Jump to content

Recommended Posts

Hi everyone, I hope you had a good day.

 

All of my devices recently had infected to a stubborn adware that labels its ads to "Ads by DNSUnlocker".

 

I tried using lots and lots of malware detection softwares and sites, including MalwareBytes, with no success!

 

I tried reinstalling my browser (Opera) plus deleting all the data from AppData and nothing solved.

When I go to the extensions part, it says no extensions are installed on my browser. When I go to "Programs and Features" part in Control Panel, I see no suspicious, new program there.

 

Also this adware had infected all the devices in my network! I tried hard reseting the router, with no success. I tried Norton's secure dns on all my devices, with no success.

 

I attached a screenshot of the adware (Special Offers part on the right side of the page) under this topic.

 

The OS I use is Windows 7 Ultimate x86 and the browser I use is Opera 31.

 

Thanks for reading this,

Alirezatm.

post-192387-0-81711200-1441813054_thumb.

Link to post
Share on other sites

Hello alirezatm and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

  • 3 weeks later...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01
Ran by Alireza (administrator) on ALIREZA-PC (27-09-2015 20:39:01)
Running from C:\Users\Alireza\Downloads\Programs
Loaded Profiles: Alireza (Available Profiles: Alireza)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2015-01-28] (ESET)
HKU\S-1-5-21-1550678623-1760868364-3899539589-1001\...\Run: [iDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3907152 2015-08-14] (Tonec Inc.)
HKU\S-1-5-21-1550678623-1760868364-3899539589-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4D1BD09C-09CF-49DC-ABB1-45AC7D4FE658}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{8B9DCF5D-3141-41E5-BB5F-0D383D89F841}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1550678623-1760868364-3899539589-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-08-21] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Alireza\AppData\Roaming\Mozilla\Firefox\Profiles\ynk2cpwc.default-1443373167332
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-07-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-07-29] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1550678623-1760868364-3899539589-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-1550678623-1760868364-3899539589-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015-08-21]
FF HKU\S-1-5-21-1550678623-1760868364-3899539589-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Alireza\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Alireza\AppData\Roaming\IDM\idmmzcc5 [2015-09-27]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-08-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2015-01-28] (ESET)
S4 KMService; C:\Windows\system32\srvany.exe [8192 2010-06-29] () [File not signed]
S4 RalinkRegistryWriter; C:\Program Files\TP-LINK\COMMON\RaRegistry.exe [185632 2010-06-25] (Ralink Technology, Corp.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [176448 2015-01-30] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37928 2015-01-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [51824 2015-01-30] (ESET)
S3 esihdrv; C:\Windows\TEMP\esihdrv.sys [122240 2015-09-08] (ESET)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [854368 2010-06-25] (Ralink Technology Corp.)
R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-14] (Conexant Systems, Inc.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 20:38 - 2015-09-27 20:39 - 00000000 ____D C:\FRST
2015-09-27 20:22 - 2015-09-27 20:29 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\vlc
2015-09-27 20:21 - 2015-09-27 20:21 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-09-27 20:21 - 2015-09-27 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-09-27 20:20 - 2015-09-27 20:20 - 00000000 ____D C:\Program Files\VideoLAN
2015-09-27 20:10 - 2015-09-27 20:11 - 06336110 _____ C:\Users\Alireza\Downloads\How do I remove 'Ads by DNSUnlocker' pop up virus (DNS Unlocker removal).flv
2015-09-27 19:55 - 2015-09-27 20:01 - 00000000 ____D C:\Users\Alireza\AppData\Local\Mozilla
2015-09-27 19:54 - 2015-09-27 19:55 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\Mozilla
2015-09-27 19:54 - 2015-09-27 19:54 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-27 19:54 - 2015-09-27 19:54 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-27 19:54 - 2015-09-27 19:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-27 19:54 - 2015-09-27 19:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-27 19:30 - 2015-09-27 19:30 - 00007032 _____ C:\Users\Alireza\Documents\cc_20150927_193042.reg
2015-09-26 18:44 - 2015-09-26 18:44 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\Macromedia
2015-09-22 16:53 - 2015-09-22 16:53 - 00468649 __RSH C:\KJOHE
2015-09-10 19:14 - 2015-09-10 19:14 - 00015677 _____ C:\Users\Alireza\Downloads\Physic-3RdGrade-ScoreBoard-Summer94.xlsx
2015-09-10 17:58 - 2015-09-26 19:05 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-09-10 17:58 - 2015-09-25 18:13 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-10 17:58 - 2015-09-25 18:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-10 17:57 - 2015-09-10 17:57 - 00000000 ____D C:\Windows\system32\Macromed
2015-09-09 18:35 - 2015-01-20 08:39 - 00009216 _____ C:\Users\Alireza\AppData\Local\Z@!-d27b4d98-d4b7-4959-8d96-004ff4d9dc1b.tmp
2015-09-08 20:34 - 2015-09-08 20:34 - 00000000 ____D C:\Windows\pss
2015-09-08 20:03 - 2015-09-08 20:03 - 00000000 ____D C:\Users\Alireza\AppData\Local\.bomgartemp-70526758a454bb84419d76b6680dea82-shl-0-cs-0
2015-09-07 23:00 - 2015-09-07 23:00 - 00002174 _____ C:\Users\Alireza\Documents\cc_20150908_000002.reg
2015-09-07 18:23 - 2015-09-27 20:06 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\HexChat
2015-09-07 18:22 - 2015-09-07 18:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-07 18:22 - 2015-09-07 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
2015-09-07 18:21 - 2015-09-07 18:22 - 00000000 ____D C:\Program Files\HexChat
2015-09-07 18:18 - 2015-09-07 18:20 - 06655160 _____ (HexChat ) C:\Users\Alireza\Downloads\HexChat 2.10.2 x86.exe
2015-09-07 10:31 - 2015-09-27 20:31 - 00003930 _____ C:\Windows\setupact.log
2015-09-07 10:31 - 2015-09-07 10:31 - 00000000 _____ C:\Windows\setuperr.log
2015-09-07 10:30 - 2015-09-07 10:30 - 00002168 _____ C:\Windows\PFRO.log
2015-09-07 10:27 - 2015-09-07 10:31 - 00406272 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-06 23:18 - 2015-09-06 23:18 - 00108824 _____ C:\Users\Alireza\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-06 23:16 - 2015-09-06 23:16 - 00132202 _____ C:\Users\Alireza\Documents\cc_20150907_001611.reg
2015-09-06 23:10 - 2015-09-27 19:28 - 00000000 ____D C:\Program Files\CCleaner
2015-09-06 23:10 - 2015-09-06 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-06 23:07 - 2015-09-06 23:07 - 00000000 ____D C:\Users\Alireza\AppData\Local\Google
2015-09-06 23:07 - 2015-09-06 23:07 - 00000000 ____D C:\Program Files\GUMEB98.tmp
2015-09-06 23:06 - 2015-09-07 14:13 - 00000000 ____D C:\Program Files\Google
2015-09-06 21:32 - 2015-09-06 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2015-09-06 21:32 - 2015-09-06 21:32 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-09-06 21:30 - 2015-09-06 21:30 - 00000000 ____D C:\ProgramData\Anvisoft
2015-09-06 21:30 - 2015-09-06 21:30 - 00000000 ____D C:\Program Files\Anvisoft
2015-09-05 19:17 - 2015-09-05 19:17 - 00000000 ____D C:\Users\Alireza\AppData\Local\Zemana
2015-09-05 19:14 - 2015-09-05 19:16 - 05078968 _____ ( ) C:\Users\Alireza\Downloads\Zemana.AntiMalware.Setup.exe
2015-09-05 13:55 - 2015-09-05 13:55 - 00011855 _____ C:\Users\Alireza\Downloads\Nojum-3RdGrade-ScoreBoard-Summer94.xlsx
2015-09-04 15:04 - 2015-09-04 15:04 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\Activision
2015-09-04 15:04 - 2015-09-04 15:04 - 00000000 ____D C:\ProgramData\Activision
2015-09-02 22:41 - 2015-09-02 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-09-02 22:41 - 2015-09-02 22:41 - 00000000 ____D C:\ProgramData\ESET
2015-09-02 22:41 - 2015-09-02 22:41 - 00000000 ____D C:\Program Files\ESET
2015-09-02 21:40 - 2015-09-02 23:01 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Alireza\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-02 17:45 - 2008-10-15 05:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-09-02 17:45 - 2008-10-15 05:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-09-02 17:45 - 2008-10-15 05:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-09-02 17:42 - 2015-09-02 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABM
2015-09-02 17:35 - 2015-09-02 17:35 - 00000000 __SHD C:\Users\Alireza\AppData\Roaming\.#
2015-09-02 17:28 - 2015-09-02 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewTech
2015-09-02 13:09 - 2015-09-02 13:09 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-09-02 13:03 - 2015-09-02 13:10 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-01 22:30 - 2015-09-01 22:36 - 00000000 ____D C:\Users\Alireza\AppData\Local\FreeFixer
2015-09-01 22:30 - 2015-09-01 22:30 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\FreeFixer
2015-09-01 21:40 - 2015-09-01 21:40 - 00110080 _____ C:\Users\Alireza\Downloads\ویراسته MBTI (2).xls
2015-09-01 21:13 - 2015-09-01 21:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-01 20:37 - 2015-09-01 20:38 - 01654272 _____ C:\Users\Alireza\Downloads\adwcleaner_5.005.exe
2015-08-30 20:40 - 2015-08-30 20:40 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\Enigma Software Group
2015-08-30 20:23 - 2015-08-30 20:24 - 01977018 _____ C:\Users\Alireza\Downloads\DNS-Unlocker Ads - removal instructions.3gp
2015-08-30 20:01 - 2015-08-30 20:01 - 01618432 _____ C:\Users\Alireza\Downloads\adwcleaner_5.004.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 20:39 - 2009-07-14 08:04 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-27 20:39 - 2009-07-14 08:04 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-27 20:38 - 2010-11-21 00:31 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-27 20:31 - 2009-07-14 08:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-27 19:42 - 2015-08-26 11:39 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\IDM
2015-09-27 19:42 - 2015-08-26 11:39 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\DMCache
2015-09-27 19:20 - 2015-08-22 05:13 - 01130776 _____ C:\Windows\WindowsUpdate.log
2015-09-27 19:18 - 2015-08-21 17:51 - 00001417 _____ C:\Users\Alireza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-26 18:50 - 2015-08-27 13:44 - 00000000 ____D C:\Users\Alireza\AppData\Local\Adobe
2015-09-23 18:32 - 2015-04-02 12:55 - 03673704 _____ C:\Users\Alireza\Desktop\psiphon3.exe
2015-09-23 18:29 - 2015-08-21 20:05 - 00000000 ____D C:\Users\Alireza\AppData\Roaming\Psiphon3
2015-09-23 08:05 - 2009-07-14 06:07 - 00000000 ____D C:\Windows\system32\NDF
2015-09-22 16:54 - 2009-07-14 08:23 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-22 16:53 - 2015-08-21 17:49 - 00000020 __RSH C:\win7.ld
2015-09-12 21:00 - 2015-08-21 18:39 - 00007974 _____ C:\Windows\system32\RaCoInst.log
2015-09-10 17:49 - 2013-07-10 09:25 - 00000000 ____D C:\Users\Alireza\Desktop\To Do
2015-09-08 20:11 - 2015-08-21 18:08 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-07 22:59 - 2009-07-14 06:07 - 00000000 ____D C:\Windows\system32\LogFiles
2015-09-06 23:18 - 2015-08-26 12:37 - 00000000 ____D C:\Users\Alireza\AppData\Local\Paint.NET
2015-09-06 23:14 - 2015-08-22 06:09 - 00000000 ____D C:\Windows\Panther
2015-09-04 10:52 - 2013-06-21 16:54 - 00000000 ____D C:\Users\Alireza\Downloads\Compressed
2015-09-02 13:31 - 2009-07-14 06:07 - 00000000 ____D C:\Windows\LiveKernelReports
2015-09-02 13:09 - 2015-03-08 10:29 - 00000000 ____D C:\Users\Alireza\Downloads\SpyHunter.4.18.9.4384.Portable

