Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Infected HP computer

  1. #1
    Member
    Join Date
    May 2009
    Posts
    32

    Default Infected HP computer

    Hello again, I think I got infected trying to download a repair manual. Hope I've got this right. Thanks in advance, You guys are awesome!

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17041
    Run by HP-1 at 19:58:13 on 2014-05-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1571 [GMT -4:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    c:\programdata\allaboutapp\sw-booster\SW-Booster.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.bing.com/
    mStart Page = hxxp://websearch.searchsun.info/?pid=2464&r=2014/05/14&hid=10398662062609684627&lg=EN&cc=US&unqvl=52
    uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Userinit = userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: save aneit: {2BEA4B86-9407-C692-3671-8E96C4F301C4} - C:\Program Files (x86)\save aneit\KHaB.dll
    BHO: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - <orphaned>
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
    BHO: {C2210FCF-FBF5-8B8D-569B-C67FDF4A5100} - <orphaned>
    BHO: {C89EA58C-3A51-2F17-2549-491D8F8F7EE1} - <orphaned>
    BHO: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - <orphaned>
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - <orphaned>
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe"
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRunOnce: [CryptoUpdate] C:\Windows\System32\rundll32.exe "C:\Users\HP-1\AppData\Roaming\Microsoft\Crypto\RSA\cert_v45_0.tpl",Crypt
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{8F45A79E-3270-4E9C-84B5-AA192F4ED359} : DHCPNameServer = 192.168.2.1
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    AppInit_DLLs= c:\progra~2\sw-boo~1\assist~1.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-BHO: save aneit: {2BEA4B86-9407-C692-3671-8E96C4F301C4} - C:\Program Files (x86)\save aneit\KHaB.x64.dll
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2014-4-3 98208]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-3 202752]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
    R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-4-4 2211000]
    R2 d0e87c27;SW-Sustainer;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
    R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-4-3 1153368]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2014-4-3 245792]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-4-3 38456]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-22 111616]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-5 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-4 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2014-05-17 23:49:22 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B83BD16-CAF0-44FF-80FF-8F7C7C8096CB}\offreg.dll
    2014-05-16 18:15:56 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B83BD16-CAF0-44FF-80FF-8F7C7C8096CB}\mpengine.dll
    2014-05-14 22:58:15 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-14 22:58:15 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-14 22:11:06 477184 ----a-w- C:\Windows\System32\aepdu.dll
    2014-05-14 22:11:06 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-05-14 19:11:29 -------- d-----w- C:\ProgramData\SNT
    2014-05-14 19:11:28 -------- d-----w- C:\Program Files (x86)\SNT
    2014-05-14 19:09:39 -------- d-----w- C:\Users\HP-1\AppData\Local\Programs
    2014-05-14 19:09:19 -------- d-----w- C:\ProgramData\AllaboutApp
    2014-05-14 19:09:09 -------- d-----w- C:\Program Files (x86)\SW-Booster
    2014-05-14 19:08:11 -------- d-----w- C:\ProgramData\YoutubeAdblocker
    2014-05-14 19:07:54 -------- d-----w- C:\Users\HP-1\AppData\Local\Packages
    2014-05-14 19:07:54 -------- d-----w- C:\ProgramData\save aneit
    2014-05-14 19:07:53 -------- d-----w- C:\Program Files (x86)\save aneit
    2014-05-14 19:07:37 -------- d-----w- C:\Users\HP-1\AppData\Local\Torch
    2014-05-14 19:07:37 -------- d-----w- C:\Users\HP-1\AppData\Local\Google
    2014-05-14 19:07:37 -------- d-----w- C:\Users\HP-1\AppData\Local\Comodo
    2014-05-14 19:07:37 -------- d-----w- C:\Users\HP-1\AppData\Local\Chromatic Browser
    2014-05-14 19:07:37 -------- d-----w- C:\ProgramData\d2808d5d71b70d18
    2014-05-14 19:06:39 -------- d-----w- C:\ProgramData\InstallMate
    2014-05-14 15:52:19 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
    2014-05-14 15:52:19 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
    2014-05-14 15:52:19 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
    2014-05-14 15:52:19 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
    2014-05-14 15:52:19 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
    2014-05-13 16:13:35 -------- d-----w- C:\Program Files (x86)\iPhoneSMSExport
    2014-05-13 16:08:00 -------- d-----w- C:\Users\HP-1\AppData\Local\Apple Computer
    2014-05-13 16:07:52 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2014-05-13 16:07:15 -------- d-----w- C:\Program Files\iPod
    2014-05-13 16:07:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-05-13 16:07:14 -------- d-----w- C:\Program Files\iTunes
    2014-05-13 16:07:14 -------- d-----w- C:\Program Files (x86)\iTunes
    2014-05-13 16:06:15 -------- d-----w- C:\Users\HP-1\AppData\Local\Apple
    2014-05-13 16:05:40 -------- d-----w- C:\Program Files\Bonjour
    2014-05-13 16:05:40 -------- d-----w- C:\Program Files (x86)\Bonjour
    2014-05-12 16:22:39 400168 ----a-w- C:\Windows\System32\SynCOM.dll
    2014-05-12 16:22:39 271144 ----a-w- C:\Windows\System32\SynCtrl.dll
    2014-05-12 16:22:39 215336 ----a-w- C:\Windows\System32\SynTPAPI.dll
    2014-05-12 16:22:39 214312 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
    2014-05-12 16:22:39 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
    2014-05-12 16:22:39 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
    2014-05-12 16:22:39 1390640 ----a-w- C:\Windows\System32\drivers\SynTP.sys
    2014-05-12 16:22:39 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
    2014-05-12 16:09:14 439808 ----a-w- C:\Windows\System32\athihvs.dll
    2014-05-12 16:09:14 -------- d-----w- C:\Windows\Options
    2014-05-08 13:48:42 227704 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2014-05-03 21:48:15 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
    2014-05-02 11:27:38 -------- d-s---w- C:\Windows\System32\CompatTel
    2014-04-26 15:20:43 -------- d-----w- C:\Users\HP-1\AppData\Roaming\HpUpdate
    2014-04-22 22:50:23 -------- d-sh--w- C:\Users\HP-1\AppData\Local\EmieUserList
    2014-04-22 22:50:23 -------- d-sh--w- C:\Users\HP-1\AppData\Local\EmieSiteList
    2014-04-18 01:33:14 -------- d-----w- C:\Windows\Migration
    .
    ==================== Find3M ====================
    .
    2014-05-14 14:23:20 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-05-14 14:23:20 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
    2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
    2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-04-06 22:26:39 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2014-04-06 01:29:47 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2014-04-06 01:29:47 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2014-04-03 22:21:42 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
    2014-04-03 22:21:41 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2014-04-03 22:21:41 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2014-04-03 22:12:23 0 ----a-w- C:\Windows\ativpsrm.bin
    2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
    2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
    2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
    2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
    2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
    2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
    2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
    2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
    2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
    2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2014-03-03 00:48:02 829264 ----a-w- C:\Windows\System32\msvcr100.dll
    2014-03-03 00:48:02 608080 ----a-w- C:\Windows\System32\msvcp100.dll
    2014-03-02 23:23:56 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
    2014-03-02 23:23:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
    .
    ============= FINISH: 19:58:56.57 ===============


