Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A virus went straight through Norton 360 on my PC.


  • Please log in to reply
16 replies to this topic

#1 geoffm57

geoffm57

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 05 August 2015 - 11:53 PM

I have had some occurances with my PC in recent months. It started with Norton 360 with which I run a full system scan, if not weekly then fortnightly. It would always pick up low level tracking cookies and remove them. One day on completion of the scan it found no tracking cookies. Thought this was a little odd, but let it pass as Norton appeared to be running properly, downloading updates.

 

In the last few weeks it has come to my attention that someone has been making illegal use of my internet usage. I was advised to change my password, which I did. Within a few days of this I started receiving phone calls from someone saying that are representing my internet provider saying certain things were happening with my PC. Which in fact was true. I was suspicious and hung up on them and rang my provider who said they had not rang me. A few days later my PC would not go through the normal starting system and all that appeared were the following messages 

 

SSSchedule.exe Bad Image

Btv.exe Bad Image

C:\Windows\System32\urlmon.dll is either not designed to run on windows or it contains errors

 

Took my PC to the computer store and was told it was a virus and that Norton 360 was unable to stop it. He did not investigate what virus it was, but said it was removed from my PC.

 

Can any one tell me what virus it was and how I can be sure it has been totally removed?

 

Regards


Edited by Chris Cosgrove, 06 August 2015 - 04:40 PM.
Moved from Win 8 to 'Am I infected?'


BC AdBot (Login to Remove)

 


#2 Dualcomm

Dualcomm

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 06 August 2015 - 12:51 PM

Why do you have Norton in the first place? It's terrible and has a high amount of false positives. You should instead download Malwarebytes Premium (or the free, but that's only for 10 days



#3 jcgriff2

jcgriff2

  • BSOD Kernel Dump Expert
  • 1,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey Shore
  • Local time:02:07 AM

Posted 06 August 2015 - 04:19 PM

Within a few days of this I started receiving phone calls from someone saying that are representing my internet provider saying certain things were happening with my PC. Which in fact was true. I was suspicious and hung up on them and rang my provider who said they had not rang me.


Anything is possible, but is it probable?

 

Calls like the one you received occur millions of times a day.  Yours sounds more like good timing on behalf of the scammer than anything else.  If you were to ask everyone in this forum if "...saying certain things were happening with my PC..", I bet most would find it true.  It's a scam call designed to scare you and to get you to purchase something or service from them.  Don't ever fall for these scams, especially the ones claiming to be from Microsoft.  Microsoft would never call you out of the blue because of an alleged system problem.

 

Remove Norton with the Norton Removal Tool - http://kb.eset.com/esetkb/index?page=content&id=SOLN146

 

Reboot upon completion to allow for the complete removal of kernel mode and boot drivers.

 

Turn on Windows Defender.

 

Use Windows firewall.

 

Regards. . .

 

jcgriff2


Microsoft MVP 2009-2015
Microsoft Windows Insider MVP 2018 - Present

#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:07 AM

Posted 07 August 2015 - 11:47 AM

Why do you have Norton in the first place? It's terrible and has a high amount of false positives. You should instead download Malwarebytes Premium (or the free, but that's only for 10 days

Malwarebytes is not an antivirus and thus cannot replace Norton, or any other AV for that matters.

geoffm57, please run these to get a look.

MiniToolbox by Farbar

Avast users please disable your antivirus before downloading!
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (choose Errors only)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#5 geoffm57

geoffm57
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 07 August 2015 - 11:55 PM

 

Why do you have Norton in the first place? It's terrible and has a high amount of false positives. You should instead download Malwarebytes Premium (or the free, but that's only for 10 days

Malwarebytes is not an antivirus and thus cannot replace Norton, or any other AV for that matters.

geoffm57, please run these to get a look.

