Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy settings keep changing; odd port number


  • This topic is locked This topic is locked
13 replies to this topic

#1 cmk36

cmk36

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 24 October 2015 - 12:44 PM

Hello, thanks for the help in advance!

 

I've been having this issue for a little while now. My internet browser freezes, then a tab opens with a message like "your computer has been infected, call this number" and sometimes those windows even read the warnings that my computer is infected. At that point, I have to close down my browser with the task manager. My boyfriend looked into my settings, proxy settings, LAN settings and pointed out that I have the proxy box selected (which I didn't do) and said it was an odd port number. There is a direct correlation between the pop ups and tabs and the proxy settings being altered. Now I will log on and check that the box isn't selected first, go about my business, then look at it again after a while and it's selected again! The address is 127.0.0.1 and the port is 8118 every time I get those weird tabs randomly opening. I've run spybot (in safe mode and regular mode), adwcleaner, JRT, and google chrome has noticed something odd because I get something about a cleanup toolbar from them. Nothing works!

These issues only appear to be affecting my online activities, but I don't want anything worse to come up as a result of ignoring it.

 

Thanks again,

 

cmk36

 

 

Attached Files


Edited by cmk36, 24 October 2015 - 01:02 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 24 October 2015 - 05:23 PM

Hello cmk36 and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
:hello:
 
Sincerely

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 24 October 2015 - 06:56 PM

Hi cmk36,
 
Please do the in turn following
 
Only my suggestion; Please Uninstall
Spybot - Search & Destroy 2
=====================================
Please go to Start, Click Control Panel , click Programs and then click Programs and Features if it still exists:
Please uninstall the following applications:
 
COMODO
Should I Remove It / Reason Software
Full Updater
Anti Virus Software
Megasoft Security
Interstat
protectedio.com
groovorio.com
McAfee
C:\Program Files (x86)\Anti Virus Software

 
And PC restart
=======================================================================================
Download the McAfee Removal Tool.

Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y.
And PC restart
=======================================================================================
Step1:
icon_zps423a0d9f.jpgPlease download ZHPcleaner to your desktop.
  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
Step2:
Browser Reset:
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.Proceed with the reset once done.Step 3:
I would suggest you to go through the following steps and check.
 
İE Proxy reset:
a ) Under "Tools" in the browser tool bar select "Internet Options".
b ) In the "Internet Options" Window that pops up, click the "Connections" tab at the top.
c ) Click "LAN Settings" near the bottom of the "Connections" section.
d ) If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it.
e ) Click "Ok" to close the "Local Area Network (LAN) Settings" window.
f ) Click "Ok" to close the "Internet Options" Window.
 
Now check if you are able to connect to Internet Explorer.
 
Firefox proxy reset:
http://How to reset the proxy infirefox
 
 To check your Firefox proxy settings:



  • Click the menu button and choose Options

  • Select the Advanced panel.
  • Select the Network tab.
  • In the Connection section, click Settings....
  • Change your proxy settings:

    • If you don't connect to the Internet through a proxy (or don't know whether you connect through a proxy), select No Proxy.
  • Click OK to close the Connection Settings window.
  • Click OK to close the Options window
  • Chrome proxy reset:

    • Click "Customize and Control Google Chrome" menu.
    • Click "Options" button.
    • Under "Google Chrome Options" window select 'Under the Hood" tab
    • In the 'Network' section, click the "Change proxy settings" button.
    • Under "Internet Properties" window click "Lan settings" button.
    • Under "Local Area Network (LAN) Settings" window click on the Proxy server for your LAN"
    • If you don't connect to the Internet through a proxy (or don't know whether you connect through a proxy), select No Proxy. (unticked)
    • Click OK and Apply to save the settings.
    Step4:
    FRST Script:
    Please download this attached  Attached File  Fixlist.txt   13.21KB   5 downloads  and save it in the same directory as FRST.
    • Start FRST with Administrator privileges.
    • Press the Fix button.
    • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
      Please copy and paste its contents in your next reply.
    NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
    and fixlist.txt are in the same location or the fix will not work.
     
