Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Snap.do infection, Malwarebytes and ESET cleared it, but remnants remain


  • Please log in to reply
20 replies to this topic

#1 hamerhokie

hamerhokie

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 28 December 2015 - 12:56 AM

I got hit with Snap.do a couple of days ago.  Using Malwarebytes and ESET I scanned my computer and eliminated the threats they found.  Two days later the scans show nothing but there is a remnant of Snap.do that tries to access an ad server site but is blocked by Malwarebytes every time.  

 

I just ran a Malwarebytes scan and I've posted the log below. How do I remove the lingering remnant?

 

Many thanks in advance.

 

-----------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/27/2015
Scan Time: 11:22 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.28.01
Rootkit Database: v2015.12.26.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sandy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329195
Time Elapsed: 19 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 

 

 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:04 PM

Posted 28 December 2015 - 12:31 PM

:welcome:

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 28 December 2015 - 02:09 PM

 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET Smart Security 9.0.349.0   
Windows Defender                
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (47.0.2526.106) 
 Google Chrome (47.0.2526.80) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2015.12.28.07
  rootkit: v2015.12.26.01
 
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18125
Sandy :: FRED [administrator]
 
12/28/2015 1:31:13 PM
mbar-log-2015-12-28 (13-31-13).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 328172
Time elapsed: 21 minute(s), 13 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 

# AdwCleaner v5.026 - Logfile created 28/12/2015 at 14:03:36
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Sandy - FRED
# Running from : C:\Users\Sandy\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Probit Software
Folder Found : C:\Users\Sandy\AppData\Roaming\UpdaterEX
Folder Found : C:\Users\Sandy\Documents\Probit Software
Folder Found : C:\Windows\SysNative\Tasks\UpdaterEX
 
***** [ Files ] *****
 
File Found : C:\END
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage-journal
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.driverupdate.net_0.localstorage
File Found : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.driverupdate.net_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : UpdaterEX
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Key Found : HKCU\Software\UpdaterEX
 
***** [ Web browsers ] *****
 
[C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcgnigmofekcllgbiejhmigggmgehkip
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2309 bytes] ##########

 

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Sandy (administrator) on 28-12-2015 at 14:08:49
Running from "C:\Users\Sandy\Downloads"
Microsoft Windows 8.1  (X64)
Model: Q302LA Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
0.0.0.1 mssplus.mcafee.com
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 7260 = Wi-Fi (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration


#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:04 PM

Posted 28 December 2015 - 03:22 PM

Hello,

:step1: System Summary Information
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply

***


:step2: Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step4: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.



***


How the computer is running now?



***


Edited by Jo*, 28 December 2015 - 03:22 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 29 December 2015 - 05:50 PM

Jo - for whatever reason, there is no file attach capability visible on my end, in the lower left corner or otherwise.  Do you have any other way of receiving my zipped file?
 
As to performance, Malwarebytes is still blocking a malicious website, api dot oasisspace dot net
 
-------
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2015.12.29.06
  rootkit: v2015.12.26.01
 
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18125
Sandy :: FRED [administrator]
 
12/29/2015 4:09:49 PM
mbar-log-2015-12-29 (16-09-49).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 328446
Time elapsed: 21 minute(s), 44 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
# AdwCleaner v5.026 - Logfile created 29/12/2015 at 17:01:33
# Updated 21/12/2015 by Xplode
# Database : 2015-12-29.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Sandy - FRED
# Running from : C:\Users\Sandy\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Probit Software
[-] Folder Deleted : C:\Users\Sandy\AppData\Roaming\UpdaterEX
[-] Folder Deleted : C:\Users\Sandy\Documents\Probit Software
[#] Folder Deleted : C:\Windows\SysNative\Tasks\UpdaterEX
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage-journal
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.driverupdate.net_0.localstorage
[-] File Deleted : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.driverupdate.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : UpdaterEX
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : HKCU\Software\UpdaterEX
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcgnigmofekcllgbiejhmigggmgehkip
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3425 bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64 
Ran by Sandy (Administrator) on Tue 12/29/2015 at 17:39:34.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Sandy\AppData\Roaming\sp_data.sys (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E2F44CAD34A0F975B8DA46FC57AC5B7F (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/29/2015 at 17:41:54.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:04 PM

Posted 29 December 2015 - 06:01 PM

please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 29 December 2015 - 10:28 PM

please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

 

OK, I messaged you the link.



#8 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:04 PM

Posted 30 December 2015 - 03:18 AM

please post the link again, because I deleted it for some reason.


I think the MiniToolbox log was not complete, please run it again and post the complete content of the log, thanks.

MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Edited by Jo*, 30 December 2015 - 03:27 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 30 December 2015 - 11:15 AM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Sandy (administrator) on 30-12-2015 at 11:14:36
Running from "C:\Users\Sandy\Downloads"
Microsoft Windows 8.1  (X64)
Model: Q302LA Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
0.0.0.1 mssplus.mcafee.com
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 7260 = Wi-Fi (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : FRED
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : F8-16-54-9E-72-68
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : hsd1.md.comcast.net.
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 7260
   Physical Address. . . . . . . . . : F8-16-54-9E-72-67
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6ce8:b1f1:7e98:4def%7(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.192(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, December 29, 2015 5:34:21 PM
   Lease Expires . . . . . . . . . . : Thursday, December 31, 2015 9:59:28 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 150476372
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-94-38-12-00-0E-C6-F4-7D-2E
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : F8-16-54-9E-72-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4006:806::1004
 173.194.123.33
 173.194.123.41
 173.194.123.34
 173.194.123.36
 173.194.123.39
 173.194.123.38
 173.194.123.32
 173.194.123.40
 173.194.123.46
 173.194.123.35
 173.194.123.37
 
 
Pinging google.com [74.125.226.35] with 32 bytes of data:
Reply from 74.125.226.35: bytes=32 time=17ms TTL=56
Reply from 74.125.226.35: bytes=32 time=22ms TTL=56
 
Ping statistics for 74.125.226.35:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 22ms, Average = 19ms
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=52ms TTL=53
Reply from 98.138.253.109: bytes=32 time=47ms TTL=53
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 47ms, Maximum = 52ms, Average = 49ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  8...f8 16 54 9e 72 68 ......Microsoft Wi-Fi Direct Virtual Adapter
  7...f8 16 54 9e 72 67 ......Intel® Dual Band Wireless-AC 7260
  5...f8 16 54 9e 72 6b ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.192     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.192    281
    192.168.0.192  255.255.255.255         On-link     192.168.0.192    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.192    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.192    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.192    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  7    281 fe80::/64                On-link
  7    281 fe80::6ce8:b1f1:7e98:4def/128
                                    On-link
  1    306 ff00::/8                 On-link
  7    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/29/2015 05:35:10 PM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/28/2015 01:24:05 AM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=47.0.2526.106;lang=;guid=085F19841C5B4FDFB73DA8C6F5D86CC3;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\6c122849-f5da-4908-acad-e4a6bae16aa5.dmp
 
Error: (12/27/2015 11:56:10 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1c94
 
Start Time: 01d1412b5aa600d0
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 4e597415-ad1f-11e5-827b-f816549e726b
 
Faulting package full name: ESPNInc.WatchESPN_1.3.1.1000_x64__hpt16c9c0eesj
 
Faulting package-relative application ID: App
 
Error: (12/27/2015 08:51:44 PM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/27/2015 08:49:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: Kindle.exe, version: 1.13.1.42052, time stamp: 0x5642352e
Faulting module name: QtSql4.dll, version: 4.8.6.0, time stamp: 0x5458aa83
Exception code: 0xc0000005
Fault offset: 0x0000c35d
Faulting process id: 0x12f8
Faulting application start time: 0xKindle.exe0
Faulting application path: Kindle.exe1
Faulting module path: Kindle.exe2
Report Id: Kindle.exe3
Faulting package full name: Kindle.exe4
Faulting package-relative application ID: Kindle.exe5
 
Error: (12/27/2015 08:47:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: Kindle.exe, version: 1.13.1.42052, time stamp: 0x5642352e
Faulting module name: QtSql4.dll, version: 4.8.6.0, time stamp: 0x5458aa83
Exception code: 0xc0000005
Fault offset: 0x0000c34d
Faulting process id: 0x3b0
Faulting application start time: 0xKindle.exe0
Faulting application path: Kindle.exe1
Faulting module path: Kindle.exe2
Report Id: Kindle.exe3
Faulting package full name: Kindle.exe4
Faulting package-relative application ID: Kindle.exe5
 
Error: (12/27/2015 08:47:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: Kindle.exe, version: 1.13.1.42052, time stamp: 0x5642352e
Faulting module name: QtSql4.dll, version: 4.8.6.0, time stamp: 0x5458aa83
Exception code: 0xc0000005
Fault offset: 0x0000c34d
Faulting process id: 0xd08
Faulting application start time: 0xKindle.exe0
Faulting application path: Kindle.exe1
Faulting module path: Kindle.exe2
Report Id: Kindle.exe3
Faulting package full name: Kindle.exe4
Faulting package-relative application ID: Kindle.exe5
 
Error: (12/27/2015 08:47:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: Kindle.exe, version: 1.13.1.42052, time stamp: 0x5642352e
Faulting module name: QtSql4.dll, version: 4.8.6.0, time stamp: 0x5458aa83
Exception code: 0xc0000005
Fault offset: 0x0000c35d
Faulting process id: 0x11b0
Faulting application start time: 0xKindle.exe0
Faulting application path: Kindle.exe1
Faulting module path: Kindle.exe2
Report Id: Kindle.exe3
Faulting package full name: Kindle.exe4
Faulting package-relative application ID: Kindle.exe5
 
Error: (12/27/2015 08:14:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 7.16.0.102, time stamp: 0x56672539
Faulting module name: igd10iumd32.dll, version: 10.18.10.3496, time stamp: 0x5319ef7c
Exception code: 0xc0000005
Fault offset: 0x00216a88
Faulting process id: 0x1a00
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5
 
Error: (12/27/2015 08:14:05 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
 
System errors:
=============
Error: (12/30/2015 05:35:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800736b3: Security Update for Internet Explorer Flash Player for Windows 8.1 for x64-based Systems (KB3132372).
 
Error: (12/30/2015 01:54:27 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
 
Error: (12/30/2015 01:01:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800736b3: Security Update for Internet Explorer Flash Player for Windows 8.1 for x64-based Systems (KB3132372).
 
Error: (12/30/2015 12:06:28 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
 
Error: (12/29/2015 11:12:54 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
 
Error: (12/29/2015 11:12:54 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
 
Error: (12/29/2015 11:12:54 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
 
Error: (12/29/2015 11:12:54 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
 
Error: (12/29/2015 11:12:54 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
 
Error: (12/29/2015 11:12:54 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
 
 
Microsoft Office Sessions:
=========================
Error: (12/29/2015 05:35:10 PM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/28/2015 01:24:05 AM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=47.0.2526.106;lang=;guid=085F19841C5B4FDFB73DA8C6F5D86CC3;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\6c122849-f5da-4908-acad-e4a6bae16aa5.dmp
 
Error: (12/27/2015 11:56:10 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.174151c9401d1412b5aa600d04294967295C:\Windows\system32\backgroundTaskHost.exe4e597415-ad1f-11e5-827b-f816549e726bESPNInc.WatchESPN_1.3.1.1000_x64__hpt16c9c0eesjApp
 
Error: (12/27/2015 08:51:44 PM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (12/27/2015 08:49:26 PM) (Source: Application Error)(User: )
Description: Kindle.exe1.13.1.420525642352eQtSql4.dll4.8.6.05458aa83c00000050000c35d12f801d14111fab7025eC:\Users\Sandy\AppData\Local\Amazon\Kindle\application\Kindle.exeC:\Users\Sandy\AppData\Local\Amazon\Kindle\application\QtSql4.dll39735b20-ad05-11e5-827a-f816549e726b
 
Error: (12/27/2015 08:47:40 PM) (Source: Application Error)(User: )
Description: Kindle.exe1.13.1.420525642352eQtSql4.dll4.8.6.05458aa83c00000050000c34d3b001d14111bbc4049eC:\Users\Sandy\AppData\Local\Amazon\Kindle\application\Kindle.exeC:\Users\Sandy\AppData\Local\Amazon\Kindle\application\QtSql4.dllfa7ca629-ad04-11e5-827a-f816549e726b
 
Error: (12/27/2015 08:47:26 PM) (Source: Application Error)(User: )
Description: Kindle.exe1.13.1.420525642352eQtSql4.dll4.8.6.05458aa83c00000050000c34dd0801d14111b35baf7cC:\Users\Sandy\AppData\Local\Amazon\Kindle\application\Kindle.exeC:\Users\Sandy\AppData\Local\Amazon\Kindle\application\QtSql4.dllf2147ece-ad04-11e5-827a-f816549e726b
 
Error: (12/27/2015 08:47:08 PM) (Source: Application Error)(User: )
Description: Kindle.exe1.13.1.420525642352eQtSql4.dll4.8.6.05458aa83c00000050000c35d11b001d14111a7771458C:\Users\Sandy\AppData\Local\Amazon\Kindle\application\Kindle.exeC:\Users\Sandy\AppData\Local\Amazon\Kindle\application\QtSql4.dlle7507269-ad04-11e5-827a-f816549e726b
 
Error: (12/27/2015 08:14:08 PM) (Source: Application Error)(User: )
Description: Skype.exe7.16.0.10256672539igd10iumd32.dll10.18.10.34965319ef7cc000000500216a881a0001d14108bc702340C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\SYSTEM32\igd10iumd32.dll4adf6dee-ad00-11e5-827a-f816549e726b
 
Error: (12/27/2015 08:14:05 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: 1.13.1.42052 - Amazon)
ASUS FlipLock (HKLM\...\{9BF8EF7C-4AA1-4CA7-93DB-8F543EB35F4E}) (Version: 1.0.3 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.14.4604 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{01961AE4-2F93-408B-AAED-AC582C4F5059}) (Version: 0.9.14.4604 - BlueStack Systems, Inc.)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Dragon Assistant Application en-US version 1.5.7 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
Dragon Assistant version 1.5.7 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-1000-0000000FF1CE}) (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.314.0 - Tracker Software Products Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7266 - Realtek Semiconductor Corp.)
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.07.0054 - ST Microelectronics)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 47%
Total physical RAM: 8075.43 MB
Available physical RAM: 4265.16 MB
Total Virtual: 9355.43 MB
Available Virtual: 4297.52 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:391.56 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\FRED
 
Administrator            Guest                    Sandy                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
17-12-2015 21:31:24 Windows Update
23-12-2015 09:52:02 Windows Update
25-12-2015 16:07:46 Restore Operation
29-12-2015 22:39:39 JRT Pre-Junkware Removal
 
**** End of log ****


#10 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 30 December 2015 - 11:20 AM

I also resent the summary.zip link.



#11 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:04 PM

Posted 30 December 2015 - 11:52 AM

Hello,

:step1: Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

***


:step2: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


***


:step3: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.
Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.


***


:step4: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 30 December 2015 - 10:32 PM

Farbar Service Scanner Version: 10-06-2014
Ran by Sandy (administrator) on 30-12-2015 at 20:36:19
Running from "C:\Users\Sandy\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
Rkill 2.8.3 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/30/2015 08:37:34 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  0.0.0.1 mssplus.mcafee.com
 
Program finished at: 12/30/2015 08:41:03 PM
Execution time: 0 hours(s), 3 minute(s), and 29 seconds(s)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/30/2015
Scan Time: 10:03 PM
Logfile: malwarebytes scan 30 Dec.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.30.06
Rootkit Database: v2015.12.26.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sandy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328930
Time Elapsed: 20 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Current situation - Malwarebytes is still blocking a malicious website, api dot oasisspace dot net. It occurs every time a new tab is opened, and every time an open tab is refreshed.  I am using Chrome when this happens.  I just checked Internet Explorer and it doesn't appear to be affecting IE.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:04 PM

Posted 31 December 2015 - 04:05 AM

Hi,

:step1: ====ZHPDiag====
Download ZHPDiag to your desktop. Take action to disable your antivirus and antispyware programs, as they may conflict with ZHPDiag
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Installing ZHPDiag
  • Double-click zhpdiag.exe to start the installation.
  • Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
  • Click multiple times "Suivant" in the installation process.
  • Click "Installer" when asked and "Terminer" once the installation is complete.
Running ZHPDiag
  • Double-click the shortcut ZHPDiag on your desktop.
  • The user interface will appear, now select "Configureren".
  • If the tools default language isn't set to English, click in the bottom right corner on the 52c0016c69f81-huisje.pngicon "Sélectionner une langue" and choose "Anglais".
  • Next, click on the 52c001f7eec91-vergrootglas.png icon in the bottom left "Diagnostic Options".
  • ZHPDiag is now scanning your computer. Please wait patiently until the scan is finished.
ZHPDiag.PNGThe ZHPDiag.txt logfile
  • When finished, a logfile named "ZHPDiag.txt" will appear on your desktop.
  • Please post the logfile for further review in your next comment.
:step2: Please run Autoruns by Sysinternals to check the startup list on your pc:

Please follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns from here.
  • Extract the content of the Autoruns.zip folder on the Desktop.
  • Open the Autoruns folder, right click on Autoruns.exe and click Run as Administrator.
  • Accept the EULA on opening, then wait for all the entries to load.
  • Click on File, then Save and save the file to your Desktop.
  • Upload the Autoruns file you saved via a service such as Dropbox or One Drive or SendSpace and just provide the link.
  • Please copy and post the download URL of your uploaded file in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 hamerhokie

hamerhokie
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 31 December 2015 - 12:42 PM

~ Windows® Operating System, OEM_DM channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1, 64-bit  (Build 9600)
 
---\\ System protection software
Malwarebytes Anti-Malware version 2.2.0.1024
McAfee Security Scan Plus v3.11.266.3
Windows Defender W8 (Deactivate)
 
---\\ System optimization software
 
---\\ Sharing software PeerToPeer
 
---\\ Surveillance software
 
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 69 Stepping 1, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8075.4 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 391 GB (88%) free of 445 GB
 
---\\ Connection to the system mode
~ Computer Name: FRED
~ User Name: Sandy
~ All Users Names: Sandy, Guest, Administrator, 
~ Unselected Option: None
Logged in as Administrator
 
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Sandy\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Sandy\AppData\Roaming\
~ %Desktop% : C:\Users\Sandy\Desktop\
~ %Favorites% : C:\Users\Sandy\Favorites\
~ %LocalAppData% : C:\Users\Sandy\AppData\Local\
~ %StartMenu% : C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
 
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 391 Go of 445 Go)
 
 
 
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Search Generic System Files
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Windows Explorer.) (.1/27/2015 - 6:47:12 PM.) -- C:\Windows\Explorer.exe [2501368]
[MD5.EC302D06155F8E3C383750993FCB6B27] - (.Microsoft Corporation - Windows Start-Up Application.) (.10/5/2015 - 1:28:10 PM.) -- C:\Windows\System32\Wininit.exe [146432]
[MD5.E2C385B0D816AD37616BD4C4204D0633] - (.Microsoft Corporation - Internet Extensions for Win32.) (.11/8/2015 - 3:53:08 PM.) -- C:\Windows\System32\wininet.dll [2487808]
[MD5.3F8645885823692D93765817759BE21C] - (.Microsoft Corporation - Windows Logon Application.) (.10/5/2015 - 1:25:35 PM.) -- C:\Windows\System32\Winlogon.exe [572928]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Software Licensing Library.) (.3/18/2014 - 5:13:18 AM.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.A460C3AF3755A2A79A3C8EFE72E147B5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.10/13/2015 - 12:10:48 PM.) -- C:\Windows\system32\Drivers\AFD.sys [559616]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.8/22/2013 - 7:43:41 AM.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.8/22/2013 - 6:40:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.8/22/2013 - 3:46:35 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.3/6/2014 - 4:22:50 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.7/24/2014 - 6:45:39 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.49EE0AE9E5B64FFBBD06D55C4984B598] - (.Microsoft Corporation - i8042 Port Driver.) (.11/4/2014 - 1:54:54 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [108544]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.3/18/2014 - 5:13:19 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.89DE71940A0E7F5BA617AE08321EF5C3] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.10/10/2015 - 1:39:33 PM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [401408]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.8/22/2013 - 6:37:02 AM.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - NT File System Driver.) (.10/15/2014 - 3:32:37 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Parallel Port Driver.) (.8/22/2013 - 6:40:02 AM.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.8/22/2013 - 6:35:51 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.3/18/2014 - 4:45:45 AM.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.E0BD2D83875464FEEEB242CBA8B7E073] - (.Microsoft Corporation - TDI Translation Driver.) (.10/13/2015 - 12:10:44 PM.) -- C:\Windows\system32\Drivers\tdx.sys [108032]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.6/18/2014 - 9:13:36 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes:  Scanned in 00mn AMs
 
 
 
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/5
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/34
~ Mon Bureau (My Desktop) : 1/49
~ Menu demarrer (Programs) : 1/29
~ Hidden Files:  Scanned in 00mn AMs
 
 
 
---\\ Process running
[MD5.BABBBDEF9DBB5E012EE5210FCB47C33B] - (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe   [9832760] [PID.3140]
[MD5.99B0DD6A5DF7E130C81C7CC05137A861] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe   [406328] [PID.4548]
[MD5.230553C24EEE56CA07CF66117A10BFCC] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe   [209720] [PID.4700]
[MD5.7FE8B062831F9280A96199964242619A] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe   [19723888] [PID.4452]
[MD5.5B4B4A8ECEE26310FB7B96E3A46222EF] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe   [58440] [PID.4560]
[MD5.EFC236C98B6FC47C05FC3F817CED574D] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe   [21696] [PID.5388]
[MD5.79CCF5A675B7CAEB5C4D4BE15ABAEA9E] - (.Screencast-O-Matic - Screencast-O-Matic.) -- C:\Users\Sandy\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe   [58480] [PID.5416]
[MD5.1E827B1C08007E18424315DDA4756279] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [741704] [PID.5628]
[MD5.09CF1EBABBA71E13B068CDC32FDCB847] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe   [855768] [PID.6548]
[MD5.9B6AEA1992775510CB9014AD6860D146] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Sandy\AppData\Roaming\Dropbox\bin\Dropbox.exe   [24952456] [PID.6572]
[MD5.64AC67ED89355D417AA2E3C57D0005F6] - (.Amazon.com - Kindle.) -- C:\Users\Sandy\AppData\Local\Amazon\Kindle\application\Kindle.exe   [40624960] [PID.648]
[MD5.CB3318E16DD539A6BE9696F53B3D3C56] - (.Adobe Systems Incorporated - Adobe Acrobat Reader DC.) -- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe   [2136248] [PID.5368]
[MD5.01B6DAB8DDC83B54660090703C7F6509] - (.Adobe Systems Incorporated - Adobe RdrCEF.) -- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe   [1749688] [PID.6568]
[MD5.E3DA77B534D7DFF8A2AE6A577A44703B] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe   [815280] [PID.9212]
[MD5.06CC578BC150D9AAAE20672130A36CB9] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8190976] [PID.5736]
~ Processes Running:  Scanned in 01mn AMs
 
 
 
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 0 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management:  Scanned in 00mn AMs
 
 
 
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn AMs
 
 
 
---\\ Hosts file redirection (O1)
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
~ Nombre lignes détournées 1/25 (Hosts file redirected)
~ Hosts File:  Scanned in 00mn AMs
 
 
 
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll 
O4 - HKLM\..\Run: [ASUS HDD Protection Tray Application] . (.STMicroelectronics - HDD Protection Monitor.) -- C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe 
O4 - HKLM\..\Run: [DptfPolicyLpmServiceHelper] . (.Intel Corporation - Intel® Dynamic Platform and Thermal Frame.) -- C:\Windows\system32\DptfPolicyLpmServiceHelper.exe 
O4 - HKCU\..\Run: [Dropbox Update] . (.Dropbox, Inc. - Dropbox Update.) -- C:\Users\Sandy\AppData\Local\Dropbox\Update\DropboxUpdate.exe 
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Sandy\AppData\Local\Google\Update\GoogleUpdate.exe 
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E2F44CAD34A0F975B8DA46FC57AC5B7F] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - HKCU\..\Run: [Screencast-O-Matic Tray] . (.Screencast-O-Matic - Screencast-O-Matic.) -- C:\Users\Sandy\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe 
O4 - HKCU\..\RunOnce: [Application Restart #1] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe 
O4 - HKLM\..\Wow6432Node\Run: [WebStorage] . (...) -- C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe 
O4 - HKLM\..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe 
O4 - HKUS\S-1-5-21-4067471446-535310693-3036030427-1001\..\Run: [Dropbox Update] . (.Dropbox, Inc. - Dropbox Update.) -- C:\Users\Sandy\AppData\Local\Dropbox\Update\DropboxUpdate.exe 
O4 - HKUS\S-1-5-21-4067471446-535310693-3036030427-1001\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Sandy\AppData\Local\Google\Update\GoogleUpdate.exe 
O4 - HKUS\S-1-5-21-4067471446-535310693-3036030427-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-4067471446-535310693-3036030427-1001\..\Run: [GoogleChromeAutoLaunch_E2F44CAD34A0F975B8DA46FC57AC5B7F] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - HKUS\S-1-5-21-4067471446-535310693-3036030427-1001\..\Run: [Screencast-O-Matic Tray] . (.Screencast-O-Matic - Screencast-O-Matic.) -- C:\Users\Sandy\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe 
O4 - HKUS\S-1-5-21-4067471446-535310693-3036030427-1001\..\RunOnce: [Application Restart #1] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
~ Application:  Scanned in 00mn AMs
 
 
 
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll  =>.Microsoft Corporation
O9 - Extra button: Skype for Business Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office 15\root\Office15\lync.exe
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll  =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons:  Scanned in 00mn AMs
 
 
 
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{50AD0CF6-99F4-4B31-9CEC-632F8A3CBF9B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{50AD0CF6-99F4-4B31-9CEC-632F8A3CBF9B}: DhcpDomain = hsd1.md.comcast.net.
O17 - HKLM\System\CS1\Services\Tcpip\..\{50AD0CF6-99F4-4B31-9CEC-632F8A3CBF9B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{50AD0CF6-99F4-4B31-9CEC-632F8A3CBF9B}: DhcpDomain = hsd1.md.comcast.net.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain:  Scanned in 00mn AMs
 
 
 
---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn AMs
 
 
 
---\\ Task Planned Automatically (039)
[MD5.7C6D524C78A1722AD987B9E47AC1FEE2] [APT] [DropboxUpdateTaskUserS-1-5-21-4067471446-535310693-3036030427-1001Core] (.Dropbox, Inc..) -- C:\Users\Sandy\AppData\Local\Dropbox\Update\DropboxUpdate.exe   [134512]
[MD5.7C6D524C78A1722AD987B9E47AC1FEE2] [APT] [DropboxUpdateTaskUserS-1-5-21-4067471446-535310693-3036030427-1001UA] (.Dropbox, Inc..) -- C:\Users\Sandy\AppData\Local\Dropbox\Update\DropboxUpdate.exe   [134512]
O39 - APT: DropboxUpdateTaskUserS-1-5-21-4067471446-535310693-3036030427-1001Core - (.Dropbox, Inc..) -- C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4067471446-535310693-3036030427-1001Core.job   [876]
O39 - APT: DropboxUpdateTaskUserS-1-5-21-4067471446-535310693-3036030427-1001Core - (.Dropbox, Inc..) -- C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4067471446-535310693-3036030427-1001Core   [876]
O39 - APT: DropboxUpdateTaskUserS-1-5-21-4067471446-535310693-3036030427-1001UA - (.Dropbox, Inc..) -- C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4067471446-535310693-3036030427-1001UA.job   [928]
O39 - APT: DropboxUpdateTaskUserS-1-5-21-4067471446-535310693-3036030427-1001UA - (.Dropbox, Inc..) -- C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4067471446-535310693-3036030427-1001UA   [928]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [912]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [916]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4067471446-535310693-3036030427-1001Core   [866]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4067471446-535310693-3036030427-1001UA   [918]
~ Scheduled Task: 23 Legitimates Filtered in 04mn AMs
 
 
 
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 3/18/2014 - 4:45:55 AM - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 8/17/2015 - 11:07:28 AM - [] ----D C:\Users\Sandy\AppData\Local\CEF
O43 - CFD: 6/27/2015 - 12:45:31 PM - [] ----D C:\Users\Sandy\AppData\Local\GWX
~ Program Folder: 139 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.9B8A60443A5730B67F54A4825265AE3E] - 12/25/2015 - 11:18:28 AM ---A- . (...) -- C:\Windows\win.ini   [194]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/30/2015 - 11:14:36 AM ---A- . (...) -- C:\prefs.js   [0]
~ Files: 15 Legitimates Filtered in 01mn AMs
 
 
 
---\\ Latest files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.80A07C7915DEDFF76BC70830009B45E6] - 3/1/2015 - 11:39:18 PM ---A- - C:\Windows\Prefetch\CLOCKHAND.PURBROWSE64.EXE-EBB8ABBF.pf  =>PUP.ClockHand
~ Prefetcher: 1 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Local Security Authority-LSA Deny (O48)
~ LSA: 3 Legitimates Filtered in 00mn AMs
 
 
 
---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{02ed933b-ab43-11e5-8279-f816549e726b}\AutoRun\command. (...) -- D:\VerizonSWUpgradeAssistantLauncher.exe (.not file.)
~ Keys:  Scanned in 00mn AMs
 
 
 
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn AMs
 
 
 
---\\ System Drivers List (SDL) (O58)
O58 - SDL:8/12/2013 - 6:25:46 PM ---A- . (.Windows ® Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys   [17624]
O58 - SDL:8/5/2012 - 10:17:18 PM ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys   [17280]
O58 - SDL:7/13/2012 - 6:31:18 PM ---A- . (.ST Microelectronics - Disk Class Filter Driver for Accelerometer.) -- C:\Windows\System32\Drivers\stdcfltn.sys   [22168]
O58 - SDL:8/22/2013 - 7:43:32 AM ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys   [31072]
O58 - SDL:9/14/2013 - 3:49:20 PM ---A- . (.STMicroelectronics - STM Accelerometer Device Driver.) -- C:\Windows\System32\Drivers\ST_Accel.sys   [83456]
~ Drivers: 69 Legitimates Filtered in 04mn AMs
 
 
 
---\\ Last modified or created user files (O61)
O61 - LFC: 12/25/2015 - 12:19:51 PM ---A- . (.Akeo Consulting (http://akeo.ie).) -- C:\Users\Sandy\AppData\Local\Microsoft\Windows\INetCache\IE\42IACBR2\rufus-2.6p.exe   [867752]
O61 - LFC: 12/28/2015 - 12:20:06 PM ---A- . (...) -- C:\Users\Sandy\Desktop\AdwCleaner.exe   [1743360]
O61 - LFC: 12/28/2015 - 12:20:06 PM ---A- . (...) -- C:\Users\Sandy\Desktop\SecurityCheck.exe   [852720]
O61 - LFC: 12/28/2015 - 12:20:06 PM ---A- . (...) -- C:\Users\Sandy\Downloads\SecurityCheck.exe   [852720]
O61 - LFC: 12/30/2015 - 12:20:06 PM ---A- . (...) -- C:\Users\Sandy\AppData\Roaming\sp_data.sys   [93]
O61 - LFC: 12/30/2015 - 12:20:06 PM ---A- . (.Bleeping Computer, LLC.) -- C:\Users\Sandy\Downloads\rkill.exe   [2032072]
O61 - LFC: 12/31/2015 - 12:19:52 PM ---A- . (...) -- C:\Users\Sandy\AppData\Local\Microsoft\Windows\INetCache\IE\QKOCGM2N\urlblockindex[1].bin   [16]
~ 806 Fichiers temporaires (Temporary files)
~ Files: 50 Legitimates Filtered in 26mn AMs
 
 
 
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn AMs
 
 
 
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn AMs
 
 
 
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys:  Scanned in 00mn AMs
 
 
 
---\\ Crack & Keygen Files (CKF) (O82)
C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cracked.com_0.localstorage  =>.Crack,Keygen
~ Files:  Scanned in 29mn AMs
 
 
 
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][7/22/2009] (...) -- C:\ProgramData\SetStretch.exe   [24576]
[MD5.AB5F4376A5CBCCCD429FE9FD3FA40D7F] [SPRF][12/30/2015] (...) -- C:\Users\Sandy\AppData\Roaming\sp_data.sys   [93]
[MD5.76F7569DB01B4D65431B0E6BBBDD261D] [SPRF][12/28/2015] (.No owner - AdwCleaner.) -- C:\Users\Sandy\Desktop\AdwCleaner.exe   [1743360]
[MD5.E25E61327EDAB6A5F62A2D2AA322B14C] [SPRF][12/28/2015] (...) -- C:\Users\Sandy\Desktop\SecurityCheck.exe   [852720]
~ Files: 5 Legitimates Filtered in 00mn AMs
 
 
 
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 2/19/2015 409304 |  (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe
SS - | Demand 3/17/2014 279000 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 10/12/2010 206072 |  (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 3/1/2015 107848 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 3/1/2015 107848 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 9/2/2013 827392 |  (Intel® Capability Licensing Service TCP IP Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 12/2/2015 289256 |  (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe
SS - | Demand 1/17/2014 284912 |  (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Auto 7/9/2015 327296 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 7/22/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SS - | Demand 10/28/2014 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/28/2015 82128 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 3/26/2014 115512 |  (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
SR - | Auto 2/24/2014 71680 |  (Asus WebStorage Windows Service) . (.ASUS Cloud Corporation.) - C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
SR - | Auto 11/21/2011 96896 |  (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 3/26/2014 1206648 |  (Bluetooth Device Monitor) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Auto 3/26/2014 1165688 |  (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 2/19/2015 388824 |  (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
SR - | Auto 2/19/2015 794328 |  (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
SR - | Auto 5/2/2013 432528 |  (DACoreService) . (.Nuance Communications, Inc..) - C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
SR - | Auto 10/17/2013 117704 |  (DptfParticipantProcessorService) . (.Intel Corporation.) - C:\Windows\System32\DptfParticipantProcessorService.exe
SR - | Auto 10/17/2013 116680 |  (DptfPolicyConfigTDPService) . (.Intel Corporation.) - C:\Windows\System32\DptfPolicyConfigTDPService.exe
SR - | Auto 10/17/2013 126952 |  (DptfPolicyLpmService) . (.Intel Corporation.) - C:\Windows\System32\DptfPolicyLpmService.exe
SR - | Auto 11/19/2015 2521080 |  (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
SR - | Auto 1/17/2014 632048 |  (EvtEng) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 1/27/2014 227904 |  (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SR - | Auto 5/9/2014 121288 |  (iBtSiva) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
SR - | Auto 3/17/2014 282072 |  (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe
SR - | Auto 10/23/2013 131544 |  (Intel® ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 10/23/2013 169432 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
SR - | Auto 10/23/2013 390616 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
SR - | Auto 10/5/2015 1513784 |  (MBAMScheduler) . (.Malwarebytes.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 10/5/2015 1135416 |  (MBAMService) . (.Malwarebytes.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 1/17/2014 154864 |  (RegSrvc) . (.Intel® Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 4/30/2014 69776 |  (TransformService) . (.ASUS.) - C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe
SR - | Demand 7/22/1658 0 |  (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 7/22/1658 0 |  (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 1/17/2014 3816176 |  (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services:  Scanned in 09mn AMs
 
 
 
---\\ Search Master Boot Record Infection (MBR)(O80)
Run by Sandy at 12/31/2015 12:20:51 PM
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Sandy at 12/31/2015 12:20:53 PM
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 02mn AMs
 
 
 
---\\ Scan Additionnel (O88)
Database Version : 13008 - (3/29/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 0
 
~ Additionnel Scan: 213320 Items scanned in 13mn AMs
 
 
 
---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/  =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/  =>.Auto loading programs from Registry and folders (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/  =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn AMs
 
 
 
---\\ Summary of the detections found on your workstation
~ MSI: 1 link(s) detected in 00mn AMs
 
 
Autoruns report sent via message


#15 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:04 PM

Posted 31 December 2015 - 01:10 PM

Hello again,

:step1: We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here:
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/



***


:step2: ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.
 

***


:step3: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users