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-05-17 20:02:31
    -----------------------------
    20:02:31.817 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:02:31.817 Number of processors: 2 586 0x603
    20:02:31.817 ComputerName: HP-1-HP UserName: HP-1
    20:02:33.080 Initialize success
    20:22:39.489 AVAST engine defs: 14051700
    20:25:53.709 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
    20:25:53.709 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 11
    20:25:53.865 Disk 0 MBR read successfully
    20:25:53.881 Disk 0 MBR scan
    20:25:53.881 Disk 0 unknown MBR code
    20:25:53.912 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    20:25:53.928 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287180 MB offset 409600
    20:25:53.974 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17761 MB offset 588554240
    20:25:53.990 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
    20:25:54.162 Disk 0 scanning C:\Windows\system32\drivers
    20:26:07.905 Service scanning
    20:27:01.491 Modules scanning
    20:27:01.507 Disk 0 trace - called modules:
    20:27:01.554 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
    20:27:01.569 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031b0060]
    20:27:01.585 3 CLASSPNP.SYS[fffff8800197543f] -> nt!IofCallDriver -> [0xfffffa80021d8b80]
    20:27:01.600 5 amdxata.sys[fffff880010727a8] -> nt!IofCallDriver -> \Device\00000054[0xfffffa800302c0e0]
    20:27:02.973 AVAST engine scan C:\Windows
    20:27:05.703 AVAST engine scan C:\Windows\system32
    20:31:30.253 AVAST engine scan C:\Windows\system32\drivers
    20:31:45.587 AVAST engine scan C:\Users\HP-1
    20:34:49.371 AVAST engine scan C:\ProgramData
    20:34:50.619 File: C:\ProgramData\AllaboutApp\SW-Booster\SW-Booster.exe **INFECTED** Win32:Agent-ASOC [Adw]
    20:35:38.761 Scan finished successfully
    20:36:56.746 Disk 0 MBR has been saved successfully to "C:\Users\HP-1\Desktop\MBR.dat"
    20:36:56.761 The log file has been saved successfully to "C:\Users\HP-1\Desktop\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    Download and run the free version of Malwarebytes. It will help clean stuff up and you can keep and use it as another antimalware app.

    Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.

    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform FULL SCAN, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    Post the log in your reply.

    Do you have a resident antivirus installed on your machine?
    How Can I Reduce My Risk?

  3. #3
    Member
    Join Date
    May 2009
    Posts
    32

    Default mwb log

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/19/2014
    Scan Time: 11:12:19 AM
    Logfile: 5-19-2014 mwb log.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.05.19.05
    Rootkit Database: v2014.03.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Chameleon: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: HP-1

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 279855
    Time Elapsed: 17 min, 9 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 1
    PUP.Optional.MultiPlug.A, C:\ProgramData\AllaboutApp\SW-Booster\SW-Booster.exe, 1764, Delete-on-Reboot, [f051a9aa5e1dd561c1e839f88879d62a]

    Modules: 1
    PUP.Optional.MultiPlug.A, C:\Program Files (x86)\save aneit\KHaB.dll, Delete-on-Reboot, [80c154ff413a6bcb996fae9ce02158a8],

    Registry Keys: 15
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\S-5944234096, Quarantined, [f051a9aa5e1dd561c1e839f88879d62a],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2BEA4B86-9407-C692-3671-8E96C4F301C4}, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2BEA4B86-9407-C692-3671-8E96C4F301C4}, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2BEA4B86-9407-C692-3671-8E96C4F301C4}, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\naet, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\naet.5.14, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\naet, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\naet.5.14, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{2BEA4B86-9407-C692-3671-8E96C4F301C4}, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{2BEA4B86-9407-C692-3671-8E96C4F301C4}\INPROCSERVER32, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1146045571-2913081947-568738549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2BEA4B86-9407-C692-3671-8E96C4F301C4}, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1146045571-2913081947-568738549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2BEA4B86-9407-C692-3671-8E96C4F301C4}, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{2BEA4B86-9407-C692-3671-8E96C4F301C4}, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{2BEA4B86-9407-C692-3671-8E96C4F301C4}, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.YoutubeAdblocker.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [90b1c98ab8c3c76f2264740289799070],

    Registry Values: 1
    Trojan.Agent.ED, HKU\S-1-5-21-1146045571-2913081947-568738549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|CryptoUpdate, C:\Windows\system32\rundll32.exe "C:\Users\HP-1\AppData\Roaming\Microsoft\Crypto\RSA\cert_v45_0.tpl",Crypt, Quarantined, [fe4323309fdc76c0698aed8ac43d47b9]

    Registry Data: 2
    Trojan.SProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~2\sw-boo~1\assist~1.dll, Good: (), Bad: (c:\progra~2\sw-boo~1\assist~1.dll),Replaced,[053c21323942241281e12b2f9869b44c]
    PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.searchsun.info/?pid...cc=US&unqvl=52, Good: (http://www.google.com), Bad: (http://websearch.searchsun.info/?pid...l=52),Replaced,[e859b1a254271f17ea7ed272778d29d7]