MiniToolbox by Farbar

Avast users please disable your antivirus before downloading!
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (choose Errors only)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

 

 

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Geoff (administrator) on 08-08-2015 at 14:44:00
Running from "C:\Users\Geoff\Downloads"
Microsoft Windows 8  (X64)
Model: 23-d005a Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Qualcomm Atheros AR9462 802.11a/b/g/n WiFi Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 68-94-23-31-E7-B6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1A-94-23-31-E7-B5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR9462 802.11a/b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 68-94-23-31-E7-B5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1406:6b7f:c5c9:97e3%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, 8 August 2015 1:58:28 PM
   Lease Expires . . . . . . . . . . : Saturday, 8 August 2015 3:28:29 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 224957475
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4C-28-A2-4C-72-B9-D9-4A-AF
   DNS Servers . . . . . . . . . . . : 61.9.195.193
                                       61.9.194.49
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 4C-72-B9-D9-4A-AF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7EEE36F6-C2DB-4C12-9F44-32F8B0BF4B8A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cust.ken.bigpond.net.au
Address:  61.9.195.193

Name:    google.com
Addresses:  2404:6800:4006:801::200e
   216.58.220.110

Pinging google.com [216.58.220.110] with 32 bytes of data:
Reply from 216.58.220.110: bytes=32 time=22ms TTL=54
Reply from 216.58.220.110: bytes=32 time=21ms TTL=54

Ping statistics for 216.58.220.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 22ms, Average = 21ms
Server:  dns-cust.ken.bigpond.net.au
Address:  61.9.195.193

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
   2001:4998:44:204::a7
   2001:4998:c:a06::2:4008
   98.139.183.24
   206.190.36.45
   98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=245ms TTL=47
Reply from 206.190.36.45: bytes=32 time=213ms TTL=47

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 213ms, Maximum = 245ms, Average = 229ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...68 94 23 31 e7 b6 ......Bluetooth Device (Personal Area Network)
 14...1a 94 23 31 e7 b5 ......Microsoft Wi-Fi Direct Virtual Adapter
 13...68 94 23 31 e7 b5 ......Qualcomm Atheros AR9462 802.11a/b/g/n WiFi Adapter
 12...4c 72 b9 d9 4a af ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.4    281
      192.168.0.4  255.255.255.255         On-link       192.168.0.4    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.4    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13    281 fe80::/64                On-link
 13    281 fe80::1406:6b7f:c5c9:97e3/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/07/2015 02:14:42 PM) (Source: Perflib) (User: )
Description: ASP.NET_2.0.50727

Error: (08/07/2015 02:14:42 PM) (Source: Perflib) (User: )
Description: ASP.NET_2.0.507278

Error: (08/07/2015 02:14:41 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (08/06/2015 04:31:55 PM) (Source: Application Hang) (User: )
Description: The program SystemSettings.exe version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9c8

Start Time: 01d0d0118b10b494

Termination Time: 0

Application Path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe

Report Id: d287264b-3c04-11e5-be7e-68942331e7b6

Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (08/06/2015 02:26:26 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13d4

Start Time: 01d0d000017b6137

Termination Time: 4294967295

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 48fd4ba3-3bf3-11e5-be7e-68942331e7b6

Faulting package full name:

Faulting package-relative application ID:

Error: (08/06/2015 02:26:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HP)
Description: App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default did not launch within its allotted time.

Error: (08/05/2015 07:39:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: TabTip.exe, version: 6.2.9200.16384, time stamp: 0x50108553
Faulting module name: Comctl32.dll, version: 6.10.9200.16384, time stamp: 0x501084f0
Exception code: 0xc0000005
Fault offset: 0x0000000000077c9f
Faulting process id: 0x8fc
Faulting application start time: 0xTabTip.exe0
Faulting application path: TabTip.exe1
Faulting module path: TabTip.exe2
Report Id: TabTip.exe3
Faulting package full name: TabTip.exe4
Faulting package-relative application ID: TabTip.exe5

