Wajam Ads.

[BETAUser]

This is my AdwCleaner Scan log if needed, im also including all my another logs, i hope this might help.

HitmanPRO Log:

HitmanPro 3.7.9.242
www.hitmanpro.com

   Computer name . . . . : RAILI
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : RAILI\siima_000
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Paid (255 days left)

   Scan date . . . . . . : 2015-08-13 17:36:26
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 47s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 13

   Objects scanned . . . : 1 876 415
   Files scanned . . . . : 58 515
   Remnants scanned  . . : 615 123 files / 1 202 777 keys

Suspicious files ____________________________________________________________

   C:\Sandbox\siima_000\SandBox\drive\C\Program Files\HitmanPro\HitmanPro.exe
      Size . . . . . . . : 11 032 736 bytes
      Age  . . . . . . . : 0.1 days (2015-08-13 15:27:58)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : E53E772DD09F2915B6BD99C4B35532ECE7A17BA16EC363F7F60E07F703FE2327
      Product  . . . . . : HitmanPro
      Publisher  . . . . : SurfRight B.V.
      Description  . . . : HitmanPro 3.7
      Version  . . . . . : 3.7.9.242
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 24.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -1.9s C:\Sandbox\siima_000\SandBox\user\current\AppData\Local\Microsoft\
         -1.9s C:\Sandbox\siima_000\SandBox\user\current\AppData\Local\Microsoft\Windows\Explorer\
         -1.9s C:\Sandbox\siima_000\SandBox\user\current\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
         -1.9s C:\Sandbox\siima_000\SandBox\user\current\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db
         -1.9s C:\Sandbox\siima_000\SandBox\user\current\AppData\Local\Microsoft\Windows\
         -1.7s C:\Windows\Prefetch\HITMANPRO.3.7.X-PATCH.EXE-574C7EBE.pf
         -1.7s C:\Sandbox\siima_000\SandBox\user\current\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
         -1.5s C:\Sandbox\siima_000\SandBox\user\current\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
         -0.1s C:\Sandbox\siima_000\SandBox\drive\C\
         -0.1s C:\Sandbox\siima_000\SandBox\drive\
         -0.1s C:\Sandbox\siima_000\SandBox\drive\C\Program Files\
         -0.1s C:\Sandbox\siima_000\SandBox\drive\C\Program Files\HitmanPro\
         -0.1s C:\Sandbox\siima_000\SandBox\drive\C\Program Files\HitmanPro\HitmanPro.exe.BAK
          0.0s C:\Sandbox\siima_000\SandBox\drive\C\Program Files\HitmanPro\HitmanPro.exe
         14.1s C:\Windows\Prefetch\HITMANPRO.EXE-B92AE749.pf

   C:\Users\siima_000\AppData\Local\PunkBuster\BC2\pb\pbcl.dll
      Size . . . . . . . : 891 962 bytes
      Age  . . . . . . . : 27.3 days (2015-07-17 09:34:01)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A324BDA2B890227F72D9F12323AD3FF51582CE312286C296F6558BD3F3927616
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -2.6s C:\Users\siima_000\AppData\Local\Temp\BFBC2Game_Data_DFE\
         -2.1s C:\Users\siima_000\Documents\BFBC2\
         -2.1s C:\Users\siima_000\Documents\BFBC2\settings.ini
         -0.0s C:\Users\siima_000\AppData\Local\VirtualStore\Program Files (x86)\Electronic Arts\
         -0.0s C:\Users\siima_000\AppData\Local\VirtualStore\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\
         -0.0s C:\Users\siima_000\AppData\Local\VirtualStore\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\pb\
         -0.0s C:\Users\siima_000\AppData\Local\VirtualStore\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\pb\pbcl.db
         -0.0s C:\Users\siima_000\AppData\Local\PunkBuster\BC2\
         -0.0s C:\Users\siima_000\AppData\Local\PunkBuster\BC2\pb\
         -0.0s C:\Users\siima_000\AppData\Local\PunkBuster\BC2\pb\pbcl.db
          0.0s C:\Users\siima_000\AppData\Local\PunkBuster\BC2\pb\pbcl.dll
          0.0s C:\Users\siima_000\AppData\Local\PunkBuster\BC2\pb\pbag.dll
          0.0s C:\Users\siima_000\AppData\Local\PunkBuster\BC2\pb\dll\
          0.0s C:\Users\siima_000\AppData\Local\PunkBuster\BC2\pb\scrnshot\
          0.0s C:\Users\siima_000\AppData\Local\PunkBuster\BC2\pb\htm\
          4.5s C:\Users\siima_000\AppData\Local\PunkBuster\BC2\pb\PnkBstrB.exe
          4.7s C:\Windows\SysWOW64\PnkBstrB.xtr
          7.0s C:\Windows\Prefetch\BFBC2GAME.EXE-ED947BC3.pf
         13.6s C:\Users\siima_000\AppData\Local\PunkBuster\BC2\pb\PnkBstrK.sys
         26.3s C:\Users\siima_000\Documents\BFBC2\GameSettings.ini
         26.3s C:\Users\siima_000\Documents\BFBC2\GameSettings.bin

