Over 1 million tech questions and answers.

After 2 scans AdwCleaner and Mbam keep finding adware

Q: After 2 scans AdwCleaner and Mbam keep finding adware

A computer at my job has several pieces of adware on it, most notably the Premier Opinion adware. I ran Malwarebytes and AdwCleaner and BitDefender Free twice, but the adware seems to still be present. I am currently running Eset Online Scanner but it seems to crash at about 60%. Resource Monitor says Eset is running normally, but it does not respond and it's GUI elements get a black border around most of them, similar to when a program crashes and the GUI does not respond. When Eset "crashes" it reports 10 infections found. I turned off BitDefender free while Eset was running, since Eset warns of a conflict with it, but that may have caused the problem. I noticed something was wrong when I saw that the search engines AdwC deleted from Chrome were there again at the next scan. Same thing with Mbam, it found more after it had done its Threat Scan. I have every log AdwC and Mbam created.
 
FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Administrator (administrator) on DKP-WIN-ARASV (24-08-2016 16:10:04)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: triboadmin & ArashVafanejad & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nipalsm.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nidevldu.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nipxism.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Viber Media S.Ã  r.l.) C:\Users\Administrator\AppData\Local\Viber\Viber.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Oracle Corporation) C:\Xilinx\xic\tps\win64\jre\bin\java.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(ESET spol. s r.o.) C:\Users\ArashVafanejad\Downloads\esetonlinescanner_enu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [niDevMon] => C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe [119120 2014-02-12] (National Instruments Corporation)
HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [269704 2014-07-31] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD)
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\...\Run: [Viber] => C:\Users\Administrator\AppData\Local\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.Ã  r.l.)
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\...\Run: [UM] => C:\Users\Administrator\AppData\Roaming\Update Manager\UM.EXE
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\...\MountPoints2: {1360f218-6530-11e5-9da9-448a5b8b8e0c} - E:\LG_PC_Programs.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-12-01]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xilinx Information Center.lnk [2015-05-21]
ShortcutTarget: Xilinx Information Center.lnk -> C:\Xilinx\xic\xic.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-07-31]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-09-11]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4692B750-DE88-4DCF-9163-745AF5604B24}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting (64-bit).lnk [2014-10-14]
ShortcutTarget: NI Error Reporting (64-bit).lnk -> C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2014-09-24]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-07-31]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\ArashVafanejad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-05-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\ArashVafanejad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\ArashVafanejad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xilinx Information Center.lnk [2015-05-21]
ShortcutTarget: Xilinx Information Center.lnk -> C:\Xilinx\xic\xic.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{29604E1F-8553-46B0-B9A3-D68B4E86A4D9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{29604E1F-8553-46B0-B9A3-D68B4E86A4D9}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2710881768-1854469066-2913613117-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7640acd9&q={searchTerms}
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7640acd9&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2710881768-1854469066-2913613117-500 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7640acd9&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-11-19] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\09rqsds6.default
FF DefaultSearchEngine.US: Yahoo!
FF Homepage: hxxp://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-7640acd9
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll [2013-01-24] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll [2011-08-29] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2014-05-13] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2014-04-02] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2014win32.dll [2014-06-25] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2014win64.dll [2014-06-25] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPLV80Win32.dll [2006-01-23] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll [2007-02-08] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\09rqsds6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-31]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=523482&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Honey) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-08-24]
CHR Extension: (Google Cast) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-08-24]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-08-24]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-24]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (NPR: News, Music and Books) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcamfjcklnmlbokoackecfjidfjafgog [2015-05-13]
CHR Extension: (StayFocusd) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-05-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-17]
CHR Extension: (The Independent) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai [2016-08-24]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-24]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-24]
CHR HKU\S-1-5-21-2710881768-1854469066-2913613117-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-02] (Bitdefender)
R2 hasplms; C:\Windows\system32\hasplms.exe [4608320 2014-11-27] (SafeNet Inc.)
S2 IBG_gds_db; C:\Program Files (x86)\Embarcadero\Studio\15.0\InterBaseXE3\bin\ibguard.exe [636744 2014-05-14] (Embarcadero Technologies, Inc.)
S3 IBS_gds_db; C:\Program Files (x86)\Embarcadero\Studio\15.0\InterBaseXE3\bin\ibserver.exe [5489992 2014-05-14] (Embarcadero Technologies, Inc.)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-01-14] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53032 2014-06-09] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84280 2014-06-07] (National Instruments Corporation)
R2 ni488enumsvc; C:\Windows\SysWOW64\nipalsm.exe [19280 2014-06-05] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2014-06-10] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2014-06-10] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [569152 2014-06-20] (National Instruments Corporation)
R2 nidevldu; C:\Windows\SysWOW64\nidevldu.exe [103800 2014-06-13] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 niLXIDiscovery; C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [383352 2014-06-13] (National Instruments Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177536 2014-06-19] (National Instruments Corporation)
R2 nipxirmu; C:\Windows\SysWOW64\nipxism.exe [20816 2014-01-09] (National Instruments Corporation)
S3 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [39232 2014-06-18] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2014-06-06] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2014-06-10] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [692040 2014-06-10] (National Instruments Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-04-17] (Qualcomm Atheros) [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2014-11-27] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2014-11-27] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2014-11-27] (SafeNet Inc.)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [82096 2014-04-10] (Qualcomm Atheros, Inc.)
S2 cvintdrv; C:\Windows\SysWow64\Drivers\cvintdrv.sys [4096 2005-10-18] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-11-27] (SafeNet Inc.)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [129200 2014-03-27] (Qualcomm Atheros, Inc.)
S3 lvalarmk; C:\Windows\system32\drivers\lvalarmk.sys [27528 2014-06-13] (National Instruments Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
S3 ni1045k; C:\Windows\system32\drivers\ni1045kl.sys [12984 2014-05-16] (National Instruments Corporation)
S3 ni1065k; C:\Windows\system32\drivers\ni1065k.sys [30032 2014-05-16] (National Instruments Corporation)
S3 nicdcck; C:\Windows\system32\drivers\nicdcckl.sys [15192 2014-04-29] (National Instruments Corporation)
S3 nicdrk; C:\Windows\system32\drivers\nicdrkl.sys [15192 2014-04-29] (National Instruments Corporation)
S3 nicmrk; C:\Windows\system32\drivers\nicmrkl.sys [15208 2014-06-10] (National Instruments Corporation)
S3 nicondrk; C:\Windows\system32\drivers\nicondrkl.sys [15176 2014-05-06] (National Instruments Corporation)
S3 nicsrk; C:\Windows\system32\drivers\nicsrkl.sys [15176 2014-06-24] (National Instruments Corporation)
R3 nidimk; C:\Windows\system32\drivers\nidimkl.sys [15200 2014-03-13] (National Instruments Corporation)
S3 nidmxfk; C:\Windows\system32\drivers\nidmxfkl.sys [15176 2014-06-25] (National Instruments Corporation)
S3 nidsark; C:\Windows\system32\drivers\nidsarkl.sys [15184 2014-04-29] (National Instruments Corporation)
S3 niemrk; C:\Windows\system32\drivers\niemrkl.sys [15176 2014-05-02] (National Instruments Corporation)
S3 niemrkw; C:\Windows\System32\DRIVERS\niemrkw.sys [14664 2014-05-02] (National Instruments Corporation)
S3 niesrk; C:\Windows\system32\drivers\niesrkl.sys [15176 2014-05-02] (National Instruments Corporation)
R3 NIEthernetDeviceEnumerator; C:\Windows\System32\DRIVERS\niede.sys [38064 2012-01-12] (National Instruments Corporation)
S3 nifslk; C:\Windows\system32\drivers\nifslkl.sys [15192 2014-03-14] (National Instruments Corporation)
S3 nihorbrk; C:\Windows\system32\drivers\nihorbrkl.sys [15176 2014-05-02] (National Instruments Corporation)
S3 nihsdrk; C:\Windows\system32\drivers\nihsdrkl.sys [14168 2014-06-27] (National Instruments Corporation)
S3 nihsdrkw; C:\Windows\System32\DRIVERS\nihsdrkw.sys [13656 2014-06-27] (National Instruments Corporation)
R3 nimdbgk; C:\Windows\system32\drivers\nimdbgkl.sys [15200 2014-03-13] (National Instruments Corporation)
R3 nimru2k; C:\Windows\system32\drivers\nimru2kl.sys [15200 2014-03-13] (National Instruments Corporation)
S3 nimsdrk; C:\Windows\system32\drivers\nimsdrkl.sys [15232 2014-06-13] (National Instruments Corporation)
S3 nimstsk; C:\Windows\system32\drivers\nimstskl.sys [15200 2014-06-12] (National Instruments Corporation)
R3 nimxdfk; C:\Windows\system32\drivers\nimxdfkl.sys [15184 2014-03-13] (National Instruments Corporation)
S3 nimxpk; C:\Windows\system32\drivers\nimxpkl.sys [15208 2014-06-12] (National Instruments Corporation)
S3 ninshsdk; C:\Windows\system32\drivers\ninshsdkl.sys [15200 2014-04-01] (National Instruments Corporation)
S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [15184 2014-03-12] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [15232 2014-06-05] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [773464 2014-06-05] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [15224 2014-06-05] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [19288 2014-02-28] (National Instruments Corporation)