Error: (08/03/2015 03:38:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: wwahost.exe, version: 6.2.9200.16384, time stamp: 0x50107c6e
Faulting module name: atidxx64.dll, version: 8.17.10.451, time stamp: 0x50343e6b
Exception code: 0xc0000005
Fault offset: 0x00000000000747db
Faulting process id: 0x1720
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5

Error: (08/03/2015 03:37:42 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 16.4.4206.722 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: dfc

Start Time: 01d0cdad802a0d41

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: c184a6b3-39a1-11e5-be76-68942331e7b6

Faulting package full name: microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe

Faulting package-relative application ID: Microsoft.WindowsLive.Mail

Error: (08/03/2015 03:37:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HP)
Description: App microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail did not launch within its allotted time.

System errors:
=============
Error: (08/08/2015 02:17:28 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/08/2015 02:17:28 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/07/2015 07:36:35 PM) (Source: Service Control Manager) (User: )
Description: The HP Registration Service service failed to start due to the following error:
%%1053

Error: (08/07/2015 07:36:35 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Registration Service service to connect.

Error: (08/07/2015 02:15:35 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (08/07/2015 01:58:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Update for Windows 8 for x64-based Systems (KB2885699).

Error: (08/07/2015 01:44:40 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/07/2015 01:44:40 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/07/2015 01:44:09 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/07/2015 01:44:09 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Microsoft Office Sessions:
=========================
Error: (08/07/2015 02:14:42 PM) (Source: Perflib)(User: )
Description: ASP.NET_2.0.50727

Error: (08/07/2015 02:14:42 PM) (Source: Perflib)(User: )
Description: ASP.NET_2.0.507278

Error: (08/07/2015 02:14:41 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (08/06/2015 04:31:55 PM) (Source: Application Hang)(User: )
Description: SystemSettings.exe6.2.9200.163849c801d0d0118b10b4940C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exed287264b-3c04-11e5-be7e-68942331e7b6windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (08/06/2015 02:26:26 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.1638413d401d0d000017b61374294967295C:\Program Files\Internet Explorer\iexplore.exe48fd4ba3-3bf3-11e5-be7e-68942331e7b6

Error: (08/06/2015 02:26:19 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HP)
Description: DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default

Error: (08/05/2015 07:39:04 PM) (Source: Application Error)(User: )
Description: TabTip.exe6.2.9200.1638450108553Comctl32.dll6.10.9200.16384501084f0c00000050000000000077c9f8fc01d0cf61e4f18316C:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\Comctl32.dllceab88a5-3b55-11e5-be7d-68942331e7b6

Error: (08/03/2015 03:38:06 PM) (Source: Application Error)(User: )
Description: wwahost.exe6.2.9200.1638450107c6eatidxx64.dll8.17.10.45150343e6bc000000500000000000747db172001d0cdae866ef091C:\WINDOWS\system32\wwahost.exeC:\WINDOWS\system32\atidxx64.dlld0491237-39a1-11e5-be76-68942331e7b6microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail

Error: (08/03/2015 03:37:42 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe16.4.4206.722dfc01d0cdad802a0d414294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exec184a6b3-39a1-11e5-be76-68942331e7b6microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail

Error: (08/03/2015 03:37:41 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HP)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail

=========================== Installed Programs ============================

4 Elements II (HKLM-x32\...\WTA-b9f7a01f-7503-4b7f-97f7-ae68d42f502d) (Version: 2.2.0.98 - WildTangent) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Airport Mania (HKLM-x32\...\WTA-4e3fcd0d-f3ff-404e-886b-2ff48b931766) (Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{DC7C952E-3B17-9BBE-CED0-152DB6B0BAA2}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Azteca (HKLM-x32\...\WTA-17708010-2097-4195-ab8b-88863dda9bc7) (Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-d7e133c2-3de9-47f8-83a7-056e1c39bdcb) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-f1130ce2-14a8-4443-b2c1-c3a5331127bc) (Version: 2.2.0.98 - WildTangent) Hidden
Build-a-lot (HKLM-x32\...\WTA-21131347-71f5-4248-a39d-de58f26c4676) (Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WTA-771b198e-ebab-4b08-951f-1f7359c7bd02) (Version: 2.2.0.95 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4407 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Epson Easy Photo Print 2 (HKLM-x32\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Stylus Office BX300F_TX300F Manual (HKLM-x32\...\EPSON Stylus Office BX300F_TX300F User’s Guide ) (Version:  - )
EPSON TX300F Series Printer Uninstall (HKLM\...\EPSON TX300F Series) (Version:  - SEIKO EPSON Corporation)
FATE: The Cursed King (HKLM-x32\...\WTA-b22159a1-5a90-4d5c-9d8b-92f6a5eb2606) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-3578c75b-aab7-41d3-9c0d-d87d0d629eed) (Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Hauppauge TV Player (HKLM-x32\...\Hauppauge TV Player) (Version: 1.0.30221 - Hauppauge Computer Works)
Hewlett-Packard ACLM.NET v1.2.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-c59ed986-f07d-40b4-812b-0445a0a37e6f) (Version: 2.2.0.95 - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.7 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.12.004 - Portrait Displays, Inc.)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HydraVision (HKLM-x32\...\{866A5B13-0B3E-9402-9D1D-62E33DC1F21D}) (Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6419.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-d1bc4aab-609d-4ec6-a444-e99105130840) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-ce103428-f89d-4918-9220-3637b9569ebc) (Version: 2.2.0.95 - WildTangent) Hidden
Letters from Nowhere 2 (HKLM-x32\...\WTA-8503757e-5b4a-4b0a-a700-e0f9ac8d299e) (Version: 2.2.0.97 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-8104557f-05d5-4b44-9e58-0cfbe92e2119) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-0f8d4d10-1912-4dce-888e-941b5a4e5292) (Version: 2.2.0.98 - WildTangent) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
Penguins! (HKLM-x32\...\WTA-73705679-8361-411a-8da7-4eaff790e879) (Version: 2.2.0.98 - WildTangent) Hidden
Pivot Pro Plugin (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.50.110 - Portrait Displays, Inc.) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
Polar Bowler (HKLM-x32\...\WTA-c536f5c0-f005-403e-abf2-97db998bb0e9) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-8ecb3614-9b08-4272-92d9-5536161765d2) (Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Roads of Rome 3 (HKLM-x32\...\WTA-46ee5e21-6f1f-404f-b145-8db8529312cd) (Version: 2.2.0.98 - WildTangent) Hidden
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.28.007 - Portrait Displays, Inc.) Hidden
SparkTrust PC Cleaner Plus (HKLM-x32\...\{35827710-D042-428B-A1E5-E20E12D2FEB9}) (Version: 3.2.15.0 - SparkTrust)
The Treasures of Mystery Island: The Ghost Ship (HKLM-x32\...\WTA-708a60ab-3c07-46f5-8ad0-6e7748a5085c) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (HKLM-x32\...\WTA-229ffe41-83d8-41ce-9a68-dc07a836ff8e) (Version: 2.2.0.98 - WildTangent) Hidden

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 8126.38 MB
Available physical RAM: 4333.56 MB
Total Virtual: 9454.38 MB
Available Virtual: 5211.91 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:913.24 GB) (Free:851.63 GB) NTFS
2 Drive d: (Recovery Image) (Fixed) (Total:16.01 GB) (Free:1.94 GB) NTFS

========================= Users: ========================================

User accounts for \\HP

Administrator            Geoff                    Guest                   

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

30-07-2015 04:52:20 Installed InstallShield Restore Point
03-08-2015 06:19:21 Windows Update
05-08-2015 03:20:00 Removed Microsoft Office
05-08-2015 03:20:55 Removed Microsoft Office Home and Student 2010

**** End of log ****



#6 geoffm57

geoffm57
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 08 August 2015 - 12:22 AM

Thanks for your help



#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:07 AM

Posted 08 August 2015 - 01:16 AM

Hi there,

Please uninstall the following software from Programs and Features:

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
SparkTrust PC Cleaner Plus (HKLM-x32\...\{35827710-D042-428B-A1E5-E20E12D2FEB9}) (Version: 3.2.15.0 - SparkTrust)

If you run into any issues, let me know.

