Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spy Hunter 4 [Solved]


  • This topic is locked This topic is locked

#16
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, ok , lets get it sorted. :D

Step 1

jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 2

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.

  • Right click frst.png to run as administrator. When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below

    Drivers MD5
    shortcut.txt
    Addition.txt
    frst-addition.png
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:


  • JRt Log
  • FRST Logs

     
  • reminder - did the program uninstall properly?

  • 1

Advertisements


#17
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hello again Ruggie here are the scans you asked for

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by User at 2015-01-09 19:12:18
Running from C:\Users\User\Desktop\Dowmloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.135 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.14.15 - Atheros Communications Inc.)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.32.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo)
Energy Management (x32 Version: 7.0.3.4 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2778 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{7E59919F-564E-3FB5-B1FC-884251B18B06}) (Version: 4.5.51078 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1694659208-948621448-1659166418-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39016 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1694659208-948621448-1659166418-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1694659208-948621448-1659166418-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1694659208-948621448-1659166418-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1694659208-948621448-1659166418-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1694659208-948621448-1659166418-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
23-12-2014 08:45:00 Windows Update
30-12-2014 10:28:35 Windows Update
30-12-2014 18:12:34 Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters
30-12-2014 18:13:11 Device Driver Package Install: Anchorfree Inc Network Service
02-01-2015 12:56:46 Removed Skype Click to Call
02-01-2015 12:57:22 Removed Skype™ 7.0
02-01-2015 13:22:14 Windows Update
06-01-2015 09:08:39 Windows Update
08-01-2015 15:09:59 OTL Restore Point - 08/01/2015 15:09:56
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2015-01-08 15:11 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {34A66E2C-315F-4883-AE98-ABC687642485} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-26] (Adobe Systems Incorporated)
Task: {3EC6383C-C35F-438A-A1BF-0B7AA502D475} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {41527004-342D-42DD-BE1B-A0ACD53E665D} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {A9F89FDB-1C0B-4109-B247-C4D1204626E2} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2014-10-29] ()
Task: {B9F1342F-79D7-48A5-B0BC-DF75F7FBAB16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-22] (Google Inc.)
Task: {D652DD92-642E-4CEC-A84E-5DE246842B8D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D722F52F-8481-4EBB-82A3-1339128A7590} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-22] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-12-20 02:20 - 2014-10-29 13:22 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-03-10 15:30 - 2014-10-29 13:22 - 01509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2014-10-29 11:40 - 2012-02-22 03:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-12 19:55 - 2014-12-06 01:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 19:55 - 2014-12-06 01:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 19:55 - 2014-12-06 01:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 19:55 - 2014-12-06 01:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\User\Desktop\Outlook.com.website:TASKICON_0OLFavIE91284348923
AlternateDataStreams: C:\Users\User\Desktop\Outlook.com.website:TASKICON_1OCalFavIE91545382048