   C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbcl.dll
      Size . . . . . . . : 958 292 bytes
      Age  . . . . . . . : 27.8 days (2015-07-16 21:49:45)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CA527E6BEC756E0A8920D13184946E0822CC8061ACC0C4D77592CB22DF501E6A
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -84.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\86\EFDEBA3CE1305CAE.dat
         -84.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{63A85719-A097-4EA3-9CDA-14B876683F16}
         -79.9s C:\Users\siima_000\AppData\Local\PunkBuster\
         -79.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\
         -79.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\
         -79.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\htm\
         -79.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\dll\
         -57.6s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbsv.s64
         -29.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbsv.so
          0.0s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbcl.dll
          0.0s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbcls.dll
          2.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbag.dll
          2.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbags.dll
         12.7s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbsv.dll
         14.9s C:\Windows\System32\LogFiles\PunkBuster\
         14.9s C:\Windows\System32\LogFiles\PunkBuster\pbsvc.log
         15.4s C:\Windows\SysWOW64\pbsvc.exe
         16.1s C:\Windows\SysWOW64\PnkBstrA.exe
         16.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B4C1E255-05F5-49A1-B9D2-D4523443CBC6}
         16.8s C:\Users\siima_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_99B19D26BD58DA7B2BD394E131904932
         16.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\20\76A85497E48375A8.dat
         16.8s C:\Users\siima_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_99B19D26BD58DA7B2BD394E131904932
         17.3s C:\Windows\System32\LogFiles\PunkBuster\PnkBstrA.log
         17.6s C:\Windows\SysWOW64\PnkBstrB.ex0
         17.6s C:\Windows\SysWOW64\PnkBstrB.exe
         18.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8CB2774E-AAA1-4DF1-88B6-80C855328D1B}
         22.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\83\7C291D4F41754707.dat
         28.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
         28.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
         28.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_99B19D26BD58DA7B2BD394E131904932
         28.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_99B19D26BD58DA7B2BD394E131904932
         29.7s C:\Windows\System32\LogFiles\PunkBuster\PnkBstrB.log
         30.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\15\3270572BBAD401EF.dat
         31.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D2020C53-CC0F-42CE-9271-8D7749D2C7EE}
         46.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{EA760C95-BB7E-4225-A687-26CA5680D6BA}

   C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbcls.dll
      Size . . . . . . . : 958 292 bytes
      Age  . . . . . . . : 27.8 days (2015-07-16 21:49:45)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CA527E6BEC756E0A8920D13184946E0822CC8061ACC0C4D77592CB22DF501E6A
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -84.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\86\EFDEBA3CE1305CAE.dat
         -84.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{63A85719-A097-4EA3-9CDA-14B876683F16}
         -79.9s C:\Users\siima_000\AppData\Local\PunkBuster\
         -79.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\
         -79.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\
         -79.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\htm\
         -79.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\dll\
         -57.6s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbsv.s64
         -29.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbsv.so
         -0.0s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbcl.dll
          0.0s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbcls.dll
          2.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbag.dll
          2.9s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbags.dll
         12.7s C:\Users\siima_000\AppData\Local\PunkBuster\BF2\pb\pbsv.dll
         14.9s C:\Windows\System32\LogFiles\PunkBuster\
         14.9s C:\Windows\System32\LogFiles\PunkBuster\pbsvc.log
         15.4s C:\Windows\SysWOW64\pbsvc.exe
         16.1s C:\Windows\SysWOW64\PnkBstrA.exe
         16.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B4C1E255-05F5-49A1-B9D2-D4523443CBC6}
         16.8s C:\Users\siima_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_99B19D26BD58DA7B2BD394E131904932
         16.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\20\76A85497E48375A8.dat
         16.8s C:\Users\siima_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_99B19D26BD58DA7B2BD394E131904932
         17.3s C:\Windows\System32\LogFiles\PunkBuster\PnkBstrA.log
         17.6s C:\Windows\SysWOW64\PnkBstrB.ex0
         17.6s C:\Windows\SysWOW64\PnkBstrB.exe
         18.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8CB2774E-AAA1-4DF1-88B6-80C855328D1B}
         22.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\83\7C291D4F41754707.dat
         28.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
         28.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
         28.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_99B19D26BD58DA7B2BD394E131904932
         28.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_99B19D26BD58DA7B2BD394E131904932
         29.7s C:\Windows\System32\LogFiles\PunkBuster\PnkBstrB.log
         30.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\15\3270572BBAD401EF.dat
         31.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D2020C53-CC0F-42CE-9271-8D7749D2C7EE}
         46.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{EA760C95-BB7E-4225-A687-26CA5680D6BA}

