potentially unwanted programe called (Mobogenie ) won't remvoed by avast

hi
i have friend’s laptop seems have a lot of adwares and infected files
lets start with the Mobogenie that detected by avast but cant remove it even on boat up mode
i didn’t made any scan yet by Malwarebytes or AdwCleaner until you check farbar log
here is the the three files scan log by farbar

  • Run Mbam and attach the log
  • Run Farbar and create/attache two new logs (FRST.txt and Addition.txt)

Your friend likes toolbars :slight_smile:

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll => C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll [724400 2011-01-02] (iMesh, Inc) AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll => C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll [721288 2011-01-02] (iMesh, Inc) GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION URLSearchHook: HKLM - 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sha.dll (Conduit Ltd.) URLSearchHook: HKLM - Messenger Plus Saudi Toolbar - {9e1b5c68-1ab5-49fe-97a9-d3f777c51663} - C:\Program Files\Messenger_Plus_Saudi\prxtbMess.dll (Conduit Ltd.) SearchScopes: HKLM -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703 SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms} SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703 SearchScopes: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000 -> {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4 SearchScopes: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000 -> {1297684C-CEEF-40DD-BE64-5F1A7EF3AEC0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=PLTV52&o=100000018&src=kw&q={searchTerms}&locale=&apn_ptnrs=E5&apn_dtid=YYYYYYYYSA&apn_uid=338e5afb-d4ce-4b5c-9289-215fcc52a512&apn_sauid=EDFA663E-DE39-414D-ACEA-8D6F7EF4A712& SearchScopes: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms} SearchScopes: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703 BHO: Browser Companion Helper -> {00cbb66b-1d3b-46d3-9577-323a336acb50} -> C:\Program Files\BrowserCompanion\jsloader.dll [2011-07-21] ( ) BHO: 4shared.com Toolbar -> {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} -> C:\Program Files\4shared.com\prxtb4sha.dll [2011-01-17] (Conduit Ltd.) BHO: MediaBar -> {28387537-e3f9-4ed7-860c-11e69af4a8a0} -> C:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll [2010-12-30] () BHO: UrlHelper Class -> {474597C5-AB09-49d6-A4D5-2E8D7341384E} -> C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll [2011-01-02] (iMesh, Inc) BHO: CescrtHlpr Object -> {64182481-4F71-486b-A045-B233BD0DA8FC} -> C:\Program Files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll [2010-10-26] (facemoods.com BHO) BHO: Browser Companion Helper Verifier -> {963B125B-8B21-49A2-A3A8-E37092276531} -> C:\Program Files\BrowserCompanion\updatebhoWin32.dll [2011-07-21] ( ) BHO: Messenger Plus Saudi Toolbar -> {9e1b5c68-1ab5-49fe-97a9-d3f777c51663} -> C:\Program Files\Messenger_Plus_Saudi\prxtbMess.dll [2011-01-17] (Conduit Ltd.) BHO: MessengerPlusLive Saudi Arabia TB Toolbar -> {f78a8f02-19ee-4de8-8ea7-6138e8b524f4} -> C:\Program Files\MessengerPlusLive_Saudi_Arabia_TB\prxtbMes2.dll [2011-05-09] (Conduit Ltd.) Toolbar: HKLM - MessengerPlusLive Saudi Arabia TB Toolbar - {f78a8f02-19ee-4de8-8ea7-6138e8b524f4} - C:\Program Files\MessengerPlusLive_Saudi_Arabia_TB\prxtbMes2.dll [2011-05-09] (Conduit Ltd.) Toolbar: HKLM - MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll [2010-12-30] () Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2010-10-15] (Yahoo! Inc.) Toolbar: HKLM - 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sha.dll [2011-01-17] (Conduit Ltd.) Toolbar: HKLM - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll [2010-10-26] (facemoods.com) Toolbar: HKLM - Messenger Plus Saudi Toolbar - {9e1b5c68-1ab5-49fe-97a9-d3f777c51663} - C:\Program Files\Messenger_Plus_Saudi\prxtbMess.dll [2011-01-17] (Conduit Ltd.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000 -> MessengerPlusLive Saudi Arabia TB Toolbar - {F78A8F02-19EE-4DE8-8EA7-6138E8B524F4} - C:\Program Files\MessengerPlusLive_Saudi_Arabia_TB\prxtbMes2.dll [2011-05-09] (Conduit Ltd.) Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll [2011-07-21] (Blabbers Communications Ltd) Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll [2011-07-21] (Blabbers Communications Ltd) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll [2011-07-21] (Blabbers Communications Ltd) FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tytu098o.default\searchplugins\dsrlte.xml [2015-03-19] FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tytu098o.default\searchplugins\dsrlte1.xml [2015-10-02] FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\dsrlte.xml [2015-03-19] FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\dsrlte1.xml [2015-10-02] FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\Messenger Plus Smartbar Search.xml [2011-10-15] FF Extension: Facemoods - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tytu098o.default\Extensions\ffxtlbr@Facemoods.com [2011-03-17] [not signed] FF Extension: Messenger Plus! Community Smartbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\linkuryfirefoxremoteplugin@linkury.com [2011-10-15] [not signed] CHR Plugin: (registryAccess) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.13.1.0_0\background/registryAccess.dll => No File CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoods.crx [2010-11-24] R1 {3b797233-3a06-40ec-90c9-838c68c49bbc}w; C:\Windows\System32\drivers\{3b797233-3a06-40ec-90c9-838c68c49bbc}w.sys [43152 2015-03-18] (StdLib) R1 {ef8714df-a44b-464c-9034-549a70dc4cd7}w; C:\Windows\System32\drivers\{ef8714df-a44b-464c-9034-549a70dc4cd7}w.sys [52920 2014-04-24] (StdLib) R1 {f3effdbb-ac83-4e56-899c-c0c06faf5650}w; C:\Windows\System32\drivers\{f3effdbb-ac83-4e56-899c-c0c06faf5650}w.sys [43144 2015-03-18] (StdLib) R1 {f9d2f209-1697-4837-85f2-d88e4c9f7c81}w; C:\Windows\System32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}w.sys [52928 2014-04-24] (StdLib) 2015-12-29 21:21 - 2014-02-18 23:21 - 00000288 _____ C:\Windows\Tasks\Funmoods.job 2011-01-26 01:43 - 2011-01-26 01:43 - 12433040 _____ (JonDos GmbH) C:\ProgramData\JonDoFox.paf.exe CustomCLSID: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath Task: {CF3DDE59-0E8C-49FC-A1CC-0BC2039121C6} - System32\Tasks\Funmoods => C:\Users\user\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {F1FA1849-F0CF-4302-8B2A-5D619C4D49F1} - System32\Tasks\Yahoo! Search Updater => Wscript.exe //B "C:\Users\user\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\..\updt.js" <==== ATTENTION Task: C:\Windows\Tasks\Funmoods.job => C:\Users\user\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION C:\Users\user\AppData\Local\Pay-By-Ads C:\Program Files\iMesh Applications C:\Program Files\4shared.com C:\Program Files\Messenger_Plus_Saudi C:\Program Files\BrowserCompanion C:\Windows\System32\drivers\{3b797233-3a06-40ec-90c9-838c68c49bbc}w.sys C:\Windows\System32\drivers\{ef8714df-a44b-464c-9034-549a70dc4cd7}w.sys C:\Windows\System32\drivers\{f3effdbb-ac83-4e56-899c-c0c06faf5650}w.sys C:\Windows\System32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}w.sys C:\Users\user\AppData\Roaming\Funmoods Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

He also has Windows Defender and avast running in real time.

ok scan done and here is the log

Could you run the fix I posted please

lol yes he like toolbars he is unaware :slight_smile:
there is a lot of PUP.Optional detection

here is AdwCleaner log
and fix log

already attached

How is the computer now ?

looks fine and better :slight_smile:
but still have problem with avast it doesn’t update to new version
and there is more three add-in in the browser detect by avast and he says"" u don’t have permission to remove this please restart this program and right click and run as administrator “”"
add-ins names
1-Condiut
2-hp smart print
3-skype click to call setting

one more thing
this extension on chrome wont be removed even after cleaning ten times

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bjfjckelkjhfgamlmipgdaklofacegaa

adwcleaner says deleted but after make rescan says detected

do i have to uninstall chrome completely and reinstall it again !!