R0 nipxibaf; C:\Windows\System32\drivers\nipxibaf.sys [89992 2014-06-12] (National Instruments Corporation)
R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [70336 2014-05-16] (National Instruments Corporation)
S3 nipxifpk; C:\Windows\system32\drivers\nipxifpk.sys [37272 2013-09-10] (National Instruments Corporation)
S3 nipxigpk; C:\Windows\system32\drivers\nipxigpk.sys [22680 2011-08-09] (National Instruments Corporation)
R2 nipxirmk; C:\Windows\system32\drivers\nipxirmkl.sys [15184 2014-01-09] (National Instruments Corporation)
S3 niraptrk; C:\Windows\system32\drivers\niraptrkl.sys [15176 2014-05-06] (National Instruments Corporation)
S3 niscdk; C:\Windows\system32\drivers\niscdkl.sys [15216 2014-04-29] (National Instruments Corporation)
R0 nischifk; C:\Windows\System32\Drivers\nischifk.sys [66936 2014-06-11] (National Instruments Corporation)
S3 nisdigk; C:\Windows\system32\drivers\nisdigkl.sys [15192 2014-05-02] (National Instruments Corporation)
S3 nisftk; C:\Windows\system32\drivers\nisftkl.sys [15184 2014-04-01] (National Instruments Corporation)
S3 nismbusk; C:\Windows\System32\DRIVERS\nismbus.sys [255848 2014-06-05] (National Instruments Corporation)
S3 nispdk; C:\Windows\system32\drivers\nispdkl.sys [15216 2014-04-29] (National Instruments Corporation)
S3 nissrk; C:\Windows\system32\drivers\nissrkl.sys [15176 2014-05-02] (National Instruments Corporation)
S3 nistc2k; C:\Windows\system32\drivers\nistc2kl.sys [15152 2014-04-29] (National Instruments Corporation)
S3 nistc3rk; C:\Windows\system32\drivers\nistc3rkl.sys [15168 2014-04-29] (National Instruments Corporation)
S3 nistcrk; C:\Windows\system32\drivers\nistcrkl.sys [15200 2014-04-29] (National Instruments Corporation)
R2 nistreamk; C:\Windows\System32\drivers\nistreamkl.sys [24912 2014-06-04] (National Instruments Corporation)
S3 niswdk; C:\Windows\system32\drivers\niswdkl.sys [15176 2014-06-23] (National Instruments Corporation)
S3 nitfurk; C:\Windows\system32\drivers\nitfurkl.sys [15216 2014-05-02] (National Instruments Corporation)
S3 nitiork; C:\Windows\system32\drivers\nitiorkl.sys [15200 2014-04-29] (National Instruments Corporation)
S3 niufurk; C:\Windows\system32\drivers\niufurkl.sys [15392 2014-06-24] (National Instruments Corporation)
R3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [15200 2014-06-13] (National Instruments Corporation)
R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [15200 2014-06-13] (National Instruments Corporation)
S3 niwfrk; C:\Windows\system32\drivers\niwfrkl.sys [15176 2014-05-02] (National Instruments Corporation)
S3 nixfmrrk; C:\Windows\system32\drivers\nixfmrrkl.sys [15184 2014-05-06] (National Instruments Corporation)
S3 nixsrk; C:\Windows\system32\drivers\nixsrkl.sys [15176 2014-05-02] (National Instruments Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 usb6xxxkw; C:\Windows\System32\DRIVERS\usb6xxxkw.sys [14640 2014-05-09] (National Instruments Corporation)
S3 Usbtmc; C:\Windows\System32\Drivers\ausbtmc.sys [24064 2013-10-07] (IVI Foundation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-12-11] (VIA Technologies, Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2015-04-21] (Jungo)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [297984 2013-12-11] (VIA Technologies, Inc.)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2015-04-21] (Xilinx, Inc.)
S3 cpuz137; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-24 16:10 - 2016-08-24 16:10 - 00038789 _____ C:\Users\Administrator\Downloads\FRST.txt
2016-08-24 16:09 - 2016-08-24 16:10 - 00000000 ____D C:\FRST
2016-08-24 16:08 - 2016-08-24 16:08 - 02396672 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2016-08-24 09:37 - 2016-08-24 09:37 - 04002104 _____ (Secunia) C:\Users\ArashVafanejad\Downloads\PSISetup.exe
2016-08-24 09:34 - 2016-08-24 09:34 - 00000000 ____D C:\Users\ArashVafanejad\AppData\Local\ESET
2016-08-24 09:34 - 2016-08-24 09:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\ESET
2016-08-24 09:25 - 2016-08-24 09:25 - 11438608 _____ (SurfRight B.V.) C:\Users\ArashVafanejad\Downloads\HitmanPro_x64.exe
2016-08-24 09:22 - 2016-08-24 09:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ArashVafanejad\Downloads\iExplore.exe
2016-08-24 09:22 - 2016-08-24 09:22 - 00002352 _____ C:\Users\Administrator\Desktop\Rkill.txt
2016-08-24 09:08 - 2016-08-24 09:08 - 06761600 _____ (ESET spol. s r.o.) C:\Users\ArashVafanejad\Downloads\esetonlinescanner_enu.exe
2016-08-23 17:19 - 2016-08-23 17:19 - 00000225 _____ C:\Windows\pxisys.ini
2016-08-23 17:19 - 2016-08-23 17:19 - 00000216 _____ C:\Windows\pxiesys.ini
2016-08-23 16:38 - 2016-08-23 16:38 - 03784256 _____ C:\Users\ArashVafanejad\Downloads\adwcleaner_6.000.exe
2016-08-23 16:18 - 2016-08-24 15:47 - 00000000 ____D C:\AdwCleaner
2016-08-23 16:17 - 2016-08-23 16:17 - 03784256 _____ C:\Users\triboadmin\Downloads\adwcleaner_6.000.exe
2016-08-23 16:16 - 2016-08-23 16:16 - 13990599 _____ C:\Users\triboadmin\Downloads\CrystalDiskInfo7_0_2Shizuku (1).zip
2016-08-23 16:16 - 2016-08-23 16:16 - 00000000 ____D C:\Users\triboadmin\Downloads\CrystalDiskInfo7_0_2Shizuku
2016-08-23 16:16 - 2016-08-23 16:16 - 00000000 ____D C:\Users\triboadmin\AppData\Roaming\WinRAR
2016-08-23 16:15 - 2016-08-23 16:16 - 13990599 _____ C:\Users\triboadmin\Downloads\CrystalDiskInfo7_0_2Shizuku.zip
2016-08-23 16:12 - 2016-08-23 16:12 - 00638872 _____ (CEZEO software Ltd. ) C:\Users\triboadmin\Downloads\ssdready.exe
2016-08-23 16:07 - 2016-08-23 16:07 - 00000223 _____ C:\Users\ArashVafanejad\.octave_hist
2016-08-23 15:11 - 2016-08-23 16:10 - 00000000 ____D C:\Program Files\Recuva
2016-08-23 15:11 - 2016-08-23 15:11 - 00000000 __SHD C:\Users\triboadmin\AppData\Local\EmieUserList
2016-08-23 15:11 - 2016-08-23 15:11 - 00000000 __SHD C:\Users\triboadmin\AppData\Local\EmieSiteList
2016-08-23 15:11 - 2016-08-23 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-08-23 15:11 - 2016-07-28 12:14 - 05473600 _____ (Piriform Ltd) C:\Users\triboadmin\Downloads\recuva_setup153.exe
2016-08-23 15:09 - 2016-08-23 15:09 - 00000000 ____D C:\Users\triboadmin\AppData\Roaming\Sun
2016-08-23 15:09 - 2016-08-23 15:09 - 00000000 ____D C:\Users\triboadmin\AppData\LocalLow\Sun
2016-08-23 15:04 - 2016-08-23 15:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2016-07-26 15:38 - 2016-07-26 16:54 - 00407844 _____ C:\Windows\ntbtlog.txt
2016-07-26 11:04 - 2016-07-26 11:04 - 00000000 ____D C:\Users\triboadmin\.oracle_jre_usage
2016-07-26 11:02 - 2016-08-23 16:12 - 00002259 _____ C:\Users\triboadmin\Desktop\Google Chrome.lnk
2016-07-26 11:02 - 2016-08-23 16:11 - 00000000 ____D C:\Users\triboadmin\AppData\Local\Google
2016-07-26 11:02 - 2016-07-26 11:04 - 00000000 ____D C:\Users\triboadmin
2016-07-26 11:02 - 2016-07-26 11:02 - 00093224 _____ C:\Users\triboadmin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-26 11:02 - 2016-07-26 11:02 - 00001417 _____ C:\Users\triboadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-26 11:02 - 2016-07-26 11:02 - 00000020 ___SH C:\Users\triboadmin\ntuser.ini
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 _SHDL C:\Users\triboadmin\My Documents
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 _SHDL C:\Users\triboadmin\Documents\My Videos
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 _SHDL C:\Users\triboadmin\Documents\My Pictures
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 _SHDL C:\Users\triboadmin\Documents\My Music
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Roaming\ControlCenter4
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Roaming\ATI
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Roaming\Adobe
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Local\VirtualStore
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Local\National Instruments
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Local\ATI
2016-07-26 11:02 - 2016-07-26 11:02 - 00000000 ____D C:\Users\triboadmin\AppData\Local\AMD
2016-07-26 11:02 - 2014-09-24 18:21 - 00002100 _____ C:\Users\triboadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-24 15:48 - 2016-05-09 11:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-24 15:36 - 2014-09-10 20:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-24 15:33 - 2014-09-11 18:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-24 13:36 - 2014-09-10 20:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-24 12:23 - 2014-09-22 09:50 - 00000000 ___RD C:\Users\Administrator\Google Drive
2016-08-24 12:22 - 2016-04-29 10:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Viber
2016-08-24 12:22 - 2015-09-21 12:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ViberPC
2016-08-24 12:21 - 2015-07-13 08:40 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-08-24 12:20 - 2015-11-19 10:28 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-08-24 12:20 - 2015-09-21 12:26 - 00000000 ____D C:\Users\Administrator\Documents\ViberDownloads
2016-08-24 12:20 - 2015-06-03 15:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2016-08-24 12:20 - 2015-05-21 16:28 - 00000000 ____D C:\ProgramData\Xilinx
2016-08-23 17:26 - 2009-07-13 21:45 - 00029952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-23 17:26 - 2009-07-13 21:45 - 00029952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-23 17:24 - 2009-07-13 22:13 - 00801722 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-23 17:24 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-08-23 17:19 - 2015-01-20 16:52 - 00000000 ____D C:\ProgramData\Embarcadero
2016-08-23 17:18 - 2010-11-21 00:16 - 00000000 ____D C:\Windows\CSC
2016-08-23 17:18 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-23 16:23 - 2014-09-11 08:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-08-23 16:10 - 2014-09-24 17:57 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-23 16:08 - 2014-09-24 17:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-23 16:07 - 2016-05-09 10:43 - 00000000 ____D C:\Users\ArashVafanejad
2016-08-23 16:00 - 2016-05-09 10:59 - 00000000 ____D C:\Users\ArashVafanejad\AppData\Local\{35150349-11BD-6FF1-7C25-4A19584DB681}
2016-08-23 16:00 - 2016-03-29 12:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\{35150349-11BD-6FF1-7C25-4A19584DB681}
2016-08-16 03:37 - 2014-09-22 09:49 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-08-16 03:37 - 2014-09-22 09:49 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-08-16 03:37 - 2014-09-22 09:49 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-08-16 03:37 - 2014-09-22 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-10 09:40 - 2014-09-10 20:24 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-04 17:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-04 14:32 - 2016-05-09 10:52 - 00000000 ____D C:\Users\ArashVafanejad\Desktop\Arash
2016-08-04 01:12 - 2015-11-03 12:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Telegram Desktop
2016-08-02 17:58 - 2016-05-09 10:52 - 00000903 _____ C:\Users\ArashVafanejad\Desktop\Electrical Engineering - Shortcut.lnk
2016-08-02 17:58 - 2016-05-09 10:52 - 00000757 _____ C:\Users\ArashVafanejad\Desktop\COMSOL - Shortcut.lnk
2016-07-28 13:31 - 2014-09-10 20:23 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 13:31 - 2014-09-10 20:23 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 11:57 - 2016-05-09 10:50 - 00005168 _____ C:\Users\ArashVafanejad\AppData\Roaming\LTspiceIV.ini
2016-07-26 11:00 - 2016-06-30 15:27 - 00056579 _____ C:\Users\ArashVafanejad\Desktop\Experiment Paschen's curve.pxp
2016-07-26 11:00 - 2016-06-30 15:23 - 00133041 _____ C:\Users\ArashVafanejad\Desktop\test1.xlsx
 
==================== Files in the root of some directories =======
 
2016-03-31 14:34 - 2016-03-31 14:34 - 0000068 _____ () C:\Users\Administrator\AppData\Roaming\Camdata.ini
2016-03-31 14:34 - 2016-03-31 14:34 - 0000408 _____ () C:\Users\Administrator\AppData\Roaming\CamLayout.ini
2016-03-31 14:34 - 2016-03-31 14:34 - 0000408 _____ () C:\Users\Administrator\AppData\Roaming\CamShapes.ini
2016-03-31 14:34 - 2016-03-31 14:34 - 0004536 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.cfg
2016-03-30 14:23 - 2016-03-30 14:23 - 0000000 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.Producer.Data.ini
2016-03-30 14:23 - 2016-03-30 14:23 - 0001205 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.Producer.ini
2014-09-23 18:13 - 2016-05-09 10:37 - 0005168 _____ () C:\Users\Administrator\AppData\Roaming\LTspiceIV.ini
2014-09-11 18:45 - 2014-09-11 19:03 - 1701856 ____T (CPUID) C:\Users\Administrator\AppData\Roaming\siw_sdk.dll
2016-03-29 12:28 - 2016-03-29 12:28 - 0000096 _____ () C:\Users\Administrator\AppData\Roaming\version2.xml
2016-03-29 13:29 - 2016-04-13 00:29 - 0000139 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG
2014-12-30 12:35 - 2015-01-05 15:38 - 0000666 _____ () C:\Users\Administrator\AppData\Local\CastleLinkProps.dat
2014-09-11 08:21 - 2014-09-11 08:21 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Driver_LOM_8161Present.flag
2015-08-05 15:30 - 2015-08-05 15:30 - 0032200 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2015-09-15 12:43 - 2015-09-15 12:43 - 0007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2016-05-09 11:05 - 2016-05-09 11:05 - 0176387 _____ () C:\ProgramData\1462817062.bdinstall.bin
 
Files to move or delete:
====================
C:\Users\Administrator\siw.exe
 
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3tbhce.dll
C:\Users\Administrator\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\setup.exe
C:\Users\ArashVafanejad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3tbhce.dll
C:\Users\ArashVafanejad\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\ArashVafanejad\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\ArashVafanejad\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\ArashVafanejad\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\ArashVafanejad\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\ArashVafanejad\AppData\Local\Temp\setup.exe
C:\Users\triboadmin\AppData\Local\Temp\libeay32.dll
C:\Users\triboadmin\AppData\Local\Temp\msvcr120.dll
C:\Users\triboadmin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-23 18:12
 
==================== End of FRST.txt ============================I can't find where to attach my Addition.txt. Has it been moved or something?
 
Addition.txt attached.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: After 2 scans AdwCleaner and Mbam keep finding adware

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 80

Got a popup window in Firefox browser from MP3 link stating computer had been infected and needed to call a number right away.  Opening additional tabs to search the internet produced successive popups.  I downloaded MBAM to a thumb drive on a different computer and installed on infected laptop.  Ran Threat Scan and nothing was put into quarantine - no threats found.  When I opened Firefox, the popups were still there.  Next, I uninstalled Mozilla Firefox using Revo Uninstaller.  Currently using the Microsoft Edge browser.
 
Operating system is Windows 10 Home, Intel Celeron 1005M 1.90GHz, 4GB RAM, x64.
 
How can I be sure there is no malware on my computer since MBAM did not detect it?  Was the adware only embedded in the browser?

A:MBAM not finding know adware

Hello and welcome to BC,
 
Probably some extension in FF caused your problems. 
 
You should do an adware check.
 
ESET Online Scanner
§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.
§  Disable all your antivirus and antimalware software - see how to do that here.
§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
§  Select Enable detection of potentially unwanted applications.
§  Click Advanced Settings, then place a checkmark in the following:
o    Remove found threats
o    Scan archives
o    Scan for potentially unsafe applications
o    Enable Anti-Stealth technology
§  Click Start to begin scanning.
§  ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
§  When the scan is done, click List threats (only available if ESET Online Scanner found something).
§  Click Export, then save the file to your desktop.
§  Click Back, then Finish to exit ESET Online Scanner.
-------
 
Please download AdwCleaner by Xplode onto your desktop... Read more

Read other 6 answers
RELEVANCY SCORE 62.4

Okay, so I detected a few PUP items with MBAM, and had them quarantined. After I did that I downloaded AdwCleaner and ran it, which brought up a few items. AdwCleaner rebooted my system to finish cleaning, but when I opened MBAM a few moments later i noticed the quarantine was empty. Is it possible AdwCleaner wiped the quarantined items in Malwarebytes?

A:Did AdwCleaner clear my MBAM quarantine?

Did you check AdwCleaner's report log?When AdwCleaner is first run, all report logs, AdwCleaner[SX].txt and AdwCleaner[CX].txt are saved to C:\AdwCleaner. Just open Windows Explorer, navigate to that location and open the AdwCleaner folder.Alternatively you can press the WINKEY + R keys on the keyboard or click the Start Orb > Run...in the Open dialog box, type: C:\AdwCleanerClick OK or press Enter and the folder containing your logs will open.Open AdwCleaner[CX].txt to view the contents of the log.

Read other 5 answers
RELEVANCY SCORE 62

I'm a professional computer guy and I have been noticing lately that machines I have been using adwcleaner on have increasing had issues after clean/reboot process. I've had at least 4 in the last couple weeks come back with the network disabled or windows services damaged. I'm not sure if this is a result of the virus removal process or if a change was made to adwcleaner but I've had to go as far as system restore on a couple of machines. Has anyone else noticed this?

A:increasing number of issues after adwcleaner scans

bump

Read other 3 answers
RELEVANCY SCORE 61.2

I scanned my PC (Windows 8.1) with AdwCleaner and it found this stuff in my browsers:
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ Plik : C:\Users\zzz\AppData\Roaming\Mozilla\Firefox\Profiles\ulybqgjj.default\prefs.js ]
 
-\\ Google Chrome v36.0.1985.125
 
[ Plik : C:\Users\zzz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
When I try to delete them, AdwCleaner removes them successfully but then they show up again in the next scan. Is this something to worry about? I'm not very tech savvy and wanted to be sure.

A:AdwCleaner keeps finding these two

Those two are not files that are removed. They are the locations in your 2 browsers that AdwCleaner scanned for adware.
 
Are you having a problem with adware....browser/ search engine redirects/ hijacking....popups?

Read other 12 answers
RELEVANCY SCORE 59.6

Hi- I'm hoping you can help me.... I run Adwcleaner and keep getting the following result, even after cleaning and rebooting.  I have tried running combofix, norton power eraser, junkware removal tool, combo fix, Norton full system scan, Malwarebytes Anti-Malware with "rootkit scan" option checked, Sophos virus removal tool, Emsisoft Emergency Kit, Emsisoft online scanner,  Eset... .... and I'm sure more!!  Pretty much everything I could find on these forums.  The only software that detects this issue is Adwcleaner. All the other programs display "no viruses found."  Is it an issue?  Help!! Thank so much in advance.
 
# AdwCleaner v4.113 - Logfile created 26/03/2015 at 14:42:47
# Updated 22/03/2015 by Xplode
# Database : 2015-03-26.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Tom - TOM-PC-OFFICE
# Running from : C:\Users\Tom\Downloads\AdwCleaner (1).exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2... Read more

A:Only Adwcleaner finding this issue -- is this a virus?

Hi & to Bleeping Computer Forums!

 
Is it an issue?
No. It's the Norton Toolbar:

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)

Read other 6 answers
RELEVANCY SCORE 59.6

I scanned with AdwCleaner and it came up with delta homepage on google chrome. I choosed clean, then it rebooted,scanned again to make sure nothing was left and when i opened chrome it gave an error saying my prefference file is invalid. I had to log on back on my google account, waited until it synced my extensions, i scanned again and it found delta again. Here are the logs :
 
 AdwCleaner v4.200 - Logfile created 06/04/2015 at 20:55:38
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Home - HOME-PC
# Running from : C:\Users\Home\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=3CCFC0CB3830A5CD&affID=123884&tsp=4973
[C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
*************************
 
AdwCleaner[R0].txt - [466 bytes] - [02/04/2015 17:06:20]
AdwCleaner[R10].txt - [23483 bytes] - [05/0... Read more

A:AdwCleaner keeps finding delta homepage

Check if the link to Chrome is not corrupt ( roght-click>propreties then is the path to the program : c:/Program file (x86)/Google/Chrome/Chrome.exe" <= verify that is blanc after chrome.exe (the patch to chrome may be different.)

Read other 4 answers
RELEVANCY SCORE 59.2

Yesterday, I mistakenly opened one shitty website that tried to install addons but failed cuz i got ublock origin, scriptsafe and https everywhere, it managed to block it i think and for the sake of trust i ran adwcleaner which found 4 threats, trovi trovi start up urls and avg... i did everything couldnt remove them and reinstalled windows now i installed google chrome agian ran adwcleaner and found the same things... what to do? help
 

Read other answers
RELEVANCY SCORE 59.2

I cannot get MBAM or Ad-Aware to run until completion. They hang about three minutes into each scan. Box is acting a little slow. Here is HiJack This log.
 

Read other answers
RELEVANCY SCORE 59.2

I've followed the S.M.A.R.T. removal instructions carefully, scanning with mbam in safe mode (and rebooting in safe mode) but mbam finds the same infections with each successive scan. Reboot into normal mode brings up the dreaded S.M.A.R.T. warning window again, along with about 20 "System Message: write fault error" warning boxes. (I shut down with the off button at that point.)

I should note that when I run rkill the log gives me 3 blank lines (rather than a file name) after "Processes terminated by Rkill or while it was running:" (Normal?)

Thanks in advance for your help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Admin04 at 16:13:46 on 2012-04-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8151.6617 [GMT -5:00]
.
AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Sunbelt VIPRE *Enabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Window... Read more

A:S.M.A.R.T. infection persists after 4 mbam scans

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. Please do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send ... Read more

Read other 46 answers
RELEVANCY SCORE 58.4

Long time lurker, first time poster.
 
I used my wifes computer last night for the first time in a couple weeks, and noticed that when I'd click the scoll bar or really anything on the screen in Chrome, it would generate a new tab for an ad.  Also, when I was searching for a belt for our eXmark, it would show a drop down box from the top from Foxydeal or something like that, even on eBay.  
 
I checked the ad/remove programs for any new programs, and found nothing.  Looked in the C: program folders for anything new or suspicious and didn't see anything.  I have ran 2 full scans with Malwarebytes Premium with no luck.  We also run MBam Anti Exploit. Since they didn't pick up anything, I dl'd HJT.  HJT said that it couldn't modify host files and I needed to do it if anything came up, but I think I'm missing something.  I'm probably not reading the logfile correctly.  
 
Thanks in advance for the help!  
 
Computer is running Win 8.1.  Below is the logfile:
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:15:29 PM, on 6/3/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
CHROME: 1.5.1383.0
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files... Read more

A:MBam not catching Adware cause, Adware getting worse

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery... Read more

Read other 13 answers
RELEVANCY SCORE 57.6

I'm trying to get rid of some obvious malware on my friend's computer. As the topic says, he is having Google, Yahoo, etc. search redirects. There are most likely some other problems as Malwarebytes, HijackThis!, and DDS will close upon starting a scan (even in safe mode.) Where should I go from here?

Thanks for your help!

A:Search Redirects/MBAM, HJT, and DDS closing after scans start

Hello RedPenumbra See if this will run:Download GMER's application from here:http://www.gmer.net/gmer.zipUnzip it and start the GMER.exeClick the Rootkit tab and click the Scan button.Once done, click the Copy button.This will copy the results to your clipboard.Paste the results in your next reply.Thanks,tea

Read other 1 answers
RELEVANCY SCORE 57.6

as title ive been using various methods removing a virus on a pc which also hid the contents of program files and folders..

i (think) ive had some success as xp loads and programs and files are visible and accessible again, but now internet explorer wont open.. the browser flashes up for a split second then disappears..

any and all help/suggestions are gratly appreciated.. many thanks in advance

A:internet explorer wont open after mbam/sas scans

just want to bump this thread..

and also to add that another symton of this virus is that the desktop background cant be altered at all..

can anyone please assist me in getting rid of my problems?! or if any other forum members have similar infections i'd appreciate any info..

kind regards..

Read other 2 answers
RELEVANCY SCORE 57.2

So basically what keeps happening is while Chrome is open, it will open a new tab with some Adware garbage like you need to update Flash or you won a gift card kind of things. Not too annoying, but what I have come to notice over the span of two weeks is that if I do not scan and remove it with ADWCleaner and let it keep doing it for a few days, eventually it will just start spamming new tabs to someone website. So basically it gets worse over time if I don't mitigate it with ADWCleaner. I've never seen something like this, I usually am capable of getting rid of stuff like this, but this ones stubborn! I've reinstalled Chrome several times, and used Chromes Clean-up Tool as well multiple times and its never found anything. The only thing that temporarily seems to help is using ADWCleaner, but it just comes back in a matter of hours.
 

Read other answers
RELEVANCY SCORE 57.2

My computer runs windows vista SP2 32 bit.
 
I was trying to get help on how to fix the problem of the 0x80096001 error that pops up when I try to update windows vista and microsoft security essentials here:
 
http://www.bleepingcomputer.com/forums/t/532226/is-there-a-virus-that-causes-windows-vista-error-code-0x80096001/
 
Someone told me to make a new thread here because I might need some experts on this.
 
Here is the situation here.
 
The scans, like Malwarebytes full scan, ESET scan, seatools short scan, all lead to the 0x000000F4 blue screen of death,  It is pretty much described in the link above.
 

 
A problem has been detected an windows has been shut down to prevent damage to your computer.
 
A process or thread crucial to system operation has unexpectedly exited or been terminated.
 
If this is the first time you've seen this stop error screen, restart your computer.  If this screen appears again, follow these steps:
 
Check to make sure any new hardware or software is properly installed.  If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.
 
If problems continue, disable or remove any newly installed hardware or software.  Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced startup Options, and then select Safe ... Read more

A:Can't update windows, blue screen during MBAM and ESET scans

Attach.txt log
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/7/2009 9:35:04 AM
System Uptime: 4/28/2014 2:38:28 AM (9 hours ago)
.
Motherboard: PEGATRON CORPORATION          |  | F50SV     
Processor: Pentium® Dual-Core CPU       T4200  @ 2.00GHz | CPU 1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 49.892 GiB free.
D: is FIXED (NTFS) - 105 GiB total, 33.375 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader X (10.0.1)
Apple Application Support
Apple Software Update
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear eXtreme
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Touch Pad Extra
ASUS Virtual Camera
Asus_Camera_ScreenSaver
Atheros Client Installation Program
A... Read more

Read other 52 answers
RELEVANCY SCORE 56.8

I have a particularly robust and intrusive adware on Firefox that I just can't get rid of and I'm now really concerned.
When opening new tabs, after a few seconds things start to freeze, I am getting ads for the following coming up:
Reimageplus
As well as a mock warning that I've entered blue screen mode with a looped audio message saying my windows security has been compromised. With a url of windowscrashreport.co/uk0803/new_blue_3407/
What else can I do
It tries to connect to as viva.kamaihd.net every time.
I have also tried finding a secret program on Control Panel
I am operating Windows 10 with Windows Defender.
Thank you

A:Adware that malwarebytes and adwcleaner is not able to get rid of

distantcousin:
to the Bleeping Computer Am I Infected Forum. My name is Phil, and if you would permit, since we will be working together, I would like to address you by your first name, if that is alright with you.
I am sorry to hear of the issues you are having with your computer. ReimagePlus is classified as adware and is a PUP (potentially unwanted program). In your case, it is definitely unwanted. You can see more information on the thread here.
Let's do an online scan to check for anything more nefarious on your computer, and follow that with a Malwarebytes scan and clean which "should" resolve the problem. If not, there are other adware removal utilities available that we can use.
ESET Online Scanner using Internet Explorer:Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.
*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
Remove found threats
Sc... Read more

Read other 3 answers
RELEVANCY SCORE 56.4

I have a Win 7 64bit system that is having it's IE searches redirected.

McAfee (paid) running and up to date (not my pc so not my choice of AV) lol

MBam has been run finding no results and is running active blocking the redirects.

Eset scan found and deleted 3 hits in C:\Users\%NAME%\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\781da39f-1e8fc94d Java/TrojanDownloader.Agent.NBU trojan

Tdsskiller - Nothing found

Sophos Anti-Rootkit - Nothing found

SAS also run.

Any assistance is greatly appreciated. I'll be activly watching the thread.

A:Searches being redirected, scans not finding much.

Malware topic here: http://www.bleepingcomputer.com/forums/topic378556.htmlNow that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MR Team member is already assisting you and not open the thread to respond.To avoid co... Read more

Read other 1 answers
RELEVANCY SCORE 56.4

Hi guys,
I am certain that i have malware on my system but a few of the malware programs are not able to find anything.
 
Some of the recent symptoms...
 
Windows has been getting repeated blue screen crashes (very regularly...perhaps as often as ever 10 minutes at times)
System is taking an unusually lengthy period of time to startup to windows login screen,
Windows login is taking  a couple of minutes to get to desktop (and this is very unusual for this computer system)
when system is logged in but not actually being used directly, the hdd light activity is almost continuous...except when i hit ctl  alt delete to go to task manger the activity almost immediately ceases and returns to normal prior to the task manager window appearing 
When the system is logged off, i notice that the hdd light is running almost continuously...if i unplug the ethernet cable, it stops
i get app crashes repeatedly, however not the same one...after a restart a different application will crash (sometimes its IE, google chrome, firefox, windows explorer, norton antivirus, etc etc)
After startup, sometimes the antivirus software is disabled in the task manager even though its set to auto load when windows starts.
Windows defender is currently disabled (which may be as result of having norton 360 installed im not sure)
I have had an infection on one of the drives that is in this system before (only a month or so ago) and cannot be sure it was completely removed last time.
... Read more

A:Im sure i am infected but scans are not finding the malware

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkma... Read more

Read other 18 answers
RELEVANCY SCORE 56.4

I've ran MBAM, ESET SS, Superantispyware and combofix and I've found dozens to hundreds of problems on each scan. It seems like I'm shooting in the dark and not getting anywhere with something new popping up. Im running XP media center sp3. any ideas where to go from here?

A:Finding 100s of malware on scans

Hello would you post the MBam and Eset logs so we can get an idea of what was here and your operating system.

Read other 15 answers
RELEVANCY SCORE 56

My browser keeps redirecting me to various ad vendors such as optmz, onclickads, etc. I have tried runing Adwcleaner and Malwarebytes but they do not pick up anything suspicious. Any help on cleaning the computer would be appreciated.

Read other answers
RELEVANCY SCORE 56

I've removed DefaultSearch program multiple times, but it keeps coming back. Also, each time I startup the computer for the last two weeks, I am getting one or more net.exe command shells running. I've read the posting instructions and tried to follow them.
 
I'm pasting the results of dds.  Thanks so much for your help!
 
********
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 1.6.0_71
Run by ****** at 12:00:23 on 2014-08-14
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8052.5653 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\... Read more

A:MBAM keeps finding DefaultSearch after removing it

Hi sammykady,
Welcome to the BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
My name is Mako and I will be helping you with your computer problems.
Before we begin, please note the following:
Please stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
The instructions given are for your system only!
Please do not run any tools until requested! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
If you don't understand something don't hesitate to ask before running the tools.
As you may have noticed: I live in Belgium. Meaning that due to the time difference it can take some time before I'm able to get back to you. Please allow me 24h to reply to your topic before sending me a PM or giving this topic a bump.
Now let's get started...  ====Removing the Search Protect program==== 
 
Go to Start > Control Panel > Software and delete the following programs (if present):
 
Search Protect
 
 
 ======Zoek.exe======

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html
Download zoek.exe to your desktop
If Internet Explorer, any other browser, or a security program issues a warning indicating the ... Read more

Read other 10 answers
RELEVANCY SCORE 56

I was online earlier and when i was done i did my routine update and full mbam scan and it found this backdoor.celofot and it said it was successfully removed so just to be sure i did a quick scan and it found it again, and my CA security didn't find anything. I was wondering if you guys can help me remove this since I'm not very computer smart. I would be grateful if someone could help me with this.

mbam log

Malwarebytes' Anti-Malware 1.44
Database version: 3896
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

3/21/2010 7:41:58 PM
mbam-log-2010-03-21 (19-41-58).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 241867
Time elapsed: 1 hour(s), 1 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protect_ie (Backdoor.Celofot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

A:MBAM keeps finding Backdoor.Celefot

research leads me to believe its a false positive. it showed up on my mbam scan as well.

Read other 6 answers
RELEVANCY SCORE 56

First off, Hello! I am new here, and want to give all the staff a great big THANK YOU for volunteering your time helping folks.
I myself have learned a TON from reading the topics here, and hope to learn a great deal more.

I have included the information asked for by Rimmer in my signature to help with identifying my system specs, etc.

A while back, I was using Norton 360 and got infected with some malware, mainly Alureon.BC and Alureon.BJ.
That prompted me to switch to WindowsLive OneCare and also supplement with Mbam, which has been working great.

My Mbam scans and OneCare scans are coming back clean, but...

From time to time as I research more on malware removal techniques, I download and test out scanning tools to
make sure my protection software isnt missing things. My system seems to be running ok, but I have scanned
with Rootkit Revealer, as well as Gmer and found some odd looking stuff...

Mainly, I noticed a slew of entries in the scan that were similar to the following:

Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 1

I followed the steps in Grinler's preparation post, and downloaded and ran DDS. That seemed to work fine.
I will post the DDS log as well as attach my attach.txt below.

I tried running RootRepeal, and upon selecting Report, and clicking Scan, and selecting the items and drives,
the program said "Initializing, please wait..." and ... Read more

A:Mbam Scans clean, but gmer finds odd stuff and rootrepeal locks up my system

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 36 answers
RELEVANCY SCORE 56

I was sent here by boopme (moderator) and asked to post a RootRepeal log. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/254641/unknown-virus-disabling-security-and-hacking-firefox-ie/ ~ OB RootRepeal stops scanning when looking at C:\System Volume Information when I used the method mentioned on your front page. However, I've been able to run separate scans, except scanning "Files", that won't work.Drivers scan:ROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2009/09/04 16:58Program Version: Version 1.3.5.0Windows Version: Windows XP SP2==================================================Drivers-------------------Name: 1394BUS.SYSImage Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYSAddress: 0xB80B8000 Size: 53248 File Visible: - Signed: -Status: -Name: ACPI.sysImage Path: ACPI.sysAddress: 0xB7E61000 Size: 187776 File Visible: - Signed: -Status: -Name: ACPI_HALImage Path: \Driver\ACPI_HALAddress: 0x804D7000 Size: 2142208 File Visible: - Signed: -Status: -Name: AegisP.sysImage Path: C:\WINDOWS\system32\DRIVERS\AegisP.sysAddress: 0xB8458000 Size: 18720 File Visible: - Signed: -Status: -Name: afd.sysImage Path: C:\WINDOWS\System32\drivers\afd.sysAddress: 0xB46F3000 Size: 138496 File Visible: - Signed: -Status: -Name: apoc6gxa.SYSImage Path: C:\WINDOWS\System32\Drivers\apoc6gxa.SYSAddress: 0xB6AE1000 Size: 225280 File Visible: - Signed: -Status: -Name: arp1394.sysImage Path: C:\WINDOWS\system32\DRIVERS\arp1394.sysAddre... Read more

A:Critter preventing HijackThis/MBAM/online scans/Spybot/AVG and hijacking Firefox and IE.

Hello mononc,Let's begin....==========Step 1Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) "%userprofile%\desktop\win32kdiag.exe" -f -r into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. ==========Step 2Please do this: Click on the Start button, then click on Run... In the empty "Open:" box provided, type cmd and press EnterThis will launch a Command Prompt window (looks like DOS). Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

copy C:\WINDOWS\system32\logevent.dll C:\ /y
In the Command Prompt window, paste the copied text by right-clicking and selecting Paste. Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
NOTE[: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #3) won't work if the file copy was not successful. Exit the Command Prompt window.==========Step 3 Warning to others reading this thread!: The Avenger is a VERY POWERFUL program, and can easily be misused.Certain misuses of this program can prevent your system from ever starting again.For this reason, it is strongly recommended to use The Avenger on... Read more

Read other 44 answers
RELEVANCY SCORE 55.6

I am brand new to bleeping computer and have tried to resolve my issue without creating another post, but have had no luck. 
I have a brand new (4 days) windows 8 machine that is getting tab popups in Chrome and IE asking me to update drivers, flash player, or update Chrome. I was having the same trouble on my old laptop and could never get rid of it. I have transferred no files from the old computer to this new one. I have run Malwarebytes, am currently running AVG and just like with my old laptop, no scan reveals anything amiss. 
This is driving me crazy! Any help would be greatly appreciated. Thanks!!!

A:Continual Popups, No Scans Finding Malware

Also, other computers in my office are getting the same popups. I'm getting the popups at home and at the office.

Read other 37 answers
RELEVANCY SCORE 55.6

Hi, I've been having some problems with my computer ever since I got some alerts from Norton internet security that intrusion attempts had been made.
 
For example when I go to the hotmail log in page in IE8 there is just a blank white screen, and youtube videos just show as a black box. Other web sites have similar problems. My broadband speed has also become very slow, at only 0.19 mbps when it should be at least 2 mbps (although this might not be related, could be a separate fault on the phone line). I have also noticed that software I've installed recently is not listed in the add/remove programs list in the control panel, so I can't uninstall it.
 
I have Norton internet security running with live update, I have Spywareblaster installed, and I have run scans with AdAware, Malwarebytes Anti-Malware, Super Antispyware, Windows Defender, and online virus scanners from Panda, trend micro housecall, ESET, Kaspersky and probably some others I've forgotten now!
 
None of the scans have found anything except some tracking cookies, so what can I do now? Should I do a Hijack this log or some other advanced stuff? Could someone guide me through what to do?
 
The computer is an old desktop with Intel pentium 4 3.06Ghz CPU, 512mb RAM and Windows XP with SP3. 
 
Thanks for your help 

A:Think I'm infected, but virus/malware scans not finding anything

Did you tried TDSSKiller?
 
 Running TDSSKiller to obtain log
 
Note: Don't cure or delete a threat, but choose skip for all instead.
Please download TDSSKiller from here and save it to your Desktop
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

In the Additional options: Check Detect TDLFS file system
Click Start Scan and allow the scan process to run

Choose for all threats to Skip for all of them.
Click Continue
Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

Read other 7 answers
RELEVANCY SCORE 55.6

Hello,
I'm new to the site. I have a Windows 8 desktop that is having problems with the SAPE.Browsefox.345 and SAPE.Browsefox.33a pop ups. Does AdwCleaner help resolve this adware issue? Thank you. 
 
MrV757

A:Does AdwCleaner help remove SAPE.Browsefox Adware?

to Bleeping Computer.AdwCleaner is a portable adware cleaner created by Xplode (a BC Security Colleague) that is designed to search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers , browser extensions, add-ons/plug-ins, browser helper objects (BHOs) and other junkware to include related registry entries (values, keys). AdwCleaner will remove all traces of these types of programs which includes related services, registry entries (values, keys), files, folders and potentially unwanted extensions.However, wWith most Adware/Junkware/PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features (Add/Remove Programs) in Control Panel or an alternative third party uninstaller like Revo. In many cases, using the uninstaller of the adware not only removes it more effectively, but it also restores many changed configuration settings.After uninstallation, then you can run specialized tools like Malwarebytes Anti-Malware, AdwCleaner and JRT (Junkware Removal Tool) to fix any remaining entries they may find. These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants. They also remove related files and folders to include those within the AppData folder and elsewhere.

Read other 2 answers
RELEVANCY SCORE 55.6

PEOPLE,YOU SHOULD TRY AdwCleaner! 
 
AdwCleaner is the only malware tool that worked for me!!!!
I am so glad i have visited the site of Bleeping Computer.com!
After trying many other possible options- free downloaded from Internet i finally found what worked for me! I also just read that Bleeping Computer.com is being sued from SPYHunter (  ) i should give them my opinion too:
 
SHAME ON YOU SPYHUNTER- for there is nothing easy or free on your tool!  
 
PEOPLE, YOU SHOULD GET THAT SPYHUNTER ARE NOT FREE AND WILL BRING YOU ONLY HEADACHE, BUT NOT HELP!
Here is what it did the job for me, after i had my browser hijacked for 2 days!
 Clean the new and suspicious installed programs and extensions (with Control Panel or Chrome Settings)
 With IObit Malware Powerful Uninstall remove all the left particles and sub folders (again with Control Panel)
Download and install AdwCleaner    and scan with it!  VOILA !!!! R E A D Y!
So according to me AdwCleaner is the :
EASIEST
QUICKEST
FRIENDLIEST
UNPRETENTIOUS-T
AND UNHARMFUL -EST!  browser hijack removal tool!
 

Read other answers
RELEVANCY SCORE 55.6

I have a dell xps 12 64-bit with windows 8.1, and is infected with the adware in the title.  Machine won't allow adwcleaner to work ("this app doesn't work on this pc"), attach files to this post, and times out when trying to "post new topic."
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Steve (administrator) on ULTRASHARIK on 23-01-2015 11:15:04
Running from C:\Users\Steve\Downloads
Loaded Profiles: Steve (Available profiles: Steve)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.... Read more

A:Infected with Adware gen and asg, Windows 8.1 won't accept adwcleaner

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_633] => [X]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
ShortcutTarget: GameHugArcadeApp.lnk -> C:\Users\Steve\AppData\Roaming\GameHugArcade\GameHug Arcade\GameHugArcadeApp.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
HKU\S-1-5-21-1376318163-4... Read more

Read other 6 answers
RELEVANCY SCORE 55.6

PEOPLE,YOU SHOULD TRY AdwCleaner! 
 
AdwCleaner is the only malware tool that worked for me!!!!
I am so glad i have visited the site of Bleeping Computer.com!
After trying many other possible options- free downloaded from Internet i finally found what worked for me! I also just read that Bleeping Computer.com is being sued from SPYHunter (  ) i should give them my opinion too:
 
SHAME ON YOU SPYHUNTER- for there is nothing easy or free on your tool!  
 
PEOPLE, YOU SHOULD GET THAT SPYHUNTER ARE NOT FREE AND WILL BRING YOU ONLY HEADACHE, BUT NOT HELP!
Here is what it did the job for me, after i had my browser hijacked for 2 days!
 Clean the new and suspicious installed programs and extensions (with Control Panel or Chrome Settings)
 With IObit Malware Powerful Uninstall remove all the left particles and sub folders (again with Control Panel)
Download and install AdwCleaner    and scan with it!  VOILA !!!! R E A D Y!
So according to me AdwCleaner is the :
EASIEST
QUICKEST
FRIENDLIEST
UNPRETENTIOUS-T
AND UNHARMFUL -EST!  browser hijack removal tool!
 

A:AdwCleaner is the BEST free Adware/PUP removal tool

Hello,
 
Glad to see that you've found AdwCleaner helpful

Read other 1 answers
RELEVANCY SCORE 55.6

On a machine running Windows 7 64-bit Home Edition, a few days ago I ran a MalwareBytes Anti-Rootkit scan. That scan found Trojan siredef.c. After that was apparently resolved, I ran a full MalwareBytes Anti-Malware scan which reported two infected files which it removed.
 
Since then I been running further scans using MalwareBytes Anti-Malware and MalwareBytes Anti-Rootkit and a couple other anti-spyware/malware apps. I have run scans in both normal Windows mode and Safe Mode.
 
The scans have yet to come back completely clean. Some files were quarantined in the early scans, and it seems like scans later have mostly been removing registry keys, thought tonight a scan reported an infected pref.js files in a subdirectory that had a very long pathname. The same scan also detected and quarantined two registry keys that had the word "payload" in them (eek!).
 
I feel like I'm on a path where I need some help with a fairly deep possible infection and could use some help. Thank you in advance.

A:Iteratively finding possible infections with MBAM and MBAR

 
 
As you are badly infected, please follow the instructions in the Preparation Guide  starting at Step #6.
 
When you have created the necessary logs, start a new topic  HERE 
 
..... and post the required logs to your new topic .  (You will also find this link at Step 7 in the Preparation Guide).   The Malware Response Team Experts from the Virus, Trojan, Spyware, and Malware Removal Logs forum will attend to your topic from thereon.
(Windows 8.1 Users will not be able to create DDS Logs)=> Continue if you cannot finish any step -
         Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.
 After doing this, please reply back in this thread with a link to the new topic so we can close this one.
Above All...DO NOT add any replies to your topic....Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member... Read more

Read other 3 answers
RELEVANCY SCORE 55.6

I had a call from ISP NOC that something was generating 70,000 daily emails but they could not provide further, so I spent a good period of time locating the offending PC, ran Mbam rebooted, ran follow-up scan.. several hours later several items are again found and cleaned, but obiviously not gone.I then ran DDS as instructed and have several times attempted to run GMER with repeated blue screens or scan stops on its own.The only other steps I have taken are to block certain ports on the router to at least stop the SMTP flow of the malware.. a plug in the dam until I can fix the actual problem. Will continue to attempt GMER scan, but could use a leg up on this. +4hr 38min runtime on GMER.. still working through files, but hasn't blown up. Thanks in Advance - Jeff $---------------------------------------------------------------[MBAM Report 1] Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4310Windows 5.1.2600 Service Pack 2Internet Explorer 7.0.5730.117/13/2010 4:48:19 PMmbam-log-2010-07-13 (16-48-19).txtScan type: Quick scanObjects scanned: 223798Time elapsed: 26 minute(s), 39 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 4Registry Data Items Infected: 2Folders Infected: 0Files Infected: 4Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:H... Read more

A:A/V and Mbam repeatedly finding ndis.sys infected

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 24 answers
RELEVANCY SCORE 55.6

On a machine running Windows 7 64-bit Home Edition, a few days ago I ran a MalwareBytes Anti-Rootkit scan. That scan found Trojan siredef.c. After that was apparently resolved, I ran a full MalwareBytes Anti-Malware scan which reported two infected files which it removed.
 
Since then I been running further scans using MalwareBytes Anti-Malware and MalwareBytes Anti-Rootkit and a couple other anti-spyware/malware apps. I have run scans in both normal Windows mode and Safe Mode.
 
The scans have yet to come back completely clean. Some files were quarantined in the early scans, and it seems like scans later have mostly been removing registry keys, thought tonight a scan reported an infected pref.js files in a subdirectory that had a very long pathname. The same scan also detected and quarantined two registry keys that had the word "payload" in them (eek!).
 
I believe the machine is massively infected and I thank you in advance for your help. The DDS.txt log file is pasted below, and attach.txt is attached.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by g1g2 at 21:58:46 on 2013-12-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5943.3890 [GMT -6:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fa... Read more

A:Iteratively finding possible infections with MBAM and MBAR

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517600 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 16 answers
RELEVANCY SCORE 55.6

Hello all....LONG time visitor/reader....first time poster. This one has me stumped. I have a Gateway laptop...Windows XP home. My computer recently had ANTIVIRUS 2009 after my friend borrowed and got it infected. It was terrible, but it was able to connect to the net still. I downloaded and installed and ran Malwarebytes and it immediately found the rogue program. It finished and I proceeded to remove it with the program. It restarted and poof it was gone. Now, Windows will NOT recognize any wireless networks or connect to any wifi internet connections. The device manager sees that the card is turned on and working properly. My other PC still recognizes the network and connects just fine and dandy. But not the "fixed" laptop. Please help...ANY input will be greatly appreciated and I hope to be fortunate enough to solve this problem. Thanks!

A:Xp Not Finding Wireless Networks After Mbam Usage!

Hello Triplesixkoe,Can you connect to the internet through wired interface?If so I would run some free online virus scanners.1.Eset2.Kaspersky3.Bitdefender4.Panda5.McAfeeThe event viewer may give some more information.1. Click Start select run2. Type eventvwr.exe3. Press enter4. Search through the groups for errors and warnings.5. Double click on each error and or warning.6. Locate the copy to clipboard button, (under the two arrows)7. Let us know what you find. (paste the results)Some devices may not be working correctly, check the Device Manager.1. Click Start then run2. Type devmgmt.msc and press enter3. Look through the list for yellow or red marks next to the entries.4. Let us know what you find.

Read other 3 answers
RELEVANCY SCORE 54.8

Evertime I run it MBAM it comes back with a couple infections 1)c:\WINDOWS\system32\KgursnD.dll (Backdoor.PcClient) -> Delete on reboot. 2):\WINDOWS\system32\KgursnD.dll (Backdoor.PcClient) -> Delete on reboot.
c:\WINDOWS\system32\drivers\PCIDump.sys (Password.Stealer) -> Quarantined and deleted successfully.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by HP_Administrator at 13:40:28.35 on Tue 03/22/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.71 [GMT -7:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT... Read more

A:mbam keeps finding backdoor pc client &password stealer

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Before we can continue, please post a fresh DDS log back here. If you have log of mbam scan then I would like to see it too!

Read other 17 answers
RELEVANCY SCORE 54.8

Wow active community here.

Windows Vista home 64 bit
Amd quad core processor
NVIDIA geforce 9600GT

I'll keep it simple:
Few days ago my computer crashed with a bsod (0x0000000a). Kept happening on every attempt to reboot. Finally got in via safemode and ran mbam. It found and removed some trojans but I still couldn't run in normal mode without getting bsods.

Went into msconfig and told comp to boot up with limited services. That finally allowed me to be on the comp with no errors. But obviously with all services shut off i cant do much or access the internet. When I turn the services on and reboot I get more bsods and the cycle happens again. I gather something is up with one, or several, of the config services and that's why my comp functions fine when I disable them all.

Had to do a system restore back to last week and now mbam isn't up to date but like I mentioned, I can't get online to update it cause when I turn on the config services needed for internet in I get a bsod crash.

Basically:
Services disabled= I can boot up comp and dont crash.
Services enabled = immidiate bsod crash on login

Am posting here fom a cell phone.
How am I going to get online to dl hijackthis,etc and post it here?

Any ideas??

Ty
 

Read other answers
RELEVANCY SCORE 54

First off, a big THANK YOU to flrman1 and others who have grown my PC IQ exponentially. If you teach a man to fish, he won't come back to the boards seeking advice...

Well, maybe just not as much.
After great advice regarding protection (Norton, Previx, Spybot, AdAware, Shredder, HijackThis, etc.) my SP2 PC is nearly clean.

However, AntiVirus picks up the same adware every day during its scan.

I've tried to remove them manually but most are either protected or don't show up when I search.

Any advice on how to remove these for good?

bb[1].exe
cnbabeie.exe
Dc10.exe
Dc16.exe
Dc18.exe
exul1.exe
GetXML[1].xml
msbb[1].exe
QDow_AS2.dll
SAHUninstall_.exe
thin-8-1-x-x.exe
thin.dll
WebRebates_Auto_InstallSilent.exe
WUInst.dll

adv.exe
adx.exe
bargains.exe
exdl.exe
exul.exe
javexulm.vxd
mqexdlm.srg
msbe.dll
tb_setup.exe
Thanks,

Turboguy
 

A:Adware After Scans?

Read other 15 answers
RELEVANCY SCORE 54

Got a new XP-Pro machine going thru the process of setting it up. Did all the XP Updates and installed all the stuff like Hijack, Spybot, ADWare, etc.

When I run Adware I get these entries after running the XP updates. Is it detecting something within Microsoft's software that maybe it shouldn't. This is basically a cherry machine with few Web miles. Should I delete these detected files. What is going on here? Is it safe to delete?

TIA
Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Windows Object recognized!
Type : RegData
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Policies\Microsoft\Internet Explorer\Control Panel
Value : Homepage
Data :
Windows Object recognized!
Type : RegData
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Policies\Microsoft\Internet Explorer\Restrictions
Value : NoBrowserOptions
Data :
Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 3
 

A:Win XP PRO and ADWare scans

Ad-aware creates auto-quarantine lists. If you have problems after deleting those 3 you can always restore them. I've never had a problem deleting anything with Ad-aware (nor have the half-dozen family members I run interference for against malware/adware). My recommendation is to delete them.
 

Read other 1 answers
RELEVANCY SCORE 52.8

Since the beginning of August, I have experienced many pop ups when online. These are ads by Provider and Adware. This is also allowing words on sites to become advertising links. I have researched and done various scans, and have reset settings in my Google Chrome, which is my main browser, but is happening in all browsers when used. I have gone through the steps and have the files attached and would really love assistance to rid of all this. Thanks
 

Read other answers
RELEVANCY SCORE 52

I was on internet and decided to hit the yahoo spyware scan button. It found Coolwebsearch, Tv media display, istbarxxx toolbar and DyFuCa. I was concerned about these and clicked remove on all. It said all was removed but DyFuCa. Since I'm not all that secure with yahoo spyscan I ran the following. Windows onecare tuneup (with the virus scan)-nothing found- but was error in defragging. Rebooted in safe mode and ran ad-aware- found 8 mru's and 21 tracking cookies-erased all. Rebooted and ran spybot and found wild tangent which I've erased before and it rendered some games useless so I did not erase. Rebooted in norm. mode and did cws scan-nothing. Ran windows defender and after 535,379 files were scanned it encountered an error and closed (have had trouble with this before). It did find tvmedia display, Daily toolbar and KaZaA. It removed daily toolbar but gave me errors on the other two and said it couldn't remove. Then I did a HJT scan and posted below. Please check and tell me if I have problems. Much appreciated!!!

Logfile of HijackThis v1.99.1
Scan saved at 3:41:10 PM, on 3/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C... Read more

A:Solved: Dialer,adware-problems with scans-HJT log

Read other 16 answers
RELEVANCY SCORE 52

It's crazy to post here when all I've got is a slow computer, but I've done all I can do. It started very suddenly a few days ago. I've ran a few virus/spyware/adware scans (scanners recced on techguys) and all they ever find is tracking cookies. I do notice that my cookies keep disappearing on websites...I guess that's what it's called, where I have to keep logging in to all my websites every day, instead of every few weeks like before.

Also, whenever I restart my laptop a little gray box with a file folder comes up on the upper left hand corner of my screen saying something like "compressing..." and the word settings. I can re-restart my computer to try to catch exactly what it says, it's only on there a second or two.

Anyways, if this isn't too ridiculous a problem, I'd appreciate the help.

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:43:27 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common ... Read more

A:Slow PC, even after multiple adware/spyware scans...

I wanted to mention that the little box that pops up upon starting says "compressing..." and under the little file folder it says "settings.sol". It's getting worse, and I'd really appreciate any help.
 

Read other 1 answers
RELEVANCY SCORE 52

Hello, I have a problem with my new PC, I appear to have accidentally installed some malicious software in error and it's now playing havoc with my browser, spamming pages with adverts, ruining google searches with irrelevant results and occasionally attempting to redirect the browser to a malicious site when I decline a warning to update a problem with Java. My machine is running Windows 7.
 
So far I have already attempted:
 
1. Uninstalled anything that looks dodgy. The machine is fairly new (around 6 weeks) so there's not much on it. Also searched the C drive for suspicious folders, but found nothing.
 
2. Run Malwarebytes. It found a reasonable amount of issues and deleted them, but the problem persists.
 
3. Run CCleaner. Found nothing.
 
4. Run JunkwareRemovalTool. It deleted three files but made no difference.
 
5. Run RKill. Found nothing.
 
6. Run TDSKiller. Found nothing.
 
7. Run AdwCleaner. Found another list of stuff to delete, but again the problem persists.
 
I have downloaded CombiFix, but have not run it yet.
 
Not sure what else to try now, it seems this problem is deep rooted.
 
Thanks in advance for your assistance. You guys proved very helpful the last time I had issues and I will not hesitate to make another donation to the site once this issue is resolved too!

A:Untraceable adware 'ads by wxDownload', scans found nothing!

Which browser is affected?
Did you check other browsers?

Read other 5 answers
RELEVANCY SCORE 51.6

My computer started to freeze on the welcome screen after user log in. If it didn't freeze on the welcome screen, the screen would turn black with a cursor over it. I turned off my computer, and started up safe mode. When I ran a scan on Avast antivirus, the scan would detect nothing, until the point were it would freeze. I downloaded a malware seeking program, and found nothing. I then got super anti spyware. On quick scan, it detected 165 threats, all adware. It would then proceed to freeze. I've also tried to system restore. It only worked for about an hour, and it would freeze on avast quick scan. I can't system restore anymore. It freezes on system restore now. I have a Inspiron 15r with windows home premium 64 os. Any help is greatly appreciated. Thank you

A:Adware detected on my computer, antiviruses crash on scans

On a virus free PC, d/l MS Windows Defender Offline & run it on your machine. This is a boot AV disk.

Windows Defender Offline

Go into safe mode & run Malwarebytes...the free version is good.

http://www.malwarebytes.org/

If you can, d/l TDSSKiller & run it to determine if you have been infected by a rootkit.

http://support.kaspersky.com/faq/?qid=208283363

Read other 4 answers
RELEVANCY SCORE 51.2

Listing requested logs for this issue. Thanks in advance for your assistance.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Philip at 2015-06-01 11:10:33
Running from C:\Users\Philip\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-733529448-3193121913-2867107617-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-733529448-3193121913-2867107617-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-733529448-3193121913-2867107617-1003 - Limited - Enabled)
Philip (S-1-5-21-733529448-3193121913-2867107617-1001 - Administrator - Enabled) => C:\Users\Philip

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled man... Read more

A:Side bar "crazy score" and browser re-directs immediately after mbam-malware scans removing virus

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Philip at 2015-06-01 11:10:33
Running from C:\Users\Philip\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-733529448-3193121913-2867107617-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-733529448-3193121913-2867107617-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-733529448-3193121913-2867107617-1003 - Limited - Enabled)
Philip (S-1-5-21-733529448-3193121913-2867107617-1001 - Administrator - Enabled) => C:\Users\Philip

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version:... Read more

Read other 5 answers
RELEVANCY SCORE 51.2

Well lets see here where to start. About 2-3 weeks ago our computer system completely crashed and I had to reload almost every driver that exists on our computer. We are running windows XP home edition. Then a few days ago my husband picked up some viruses. We think that the source of the viruses, malware and spyware came from a myspace friend request that my husband opened. When he went to look at the supposed user profile it sent him to a pornography website and a few minutes later began receiving pop up "system alerts" that redirect us to a website to download "trusted anti virus and spyware removal tools" which we did not download because our McAfee security center tells us that they are not trusted sites. We have run our McAfee virus scan and it originally detected 38 items 5 of which were trojans, but since has not detected anything else. I also ran the scan in safe mode which detected another 8 items, but still we are receiving pop ups that say "system alert: [email protected]" "psw.x-virtrojan" and "spyware.cyberlog-x". Wwe have also tried loading additional spyware removal from www.ewido.net/en/download called AVG anti-spyware 7.5 which picked up an additional 27 items, but still are getting porno pop ups and error messages with supposed trusted removal tools. I have a hijakthis log below. Any help or ideas would be greatly appreciated!!

Logfile of HijackThis v1.99.1
Scan saved at 11:07:22 PM, on 10/26/2006
Plat... Read more

A:Spyware and Trojan-Virus scans and adware removal not helping

Read other 7 answers
RELEVANCY SCORE 50.8

Hello,
I was hoping to get some advice and then possibly some assistance.
 
A friends computer was acting strangely - video and audio playback in Firefox would stutter then stop and the only way to fix was to click again.  This behavior did not behave in Chrome.  I looked over the computer and found a Bring Me Sports firefox addin.  I also noticed a lot of suspicious entries in the MBAM quarantine.  I also noticed that the proxy settings had been messed with in Firefox and there was a mysterious entry in the settings (about:config) under browser.newtabpage.blocked with a bunch of suspicious entries.  I reset that key.
 
There are certain sites (Picasa web) where I cm still getting a 500 internal server error.  If I click the link from another computer, it opens right up to Picasa web.  I'm concerned there is still an infection or proper cleanup is in order.
 
Thanks!

A:Bring Me Sports FF addin - MBAM returns Adware, PUP and Trojan

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.... Read more

Read other 2 answers