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
Regards,
Alex

#8 geoffm57

geoffm57
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 09 August 2015 - 10:08 PM

Thanks for all your help. Everything appears to be in order. I will certainly keep this forum in mind if any future problems occur.

 

Regards

Geoff



#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:07 AM

Posted 10 August 2015 - 03:27 AM

Can you post the log from EEK so I can see what is removed? :)

#10 geoffm57

geoffm57
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 10 August 2015 - 11:19 PM

Can you post the log from EEK so I can see what is removed? :)

 

Emsisoft Emergency Kit - Version 10.0
Last update: 8/08/2015 5:58:13 PM
User account: HP\Geoff

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 8/08/2015 5:58:28 PM
C:\Users\Geoff\AppData\Roaming\sparktrust  detected: Application.AppInstall (A)
C:\ProgramData\sparktrust  detected: Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-3874061211-3636223722-768566546-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}  detected: Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-3874061211-3636223722-768566546-1001\SOFTWARE\SPARKTRUST  detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SPARKTRUST  detected: Application.InstallAd (A)

Scanned 77687
Found 5

Scan end: 8/08/2015 6:01:41 PM
Scan time: 0:03:13

Deleted 0



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:07 AM

Posted 11 August 2015 - 02:04 AM

Hi there,

You did not quarantine what EEK found? It looks like some leftover traces of a PUP.

#12 geoffm57

geoffm57
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 11 August 2015 - 07:54 PM

Hi there,

You did not quarantine what EEK found? It looks like some leftover traces of a PUP.

 

Emsisoft Emergency Kit - Version 10.0
Last update: 11/08/2015 4:32:08 PM
User account: HP\Geoff

Scan settings:

Scan type: Quick Scan
Objects: Rootkits, Memory, Traces

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 12/08/2015 10:51:20 AM
Key: HKEY_USERS\S-1-5-21-3874061211-3636223722-768566546-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}  detected: Application.Win32.WSearch (A)

Scanned 60275
Found 1

Scan end: 12/08/2015 10:51:37 AM
Scan time: 0:00:17

 

 

sisoft Emergency Kit - Version 10.0
Last update: 11/08/2015 4:32:08 PM
User account: HP\Geoff

Scan settings:

Scan type: Quick Scan
Objects: Rootkits, Memory, Traces

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 12/08/2015 10:50:16 AM
Key: HKEY_USERS\S-1-5-21-3874061211-3636223722-768566546-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}  detected: Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-3874061211-3636223722-768566546-1001\SOFTWARE\SPARKTRUST  detected: Application.InstallAd (A)

Scanned 60276
Found 2

Scan end: 12/08/2015 10:50:33 AM
Scan time: 0:00:17

Key: HKEY_USERS\S-1-5-21-3874061211-3636223722-768566546-1001\SOFTWARE\SPARKTRUST Deleted Application.InstallAd (A)

Deleted 1



#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:07 AM

Posted 12 August 2015 - 04:29 AM

Looks ok... please run these to make sure that we did not miss anything.

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#14 geoffm57

geoffm57
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 14 August 2015 - 12:01 AM

ESET Online Scanner

 

Did not find anything

 

 

Malwarebytes Anti-Malware

 

alwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13/08/2015
Scan Time: 12:43 PM
Logfile: Malware.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.08.03
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Geoff

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347983
Time Elapsed: 9 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

 



#15 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:07 AM

Posted 14 August 2015 - 03:58 AM

Hi there,

Are there any other problems?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users