    Step 5:
    Scan with Malwarebytes Antimalware:

    Please download Malwarebytes Anti-Malware to your desktop.
    • Double-click the downloaded setup file and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    If the program is already installed:
    • Run Malwarebytes Antimalware
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply
    Step 6:
    Run Eset Online Scan

    Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

    In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

    Please go to here to run the online scannner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option "Scan Archives" and Remove found threats is ticked
    • Click on Advanced Settings and ensure these options are ticked:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Scan
    • Wait for the scan to finish
    • If any threats were found, click the 'List of found threats' , then click Export to text file....
    • Save it to your desktop, then please copy and paste that log as a reply to this topic.
    Please do the in turn
     
    Have a nice day
     
    Attached File  Fixlist.txt   13.21KB   5 downloads

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 cmk36

cmk36
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 24 October 2015 - 07:46 PM

I am having issues downloading ZHPCleaner. I'm not sure if it's my connection or what, but it won't download.



#5 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 25 October 2015 - 05:47 AM

Okay.
Let's do that like this;

 

Please do step 4 before. And PC restart

Then Step1,2.3.5.6  proceed as.  If step 1 still does not work.  Go to step 2


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 cmk36

cmk36
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 28 October 2015 - 09:45 AM

I got the ZHP Cleaner now, but the last step is taking me to a page where I have to purchase ESET. Is there supposed to be a free scan or download?



#7 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 28 October 2015 - 08:06 PM

I got the ZHP Cleaner now, but the last step is taking me to a page where I have to purchase ESET. Is there supposed to be a free scan or download?

Yes.
ESET Online scanner is free
Please download the software on the desktop, with Internet Explorer browser  And follow the instructions. So try run again


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 cmk36

cmk36
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 29 October 2015 - 10:56 AM

Sorry for the delay, I think I've finally got everything. 

 

 

~ ZHPCleaner v2015.10.22.368 by Nicolas Coolman (2015/10/22)
~ Run by Connie (Administrator)  (24/10/2015 22:18:48)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Connie\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Connie\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit  (Build 9600)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (1)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : <local>]  =>Hijacker.Proxy
 
 
---\\  Hosts file (0)
~ No malicious or unnecessary items found.
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.
 
 
---\\  Registry ( Key, Value, Data) (2)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SecureWeb []  =>PUP.Optional.SecureSoft
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SecureWebChannel []  =>PUP.Optional.SecureSoft
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 197
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 3
 
 
~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-24102015-22_18_57.txt
ZHPCleaner-[S]-24102015-22_16_07.txt
 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015
Ran by Connie (2015-10-24 22:27:48) Run:1
Running from C:\Users\Connie\Desktop
Loaded Profiles: Connie (Available Profiles: UpdatusUser & Connie & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Megasoft Security
C:\Users\Connie\AppData\Roaming\Interstat\interstat.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\Run: [Interstat] => C:\Users\Connie\AppData\Roaming\Interstat\interstat.exe [1040896 2015-10-09] (Weather Channel)
HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\MountPoints2: {cf2d33d2-7f25-11e3-be81-b8ca3aca4627} - "E:\TL_Bootstrap.exe" 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
ProxyServer: [S-1-5-21-2188250834-3432737942-1004093775-1002] => 127.0.0.1:8118
RemoveProxy: [S-1-5-21-2188250834-3432737942-1004093775-1002] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=8022c36405a6477cf728ad62a3f31a05&c=p1&src=srch&inst=1445308151
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=8022c36405a6477cf728ad62a3f31a05&c=p1&src=srch&inst=1445308151
SearchScopes: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002 -> {D2605DB2-25AB-48C1-809C-83DB72458BF6} URL = 
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR HomePage: Default -> hxxp://groovorio.com/?f=1&a=grv_keyd4_14_24&cd=2XzuyEtN2Y1L1Qzu0Bzz0C0AtA0A0C0AyEyCtByBzz0A0FtCtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1QyE1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyC0AtByD0D0BtB0EtG0D0AyB0AtGtAyByCyCtGtDzy0B0FtGtAyE0AtDyCtAyEyDtDtD0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzyyDtA0EyB0BtGtAyDtB0AtGyEyBtD0AtG0AzytC0BtGzyyB0DtCyEtB0D0F0EyEzyyB2Q&cr=574209132&ir=
R2 PrivoxyService; C:\Program Files (x86)\Megasoft Security\privoxy.exe [371200 2015-10-19] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S3 iscFlash; \??\C:\Users\Connie\AppData\Local\Temp\7zS2B04.tmp\iscflashx64.sys [X]
C:\Program Files (x86)\Megasoft Security
C:\Program Files (x86)\GUMA766.tmp
C:\Users\Connie\Desktop\Antivirus & Such
C:\windows\System32\Tasks\COMODO
C:\ProgramData\Comodo
C:\windows\System32\Tasks\Anti Virus Software Job
C:\Users\Connie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Interstat
C:\Users\Connie\AppData\Roaming\Interstat
C:\Program Files (x86)\Anti Virus Software
C:\windows\system32\Drivers\etc\hosts.20151008-214121.backup
C:\windows\system32\Drivers\etc\hosts.20151007-123846.backup
C:\windows\System32\Tasks\Megasoft Security Job
C:\windows\System32\Tasks\Full Updater
C:\Users\Connie\AppData\Roaming\Full Updater
C:\Users\Connie\Downloads\Avic F update anc fix files.exe
C:\windows\PFRO.log
2013-02-04 14:19 - 2013-02-04 14:20 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-02-04 14:17 - 2013-02-04 14:17 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-02-04 14:17 - 2013-02-04 14:18 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-02-04 14:16 - 2013-02-04 14:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-02-04 14:18 - 2013-02-04 14:19 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
C:\Users\Connie\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\Connie\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\Connie\AppData\Local\Temp\GPUpd5619B8360.exe
C:\Users\Connie\AppData\Local\Temp\GPUpd5621184A0.exe
C:\Users\Connie\AppData\Local\Temp\hp_u_23248383.exe
C:\Users\Connie\AppData\Local\Temp\hp_u_83838218.exe
C:\Users\Connie\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Connie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {69D3C356-7CE1-4D3B-ABD9-27D1EE53B094} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {80F8A3AB-0792-47BB-A331-8C67739E7E39} - System32\Tasks\Full Updater => C:\Users\Connie\AppData\Roaming\Full Updater\Full Updater.exe
Task: {8D1B279C-0609-427E-8D58-825DA05FFBCF} - System32\Tasks\{7B6B8A74-009D-4B61-9732-4E0A254E25AE} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.21.0.104&amp;LastError=12002
Task: {A5CA11F2-4CCA-4104-81A9-660852C59BE2} - System32\Tasks\Anti Virus Software Job => C:\Program Files (x86)\Anti Virus Software\Anti VirusSoftware.exe [2015-10-09] (Backup Updater) <==== ATTENTION
Task: {C260CA77-53FC-4B3E-880A-79FAD8A0CD4D} - System32\Tasks\{0052ACC4-9139-4371-8F4F-6808A5026F71} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.11.0.102&amp;LastError=12031
Task: {D5A99B1A-7A3B-4F14-A0DD-47DCF2121406} - System32\Tasks\Megasoft Security Job => C:\Program Files (x86)\Megasoft Security\jptask.exe [2015-10-19] (West CH Soft) <==== ATTENTION
Task: {ECB7A7C1-14DD-4F66-B825-B761EE5F6846} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {F117D872-191C-46EA-A233-107391ED918E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files (x86)\Megasoft Security\mgwz.dll
AlternateDataStreams: C:\Users\Connie\Downloads\adwcleaner_4.206.exe:BDU
AlternateDataStreams: C:\Users\Connie\Downloads\Opera_NI_stable.exe:BDU
AlternateDataStreams: C:\Users\Connie\Downloads\spybot-2.4.exe:BDU
AlternateDataStreams: C:\Users\Connie\Downloads\SWTOR_setup.exe:BDU
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\...\123simsen.com -> www.123simsen.com
FirewallRules: [{2DAA36F6-95D2-4D5A-9A42-ECECCF388B01}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{328159B7-8FEC-4012-8A26-7D1B3534C8B3}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McAWFwk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\mcmscsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McNaiAnn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McNASvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McODS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McOobeSv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\MSK80Service
CMD: bitsadmin /reset /allusers
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Megasoft Security => moved successfully
"C:\Users\Connie\AppData\Roaming\Interstat\interstat.exe" => not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Interstat => value removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf2d33d2-7f25-11e3-be81-b8ca3aca4627}" => key removed successfully
HKCR\CLSID\{cf2d33d2-7f25-11e3-be81-b8ca3aca4627} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}" => key removed successfully
HKCR\Wow6432Node\CLSID\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} => key not found. 
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}" => key removed successfully
HKCR\CLSID\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} => key not found. 
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D2605DB2-25AB-48C1-809C-83DB72458BF6}" => key removed successfully
HKCR\CLSID\{D2605DB2-25AB-48C1-809C-83DB72458BF6} => key not found. 
HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10 => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10 => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value not found.
Chrome HomePage => removed successfully
PrivoxyService => service not found.
HipShieldK => service not found.
mferkdet => service not found.
iscFlash => service removed successfully
"C:\Program Files (x86)\Megasoft Security" => not found.
C:\Program Files (x86)\GUMA766.tmp => moved successfully
C:\Users\Connie\Desktop\Antivirus & Such => moved successfully
C:\windows\System32\Tasks\COMODO => moved successfully
C:\ProgramData\Comodo => moved successfully
C:\windows\System32\Tasks\Anti Virus Software Job => moved successfully
C:\Users\Connie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Interstat => moved successfully
"C:\Users\Connie\AppData\Roaming\Interstat" => not found.
C:\Program Files (x86)\Anti Virus Software => moved successfully
C:\windows\system32\Drivers\etc\hosts.20151008-214121.backup => moved successfully
C:\windows\system32\Drivers\etc\hosts.20151007-123846.backup => moved successfully
C:\windows\System32\Tasks\Megasoft Security Job => moved successfully
C:\windows\System32\Tasks\Full Updater => moved successfully
C:\Users\Connie\AppData\Roaming\Full Updater => moved successfully
C:\Users\Connie\Downloads\Avic F update anc fix files.exe => moved successfully
C:\windows\PFRO.log => moved successfully
C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully
C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log => moved successfully
C:\Users\Connie\AppData\Local\Temp\BlackBerryDeviceManager.exe => moved successfully
C:\Users\Connie\AppData\Local\Temp\BlackBerryLauncher.exe => moved successfully
C:\Users\Connie\AppData\Local\Temp\GPUpd5619B8360.exe => moved successfully
C:\Users\Connie\AppData\Local\Temp\GPUpd5621184A0.exe => moved successfully
C:\Users\Connie\AppData\Local\Temp\hp_u_23248383.exe => moved successfully
C:\Users\Connie\AppData\Local\Temp\hp_u_83838218.exe => moved successfully
C:\Users\Connie\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{69D3C356-7CE1-4D3B-ABD9-27D1EE53B094}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69D3C356-7CE1-4D3B-ABD9-27D1EE53B094}" => key removed successfully
C:\windows\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80F8A3AB-0792-47BB-A331-8C67739E7E39}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80F8A3AB-0792-47BB-A331-8C67739E7E39}" => key removed successfully
C:\windows\System32\Tasks\Full Updater => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Full Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D1B279C-0609-427E-8D58-825DA05FFBCF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D1B279C-0609-427E-8D58-825DA05FFBCF}" => key removed successfully
C:\windows\System32\Tasks\{7B6B8A74-009D-4B61-9732-4E0A254E25AE} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7B6B8A74-009D-4B61-9732-4E0A254E25AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5CA11F2-4CCA-4104-81A9-660852C59BE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5CA11F2-4CCA-4104-81A9-660852C59BE2}" => key removed successfully
C:\windows\System32\Tasks\Anti Virus Software Job => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Anti Virus Software Job" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C260CA77-53FC-4B3E-880A-79FAD8A0CD4D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C260CA77-53FC-4B3E-880A-79FAD8A0CD4D}" => key removed successfully
C:\windows\System32\Tasks\{0052ACC4-9139-4371-8F4F-6808A5026F71} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0052ACC4-9139-4371-8F4F-6808A5026F71}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5A99B1A-7A3B-4F14-A0DD-47DCF2121406} => key not found. 
C:\windows\System32\Tasks\Megasoft Security Job => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Megasoft Security Job" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ECB7A7C1-14DD-4F66-B825-B761EE5F6846}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECB7A7C1-14DD-4F66-B825-B761EE5F6846}" => key removed successfully
C:\windows\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F117D872-191C-46EA-A233-107391ED918E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F117D872-191C-46EA-A233-107391ED918E}" => key removed successfully
C:\windows\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" => key removed successfully
"C:\Program Files (x86)\Megasoft Security\mgwz.dll" => not found.
C:\Users\Connie\Downloads\adwcleaner_4.206.exe => ":BDU" ADS removed successfully.
C:\Users\Connie\Downloads\Opera_NI_stable.exe => ":BDU" ADS removed successfully.
C:\Users\Connie\Downloads\spybot-2.4.exe => ":BDU" ADS removed successfully.
C:\Users\Connie\Downloads\SWTOR_setup.exe => ":BDU" ADS removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com" => key removed successfully
"HKU\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DAA36F6-95D2-4D5A-9A42-ECECCF388B01} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{328159B7-8FEC-4012-8A26-7D1B3534C8B3} => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McAWFwk => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\mcmscsvc => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McNaiAnn => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McNASvc => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McODS => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McOobeSv => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McProxy => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\MSK80Service => Error: No automatic fix found for this entry.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {267F8486-6E24-4753-84A6-7B7097C5A9C9}.
Unable to cancel {EC6BB7CA-78E0-46F6-AA62-FB80583252BE}.
Unable to cancel {AB00C97D-0A2C-43BC-8763-B82E7A38F7B9}.
Unable to cancel {A4486393-7E24-4229-BB08-8D4CF15DE369}.
0 out of 4 jobs canceled.
 
========= End of CMD: =========
 
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 23.1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 22:28:40 ====
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/24/2015
Scan Time: 22:33
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.10.24.07
Rootkit Database: v2015.10.23.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Connie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 416388
Time Elapsed: 19 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 

C:\FRST\Quarantine\C\Program Files (x86)\Megasoft Security\amint.dll a variant of Win32/Techsnab.V potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Megasoft Security\amint64.dll a variant of Win64/Techsnab.B potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Megasoft Security\jptask.exe a variant of Win32/Techsnab.AB potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Megasoft Security\swchromium.exe a variant of Win32/Techsnab.AB potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Megasoft Security\swchromium64.exe a variant of Win64/Techsnab.B potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Connie\AppData\Local\Temp\GPUpd5619B8360.exe.xBAD a variant of Win32/Techsnab.Z potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Connie\AppData\Local\Temp\hp_u_23248383.exe.xBAD a variant of Win32/Techsnab.AB potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Connie\AppData\Roaming\Full Updater\Full Updater.exe a variant of Win32/Techsnab.AB potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\Backup\DBRUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A potentially unsafe application cleaned by deleting - quarantined
 


#9 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 30 October 2015 - 05:36 AM

Nice, Is there another problem ?

--------------------

 

Hosts File
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:

  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

A good source of information about safe computing is this topic by quietman7.

 

==============================================================================

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 cmk36

cmk36
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 02 November 2015 - 02:04 PM

RogueKiller V10.11.3.0 [Oct 26 2015] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Connie [Administrator]
Started from : C:\Users\Connie\Downloads\RogueKiller.exe
Mode : Scan -- Date : 11/02/2015 14:02:49
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.4.16.201 10.4.16.1 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.4.16.201 10.4.16.1 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CE35D3B5-DB25-4014-9778-B14E23AEA379} | DhcpNameServer : 10.4.16.201 10.4.16.1 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CE35D3B5-DB25-4014-9778-B14E23AEA379} | DhcpNameServer : 10.4.16.201 10.4.16.1 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1} -> Found
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] b60de132b5daa76cc4ca899b30cab58d
[BSP] 11c34a9ca2f0e3fc8d99e84de3303db4 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 500 MB
4 - Basic data partition | Offset (sectors): 2394112 | Size: 466432 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 957646848 | Size: 350 MB
6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 958363648 | Size: 8985 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 4ed8a2c31f13e38f9dbec8bdd9fb18d1
[BSP] 122d41ebba1e46a127fc772d96d4ca9c : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 8190 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!


#11 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 02 November 2015 - 05:45 PM

Close all programs and disconnect any USB or external drives before running the tool.

  • Double-click RogueKiller.exe to run the tool again (Vista or 7 users: Right-click and select Run As Administrator).
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished".
    • Click the Registry Tab and select the following items:
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.4.16.201 10.4.16.1 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.4.16.201 10.4.16.1 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CE35D3B5-DB25-4014-9778-B14E23AEA379} | DhcpNameServer : 10.4.16.201 10.4.16.1 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CE35D3B5-DB25-4014-9778-B14E23AEA379} | DhcpNameServer : 10.4.16.201 10.4.16.1 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUP][Folder] C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1} -> Found
    • Click the Delete button.
  • Attach the RogueKiller report to your next reply.
    • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex)
    • The highest number of [X], is the most recent Delete

 

Let us know the result afterwards. How is now ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 cmk36

cmk36
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 04 November 2015 - 10:43 AM

RogueKiller V10.11.3.0 [Oct 26 2015] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Connie [Administrator]
Started from : C:\Users\Connie\Downloads\RogueKiller.exe
Mode : Delete -- Date : 11/04/2015 10:40:33
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2188250834-3432737942-1004093775-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.4.16.201 10.4.16.1 ([(Private Address) (XX)][(Private Address) (XX)])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.4.16.201 10.4.16.1 ([(Private Address) (XX)][(Private Address) (XX)])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CE35D3B5-DB25-4014-9778-B14E23AEA379} | DhcpNameServer : 10.4.16.201 10.4.16.1 ([(Private Address) (XX)][(Private Address) (XX)])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CE35D3B5-DB25-4014-9778-B14E23AEA379} | DhcpNameServer : 10.4.16.201 10.4.16.1 ([(Private Address) (XX)][(Private Address) (XX)])  -> Replaced ()
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1} -> Deleted
[PUP][File] C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\DDV.dat -> Deleted
[PUP][File] C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\DDV.exe -> Deleted
[PUP][File] C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\DDV.lnk -> Deleted
[PUP][File] C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\DDV.msi -> Deleted
[PUP][File] C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\DDV.par -> Deleted
[PUP][File] C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\DDV.res -> Deleted
[PUP][File] C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}\mia.lib -> Deleted
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
 
I think it's good to go now. Haven't had any issues since about halfway through this process.
 
Thanks so much!!


#13 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 04 November 2015 - 02:24 PM

Perfect :thumbup2:

 

Please do the following,

Download zoek.exe to your Desktop:
http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here
http://www.bleepingc...opic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear

Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

 

createsrpoint;
autoclean;
emptyalltemp;
emptyclsid;

emptyfolderscheck;delete
ielook;
firefoxlook;
chromelook;

ipconfig /flushdns;b

 

Now...
Close any open programs.
Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 12 November 2015 - 10:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users