    Folders: 2
    PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SNT, Quarantined, [c180a1b20a71fb3bc8d18b120df523dd],
    PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker, Quarantined, [90b1c98ab8c3c76f2264740289799070],

    Files: 11
    PUP.Optional.MultiPlug.A, C:\ProgramData\AllaboutApp\SW-Booster\SW-Booster.exe, Delete-on-Reboot, [f051a9aa5e1dd561c1e839f88879d62a],
    Trojan.SProtector, C:\Program Files (x86)\SW-Booster\Assistant.dll, Delete-on-Reboot, [053c21323942241281e12b2f9869b44c],
    Trojan.SProtector, C:\Program Files (x86)\SW-Booster\AssistantSvc.dll, Delete-on-Reboot, [c57cc291532864d2016225352cd5b947],
    PUP.Optional.MultiPlug.A, C:\Program Files (x86)\save aneit\KHaB.dll, Delete-on-Reboot, [80c154ff413a6bcb996fae9ce02158a8],
    PUP.Optional.MultiPlug.A, C:\Program Files (x86)\save aneit\KHaB.x64.dll, Quarantined, [80c154ff413a6bcb996fae9ce02158a8],
    Trojan.Agent.ED, C:\Users\HP-1\AppData\Roaming\Microsoft\Crypto\RSA\cert_v45_0.tpl, Delete-on-Reboot, [fe4323309fdc76c0698aed8ac43d47b9],
    PUP.Optional.SWBooster.A, C:\Windows\Tasks\SW-Booster-S-5944234096.job, Quarantined, [5de4f65d3b400a2ca95c2868d72b13ed],
    PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SNT\kl8Zs4N.tlb, Quarantined, [c180a1b20a71fb3bc8d18b120df523dd],
    PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SNT\kl8Zs4N.dat, Quarantined, [c180a1b20a71fb3bc8d18b120df523dd],
    PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SNT\kl8Zs4N.dll, Quarantined, [c180a1b20a71fb3bc8d18b120df523dd],
    PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker\kDjuFAHVRi.exe, Quarantined, [90b1c98ab8c3c76f2264740289799070],

    Physical Sectors: 0
    (No malicious items detected)


    I got a warning on reboot that something wasn't found and I had to open the malwarebytes log from inside the program and export it.


    I have no antivirus installed



    Thanks

    (end)

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Ok lets get some AV installed then we can come back to where we started. Here are some free choices for AV. On my Window machines I have used Avria and Panda Cloud. But its just a personal preference. You could try them all out if you really wanted to and keep the one you like.....One at a time of course. In any case download one and get it installed and do a full sytem scan with it, then post back afterwards.

    Avria
    Avast
    AVG Free
    Bitdefender
    Comodo AV
    Panda Cloud AV
    Forticlient
    How Can I Reduce My Risk?

  5. #5
    Member
    Join Date
    May 2009
    Posts
    32

    Default Avira scan is clean!

    Installed Avira, scan looks good.



    Avira Free Antivirus
    Report file date: Tuesday, May 20, 2014 13:16


    The program is running as an unrestricted full version.
    Online services are available.

    Licensee : Avira Antivirus Free
    Serial number : 0000149996-AVHOE-0000001
    Platform : Windows 7 Home Premium
    Windows version : (Service Pack 1) [6.1.7601]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : HP-1-HP

    Version information:
    BUILD.DAT : 14.0.4.642 57086 Bytes 5/9/2014 11:16:00
    AVSCAN.EXE : 14.0.4.632 1030736 Bytes 5/9/2014 15:16:43
    AVSCANRC.DLL : 14.0.4.620 52304 Bytes 5/9/2014 15:16:43
    LUKE.DLL : 14.0.4.620 57936 Bytes 5/9/2014 15:16:56
    AVSCPLR.DLL : 14.0.4.620 89680 Bytes 5/9/2014 15:16:43
    AVREG.DLL : 14.0.4.632 261200 Bytes 5/9/2014 15:16:43
    avlode.dll : 14.0.4.638 583760 Bytes 5/9/2014 15:16:43
    avlode.rdf : 14.0.4.22 64276 Bytes 5/20/2014 01:49:45
    VBASE000.VDF : 7.11.70.0 66736640 Bytes 4/4/2013 15:16:59
    VBASE001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 15:16:59
    VBASE002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 15:16:59
    VBASE003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 15:16:59
    VBASE004.VDF : 7.11.91.176 3903488 Bytes 7/23/2013 15:16:59
    VBASE005.VDF : 7.11.98.186 6822912 Bytes 8/29/2013 15:16:59
    VBASE006.VDF : 7.11.139.38 15708672 Bytes 3/27/2014 15:16:59
    VBASE007.VDF : 7.11.145.136 2117120 Bytes 4/28/2014 15:16:59
    VBASE008.VDF : 7.11.145.137 2048 Bytes 4/28/2014 15:16:59
    VBASE009.VDF : 7.11.145.138 2048 Bytes 4/28/2014 15:16:59
    VBASE010.VDF : 7.11.145.139 2048 Bytes 4/28/2014 15:16:59
    VBASE011.VDF : 7.11.145.140 2048 Bytes 4/28/2014 15:16:59
    VBASE012.VDF : 7.11.145.141 2048 Bytes 4/28/2014 15:16:59
    VBASE013.VDF : 7.11.146.20 166912 Bytes 4/29/2014 15:16:59
    VBASE014.VDF : 7.11.146.131 194048 Bytes 5/1/2014 15:16:59
    VBASE015.VDF : 7.11.146.243 167936 Bytes 5/3/2014 15:16:59
    VBASE016.VDF : 7.11.147.97 122368 Bytes 5/5/2014 15:16:59
    VBASE017.VDF : 7.11.147.207 169472 Bytes 5/6/2014 15:16:59
    VBASE018.VDF : 7.11.148.61 174080 Bytes 5/8/2014 15:16:59
    VBASE019.VDF : 7.11.148.149 257024 Bytes 5/9/2014 01:49:48
    VBASE020.VDF : 7.11.148.241 135168 Bytes 5/12/2014 01:49:49
    VBASE021.VDF : 7.11.149.61 139264 Bytes 5/13/2014 01:49:50
    VBASE022.VDF : 7.11.149.169 160256 Bytes 5/15/2014 01:49:52
    VBASE023.VDF : 7.11.150.31 189440 Bytes 5/17/2014 01:49:55
    VBASE024.VDF : 7.11.150.119 157696 Bytes 5/20/2014 01:49:58
    VBASE025.VDF : 7.11.150.120 2048 Bytes 5/20/2014 01:49:58
    VBASE026.VDF : 7.11.150.121 2048 Bytes 5/20/2014 01:49:58
    VBASE027.VDF : 7.11.150.122 2048 Bytes 5/20/2014 01:49:59
    VBASE028.VDF : 7.11.150.123 2048 Bytes 5/20/2014 01:49:59
    VBASE029.VDF : 7.11.150.124 2048 Bytes 5/20/2014 01:49:59
    VBASE030.VDF : 7.11.150.125 2048 Bytes 5/20/2014 01:49:59
    VBASE031.VDF : 7.11.150.164 152064 Bytes 5/20/2014 15:39:25
    Engine version : 8.3.18.22
    AEVDF.DLL : 8.3.0.4 118976 Bytes 5/9/2014 15:16:42
    AESCRIPT.DLL : 8.1.4.204 528584 Bytes 5/20/2014 01:49:42
    AESCN.DLL : 8.3.0.2 135360 Bytes 5/9/2014 15:16:42
    AESBX.DLL : 8.2.20.24 1409224 Bytes 5/9/2014 15:16:42
    AERDL.DLL : 8.2.0.138 704888 Bytes 5/9/2014 15:16:42
    AEPACK.DLL : 8.4.0.24 778440 Bytes 5/20/2014 01:49:40
    AEOFFICE.DLL : 8.3.0.4 205000 Bytes 5/9/2014 15:16:42
    AEHEUR.DLL : 8.1.4.1066 6705352 Bytes 5/20/2014 01:49:35
    AEHELP.DLL : 8.3.0.0 274808 Bytes 5/9/2014 15:16:42
    AEGEN.DLL : 8.1.7.26 450752 Bytes 5/9/2014 15:16:42
    AEEXP.DLL : 8.4.1.312 569544 Bytes 5/9/2014 15:16:42
    AEEMU.DLL : 8.1.3.2 393587 Bytes 5/9/2014 15:16:42
    AECORE.DLL : 8.3.0.6 241864 Bytes 5/9/2014 15:16:42
    AEBB.DLL : 8.1.1.4 53619 Bytes 5/9/2014 15:16:42
    AVWINLL.DLL : 14.0.4.620 24144 Bytes 5/9/2014 15:16:44
    AVPREF.DLL : 14.0.4.632 50256 Bytes 5/9/2014 15:16:43
    AVREP.DLL : 14.0.4.620 219216 Bytes 5/9/2014 15:16:43
    AVARKT.DLL : 14.0.4.632 225872 Bytes 5/9/2014 15:16:43
    AVEVTLOG.DLL : 14.0.4.620 182352 Bytes 5/9/2014 15:16:43
    SQLITE3.DLL : 14.0.4.620 452176 Bytes 5/9/2014 15:16:58
    AVSMTP.DLL : 14.0.4.620 76368 Bytes 5/9/2014 15:16:43
    NETNT.DLL : 14.0.4.620 13392 Bytes 5/9/2014 15:16:57
    RCIMAGE.DLL : 14.0.4.620 4980816 Bytes 5/9/2014 15:16:57
    RCTEXT.DLL : 14.0.4.620 73296 Bytes 5/9/2014 15:16:58