AlternateDataStreams: C:\Users\User\Desktop\Outlook.com.website:TASKICON_2PeopleFav302369383
AlternateDataStreams: C:\Users\User\Desktop\Outlook.com.website:TASKICON_3SkyDriveFav-1311630743
AlternateDataStreams: C:\Users\User\Desktop\Outlook.com.website:TASKICON_4OLFavIE91410631431
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SACpl.exe /t
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: WSE_Vosteran => 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1694659208-948621448-1659166418-500 - Administrator - Disabled)
Guest (S-1-5-21-1694659208-948621448-1659166418-501 - Limited - Disabled)
User (S-1-5-21-1694659208-948621448-1659166418-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Faulty Device Manager Devices =============
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 09/01/2015 at 19:03:07.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\User\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\User\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\browser"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/01/2015 at 19:06:59.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by User (administrator) on USER-PC on 09-01-2015 19:11:18
Running from C:\Users\User\Desktop\Dowmloads
Loaded Profile: User (Available profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2014-10-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2014-10-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-1694659208-948621448-1659166418-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1694659208-948621448-1659166418-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKU\S-1-5-21-1694659208-948621448-1659166418-1000: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-12-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-12-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-12-07]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_cmi_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0E0F0F0A0D0AyC0C0BtAtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyEyEyD0BtD0A0DtG0DtA0C0BtGzy0EtByCtG0AyByC0DtGyEyEyE0D0EyDtC0BtCtCtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0D0A0FyE0B0DtG0C0FtCzztGyEtByBtBtGzz0FtBtCtG0Czz0ByDyDyB0BzyyC0B0CtC2Q&cr=1104406108&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0E0F0F0A0D0AyC0C0BtAtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyEyEyD0BtD0A0DtG0DtA0C0BtGzy0EtByCtG0AyByC0DtGyEyEyE0D0EyDtC0BtCtCtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0D0A0FyE0B0DtG0C0FtCzztGyEtByBtBtGzz0FtBtCtG0Czz0ByDyDyB0BzyyC0B0CtC2Q&cr=1104406108&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-22]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-22]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-22]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-22]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-22]
CHR Extension: (Kaspersky Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-08]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-22]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-22]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-22]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-07] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-12-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 19:11 - 2015-01-09 19:11 - 00000000 ____D () C:\FRST
2015-01-09 19:03 - 2015-01-09 19:03 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 19:00 - 2015-01-09 19:01 - 01707939 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-01-08 15:14 - 2015-01-08 15:15 - 00852504 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2015-01-08 15:09 - 2015-01-08 15:09 - 00000000 ____D () C:\_OTL
2015-01-08 13:09 - 2015-01-08 13:09 - 00000528 _____ () C:\Windows\PFRO.log
2015-01-07 22:09 - 2015-01-07 22:09 - 00000083 _____ () C:\Users\User\Desktop\Spy Hunter 4 - Virus, Spyware, Malware Removal.url
2015-01-07 21:53 - 2015-01-09 19:07 - 00000000 ____D () C:\Users\User\Desktop\olt
2015-01-07 21:42 - 2015-01-07 21:42 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2015-01-07 15:09 - 2015-01-07 15:09 - 00000156 _____ () C:\Users\User\Desktop\VIDEO- Rural road blocked as 44 ton lorry overturns - Halifax Courier.url
2015-01-07 01:08 - 2015-01-07 01:09 - 00000000 ____D () C:\Users\User\Desktop\biscuits
2015-01-07 01:08 - 2015-01-07 01:08 - 00001782 _____ () C:\Users\User\Documents\toffee biscuits.txt
2015-01-06 21:41 - 2015-01-09 17:20 - 00000728 _____ () C:\Windows\setupact.log
2015-01-06 21:41 - 2015-01-06 21:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-06 21:07 - 2015-01-03 19:01 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150106-210716.backup
2015-01-06 20:06 - 2015-01-06 20:06 - 00000000 ____D () C:\Users\User\Documents\ProcAlyzer Dumps
2015-01-06 18:54 - 2015-01-06 18:54 - 00000000 _____ () C:\autoexec.bat
2015-01-06 18:53 - 2015-01-06 18:53 - 00003320 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-01-06 18:53 - 2015-01-06 18:53 - 00000000 ____D () C:\sh4ldr
2015-01-06 01:53 - 2015-01-06 01:53 - 00000000 ____D () C:\SafeWeb
2015-01-05 22:09 - 2015-01-08 15:06 - 00000000 ____D () C:\Users\User\AppData\Local\SafeWeb
2015-01-05 22:04 - 2015-01-05 22:06 - 00000000 ____D () C:\AdwCleaner
2015-01-05 22:04 - 2015-01-05 22:04 - 02173952 _____ () C:\Users\User\Downloads\adwcleaner_4.106.exe
2015-01-03 19:01 - 2015-01-03 19:01 - 00000000 ____D () C:\ProgramData\2355320829
2015-01-03 11:12 - 2015-01-03 11:12 - 00262144 _____ () C:\Windows\system32\config\elam
2015-01-03 11:12 - 2015-01-03 11:12 - 00000042 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2015-01-03 02:15 - 2015-01-03 02:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\Fuzzy Bug Interactive
2015-01-03 02:14 - 2015-01-03 02:14 - 00000064 _____ () C:\Windows\GPlrLanc.dat
2015-01-03 02:14 - 2013-07-14 09:58 - 00058264 ____N (Exent Technologies Ltd.) C:\Windows\ExentInfo.exe
2015-01-03 02:11 - 2015-01-03 02:11 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-03 01:55 - 2015-01-06 01:51 - 00000000 ____D () C:\Program Files (x86)\Granny in Paradise
2015-01-03 01:55 - 2015-01-03 01:55 - 00000000 ____D () C:\Program Files (x86)\BFG
2015-01-03 01:52 - 2015-01-03 01:52 - 00373072 _____ () C:\Users\User\Downloads\SoftonicDownloader_for_super-granny.exe
2015-01-03 01:51 - 2015-01-03 01:51 - 00373080 _____ () C:\Users\User\Downloads\SoftonicDownloader_for_granny-in-paradise.exe
2015-01-02 22:06 - 2015-01-02 22:05 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-02 22:05 - 2015-01-02 22:05 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-02 22:05 - 2015-01-02 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-02 22:04 - 2015-01-07 16:22 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-02 22:04 - 2015-01-02 22:04 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-02 22:02 - 2015-01-02 22:02 - 00638888 _____ (Oracle Corporation) C:\Users\User\Downloads\chromeinstall-8u25.exe
2015-01-02 13:00 - 2015-01-02 13:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-02 13:00 - 2015-01-02 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-02 12:58 - 2015-01-02 12:58 - 01548384 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\SkypeSetup.exe
2015-01-02 12:09 - 2015-01-08 15:43 - 00000545 _____ () C:\Users\User\Desktop\Expat Forum For People Moving Overseas And Living Abroad - Search Results.website
2014-12-30 18:13 - 2014-05-17 02:35 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2014-12-30 18:09 - 2014-12-30 18:09 - 07787136 _____ () C:\Users\User\Downloads\HSS-3.42-install-e-550-plain.exe
2014-12-30 18:06 - 2014-12-30 18:06 - 00000055 _____ () C:\Users\User\Desktop\FILMON TV FREE LIVE TV MOVIES AND SOCIAL TELEVISION.url
2014-12-30 17:34 - 2014-12-30 17:34 - 00000159 _____ () C:\Users\User\Desktop\You’ve Been Cleaning Your Oven The Wrong Way Your Entire Life. This Is So Brilliant! - Newsner.url
2014-12-26 18:46 - 2014-12-26 18:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Macromedia
2014-12-26 18:45 - 2015-01-09 18:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
 

  • 0

#18
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts


First...


FRST Fix

If FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   3.03KB   74 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Next...

I know you have previously run ADWcleaner but due to what has been happening and the changes we ahve made I would like to do a fresh run.

adwcleaner.pngAdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Items I need to see in your next post:

  • FRST Fixlist
  • ADWcleaner Scan

  • 1

#19
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Sorry I forgot to paste my greetings before the fixes. So Hi, here we go :D


  • 1

#20
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi again here are the results of what you requested

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by User at 2015-01-10 16:27:14 Run:1
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
createrestorepoint:
Task: {41527004-342D-42DD-BE1B-A0ACD53E665D} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_cmi_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0E0F0F0A0D0AyC0C0BtAtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyEyEyD0BtD0A0DtG0DtA0C0BtGzy0EtByCtG0AyByC0DtGyEyEyE0D0EyDtC0BtCtCtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0D0A0FyE0B0DtG0C0FtCzztGyEtByBtBtGzz0FtBtCtG0Czz0ByDyDyB0BzyyC0B0CtC2Q&cr=1104406108&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0E0F0F0A0D0AyC0C0BtAtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyEyEyD0BtD0A0DtG0DtA0C0BtGzy0EtByCtG0AyByC0DtGyEyEyE0D0EyDtC0BtCtCtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0D0A0FyE0B0DtG0C0FtCzztGyEtByBtBtGzz0FtBtCtG0Czz0ByDyDyB0BzyyC0B0CtC2Q&cr=1104406108&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] 
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
2015-01-03 02:14 - 2013-07-14 09:58 - 00058264 ____N (Exent Technologies Ltd.) C:\Windows\ExentInfo.exe
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
end
 
 
*****************
 
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{41527004-342D-42DD-BE1B-A0ACD53E665D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41527004-342D-42DD-BE1B-A0ACD53E665D}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpyHunter4Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => Key deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
X5XSEx_Pr143 => Service deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\www.exent.com/GameTreatWidget" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0" => Key deleted successfully.
C:\Windows\ExentInfo.exe => Moved successfully.
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 16:27:38 ====
 
 
# AdwCleaner v4.106 - Report created 10/01/2015 at 16:34:02
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner_4.106.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Softonic
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://vosteran.com/results.php?q={searchTerms}&a=vst_cmi_15_01_ch&f=7&category=web&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0E0F0F0A0D0AyC0C0BtAtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyEyEyD0BtD0A0DtG0DtA0C0BtGzy0EtByCtG0AyByC0DtGyEyEyE0D0EyDtC0BtCtCtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0D0A0FyE0B0DtG0C0FtCzztGyEtByBtBtGzz0FtBtCtG0Czz0ByDyDyB0BzyyC0B0CtC2Q&cr=1104406108&start=1
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://vosteran.com/results.php?q={searchTerms}&a=vst_cmi_15_01_ch&f=7&category=web&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0E0F0F0A0D0AyC0C0BtAtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyEyEyD0BtD0A0DtG0DtA0C0BtGzy0EtByCtG0AyByC0DtGyEyEyE0D0EyDtC0BtCtCtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0D0A0FyE0B0DtG0C0FtCzztGyEtByBtBtGzz0FtBtCtG0Czz0ByDyDyB0BzyyC0B0CtC2Q&cr=1104406108&start=1
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [6239 octets] - [05/01/2015 22:04:32]
AdwCleaner[R1].txt - [1919 octets] - [10/01/2015 16:34:02]
AdwCleaner[S0].txt - [6073 octets] - [05/01/2015 22:06:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2039 octets] ##########
 

  • 0

#21
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Thanks :D

Before we continue, there is something that I need to address. Microsoft Office 2010 that is installed appears to be non-genuine and has a crack to enable it to operate. Were you aware of this? We request that non genuine software be removed as it violates out Terms of Use. If you need assistance in doing so then please let me know.

Onwards...

Step 1

adwcleaner.pngRe-run AdwCleaner

Close all open windows and browsers.

  • Right click the adwcleaner.pngAdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step 2

Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
  • Now select the Settings tab, and check the box next to Scan for rootkits and ensure the PUP and PUM options are selected to treat as malware:
    mbam-select.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    mbam-scan.png
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • If threats are detected, click the Apply Actions button.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.
Items I need to see in your next post:

  • ADWcleaner clean report
  • Malwarebytes Report
  • How is it looking now?

  • 1

#22
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hello once again first of all let me appologise I have followed your instructions, but could not find the option to click to disable the free trial of malwarebites I tried to download it twice but unsuccessful in finding the option so I carried on with the trial version let me know if i need to correct this.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/01/2015
Scan Time: 15:58:20
Logfile: 11.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.11.08
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320977
Time Elapsed: 42 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [e9af975d93f6a096320404eba65e29d7]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.SafeWeb.A, C:\Users\User\AppData\Local\SafeWeb, Quarantined, [fa9ec62e315830061d9d117d57ac9c64], 
Rogue.Multiple, C:\ProgramData\2355320829, Quarantined, [395fb4402069c76f7e100c17a06356aa], 
 
Files: 4
PUP.Optional.Softonic, C:\Users\User\Downloads\SoftonicDownloader_for_granny-in-paradise.exe, Quarantined, [178145af4049181e486acd8d33cde21e], 
PUP.Optional.Softonic, C:\Users\User\Downloads\SoftonicDownloader_for_super-granny.exe, Quarantined, [6b2dae460a7f73c3b8fab6a42ed2e61a], 
PUP.Optional.SafeWeb.A, C:\Users\User\AppData\Local\SafeWeb\data2.dat, Quarantined, [fa9ec62e315830061d9d117d57ac9c64], 
Rogue.Multiple, C:\ProgramData\2355320829\BITE9E1.tmp, Quarantined, [395fb4402069c76f7e100c17a06356aa], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v4.106 - Report created 11/01/2015 at 15:09:48
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Softonic
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://vosteran.com/results.php?q={searchTerms}&a=vst_cmi_15_01_ch&f=7&category=web&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0E0F0F0A0D0AyC0C0BtAtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyEyEyD0BtD0A0DtG0DtA0C0BtGzy0EtByCtG0AyByC0DtGyEyEyE0D0EyDtC0BtCtCtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0D0A0FyE0B0DtG0C0FtCzztGyEtByBtBtGzz0FtBtCtG0Czz0ByDyDyB0BzyyC0B0CtC2Q&cr=1104406108&start=1
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://vosteran.com/results.php?q={searchTerms}&a=vst_cmi_15_01_ch&f=7&category=web&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0E0F0F0A0D0AyC0C0BtAtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyEyEyD0BtD0A0DtG0DtA0C0BtGzy0EtByCtG0AyByC0DtGyEyEyE0D0EyDtC0BtCtCtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0D0A0FyE0B0DtG0C0FtCzztGyEtByBtBtGzz0FtBtCtG0Czz0ByDyDyB0BzyyC0B0CtC2Q&cr=1104406108&start=1
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [6239 octets] - [05/01/2015 22:04:32]
AdwCleaner[R1].txt - [2123 octets] - [10/01/2015 16:34:02]
AdwCleaner[R2].txt - [2181 octets] - [11/01/2015 15:08:15]
AdwCleaner[S0].txt - [6073 octets] - [05/01/2015 22:06:24]
AdwCleaner[S1].txt - [2068 octets] - [11/01/2015 15:09:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2128 octets] ##########
 

  • 0

#23
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
The trial is fine - it will revert to the free version after the trial period.
 
Things are looking good so far - any current issues?
 
Let's scan for residual files :D
 
Anti-Virus Scan
Please run a free online scan with the ESET Online Scanner

<< Please disable any existing anti virus product before performing the following. >>
  • Click Run Eset Online Scanner
Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start[
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:
eset-selections.png
  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
eset-selections.png
  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
Items I need to see in your next post:
  • ESET log

  • 1

#24
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi Again I have completed the scan could you please explain to me where to find C:\Program Files (x86)\EsetOnlineScanner\log.txt I don't seem to be able to locate it Thankyou


  • 0

#25
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, click start and run. Then when the box shows, paste the following into it.(including the quotes)

"C:\Program Files (x86)\EsetOnlineScanner\log.txt"

 

That should open it directly.


  • 1

Advertisements


#26
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Nope says no items match your search sorry


  • 0

#27
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

ok , try "C:\Program Files\EsetOnlineScanner\log.txt"


  • 1

#28
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

nope same reply :(


  • 0

#29
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Ok one more lol :D

 

"C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt"


  • 1

#30
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

agghhh no same reply after 3 hours of scanning it has got to be somewhere haha sorry I am not much help


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP