Jump to content

Infected with adware!?


Recommended Posts

Dear Support

My computer is infected with some kind of adware that displays lots of advertisements whenever i click on a web link. It also pop-up a window (usually arabyonline or beforex advertisements). it is very annoying!

i have tried removing it with malwarebytes (which i had already installed when the problem started), and i have AVG also.

I tried other tools by following this http://malwaretips.com/blogs/remove-adware-popup-ads/#junkware

but it did not help.

attached the logs

thanks

attach.zip

dds.txt

Link to post
Share on other sites

Hello zamacoochy and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.21.10

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

Zicks :: Zicks-VAIO [administrator]

 

Protection: Enabled

 

2/22/2014 9:17:18 PM

mbam-log-2014-02-22 (21-17-18).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 243085

Time elapsed: 3 minute(s), 59 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.45.2

Run by Semaan at 18:51:09 on 2014-03-02

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.5814.3112 [GMT 3:00]

.

AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2014\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvservice.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Program Files\Protector Suite\upeksvr.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\AVG\AVG2014\avgfws.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Connectify\ConnectifyService.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe

C:\Program Files (x86)\Connectify\ConnectifyD.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k LPDService

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Genie9\Genie Timeline\GenieTimelineAgent.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Realtek\Audio\HDA\vncutil64.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Device Center\itype.exe

C:\Program Files\Microsoft Device Center\ipoint.exe

C:\Users\Semaan\AppData\Local\HD Streamer\crxmon.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Dyn Updater\DynTray.exe

C:\Program Files\Protector Suite\psqltray.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

C:\Program Files (x86)\eGoo\Bin\CancelAutoPlay.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe

C:\Program Files\Sony\VAIO Update\VUAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Users\Semaan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Semaan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Semaan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Semaan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Semaan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Semaan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Semaan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Semaan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.







uProxyServer = 10.23.8.3:8080


uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll

BHO: AdSafe Class: {598AC71E-BE58-3981-B78A-5C138F423AD6} - C:\Users\Semaan\AppData\Roaming\VolIE\Adsafe_32.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>

EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Semaan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [AdobeBridge] <no file>

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [CancelAutoPlay.exe] "C:\Program Files (x86)\eGoo\Bin\CancelAutoPlay.exe"

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

mRun: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Semaan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DYNUPD~1.LNK - C:\Program Files (x86)\Dyn Updater\DynTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SONYMS~1.LNK - C:\Program Files (x86)\Sony\MSS\3.0.271\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Add to &Evernote - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000

IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: HD Streamer Settings... - C:%5CProgram%20Files%20(x86)%5CHD%20Streamer%5CScriptHost.dll/ID1?settings.html

IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll

LSP: C:\Windows\System32\ASProxy.dll








TCP: NameServer = 192.168.100.1

TCP: Interfaces\{047D8803-F054-4589-807F-47435CCDA785} : NameServer = 212.77.192.59,212.77.192.60

TCP: Interfaces\{3CA1CC48-1970-414A-BAD8-D586FBF920C5} : NameServer = 212.77.192.59,212.77.192.60

TCP: Interfaces\{3CA1CC48-1970-414A-BAD8-D586FBF920C5} : DHCPNameServer = 212.77.192.59 212.77.192.60

TCP: Interfaces\{402DBA8B-9662-4651-A387-3821014272C3} : NameServer = 212.77.192.59,212.77.192.60

TCP: Interfaces\{402DBA8B-9662-4651-A387-3821014272C3} : DHCPNameServer = 212.77.192.59 212.77.192.60

TCP: Interfaces\{481D01B3-3CB5-4289-B389-9AFAB4500449} : DHCPNameServer = 198.18.16.1

TCP: Interfaces\{58E7998C-0567-44C3-A48F-9EB9EB50DCEC} : DHCPNameServer = 212.77.192.59 212.77.192.60

TCP: Interfaces\{640A67D0-D3BD-48ED-B464-C46DE1D143CB} : NameServer = 212.77.192.59,212.77.192.60

TCP: Interfaces\{640A67D0-D3BD-48ED-B464-C46DE1D143CB} : DHCPNameServer = 212.77.192.59 212.77.192.60

TCP: Interfaces\{68934782-12CD-470E-9BA5-A29EEC7B9C9E} : NameServer = 216.146.35.35,216.146.36.36,8.8.8.8

TCP: Interfaces\{68934782-12CD-470E-9BA5-A29EEC7B9C9E} : DHCPNameServer = 192.168.100.1

TCP: Interfaces\{68934782-12CD-470E-9BA5-A29EEC7B9C9E}\2456C6B696E6E283446434 : NameServer = 192.168.2.1

TCP: Interfaces\{68934782-12CD-470E-9BA5-A29EEC7B9C9E}\2456C6B696E6E283446434 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{68934782-12CD-470E-9BA5-A29EEC7B9C9E}\94E6475627E65647F53535 : NameServer = 8.8.8.8

TCP: Interfaces\{68934782-12CD-470E-9BA5-A29EEC7B9C9E}\94E6475627E65647F53535 : DHCPNameServer = 192.168.100.1

TCP: Interfaces\{86E82EEB-599D-4456-94CC-FED4BDEA2807} : NameServer = 212.77.192.59,212.77.192.60

TCP: Interfaces\{86E82EEB-599D-4456-94CC-FED4BDEA2807} : DHCPNameServer = 212.77.192.59 212.77.192.60

TCP: Interfaces\{CE145043-03E3-435E-A1F5-C59B2B060D88} : NameServer = 192.168.2.1

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages =  scecli C:\Program Files\Protector Suite\psqlpwd.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-BHO: AdSafe Class: {598AC71E-BE58-3981-B78A-5C138F423AD6} - C:\Users\Semaan\AppData\Roaming\VolIE\Adsafe_64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-BHO: HD Streamer: {E6062A33-016E-4BDA-A6F1-890D989F8656} - 

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [vncutil] C:\Program Files\Realtek\Audio\HDA\vncutil64.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup

x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"

x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll




x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: psfus - C:\Program Files\Protector Suite\psqlpwd.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]

R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-12-1 210016]

R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-12-1 141920]

R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]

R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]

R1 cnnctfy2;Connectify LightWeight Filter;C:\Windows\System32\drivers\cnnctfy2.sys [2012-10-15 31344]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-24 1358944]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]

R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\ConnectifyService.exe [2012-10-15 65536]

R2 Dyn Updater;Dyn Updater;C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [2011-11-15 95608]

R2 GenieTimelineService;Genie Timeline Service;C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [2013-3-27 671760]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-19 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-1 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-1 701512]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]

R2 nvservice;NVIDIA GuardService;C:\Windows\System32\nvservice.exe [2013-3-14 192800]

R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-7-29 1907896]

R2 RIM MDNS;RIM MDNS;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [2014-1-22 389632]

R2 RIM Tunnel Service;BlackBerry Link Communication Manager;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [2014-1-22 1309696]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-7-20 94208]

R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-7-20 78848]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-6-27 190496]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-8-6 156672]

R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-6-27 104960]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-19 2320920]

R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-6-27 575856]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-6-28 845312]

R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2013-4-22 270192]

R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2012-9-26 33872]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-6-27 19968]

R3 asvpndrv;Astrill SSL VPN Adapter;C:\Windows\System32\drivers\asvpndrv.sys [2012-9-14 31744]

R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2014-1-21 585728]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-7-20 294064]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-19 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-20 151936]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-1 25928]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]

R3 rimvndis;BlackBerry Virtual Private Network;C:\Windows\System32\drivers\rimvndis6_AMD64.sys [2014-1-22 17920]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-2 12032]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2012-11-17 1369136]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 ASOVPNHelper;Astrill OpenVPN Service;C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [2012-9-14 434928]

S3 ASProxy;ASProxy;C:\Program Files (x86)\Astrill\ASProxy.exe [2012-9-14 1918888]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-6-27 342056]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-6-27 39464]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-12-1 16776]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-12-1 9096]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-6-27 1436424]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]

S3 massfilter_lte;ZTE LTE Device Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_LTE.sys [2012-10-11 17736]

S3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-3-30 237328]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]

S3 prwntdrv;prwntdrv;C:\Windows\System32\prwntdrv.sys [2012-12-1 16776]

S3 qciusbnet;Quanta USB-NDIS miniport 9K generic_v8;C:\Windows\System32\drivers\qciusbnet.sys [2012-9-7 158720]

S3 qciusbser;Quanta USB Device for Legacy Serial Communication 9K generic_v8;C:\Windows\System32\drivers\qciusbser.sys [2012-9-7 123648]

S3 qntbulk;Quanta Mobile Switch Driver;C:\Windows\System32\drivers\qntbulk.sys [2012-9-7 49664]

S3 RDID1009;UM-1;C:\Windows\System32\drivers\Rdwm1009.sys [2012-11-23 81920]

S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-21 108400]

S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]

S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-21 67952]

S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-9-18 155320]

S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-28 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-26 19968]

S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-10 537456]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-10 384880]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-10 101232]

S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-12 54760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-27 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S3 zgdcat;ZTE Datacard AT Port;C:\Windows\System32\drivers\zgdcat.sys [2012-10-11 129520]

S3 zgdcdiag;ZTE Datacard Diagnostics Port;C:\Windows\System32\drivers\zgdcdiag.sys [2012-10-11 129520]

S3 zgdcmdm;ZTE Datacard Modem;C:\Windows\System32\drivers\zgdcmdm.sys [2012-10-11 129520]

S3 zgdcnet;ZTE Datacard Network Adapter;C:\Windows\System32\drivers\zgdcnet.sys [2012-10-11 168816]

S3 zgdcnmea;ZTE Datacard NMEA Port;C:\Windows\System32\drivers\zgdcnmea.sys [2012-10-11 129520]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2014-02-26 13:57:15 -------- d-----w- C:\Users\Semaan\AppData\Roaming\ext

2014-02-26 00:01:35 -------- d-----w- C:\Windows\Migration

2014-02-21 21:29:12 -------- d-----w- C:\Program Files\iPod

2014-02-21 21:29:11 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-02-21 21:29:11 -------- d-----w- C:\Program Files\iTunes

2014-02-21 21:29:11 -------- d-----w- C:\Program Files (x86)\iTunes

2014-02-21 21:15:54 -------- d-----w- C:\Windows\ERUNT

2014-02-21 20:47:37 -------- d-----w- C:\AdwCleaner

2014-02-21 20:12:23 -------- d-----w- C:\Users\Semaan\AppData\Roaming\XCPCSync.OEM

2014-02-15 07:32:33 -------- d-----w- C:\Users\Semaan\AppData\Roaming\asoftech

2014-02-14 18:15:04 -------- d-----w- C:\Users\Semaan\AppData\Roaming\AVG2014

2014-02-14 18:14:26 -------- d--h--w- C:\$AVG

2014-02-14 18:14:26 -------- d-----w- C:\ProgramData\AVG2014

2014-02-14 18:14:13 -------- d-----w- C:\Program Files (x86)\AVG

2014-02-14 18:09:01 -------- d-----w- C:\Users\Semaan\AppData\Local\MFAData

2014-02-14 18:09:01 -------- d-----w- C:\Users\Semaan\AppData\Local\Avg2014

2014-02-14 18:09:01 -------- d-----w- C:\ProgramData\MFAData

2014-02-12 23:27:49 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2014-02-03 16:16:11 -------- d-----w- C:\Users\Semaan\AppData\Roaming\VolIE

2014-02-02 17:48:28 -------- d-----w- C:\Users\Semaan\AppData\Local\HD Streamer

.

==================== Find3M  ====================

.

2014-02-21 14:53:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-21 14:53:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-02-21 14:53:08 8835464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll

2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll

2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-01-22 07:43:14 17920 ----a-w- C:\Windows\System32\drivers\rimvndis6_AMD64.sys

2014-01-19 12:10:42 1631552 ----a-w- C:\Windows\System32\VSFilter.dll

2014-01-19 12:05:26 1328960 ----a-w- C:\Windows\SysWow64\VSFilter.dll

2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll

2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll

2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll

2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll

2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll

2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll

2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll

2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe

2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe

2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe

2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe

2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll

2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll

2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll

2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll

2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll

2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe

2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe

2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe

2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe

.

============= FINISH: 18:51:25.86 ===============
Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

ADWARE CLEANER:

------------------------------

 

# AdwCleaner v3.020 - Report created 02/03/2014 at 20:46:08
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Zicks - Zicks-VAIO
# Running from : C:\Users\Zicks\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Zicks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Windows\System32\Tasks\BitGuard
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKCU\Software\59538c8ab06dbe49
Key Deleted : HKLM\SOFTWARE\59538c8ab06dbe49
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{598AC71E-BE58-3981-B78A-5C138F423AD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{598AC71E-BE58-3981-B78A-5C138F423AD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Show-Password
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Zicks\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [8889 octets] - [21/02/2014 23:47:45]
AdwCleaner[R1].txt - [5847 octets] - [02/03/2014 20:44:31]
AdwCleaner[s0].txt - [5531 octets] - [02/03/2014 20:46:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5591 octets] ##########
 
 
JRT:
-------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by Zicks on Sun 03/02/2014 at 20:34:28.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/02/2014 at 20:42:06.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Thanks for letting me know! :)

Last steps:

Step 1

  • Download OTL to your desktop and run it.
  • Click on CleanUp button.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2

Please uninstall ESET Online Scanner .

Step 3

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.