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
    Reporting...........................: default
    Primary action......................: Interactive
    Secondary action....................: Ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Limit recursion depth...............: 20
    Smart extensions....................: on
    Macrovirus heuristic................: on
    File heuristic......................: extended

    Start of the scan: Tuesday, May 20, 2014 13:16

    Start scanning boot sectors:
    Boot sector 'HDD0(C:, D'
    [INFO] No virus was found!

    Starting search for hidden objects.

    The scan of running processes will be started:
    Scan process 'svchost.exe' - '59' Module(s) have been scanned
    Scan process 'svchost.exe' - '40' Module(s) have been scanned
    Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
    Scan process 'svchost.exe' - '95' Module(s) have been scanned
    Scan process 'svchost.exe' - '130' Module(s) have been scanned
    Scan process 'svchost.exe' - '81' Module(s) have been scanned
    Scan process 'svchost.exe' - '143' Module(s) have been scanned
    Scan process 'atieclxx.exe' - '30' Module(s) have been scanned
    Scan process 'svchost.exe' - '74' Module(s) have been scanned
    Scan process 'WLANExt.exe' - '35' Module(s) have been scanned
    Scan process 'conhost.exe' - '16' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '94' Module(s) have been scanned
    Scan process 'taskhost.exe' - '56' Module(s) have been scanned
    Scan process 'sched.exe' - '60' Module(s) have been scanned
    Scan process 'Dwm.exe' - '34' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '171' Module(s) have been scanned
    Scan process 'svchost.exe' - '66' Module(s) have been scanned
    Scan process 'armsvc.exe' - '28' Module(s) have been scanned
    Scan process 'AERTSr64.exe' - '8' Module(s) have been scanned
    Scan process 'avguard.exe' - '106' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '76' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '35' Module(s) have been scanned
    Scan process 'CinemanowSvc.exe' - '47' Module(s) have been scanned
    Scan process 'OfficeClickToRun.exe' - '98' Module(s) have been scanned
    Scan process 'avshadow.exe' - '29' Module(s) have been scanned
    Scan process 'svchost.exe' - '60' Module(s) have been scanned
    Scan process 'svchost.exe' - '50' Module(s) have been scanned
    Scan process 'HPWMISVC.exe' - '36' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '29' Module(s) have been scanned
    Scan process 'svchost.exe' - '23' Module(s) have been scanned
    Scan process 'svchost.exe' - '27' Module(s) have been scanned
    Scan process 'svchost.exe' - '39' Module(s) have been scanned
    Scan process 'Avira.OE.ServiceHost.exe' - '124' Module(s) have been scanned
    Scan process 'SDWinSec.exe' - '52' Module(s) have been scanned
    Scan process 'svchost.exe' - '42' Module(s) have been scanned
    Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '51' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '60' Module(s) have been scanned
    Scan process 'RtkNGUI64.exe' - '46' Module(s) have been scanned
    Scan process 'LightScribeControlPanel.exe' - '38' Module(s) have been scanned
    Scan process 'mnyexpr.exe' - '77' Module(s) have been scanned
    Scan process 'iCloudServices.exe' - '77' Module(s) have been scanned
    Scan process 'ApplePhotoStreams.exe' - '121' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '99' Module(s) have been scanned
    Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned
    Scan process 'hpwuschd2.exe' - '24' Module(s) have been scanned
    Scan process 'HPMSGSVC.exe' - '58' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '77' Module(s) have been scanned
    Scan process 'Avira.OE.Systray.exe' - '134' Module(s) have been scanned
    Scan process 'avgnt.exe' - '99' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '55' Module(s) have been scanned
    Scan process 'hpqwmiex.exe' - '46' Module(s) have been scanned
    Scan process 'iPodService.exe' - '33' Module(s) have been scanned
    Scan process 'svchost.exe' - '59' Module(s) have been scanned
    Scan process 'hpqSTE08.exe' - '62' Module(s) have been scanned
    Scan process 'hpqbam08.exe' - '34' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '106' Module(s) have been scanned
    Scan process 'hpqgpc01.exe' - '56' Module(s) have been scanned
    Scan process 'APSDaemon.exe' - '83' Module(s) have been scanned
    Scan process 'MOM.exe' - '69' Module(s) have been scanned
    Scan process 'CCC.exe' - '160' Module(s) have been scanned
    Scan process 'hpsa_service.exe' - '54' Module(s) have been scanned
    Scan process 'HPWA_Service.exe' - '71' Module(s) have been scanned
    Scan process 'RtVOsdService.exe' - '29' Module(s) have been scanned
    Scan process 'RtVOsd.exe' - '32' Module(s) have been scanned
    Scan process 'HPWA_Main.exe' - '89' Module(s) have been scanned
    Scan process 'avcenter.exe' - '118' Module(s) have been scanned
    Scan process 'avscan.exe' - '127' Module(s) have been scanned
    Scan process 'vssvc.exe' - '47' Module(s) have been scanned
    Scan process 'svchost.exe' - '28' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned
    Scan process 'csrss.exe' - '18' Module(s) have been scanned
    Scan process 'wininit.exe' - '26' Module(s) have been scanned
    Scan process 'csrss.exe' - '16' Module(s) have been scanned
    Scan process 'services.exe' - '33' Module(s) have been scanned
    Scan process 'lsass.exe' - '66' Module(s) have been scanned
    Scan process 'lsm.exe' - '16' Module(s) have been scanned
    Scan process 'winlogon.exe' - '31' Module(s) have been scanned

    Starting to scan executable files (registry):
    The registry was scanned ( '2134' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    Begin scan in 'D:\' <RECOVERY>


    End of the scan: Tuesday, May 20, 2014 14:46
    Used time: 1:29:30 Hour(s)

    The scan has been done completely.

    29507 Scanned directories
    981380 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 Files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    981380 Files not concerned
    3441 Archives were scanned
    0 Warnings
    0 Notes
    1055970 Objects were scanned with rootkit scan
    0 Hidden objects were found


    Thanks! What's next?

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Ok good. Based on what MBAM found you can run Adwcleaner:

    Please download [URL="http://www.bleepingcomputer.com/download/adwcleaner/dl/125/"]AdwCleaner to your desktop.
    Rt click and select run as admin.
    Click on SCAN. Once the scan completes, click on report.
    Please copy/paste the report in your next reply.
    Exit Adwcleaner with File>Exit.
    How Can I Reduce My Risk?

  7. #7
    Member
    Join Date
    May 2009
    Posts
    32

    Default AdwCleaner log

    # AdwCleaner v3.210 - Report created 20/05/2014 at 21:17:56
    # Updated 19/05/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : HP-1 - HP-1-HP
    # Running from : C:\Users\HP-1\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Found : C:\Program Files (x86)\save aneit
    Folder Found : C:\Program Files (x86)\SW-Booster
    Folder Found : C:\ProgramData\save aneit
    Folder Found : C:\ProgramData\SNT
    Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
    Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ancoojpdihofopaphknkbacijhcimokf
    Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjdokncjbcfcpjafkaoflkkhjlbnojj
    Folder Found : C:\Users\Administrator\AppData\Local\torch
    Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
    Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ancoojpdihofopaphknkbacijhcimokf
    Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjdokncjbcfcpjafkaoflkkhjlbnojj
    Folder Found : C:\Users\Guest\AppData\Local\torch
    Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
    Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ancoojpdihofopaphknkbacijhcimokf
    Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjdokncjbcfcpjafkaoflkkhjlbnojj
    Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
    Folder Found : C:\Users\HP-1\AppData\Local\Chromatic Browser
    Folder Found : C:\Users\HP-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ancoojpdihofopaphknkbacijhcimokf
    Folder Found : C:\Users\HP-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjdokncjbcfcpjafkaoflkkhjlbnojj
    Folder Found : C:\Users\HP-1\AppData\Local\torch

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL
    Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\RegisteredApplicationsEx
    Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
    Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
    Key Found : HKLM\Software\SW-Booster
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17041


    -\\ Google Chrome v

    *************************

    AdwCleaner[R0].txt - [4634 octets] - [20/05/2014 21:17:56]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4694 octets] ##########

  8. #8
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok good.Now rerun adwcleaner like before and after the scan is finished this time click on the clean button to remove all the items it found.
    How Can I Reduce My Risk?

  9. #9
    Member
    Join Date
    May 2009
    Posts
    32

    Default adwcleaner clean log

    # AdwCleaner v3.210 - Report created 21/05/2014 at 11:47:49
    # Updated 19/05/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : HP-1 - HP-1-HP
    # Running from : C:\Users\HP-1\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\SNT
    Folder Deleted : C:\ProgramData\save aneit
    Folder Deleted : C:\Program Files (x86)\SW-Booster
    Folder Deleted : C:\Program Files (x86)\save aneit
    Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
    Folder Deleted : C:\Users\Administrator\AppData\Local\torch
    Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
    Folder Deleted : C:\Users\Guest\AppData\Local\torch
    Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
    Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
    Folder Deleted : C:\Users\HP-1\AppData\Local\Chromatic Browser
    Folder Deleted : C:\Users\HP-1\AppData\Local\torch
    Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ancoojpdihofopaphknkbacijhcimokf
    Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ancoojpdihofopaphknkbacijhcimokf
    Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ancoojpdihofopaphknkbacijhcimokf
    Folder Deleted : C:\Users\HP-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ancoojpdihofopaphknkbacijhcimokf
    Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjdokncjbcfcpjafkaoflkkhjlbnojj
    Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjdokncjbcfcpjafkaoflkkhjlbnojj
    Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjdokncjbcfcpjafkaoflkkhjlbnojj
    Folder Deleted : C:\Users\HP-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjdokncjbcfcpjafkaoflkkhjlbnojj

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKCU\Software\RegisteredApplicationsEx
    Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Key Deleted : HKLM\Software\SW-Booster
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17041


    -\\ Google Chrome v

    *************************

    AdwCleaner[R0].txt - [4786 octets] - [20/05/2014 21:17:56]
    AdwCleaner[R1].txt - [4846 octets] - [21/05/2014 11:41:07]
    AdwCleaner[S0].txt - [4714 octets] - [21/05/2014 11:47:49]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4774 octets] ##########



    done

  10. #10
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok, good. So hows it all looking on your end now?
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •