Conversation help cleaning pc
- Thread starter confidential
- Start date
-
- Tags
- abandoned
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
- Status
Zemana Scan
Run a full scan with Zemana AntiMalware!
Install and select deep scan.
Remove any infections found.
Then click on the icon in the pic below.
Double click on the scan log, copy and paste here in your reply
Zoek Scan
Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.
createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;
Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.
Run a full scan with Zemana AntiMalware!
Install and select deep scan.
Remove any infections found.
Then click on the icon in the pic below.
Double click on the scan log, copy and paste here in your reply
Zoek Scan
Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.
createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;
Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.
Last edited:
Code:
Zemana AntiMalware 2.21.2.465 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/8/24
Operating System : Windows 8.1 64-bit
Processor : 8X AMD FX(tm)-8350 Eight-Core Processor
BIOS Mode : UEFI
CUID : 12FA14534E9853CEE417F7
Scan Type : Deep Scan
Duration : 5m 28s
Scanned Objects : 250395
Detected Objects : 0
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
No threats detected
Code:
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by brad on Wed 08/24/2016 at 1:51:22.51.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\brad\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-09-26-023614.log 7585 bytes
C:\zoek-results2016-08-24-083233.log 9053 bytes
C:\zoek-results2016-08-24-083522.log 2167 bytes
==== System Restore Info ======================
8/24/2016 1:51:55 AM Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565
prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\brad\AppData\Local\Wondershare deleted
C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565\jetpack deleted
C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565\Yahoo Inc deleted
==== Orphaned Tasks deleted from Registry ======================
ASUS\ASUS WiFi GO Server Execute deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"webrootsecure@webroot.com"="C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer" [02/26/2015 08:34 AM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Reddit Enhancement Suite - %ProfilePath%\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
- NewScrollbars aka NoiaScrollbars - %ProfilePath%\extensions\NoiaScrollbars@ArisT2_Noia4dev.xpi
- Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565
8CE35D76726DFC8C3848BB26B3C79A54 - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll - Shockwave for Director / Shockwave for Director
62D98B286C805E193568037B70D936D2 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll - Shockwave Flash
DB4E3BE3319897DF63975BD95F1169B0 - C:\Users\brad\AppData\Roaming\ACEStream\player\npace_plugin.dll - Ace Stream P2P Multimedia Plug-in
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
kjeghcllfecehndceplomkocgfbklffd - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.1.0.57.crx[02/26/2015 08:34 AM]
okfhiodnpcnnnpgbjbhfebjnbagmfhab - C:\ProgramData\WRData\pkg\lpchrome.crx[10/24/2014 12:48 AM]
Web of Trust - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
Stylish - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe
EditThisCookie - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
Disconnect - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo
Reddit Enhancement Suite - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb
Cookie Manager - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck
Webroot Filtering Extension - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd
Facebook AdBlock - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa
Tom's Hardware - My Threads - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddbmgcnelmmhlfibkmfnhnfeccaliip
Hover Zoom - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl
Incognito Tab Switch - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofeampmlffjabmpdebckhpmcjkcjkahi
Webroot Password Manager - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab
Chrome Media Router - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Reditr - The Best Reddit Client - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmfcbbijgnhoebddbjpmlikabnbnddgb
==== Chromium Fix ======================
C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\brad\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\brad\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\brad\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\brad\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=197 folders=106 71481065 bytes)
==== Empty Temp Folders ======================
C:\Users\brad\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\brad\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Wed 08/24/2016 at 2:02:54.11 ======================
Hi there confidential 
Before we ran the scans, what were you experiencing that you thought you might be infected?
Before we ran the scans, what were you experiencing that you thought you might be infected?
slowdown in chrome/ firefox. they were always freezing. Also i would type stuff and it would lag on showing up. sometimes im not able to select anything on my start bar
HijackThis.
1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.
Security Check Scan.
Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.
FRST Fix
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:28:38 PM, on 8/24/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\brad\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKLM\..\Run: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AceUpdater] C:\Users\brad\AppData\Roaming\ACEStream\updater\ace_update.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\brad\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: Install Webroot FF RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - Global Startup: Install Webroot IE RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Amazon 1Button App Service - Amazon Inc. - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Disc Soft Pro Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Pro Advanced\DiscSoftBusService.exe
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
O23 - Service: ZAM Controller Service (ZAMSvc) - Zemana Ltd. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
--
End of file - 9646 bytes
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:28:38 PM, on 8/24/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\brad\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKLM\..\Run: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AceUpdater] C:\Users\brad\AppData\Roaming\ACEStream\updater\ace_update.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\brad\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: Install Webroot FF RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - Global Startup: Install Webroot IE RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Amazon 1Button App Service - Amazon Inc. - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Disc Soft Pro Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Pro Advanced\DiscSoftBusService.exe
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
O23 - Service: ZAM Controller Service (ZAMSvc) - Zemana Ltd. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
--
End of file - 9646 bytes
Code:
SecurityCheck by glax24 & Severnyj v.1.4.0.44 [17.08.16]
WebSite: www.safezone.cc
DateLog: 24.08.2016 13:34:12
Path starting: C:\Users\brad\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: brad
VersionXML: 3.36is-19.08.2016
___________________________________________________________________________
Windows 8.1(6.3.9600) (x64) Professional Lang: English(0409)
Installation date OS: 24.10.2014 06:49:33
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [237.5 Gb] Used: [215.1 Gb] Free: [22.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18427
User Account Control [b]enabled[/b]
Automatic download and scheduled installation
Date install updates: 2016-08-17 10:52:30
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Webroot SecureAnywhere (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Webroot SecureAnywhere (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Webroot SecureAnywhere v.9.0.11.70
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.21.465
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.11 (64-bit) v.5.11.0 [color=red][b]Warning! [url=http://www.rarlab.com/download.htm]Download Update[/url][/b][/color]
7-Zip 9.22 (x64 edition) v.9.22.00.0 [color=red][b]Warning! [url=http://www.7-zip.org/download.html]Download Update[/url][/b][/color]
[color=blue][b]Uninstall old version and install new one.[/b][/color]
Microsoft Silverlight v.5.1.41212.0 [color=red][b]Warning! [url=https://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx]Download Update[/url][/b][/color]
Oracle VM VirtualBox 4.3.28 v.4.3.28 [color=red][b]Warning! [url=https://www.virtualbox.org/wiki/Downloads]Download Update[/url][/b][/color]
VLC media player v.2.2.1 [color=red][b]Warning! [url=http://www.videolan.org/vlc/download-windows.html]Download Update[/url][/b][/color]
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.22 v.7.22.109 [color=red][b]Warning! [url=http://www.skype.com/go/getskype-full]Download Update[/url][/b][/color]
[color=blue][b]^Optional update.^[/b][/color]
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 77 v.8.0.770.3 [color=red][b]Warning! [url=http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html]Download Update[/url][/b][/color]
[color=blue][b]Uninstall old version and install new one (jre-8u102-windows-i586.exe).[/b][/color]
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 22 NPAPI v.22.0.0.209
Adobe Shockwave Player 12.2 v.12.2.4.194
------------------------------- [ Browser ] -------------------------------
Google Chrome v.52.0.2743.116
Mozilla Firefox 47.0 (x86 en-US) v.47.0 [color=red][b]Warning! [url=https://www.mozilla.org/en-US/firefox/all/]Download Update[/url][/b][/color]
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.52.0.2743.116
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.47.0.0.5999
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
Amazon 1Button App v.2.3.4 [color=blue][b]<< Hidden[/b][/color] [b][color=red]Warning! Suspected Adware![/color][/b] If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using [url=https://www.malwarebytes.org/mwb-download/]Malwarebytes Anti-Malware[/url] and [url=https://toolslib.net/downloads/viewdownload/1-adwcleaner/]AdwCleaner (by ToolsLib)[/url]. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by brad (24-08-2016 13:29:28) Run:1
Running from C:\Users\brad\Desktop
Loaded Profiles: brad (Available Profiles: brad)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{69F22CDD-0AB7-4037-A5E0-3BED5CE7A549}: [DhcpNameServer] 209.18.47.62 209.18.47.61
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-15] (Google Inc.)
FF Extension: Adblock Plus - C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]
CMD: ipconfig /flushdns
hosts:
Emptytemp:
reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
Amazon 1Button App Service => Unable to stop service.
Amazon 1Button App Service => service removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69F22CDD-0AB7-4037-A5E0-3BED5CE7A549}\\DhcpNameServer => value removed successfully
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => key removed successfully
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.6.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => moved successfully
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => not found.
lmimirr => service removed successfully
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37201856 B
Java, Flash, Steam htmlcache => 144403408 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 400466176 B
Firefox => 28293056 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 1646 B
NetworkService => 0 B
brad => 5403938 B
RecycleBin => 0 B
EmptyTemp: => 599.2 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 13:29:49 ====sorry it took me a minute to respond, i had to use firefox to respond which kept freezing on me. after doing all those tests and restarting my PC chrome wont load any sites.
Edit: Chrome works after restart
Edit: Chrome works after restart
Last edited:
also got an error when running hijack this
SecurityCheck by glax24 & Severnyj v.1.4.0.44 [17.08.16]
WebSite: www.safezone.cc
DateLog: 24.08.2016 13:34:12
Path starting: C:\Users\brad\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: brad
VersionXML: 3.36is-19.08.2016
___________________________________________________________________________
Windows 8.1(6.3.9600) (x64) Professional Lang: English(0409)
Installation date OS: 24.10.2014 06:49:33
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [237.5 Gb] Used: [215.1 Gb] Free: [22.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18427
User Account Control enabled
Automatic download and scheduled installation
Date install updates: 2016-08-17 10:52:30
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Webroot SecureAnywhere (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Webroot SecureAnywhere (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Webroot SecureAnywhere v.9.0.11.70
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.21.465
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.11 (64-bit) v.5.11.0 Warning! Download Update
7-Zip 9.22 (x64 edition) v.9.22.00.0 Warning! Download Update
Uninstall old version and install new one.
Microsoft Silverlight v.5.1.41212.0 Warning! Download Update
Oracle VM VirtualBox 4.3.28 v.4.3.28 Warning! Download Update
VLC media player v.2.2.1 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.22 v.7.22.109 Warning! Download Update
^Optional update.^
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 77 v.8.0.770.3 Warning! Download Update
Uninstall old version and install new one (jre-8u102-windows-i586.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 22 NPAPI v.22.0.0.209
Adobe Shockwave Player 12.2 v.12.2.4.194
------------------------------- [ Browser ] -------------------------------
Google Chrome v.52.0.2743.116
Mozilla Firefox 47.0 (x86 en-US) v.47.0 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.52.0.2743.116
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.47.0.0.5999
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
Amazon 1Button App v.2.3.4 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and AdwCleaner (by ToolsLib). Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------
SecurityCheck by glax24 & Severnyj v.1.4.0.44 [17.08.16]
WebSite: www.safezone.cc
DateLog: 24.08.2016 13:34:12
Path starting: C:\Users\brad\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: brad
VersionXML: 3.36is-19.08.2016
___________________________________________________________________________
Windows 8.1(6.3.9600) (x64) Professional Lang: English(0409)
Installation date OS: 24.10.2014 06:49:33
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [237.5 Gb] Used: [215.1 Gb] Free: [22.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18427
User Account Control enabled
Automatic download and scheduled installation
Date install updates: 2016-08-17 10:52:30
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Webroot SecureAnywhere (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Webroot SecureAnywhere (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Webroot SecureAnywhere v.9.0.11.70
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.21.465
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.11 (64-bit) v.5.11.0 Warning! Download Update
7-Zip 9.22 (x64 edition) v.9.22.00.0 Warning! Download Update
Uninstall old version and install new one.
Microsoft Silverlight v.5.1.41212.0 Warning! Download Update
Oracle VM VirtualBox 4.3.28 v.4.3.28 Warning! Download Update
VLC media player v.2.2.1 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.22 v.7.22.109 Warning! Download Update
^Optional update.^
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 77 v.8.0.770.3 Warning! Download Update
Uninstall old version and install new one (jre-8u102-windows-i586.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 22 NPAPI v.22.0.0.209
Adobe Shockwave Player 12.2 v.12.2.4.194
------------------------------- [ Browser ] -------------------------------
Google Chrome v.52.0.2743.116
Mozilla Firefox 47.0 (x86 en-US) v.47.0 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.52.0.2743.116
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.47.0.0.5999
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
Amazon 1Button App v.2.3.4 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and AdwCleaner (by ToolsLib). Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------
Last edited by a moderator:
Please update all items suggested by Security Check tool.
JRT Scan.
Please download Junkware Removal Tool and save it on your desktop.
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
Hit Ok.
Hit next make sure to leave all items checked, for removal.
The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.
ZHP Scan.
Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
2. Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.
Download ResetBrowser To your desktop.
Right click and run as administrator.
Click on Reset Chrome-- Allow completion.
Now reboot your machine.
JRT Scan.
Please download Junkware Removal Tool and save it on your desktop.
- Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log is saved to your desktop and will automatically open.
- Please post the JRT log.
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
Hit Ok.
Hit next make sure to leave all items checked, for removal.
The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.
ZHP Scan.
Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
2. Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.
Download ResetBrowser To your desktop.
Right click and run as administrator.
Click on Reset Chrome-- Allow completion.
Now reboot your machine.
Yes I edited it, so that you can see what needs updated, you would not have been able to spot it easily since it was in code tags. You can update all the programs easily with this tool.
Fix with HijackThis!
Close all other programs!
Right Click Hijack this, run as administrator.
Click do a system scan only.
Place a tick next to the items below.
O4 - HKLM\..\Run: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AceUpdater] C:\Users\brad\AppData\Roaming\ACEStream\updater\ace_update.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\brad\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Click fix checked.
Accept the prompt.
Reboot the machine after.
Close all other programs!
Right Click Hijack this, run as administrator.
Click do a system scan only.
Place a tick next to the items below.
O4 - HKLM\..\Run: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AceUpdater] C:\Users\brad\AppData\Roaming\ACEStream\updater\ace_update.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\brad\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Click fix checked.
Accept the prompt.
Reboot the machine after.
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 Pro x64
Ran by brad (Administrator) on Wed 08/24/2016 at 14:00:05.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/24/2016 at 14:01:16.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
[-] Deleted ->> Folder ->> C:\Users\brad\Appdata\Roaming\RPEng
Code:
~ ZHPCleaner v2016.8.24.113 by Nicolas Coolman (2016/08/24)
~ Run by brad (Administrator) (24/08/2016 14:17:43)
~ Site : https://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\brad\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\brad\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1 Pro, 64-bit (Build 9600)
---\\ Services (0)
~ No malicious or unnecessary items found.
---\\ Browser internet (0)
~ No malicious or unnecessary items found.
---\\ Hosts file (1)
~ The hosts file is legitimate (1)
---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
---\\ Explorer ( File, Folder) (27)
MOVED file: C:\Program Files (x86)\Common Files\wruninstall.exe [Webroot Software, Inc. - Webroot Installer] =>Adware.Suspect
MOVED folder: C:\WINDOWS\Installer\MSI1957.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2601.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI3595.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI468E.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4D84.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5296.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5779.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5B72.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI63B1.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6817.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI7008.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI76A0.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI78E7.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8084.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI84EA.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI86A4.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9186.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIA01D.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIA464.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIA8CA.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIAC84.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIB1C5.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIB36E.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIBEF.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC12B.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIFEA9.tmp- =>Empty
---\\ Registry ( Key, Value, Data) (6)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69F22CDD-0AB7-4037-A5E0-3BED5CE7A549}\\DhcpNameServer [Bad : 209.18.47.62 209.18.47.61] =>Hijacker.Browser
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 209.18.47.62 209.18.47.61] =>Hijacker.Browser
DELETED key*: HKEY_USERS\S-1-5-21-2731936480-3349034690-3766636756-1001\SOFTWARE\Distromatic [] =>PUP.Optional.AlexaTB
DELETED key: HKCU\Software\Distromatic [] =>PUP.Optional.AlexaTB
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 244930 [Poppermost Productions] =>Trojan.Vonteera
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect
---\\ Summary of the elements found (5)
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/ =>Adware.Suspect
https://www.nicolascoolman.com/fr/hijacker-browser/ =>Hijacker.Browser
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.AlexaTB
https://www.nicolascoolman.com/fr/trojan-vonteera/ =>Trojan.Vonteera
https://www.anti-malware.top/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect
---\\ Other deletions. (34)
~ Registry Keys Tracing deleted (34)
~ Remove the old reports ZHPCleaner. (0)
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
---\\ Statistics
~ Items scanned : 615
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 33
~ End of clean in 00h00mn16s
~====================
ZHPCleaner-[R]-24082016-14_17_59.txt
ZHPCleaner-[S]-24082016-14_14_54.txt
Code:
# AdwCleaner v6.000 - Logfile created 24/08/2016 at 15:13:12
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-24.1 [Server]
# Operating System : Windows 8.1 Pro (X64)
# Username : brad - BATTLESTATION
# Running from : C:\Users\brad\Desktop\adwcleaner_6.000.exe
# Mode: Clean
# Support : https://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[!] Folder not deleted:
[!] Folder not deleted:
[!] Folder not deleted:
[-] Folder deleted: C:\Program Files (x86)\Amazon\Amazon1ButtonApp
[!] Folder not deleted: C:\Program Files (x86)\Amazon\Amazon1ButtonApp
***** [ Files ] *****
[!] File not deleted:
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[!] Key not deleted: HKU\S-1-5-21-2731936480-3349034690-3766636756-1001\Software\Classes\.acelive
[!] Key not deleted: HKU\S-1-5-21-2731936480-3349034690-3766636756-1001\Software\Classes\.acemedia
[!] Key not deleted: HKU\S-1-5-21-2731936480-3349034690-3766636756-1001\Software\Classes\.acestream
[!] Key not deleted: HKU\S-1-5-21-2731936480-3349034690-3766636756-1001\Software\Classes\.tslive
[!] Key not deleted: HKU\S-1-5-21-2731936480-3349034690-3766636756-1001\Software\Classes\acestream
[!] Key not deleted: HKCU\Software\Classes\.acelive
[!] Key not deleted: HKCU\Software\Classes\.acemedia
[!] Key not deleted: HKCU\Software\Classes\.acestream
[!] Key not deleted: HKCU\Software\Classes\.tslive
[!] Key not deleted: HKCU\Software\Classes\acestream
[!] Key not deleted: HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
[!] Key not deleted: HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
[!] Key not deleted: HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
[!] Key not deleted: HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
[!] Key not deleted: HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
[!] Key not deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
[!] Key not deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[!] Key not deleted: HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
[!] Key not deleted: HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
[!] Key not deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[!] Key not deleted: HKLM\SOFTWARE\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
[!] Key not deleted: HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[!] Key not deleted: HKLM\SOFTWARE\Classes\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[!] Key not deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}
[!] Key not deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[!] Key not deleted: [x64] HKLM\SOFTWARE\Classes\Installer\Products\3DCCCD6BD02558446B24CF1C63EC213C
[!] Key not deleted: HKLM\SOFTWARE\Classes\Installer\Features\3DCCCD6BD02558446B24CF1C63EC213C
[!] Key not deleted: HKLM\SOFTWARE\Classes\Installer\Products\3DCCCD6BD02558446B24CF1C63EC213C
[!] Value not deleted: HKU\S-1-5-21-2731936480-3349034690-3766636756-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [AceUpdater]
[!] Key not deleted: HKCU\Software\Classes\Applications\ace_player.exe
[!] Key not deleted: HKCU\Software\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[!] Key not deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[!] Key not deleted: HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.0.12
[!] Key not deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[!] Key not deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[!] Key not deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[!] Key not deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[!] Key not deleted: HKCU\SOFTWARE\Classes\Applications\ace_player.exe
[!] Key not deleted: HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application/x-acestream-plugin
***** [ Web browsers ] *****
[!] [nonjdcjchghhkdoolnlbekcfllmednbl] [extensionSecure Preferences ] not deleted:
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1682 Bytes] - [25/09/2015 12:01:58]
C:\AdwCleaner\AdwCleaner[C2].txt - [5060 Bytes] - [24/08/2016 15:13:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [1554 Bytes] - [25/09/2015 12:00:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [5212 Bytes] - [24/08/2016 15:11:59]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [5279 Bytes] ##########Ok, re-run AdwCleaner and this time hit the clean button, after scanning. Then post the new log.
Also, you are using an outdated version of AdwCleaner.
It should be 6.010 you are using version 6.000. Download the newest version from Toolslib.net
It should be 6.010 you are using version 6.000. Download the newest version from Toolslib.net
Last edited:
- Status