Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tcf.huntergui.com


  • Please log in to reply
12 replies to this topic

#1 cthulhufatagn

cthulhufatagn

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 27 November 2015 - 05:19 PM

As of yesterday my computer started trying to randomly download and install software without my permission and pop up ads. I ran a scan with both avast and malwarebytes and came up with over 1400 infection objects that I cleaned using these tools.I am no longer getitng any popups or anything else but every time I open the  chrome browser I get one of two alerts (random) from malwarebytes:-

 

Domain: tcf.huntergui.com

IP: 127.42.0.39

Port:52261

Type:Outbound

 

And

 

Domain: nhn.rundevelopers.com

IP: 127.42.0.6

Port: 52714

Type: Outbound

 

both pointing at the chrome executable and marked as malicious urls. Chrome has ground to a standstill.

 

Re-running both malwarebytes and avast show no threats detected. I tried googling both urls but every hit seems to be to fake removal instructions and a link to download some software called Spyhunter 4 which is apparently a scam.

 

The only even remotely relevant info I can find on the net talks about deleteing the google profile which I have done but the problem still persists. Google is also running very slowly.

 

Does anyone have any information at all regarding these browser hijacks and how to remove them? Info that DOES NOT instruct me to download spyhunter?

 

 

 



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:15 PM

Posted 27 November 2015 - 05:31 PM

Hello and welcome to BC,

 

SpyHunter is a rogue software, and you should remove it. 

 

-------

 

Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe
http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

§  Double-click on the Rkill desktop icon to run the tool.

§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.

§  black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

§  If not, delete the file, then download and use the one provided in Link 2.

§  Do not reboot until instructed.

§  If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from Safe Mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

-----

 

Kaspersky Virus Removal Tool

Please download Kaspersky Virus Removal Tool from here.

§  Right click on KVRT.exe and select Run as Administrator.

§  Read the EULA, then select Accept.

§  Wait for Kaspersky Virus Removal Tool to initialize.

§  In the main screen, select Change parameters, place a checkmark in System drive, then click OK.

§  Click Start scan.

§  Wait for Kaspersky Virus Removal Tool to complete scanning.

§  When the scan is finished, select Neutralize all for all detected objects.

§  Close Kaspersky Virus Removal Tool when done.

Informe me if something is detected.

------

 

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  In EULA window click I agree.

§  Click on Scan button.

§  When the scan has finished click on Cleaning button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[C1].txt as well.

-----------

 

Please download Junkware Removal Tool  to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, 8 or 10; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

------------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 cthulhufatagn

cthulhufatagn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 28 November 2015 - 10:13 PM

Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/27/2015 10:36:42 PM in x86 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * b06bdrv [Missing Service]
 * ebdrv [Missing Service]
 * HdAudAddService [Missing Service]
 * iaLPSSi_GPIO [Missing Service]
 * iaLPSSi_I2C [Missing Service]
 * ibbus [Missing Service]
 * ksthunk [Missing Service]
 * mlx4_bus [Missing Service]
 * ndfltr [Missing Service]
 * PerfHost [Missing Service]
 * tunnel [Missing Service]
 * vpci [Missing Service]
 * WinMad [Missing Service]
 * WinVerbs [Missing Service]
 
 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_x86_a4832450a7024d49\CompositeBus.sys [Incorrect ImagePath]
 * NetTcpPortSharing => %systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [Incorrect ImagePath]
 * swenum => \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_x86_b6707c73599dd1b6\swenum.sys [Incorrect ImagePath]
 
 * PrintNotify => C:\WINDOWS\system32\spool\drivers\W32X86\3\PrintConfig.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 11/27/2015 10:36:57 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
 

---

 

Kaspersky detected lots of things. I would attach screenshots but don't know how to upload files to this forum. The highlghts are:-

 

VuuPC_VO2_8907[1].exe

 

(Legal software that can be used by criminals to damage your computer or personal data)

 

smt[1].exe

 

(Legal software that can be used by criminals to damage your computer or personal data)

 

BiTool[1].dll

 

(Trojan)

 

SfSetup[1].exe

 

(Trojan)

 

nsc6B02.tmp

 

(Legal software that can be used by criminals to damage your computer or personal data)

 

nsyFDE1,tmp

 

(Trojan)

 

F448.tmp.exe

 

(Object detected using KSN)

 

nsc6B02.tmp

 

(Legal software that can be used by criminals to damage your computer or personal data)

 

nsyFDE1.tmp

 

(Trojan)

 

---

 

# AdwCleaner v5.022 - Logfile created 29/11/2015 at 02:03:32
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 10 Pro  (x86)
# Username : Richard - THECOVEN
# Running from : C:\Users\Richard\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\Toolbar Cleaner
[-] Folder Deleted : C:\Program Files\DriverToolkit
[-] Folder Deleted : C:\Program Files\A417C660-1448308102-2CAE-D0F9-0019997626CA
[-] Folder Deleted : C:\Program Files\Common Files\Speedbit
[-] Folder Deleted : C:\ProgramData\Search Protection
[-] Folder Deleted : C:\ProgramData\SNT
[-] Folder Deleted : C:\ProgramData\Speedbit
[-] Folder Deleted : C:\Users\Public\Documents\Speedbit
[-] Folder Deleted : C:\Users\Public\Documents\Guid
[-] Folder Deleted : C:\Users\Rebecca\AppData\LocalLow\adawaretb
[-] Folder Deleted : C:\Users\Richard\AppData\Local\genienext
[-] Folder Deleted : C:\Users\Richard\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Richard\AppData\Local\torch
[-] Folder Deleted : C:\Users\Richard\AppData\Local\DriverToolkit
[-] Folder Deleted : C:\Users\Richard\AppData\Local\A417C660-1448400867-2CAE-D0F9-0019997626CA
[-] Folder Deleted : C:\Users\Richard\AppData\LocalLow\adawaretb
[-] Folder Deleted : C:\Users\Richard\AppData\LocalLow\Toolbar4
[-] Folder Deleted : C:\Users\Richard\AppData\LocalLow\Speedbit
[-] Folder Deleted : C:\Users\Richard\AppData\Roaming\Store
[-] Folder Deleted : C:\Users\Richard\AppData\Roaming\RunDir
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
[-] Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
[-] Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-596631634
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cikkkfooompgefbcjlgdjejfdknkheaj
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nlcphjankhppgohedpkjonpadimhaoof
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8018C54-B702-4D52-9ACC-8CA78911E633}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C6A846C5-D67F-48B4-8552-C22354E56966}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C321541F-B22D-4593-AC1A-9634812A4E40}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
[-] Key Deleted : HKCU\Software\FlowSurf
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\OCS
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\ProgSense
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\SpeedBit
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\adawaretb
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
[-] Key Deleted : HKLM\SOFTWARE\SpeedBit
[-] Key Deleted : HKLM\SOFTWARE\SVH
[-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12102 bytes] ##########
 
---
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Pro x86 
Ran by Richard (Administrator) on 29/11/2015 at  2:11:58.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 9 
 
Failed to delete: C:\Users\Richard\AppData\Roaming\pdfforge (Folder) 
Successfully deleted: C:\ProgramData\ad-aware browsing protection (Folder) 
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) 
Successfully deleted: C:\Users\Richard\AppData\Local\adawarebp (Folder) 
Successfully deleted: C:\Users\Richard\AppData\Roaming\new version available (Folder) 
Successfully deleted: C:\WINDOWS\System32\${logfile} (File) 
Successfully deleted: C:\WINDOWS\System32\ai_recyclebin (Folder) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Program Files\pdfforge (Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/11/2015 at  2:16:06.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

 

 

 

 

 

 

 

 

 

 

 

 



#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:15 PM

Posted 29 November 2015 - 03:32 AM

You can upload screenshots of Kaspersky log to: sendspace.com and post link here.

 

------

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  List Winsock Entries

§  List Installed Programs

§  List Devices

§  List Users, Partitions and Memory size.

Click Go and post the result (MTB.txt). A copy of MTB.txt will be saved in the same directory the tool is run.

------

 

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

§  Make sure the following options are checked:
 

o    Internet Services

o    Windows Firewall

o    System Restore

o    Security Center/Action Center

o    Windows Update

o    Windows Defender

o    Other Services

§  Press "Scan".

§  It will create a log (FSS.txt) in the same directory the tool is run.

§  Please copy and paste the log to your reply.

-----


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#5 cthulhufatagn

cthulhufatagn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 29 November 2015 - 05:54 PM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Richard (administrator) on 29-11-2015 at 22:41:18
Running from "F:\Users\Richard\Downloads"
Microsoft Windows 10 Pro  (X86)
Model: ESPRIMO P1500 Manufacturer: FUJITSU
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\system32\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
 
=========================== Installed Programs ============================
 
Ad-Aware Antivirus (HKLM\...\{CB2AEF35-F448-4259-B7C0-7D1F8517EBA2}_AdAwareUpdater) (Version: 11.9.662.8718 - Lavasoft)
AdAwareInstaller (HKLM\...\{2EEA66A1-AD06-4E4A-9787-526CA5A5C978}) (Version: 11.9.662.8718 - Lavasoft) Hidden
AdAwareUpdater (HKLM\...\{CB2AEF35-F448-4259-B7C0-7D1F8517EBA2}) (Version: 11.9.662.8718 - Lavasoft) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\{31B9D218-FED2-4C6C-B19F-7294FFC130B0}) (Version: 18.0.0.144 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001824161310}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Agent Ransack (HKLM\...\{10023749-4ED1-4AB3-9DB2-F4A7F9DF627F}) (Version: 7.0.822.1 - Mythicsoft Ltd)
Android SDK Tools (HKLM\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
AntimalwareEngine (HKLM\...\{6E5FAEC8-C3C1-44E8-B8DE-CE3F9568BF85}) (Version: 3.0.98.0 - Lavasoft) Hidden
Archeblade (HKLM\...\Steam App 207230) (Version:  - CodeBrush Games)
Audiggle version 3.0.0.2 (HKLM\...\{FCAD9ED0-C00F-45FA-91DB-F89140EFAB3A}_is1) (Version: 3.0.0.2 - Audiggle LTD)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Avant Browser (remove only) (HKLM\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.4.2233 - AVAST Software)
AzureTools.Notifications (HKLM\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
BBC iPlayer Downloads (HKLM\...\{797389EC-980E-423A-AFC1-1C351339DCB6}) (Version: 1.14.1 - BBC)
Behaviors SDK (XAML) for Visual Studio (HKLM\...\{0B5E43C7-965D-4AF4-A33E-5FA35B6660C8}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (HKLM\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM\...\{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM\...\{9347889B-C22A-3905-901F-C05D8F73C929}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cheat Engine 6.3 (HKLM\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Combined Community Codec Pack 2014-04-20 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2014.04.20.0 - CCCP Project)
CPUID CPU-Z 1.74 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
DDS Viewer (HKLM\...\{707333E0-C796-4E2D-B0DA-5A429706C361}_is1) (Version:  - IdeaMK)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dolphin x86 (HKLM\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Dotfuscator and Analytics Community Edition (HKLM\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
EaseUS Partition Recovery 8.5 (HKLM\...\EaseUS Partition Recovery_is1) (Version:  - EaseUS)
EAX™ Unified (SHELL) (HKLM\...\EAX™ Unified (SHELL)) (Version:  - )
EMCO MoveOnBoot 2.3 (HKLM\...\{A425D664-4244-4DDF-96BF-5DCE8BA6DCC6}) (Version: 2.3.5.3510 - EMCO Software)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM\...\{3F29268A-F53A-4387-9F2B-E9368A823178}) (Version: 11.1.30729.00 - Microsoft Corporation)
Entity Framework Tools for Visual Studio 2013 (HKLM\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
ExamDiff 1.9 (Build 1.9.0.2) (HKLM\...\ExamDiff_is1) (Version: 1.9.0.2 - PrestoSoft LLC)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version:  - )
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
FileZilla Client 3.8.1 (HKLM\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Free MP3 WMA OGG Converter 10.1.2 (HKLM\...\Free MP3 WMA OGG Converter_is1) (Version:  - CyberPower Tech, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
HF pAppLoc version 1.0 (HKLM\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.0 - Inquisitor)
Hospital Hooters 1.0 (HKLM\...\Hospital Hooters_is1) (Version:  - fuegerstef)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
IObit Unlocker (HKLM\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.66.18 - Oracle Corporation) Hidden
Java SE Development Kit 7 Update 71 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
JavaScript Tooling (HKLM\...\{EB37C117-9C83-4696-A493-8AFBAC8F9FFC}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.6.0 Standard (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
KMSnano 24 (HKLM\...\KMSnano 24_is1) (Version: KMSnano 24 - )
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Lagarith lossless video codec (Remove Only) (HKLM\...\LAGARITH) (Version:  - )
LocalESPC Dev12 (HKLM\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
LucasArts' Grim Fandango (HKLM\...\LucasArts' Grim Fandango) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mercurial 3.5 (HKLM\...\{4B95A5F1-EF59-4B08-BED8-C891C46121B3}_is1) (Version:  - Matt Mackall and others)