AdwCleaner v5.026 - Logfile created 30/12/2015 at 12:58:32

Updated 21/12/2015 by Xplode

Database : 2015-12-29.1 [Server]

Operating system : Windows 7 Ultimate Service Pack 1 (x86)

Username : user - USER-PC

Running from : C:\Users\user\Desktop\adwcleaner_5.026.exe

Option : Cleaning

Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bjfjckelkjhfgamlmipgdaklofacegaa

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****


:: “Tracing” keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [811 bytes] ##########

Lets try JRT as that uses a different routine

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[
]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[
]post the contents of JRT.txt into your next message.

already done on the afternoon
but still there

here is the JRT log

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Ultimate x86 
Ran by user (Administrator) on Wed 12/30/2015 at 13:19:48.91

File System: 65

Successfully deleted: C:\ProgramData\messenger plus! for skype (Folder)
Successfully deleted: C:\Users\user\AppData\Local{012F484A-B93D-404D-AB59-15636C29C84E} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{0D103CA4-3FF7-44F5-9A91-DB294B50891A} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{0D4654AC-74B3-4BA4-86FA-40A106AA20EA} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{15696D4B-1C7A-40EF-B031-636A475F484F} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{17FF23C4-46B1-4DF9-B465-9C171ED19666} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{1CEFF946-FFD7-45D7-986D-DAC300F5051B} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{2047F45A-37E5-45F6-A5E4-BE846D355FD5} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{20DC7640-0885-40BD-9F41-BF419999EA65} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{21F22E94-2199-4CD7-8398-126D02A4A2A3} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{24962136-7968-4278-8113-C046B5B79C30} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{2C036178-77EB-4496-898F-4B57E77CEC39} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{2CE8673A-ADCE-40FD-B4E5-9FB53A6245DB} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{2FD820AD-F909-4AB2-8273-5A94BF6E2892} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{36682C11-3A3B-4311-913E-5910D1423617} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{3C041608-1240-4CE5-AF94-7BD71CAD69B0} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{3CA2C714-46CD-482E-B06D-803AB970F7F9} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{4F0FE863-E1E0-4A27-87B7-A310D49A7861} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{51BE53B9-E6EA-4DBB-BD3A-61CB058A6571} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{52FBD229-9098-47CB-80B1-4232EF409084} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{5A3710E4-8681-4721-9801-2C5688124651} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{61AE306C-1D72-4189-9549-E51AD1709CFC} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{67FAFA0A-3C17-4DF1-BE2B-2FE27EFA26FF} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{69039445-AE95-4867-BFEB-E4F705D50DBB} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{7743973A-57B6-4F94-9052-DE33B7D7D9EF} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{792CA646-AF3F-4191-AD60-1966604CDDA7} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{7CBFA10C-74E1-49FA-94B5-A309C62B0011} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{7EB890BC-B5F5-465B-A03A-6A1BE6571AC4} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{898C637F-07E5-44CA-AC11-2706C28142A6} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{9523E6B9-BF8B-439B-9714-76D6230F0B32} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{9A51706F-65BA-4425-8CE0-8338EA5BA7A8} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{9A689229-8AE9-4E7A-9AC4-0633ADC6580F} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{9C892AF7-4524-4F30-8E38-E2192845F889} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{9DFC64BD-5103-4827-BD83-BF6623B54703} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{A337B30B-4B18-4512-AA96-3B78924381A2} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{A9231825-4EFB-4C71-BA0F-06A107029FA9} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{AAA27A36-6299-4F1C-BCAD-86B340F64F1C} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{AD11CAD6-E365-4459-825D-91612EDD2E91} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{AD2FE725-E621-4B7B-9F86-F8C495176A8F} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{AE953361-54F4-4E57-9A5E-96A4C6034AE4} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{B1B18A3F-B765-461C-8F81-E54EBA66E43A} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{B858360A-85E7-40A7-9F0A-A20944BE42E0} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{B9242D1A-354D-4EAA-84A9-43032F620C91} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{B9B54829-B4EB-41EF-A576-CC6CA6F891F7} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{BC7772AB-ACA2-4F36-960D-C6AAD9579B38} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{BF8412C9-E761-42A5-8FA8-A9D8C7A9AE76} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{C3C04552-CDDE-4AB9-8475-7C019D3BA200} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{C432B6C9-4592-4E50-A531-7139FB97B249} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{C5FCD894-DEB7-443E-B8A5-AD812FFB2CA1} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{C725A710-3C56-4CFB-89A8-7759C41363A4} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{C7C002F8-ECC0-4535-9159-95CD9DF7B962} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{C8072872-4944-459B-A612-DF1BF94008FC} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{C97D2F41-C8FF-4D3C-899E-BD1227923E90} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{D3B2034A-FF18-4E72-9101-F2EC2951422C} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{D5358F2D-991A-4ABA-B12C-CC4777564413} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{D812749C-2666-42DC-80C8-F11D7FFF91CD} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{D841F0CE-9E39-4C73-AFE9-9FEA7CF7241F} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{DBE48B49-1245-433C-93B1-7A3E25AB54CE} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{DD65BCDF-E900-4C16-8D86-B08D12726A69} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{DF59213B-4168-4C23-BDEA-2347BA06AD60} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{E4148FAD-E51E-48A4-AF61-A014F784C5D7} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{E4D0ED98-8CBA-41DC-9BFB-08CD72026E2C} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{E5D10AE2-AA19-49F2-8EF9-14986684A4F0} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{EB7B85F4-6B07-474D-9F5E-FE125C525B1A} (Empty Folder)
Successfully deleted: C:\Users\user\AppData\Local{FEA1A782-4FA4-4135-97B4-6A9597DFDDB4} (Empty Folder)

Registry: 3

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\MsgPlusService (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant (Registry Value)

Scan was completed on Wed 12/30/2015 at 13:24:35.23
End of JRT log

Could you run a fresh FRST scan please

sure attached fresh scan

If this does not work then Chrome may need to be reset

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: ShellIconOverlayIdentifiers: [4sharedSyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => No File ShellIconOverlayIdentifiers: [4sharedSyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => No File ShellIconOverlayIdentifiers: [4sharedSyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => No File FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 4001 FF NetworkProxy: "gopher", "127.0.0.1" FF NetworkProxy: "gopher_port", 4001 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 4001 FF NetworkProxy: "socks_remote_dns", true FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 4001 CHR Plugin: (registryAccess) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.13.1.0_0\background/registryAccess.dll => No File CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll => No File CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll => No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll => No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bjfjckelkjhfgamlmipgdaklofacegaa CustomCLSID: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1426617163-2722168954-1867787853-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath ShortcutWithArgument: C:\Users\user\Desktop\توبيكات بنات - يابخت الغرور فيني - الكلمات الدليلية.lnk -> C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app="hxxp://www.xn--mgbbfc7j2ap.com/search.htm?show_result=1&page=3" ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\توبيكات بنات - يابخت الغرور فيني - الكلمات الدليلية.lnk -> C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app="hxxp://www.xn--mgbbfc7j2ap.com/search.htm?show_result=1&page=3" Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

sorry for late coz my friend take his laptop
i ask him to apply your the latest fix and he did and said no adware founded :slight_smile:
he is happy now and sends his greetings to u :wink:

THANKS MAN ,i have learned a lot from u ;D

My pleasure :slight_smile: