG\Services: Stereo Service => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Utility.lnk => C:\Windows\pss\TP-LINK Wireless Utility.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: IDMan => C:\Program Files\Internet Download Manager\IDMan.exe /onboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{06C4FA77-4C90-4371-B0AD-B7D8B7E2C2B0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{DD3549B1-A2AB-447B-A8C4-166B0549206D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{A80E8DAE-5B5C-4ADE-8DD5-5BCEBAC429D4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: ZAM Helper Driver Description: ZAM Helper Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ZAM Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: ZAM Guard Driver Description: ZAM Guard Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ZAM_Guard Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/27/2015 08:33:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/27/2015 08:28:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/27/2015 07:22:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/27/2015 07:09:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/27/2015 02:17:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/27/2015 01:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2015 10:14:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2015 09:32:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2015 07:03:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2015 06:50:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 6.1.7601.17514, time stamp: 0x4ce796f3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0020f828 Faulting process id: 0xaac Faulting application start time: 0xexplorer.exe0 Faulting application path: explorer.exe1 Faulting module path: explorer.exe2 Report Id: explorer.exe3 System errors: ============= Error: (09/27/2015 08:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (09/27/2015 08:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (09/27/2015 08:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (09/27/2015 08:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (09/27/2015 08:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (09/27/2015 08:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (09/27/2015 08:27:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (09/27/2015 08:27:00 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (09/27/2015 08:27:00 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (09/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 ==================== Memory info =========================== Processor: Intel® Pentium® 4 CPU 3.20GHz Percentage of memory in use: 57% Total physical RAM: 3326.49 MB Available physical RAM: 1428.85 MB Total Virtual: 6651.27 MB Available Virtual: 4494.46 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:45.09 GB) (Free:17.04 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:15.35 GB) (Free:7.32 GB) NTFS Drive e: () (Fixed) (Total:40.04 GB) (Free:25.45 GB) NTFS Drive f: () (Fixed) (Total:48.33 GB) (Free:16.3 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 148.9 GB) (Disk ID: DCE9DCE9) Partition 1: (Active) - (Size=45.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=55.4 GB) - (Type=OF Extended) Partition 3: (Not Active) - (Size=48.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  4. Hi everyone, I hope you had a good day. All of my devices recently had infected to a stubborn adware that labels its ads to "Ads by DNSUnlocker". I tried using lots and lots of malware detection softwares and sites, including MalwareBytes, with no success! I tried reinstalling my browser (Opera) plus deleting all the data from AppData and nothing solved. When I go to the extensions part, it says no extensions are installed on my browser. When I go to "Programs and Features" part in Control Panel, I see no suspicious, new program there. Also this adware had infected all the devices in my network! I tried hard reseting the router, with no success. I tried Norton's secure dns on all my devices, with no success. I attached a screenshot of the adware (Special Offers part on the right side of the page) under this topic. The OS I use is Windows 7 Ultimate x86 and the browser I use is Opera 31. Thanks for reading this, Alirezatm.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.