   C:\Users\siima_000\Documents\BFBC2\pb\pbcl.dll
      Size . . . . . . . : 891 962 bytes
      Age  . . . . . . . : 26.3 days (2015-07-18 10:12:52)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A324BDA2B890227F72D9F12323AD3FF51582CE312286C296F6558BD3F3927616
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -1.7s C:\Users\siima_000\Documents\BFBC2\Screenshots\
         -0.0s C:\Users\siima_000\Documents\BFBC2\pb\
          0.0s C:\Users\siima_000\Documents\BFBC2\pb\pbcl.dll
          0.0s C:\Users\siima_000\Documents\BFBC2\pb\pbag.dll
          0.1s C:\Users\siima_000\Documents\BFBC2\pb\pbcl.db


Potential Unwanted Programs _________________________________________________

   C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\InternetEnhancer.exe.log (Wajam) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InternetEnhancer_RASAPI32\ (WajWebEnhance) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InternetEnhancer_RASMANCS\ (WajWebEnhance) -> Deleted

Repairs _____________________________________________________________________

   Proksi server selles arvutis (Kasutaja)
   127.0.0.1:58815

   Proksi server selles arvutis (Kasutaja)
   127.0.0.1:58815

   Proksi server selles arvutis (Kasutaja)
   127.0.0.1:58815


Cookies _____________________________________________________________________

   C:\Users\siima_000\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\siima_000\AppData\Local\Microsoft\Windows\INetCookies\VJV34GHN.txt

AdwareCleaner Logs:


# AdwCleaner v4.208 - Logfile created 13/08/2015 at 17:31:07
# Updated 09/07/2015 by Xplode
# Database : 2015-08-12.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : siima_000 - RAILI
# Running from : F:\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:58815;hxxps=127.0.0.1:58815
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:58815;hxxps=127.0.0.1:58815
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v44.0.2403.155

[C:\Users\siima_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://homepage-web.com/?s=lenovo&m=home

*************************

AdwCleaner[R0].txt - [2859 bytes] - [12/08/2015 17:25:19]
AdwCleaner[R1].txt - [2918 bytes] - [12/08/2015 17:26:58]
AdwCleaner[R2].txt - [2178 bytes] - [13/08/2015 17:29:18]
AdwCleaner[S0].txt - [2784 bytes] - [12/08/2015 17:28:31]
AdwCleaner[S1].txt - [1681 bytes] - [13/08/2015 17:31:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1740 bytes] ##########

MalwareBytes Anti-Malware Logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Toimumise kuupäev: 10.08.2015
Toimumise aeg: 2:42
Logifail:
Administraator: Jah

Versioon: 2.1.8.1057
Pahavara andmebaas: v2015.08.09.05
Rootkit andmebaas: v2015.08.06.01
Litsents: Premium
Pahavara kaitse: Sisselülitatud
Pahatahtlike veebilehtede kaitse: Sisselülitatud
Enesekaitse: Väljalülitatud

OS: Windows 8.1
CPU: x64
Failisüsteem: NTFS
Kasutaja: siima_000

Kontrollimise tüüp: Ohtude kontroll
Tulemus: Lõpetati
Kontrollitud objekte: 402133
Kulunud aeg: 22 min, 11 sek

Mälu: Sisselülitatud
Käivitus: Sisselülitatud
Failisüsteem: Sisselülitatud
Arhiivid: Sisselülitatud
Rootkitid: Väljalülitatud
Heuristika: Sisselülitatud
PST: Sisselülitatud
PSM: Sisselülitatud

Protsess: 0
(tuvastati kahjulikke objekte)

Moodulid: 0
(tuvastati kahjulikke objekte)

Registri võtmed: 0
(tuvastati kahjulikke objekte)

Registri väärtused: 0
(tuvastati kahjulikke objekte)

Registri andmed: 0
(tuvastati kahjulikke objekte)

Kaustad: 0
(tuvastati kahjulikke objekte)

Failid: 1
PUP.Optional.HomePageHelper, C:\Users\siima_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Hea: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Halb: ("session":{"restore_on_startup":4,"startup_urls":["http://homepage-web.com/?s=lenovo&m=start"]},"sync":{"remaining_rollback_tries":0}}), Asendatud,[ab1e769058338aac5f941573df2647b9]

Füüsilised sektorid: 0
(tuvastati kahjulikke objekte)


(end)



I thought maybe reading right from here is maybe easier than downloading the .txt file and then reading from there. But if needed you can download it also.

What i've tried is that i tried to install Mozilla Firefox and see if Wojam ads is there, but it still is. Even that i did not connect it with Chrome at all.

I would appreciate it if someone could help me out with this problem.

Also, i've tried to search Wojam from Uninstall Programs, there isn't such uninstall thing.

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[BETAUser]

There ya go.

 

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[BETAUser]

Wow. It seems its gone after the Zoek Scan.

 

[BETAUser]

NeverMind... Came back. Maybe my browser didn't load correctly.

 

[TwinHeadedEagle]

Does it happen in all browsers?

 

[BETAUser]

Yes.

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[BETAUser]

There ya go.

 

[TwinHeadedEagle]

You're missing Addition.txt report.

 

[BETAUser]

Alright, making it again. Addition.txt was disabled from there for some reason.

 

[BETAUser]

There.

 

[TwinHeadedEagle]

This topic will be closed due to presence of pirated content.

Piracy policy