==================== Files in the root of some directories =======

2015-09-09 18:35 - 2015-01-20 08:39 - 0009216 _____ () C:\Users\Alireza\AppData\Local\Z@!-d27b4d98-d4b7-4959-8d96-004ff4d9dc1b.tmp

Some files in TEMP:
====================
C:\Users\Alireza\AppData\Local\Temp\psiphon-tunnel-core.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-22 05:10

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-09-2015 01
Ran by Alireza (2015-09-27 20:40:58)
Running from C:\Users\Alireza\Downloads\Programs
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2015-08-21 14:19:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1550678623-1760868364-3899539589-500 - Administrator - Disabled)
Alireza (S-1-5-21-1550678623-1760868364-3899539589-1001 - Administrator - Enabled) => C:\Users\Alireza
Guest (S-1-5-21-1550678623-1760868364-3899539589-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1550678623-1760868364-3899539589-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Crash Time III_Farsi (HKLM\...\{338CE47E-A860-4B82-BCB0-CF36D809BEC2}_is1) (Version:  - ASREBAZI, Inc.)
ESET Smart Security (HKLM\...\{D66C9F03-5F7C-4A4F-A4D0-7D04FCD426AE}) (Version: 8.0.312.0 - ESET, spol s r. o.)
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Kung Fu Panda Persian (HKLM\...\{D60264D0-57C9-4F16-A23A-79F6560A6B1F}) (Version: 1.00.0000 - NewTech)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 41.0 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5919 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM\...\NVIDIAStereo) (Version: 7.17.12.5919 - NVIDIA Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PES 2014 + U.P.D.A.T.E (HKLM\...\{112A7DB2-E420-4F95-B28C-0B57D30BF76D}) (Version: 1.0.0 - T.G.P)
TP-LINK Wireless Utility (HKLM\...\{6FFEF5E1-F7B0-40DD-838D-557BD7EE4301}) (Version: 1.5.6.0 - TP-LINK)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-09-2015 19:49:34 Zemana AntiMalware 9/5/2015 8:49:32 PM
06-09-2015 21:31:26 Device Driver Package Install: Anvisoft Network Service
07-09-2015 18:22:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
08-09-2015 21:24:10 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 01:09 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {87062C47-EA83-4736-B836-A7CF115C82FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {C13215A8-710C-4329-945B-C09E20F2DC85} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_134_pepper.exe [2015-09-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_134_pepper.exe

==================== Loaded Modules (Whitelisted) ==============

2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1550678623-1760868364-3899539589-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alireza\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: KMService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Utility.lnk => C:\Windows\pss\TP-LINK Wireless Utility.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: IDMan => C:\Program Files\Internet Download Manager\IDMan.exe /onboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{06C4FA77-4C90-4371-B0AD-B7D8B7E2C2B0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{DD3549B1-A2AB-447B-A8C4-166B0549206D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A80E8DAE-5B5C-4ADE-8DD5-5BCEBAC429D4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2015 08:33:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2015 08:28:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2015 07:22:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2015 07:09:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2015 02:17:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2015 01:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2015 10:14:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2015 09:32:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2015 07:03:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2015 06:50:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17514, time stamp: 0x4ce796f3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0020f828
Faulting process id: 0xaac
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3


System errors:
=============
Error: (09/27/2015 08:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/27/2015 08:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/27/2015 08:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/27/2015 08:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/27/2015 08:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/27/2015 08:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/27/2015 08:27:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/27/2015 08:27:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/27/2015 08:27:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/27/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 3.20GHz
Percentage of memory in use: 57%
Total physical RAM: 3326.49 MB
Available physical RAM: 1428.85 MB
Total Virtual: 6651.27 MB
Available Virtual: 4494.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:45.09 GB) (Free:17.04 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:15.35 GB) (Free:7.32 GB) NTFS
Drive e: () (Fixed) (Total:40.04 GB) (Free:25.45 GB) NTFS
Drive f: () (Fixed) (Total:48.33 GB) (Free:16.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 148.9 GB) (Disk ID: DCE9DCE9)
Partition 1: (Active) - (Size=45.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.4 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=48.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Step 1

Please update Malwarebytes Anti-Malware, perform a threat scan and post your log file.

Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
In your next reply, post the following log files:
  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log
Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/29/2015
Scan Time: 4:22 PM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.06.03.03
Rootkit Database: v2015.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Alireza

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 298683
Time Elapsed: 33 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

 

 

 

 

C:\Users\Alireza\Downloads\Programs\ccsetup509pro.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application

Link to post
Share on other sites

  • 2 weeks later...

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3
  • Please download ZHPCleaner (by NicolasCoolman) to your desktop.
  • Double click on ZHPCleaner to run the tool. (Vista/Windows 7/8 users right-click and select Run As Administrator).
  • Please click on the Ashampoo_Snap_20140819_13h09m50s_001__zp button.
  • Then press the y3pI4LR.png button.
  • During the scan any open instances of the browsers will be closed automatically.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • In your next reply, post the following log files:
    • Junkware Removal Tool log
    • AdwCleaner log
    • ZHPCleaner log
Link to post
Share on other sites

  • 4 weeks later...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Ultimate x86
Ran by Alireza on Fri 10/30/2015 at 13:59:20.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/30/2015 at 14:05:42.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

# AdwCleaner v5.015 - Logfile created 30/10/2015 at 14:11:04
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Alireza - ALIREZA-PC
# Running from : C:\Users\Alireza\Downloads\adwcleaner_5.015.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Users\Alireza\AppData\Local\FreeFixer
Folder Found : C:\Users\Alireza\AppData\Roaming\FreeFixer

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [709 bytes] ##########
 

 

 

 

 

 

 

 

 

~ ZHPCleaner v2015.10.28.370 by Nicolas Coolman (2015/10/28)
~ Run by Alireza (Administrator)  (30/10/2015 14:42:51)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Alireza\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Alireza\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


---\\  Services (0)


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (1)
MOVED file: C:\Users\Alireza\Downloads\How do I remove 'Ads by DNSUnlocker' pop up virus (DNS Unlocker removal).flv    =>PUP.Optional.DNSUnlocker


---\\  Registry ( Key, Value, Data) (4)
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\KMService [C:\Windows\System32\srvany.exe]  =>PUP.Optional.Office
DELETED key*: HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [iTool]  =>Toolbar.Ask
DELETED key*: HKLM\SOFTWARE\Microsoft\Tracing\iSafeDownloader_RASAPI32 []  =>PUP.Optional.SoftwareEngine
DELETED key*: HKLM\SOFTWARE\Microsoft\Tracing\iSafeDownloader_RASMANCS []  =>PUP.Optional.SoftwareEngine


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 931
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 6

~ End of clean in 1 minutes
===================
ZHPCleaner-[R]-30102015-14_44_25.txt
ZHPCleaner--30102015-14_38_42.txt
 

Link to post
Share on other sites

  • 6 months later...
  • Root Admin

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.Thank you and sorry we missed your topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.