Mercurial 3.5.0 (x86) (HKLM\...\{A5707ED7-81F3-4650-B1FE-E0148508B1E0}) (Version: 3.5.0 - Matt Mackall and others)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{5EF1EBC5-4A40-4D1C-B02E-0C54BC93FD06}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{FE939060-416C-4ECD-890E-13776E2707C4}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{544ACD54-9FAA-4A60-A1E7-B2EC3AA75D24}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E7654811-38F9-4225-9688-827FDA716582}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM\...\{1332237f-35bb-462a-b1bb-3c3cc95e2909}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{D58573E7-F82D-41E4-B10B-3041202A51D2}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{1F4DF099-EA5C-482D-9901-C0A8B539B417}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.2 (HKLM\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mp3tag v2.65a (HKLM\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MusicBee 2.4 (HKLM\...\MusicBee) (Version: 2.4 - Steven Mayall)
MusicBrainz Picard (HKLM\...\MusicBrainz Picard) (Version: 1.3 - MusicBrainz)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (HKLM\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera Stable 33.0.1990.98 (HKLM\...\Opera 33.0.1990.98) (Version: 33.0.1990.98 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paint Shop Pro 6.02 EVAL (HKLM\...\Paint Shop Pro 6) (Version:  - )
pdfforge Images2PDF 0.9.7.1125 (HKLM\...\{00120495-F25C-4F44-9DC7-2D812D025DBA}) (Version: 0.9.7.1125 - pdfforge)
piaip AppLocale (HKLM\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Plague Inc: Evolved (HKLM\...\Steam App 246620) (Version:  - Ndemic Creations)
PreEmptive Analytics Visual Studio Components (HKLM\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Process Tamer 2.11.01 (HKLM\...\Process Tamer_is1) (Version:  - )
PUSH Entertainment - Video Wallpaper (HKLM\...\Video Wallpaper_is1) (Version: 2.23 - PUSH Entertainment)
Python Tools Redirection Template (HKLM\...\{EE541DCE-3018-4A12-B0A3-7C55D62B3D01}) (Version: 1.1 - Microsoft Corporation) Hidden
QT Lite 4.1.0 (HKLM\...\quicktime_lite_is1) (Version: 4.1.0 - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Remote Desktop Connection Manager (HKLM\...\{0240359E-6A4C-4884-9E94-B397A02D893C}) (Version: 2.7.14060 - Microsoft Corporation)
Sakura Clicker (HKLM\...\Steam App 383080) (Version:  - Winged Cloud)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0015-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0019-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1F79A96A-2A70-45B3-8A5C-79DA61952879}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUS_{9BB6CB7C-80E3-4F73-8A82-E3D88A3721BE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{64B94D95-B6EC-4E25-832F-D15B13ACFB0C}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-002C-0409-0000-0000000FF1CE}_Office15.PROPLUS_{14584904-277D-4E54-88E8-7705B774B526}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0044-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{0489F084-D6CB-46CE-BFA3-C142E7278864}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-00E1-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-00E2-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0115-0409-0000-0000000FF1CE}_Office15.PROPLUS_{0489F084-D6CB-46CE-BFA3-C142E7278864}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0117-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SharePoint Client Components (HKLM\...\{95150001-1163-0409-0000-0000000FF1CE}) (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SourceTree (HKLM\...\{BE486116-BF49-40E0-A191-9A90AB854342}) (Version: 1.6.18 - Atlassian) Hidden
SourceTree (HKLM\...\SourceTree 1.6.18) (Version: 1.6.18 - Atlassian)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (HKLM\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Tixati (HKLM\...\tixati) (Version:  - )
Tools for .Net 3.5 (HKLM\...\{1690CE56-2231-4E59-9006-A0876D949EA8}) (Version: 3.11.50727 - Microsoft Corporation) Hidden
TortoiseHg 3.4.1 (x86) (HKLM\...\{5C96B002-4FF9-41E1-A86B-96AF9FE6975D}) (Version: 3.4.1 - Steve Borho and others)
Tunatic (HKLM\...\Tunatic) (Version:  - )
Undelete 360 (HKLM\...\Undelete 360_is1) (Version:  - File Recovery Ltd.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-569a6ab8-6d34-425c-aefc-df389c2b9b26) (Version:  - Epic Games, Inc.)
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Vhd Resizer (HKLM\...\{8FAA57C5-7BD1-4285-B4B1-36D7337D7BE5}) (Version: 1.0.42 - Xcarab)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WCF Data Services 5.6.0 Runtime (HKLM\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows 8 Codecs Pack 1.0.0 (HKLM\...\w8cpsetup_is1) (Version: 1.0.0 - Web Solution Mart)
WinHTTrack Website Copier 3.48-3 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.3 - HTTrack)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Workflow Manager Client 1.0 (HKLM\...\{53DBDBE5-D55D-40C5-99CF-1A06D33FC440}) (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{81DB4C1C-8B59-42D4-B94E-A9168F2FE1D7}) (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
Xamarin Universal Installer (HKLM\...\{7712af8a-6ddd-4800-8e70-8396be7ff273}) (Version: 3.5.0.0 - Xamarin, Inc)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 60%
Total physical RAM: 3070.42 MB
Available physical RAM: 1200.06 MB
Total Virtual: 6142.42 MB
Available Virtual: 3083.12 MB
 
========================= Partitions: =====================================
 
1 Drive c: (SYSTEM) (Fixed) (Total:111.74 GB) (Free:12.46 GB) NTFS
2 Drive e: (DATA1) (Fixed) (Total:298.09 GB) (Free:20.86 GB) NTFS
3 Drive f: (DATA2) (Fixed) (Total:232.88 GB) (Free:40.25 GB) NTFS
4 Drive g: () (Removable) (Total:14.87 GB) (Free:14.87 GB) FAT32
8 Drive l: (Breeze Block) (Fixed) (Total:931.51 GB) (Free:24.5 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\THECOVEN
 
Administrator            DefaultAccount           Guest                    
Rebecca                  Richard                  
 
 
**** End of log ****
 

Edited by cthulhufatagn, 30 November 2015 - 02:39 AM.


#6 cthulhufatagn

cthulhufatagn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 30 November 2015 - 02:37 AM

Farbar Service Scanner Version: 10-06-2014
Ran by Richard (administrator) on 29-11-2015 at 22:41:59
Running from "F:\Users\Richard\Downloads"
Microsoft Windows 10 Pro  (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\nsisvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tdx.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\mpssvc.dll => File is digitally signed
C:\WINDOWS\system32\bfe.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\WINDOWS\system32\SDRSVC.dll => File is digitally signed
C:\WINDOWS\system32\vssvc.exe => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuaueng.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\iphlpsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#7 cthulhufatagn

cthulhufatagn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 30 November 2015 - 02:56 AM

Sill getting malwarebytes alerts when using chrome. But ONLY when using chrome.



#8 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:15 PM

Posted 30 November 2015 - 02:58 AM

Uninstall Ad-Aware Antivirus and all Lavasoft software.
Uninstall IObit Unlocker.
 
-----
 
Open MBAM again:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#9 cthulhufatagn

cthulhufatagn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 30 November 2015 - 04:58 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 30/11/2015
Scan Time: 08:26
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.30.01
Rootkit Database: v2015.11.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x86
File System: NTFS
User: Richard
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 671643
Time Elapsed: 21 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 cthulhufatagn

cthulhufatagn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 30 November 2015 - 06:40 AM

Despite the fact that malwarebytes doesn't detect anything I am still getting alerts about the two urls and google is still slow. 

 

BTW- Why did you want me to uninstall iobit unlocker? I've kind of been using that tool a lot and find it quite useful. The other unlocker program I have doesn't work well with windows 10.


Edited by cthulhufatagn, 30 November 2015 - 08:45 AM.


#11 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:15 PM

Posted 30 November 2015 - 12:38 PM

Ok, if you find it useful, you should keep it. But many IObit programs have poor rating. So I don't recommend their usage. 

 

------

 

 

Reset Chrome...
Click on "Customize and control Google Chrome":

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...

How to Backup Bookmarks in Google Chrome

 

§  Close all Chrome windows and tabs.

§  Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)

§  Click Programs and Features.

§  Double-click Google Chrome.

§  Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#12 cthulhufatagn

cthulhufatagn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 30 November 2015 - 02:11 PM

Thank you for all your help.

 

I downloaded F-Secure which deteced two more trojans. Removed them. Uninstalled chrome. Removed my temp folder contents. Removed google folder from program files and google folder from userdata appdata locallow. Reinstalled chrome.

 

Problem seems to have gone away now :-)



#13 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:15 PM

Posted 30 November 2015 - 02:19 PM

Great.

 

This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download  DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

§  Activate UAC (optional; some users prefer to keep it off)

§  Remove disinfection tools

§  Create registry backup

§  Purge System Restore

Now click "Run" and wait patiently.
Once finished, a logfile will be created. You don't have to attach it to your next reply.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users