Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Adware Airtostrong.exe


  • Please log in to reply
19 replies to this topic

#1 Perfectide

Perfectide

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 09 February 2016 - 05:50 PM

A couple of days ago I opened this thread http://www.bleepingcomputer.com/forums/t/604447/cant-remove-pup-mcp-cleaner-after-removing-adware/ where I got rid of some Adware. (I do not think these two cases are related though)

 

Today however upon using and reseting my PC normally I got infected with another adware called "Airtostrong.exe", which I have no idea where it came from. Here is a screenshot I took where you can see with the ad popup. The tab which says "reimage Repair" is a site where I am getting redirected to constantly and finally my browser has also been set to use Bing as my default search engine. http://imgur.com/kj3TumE 

 

Any help would be appreciated, thanks!


Edited by Perfectide, 09 February 2016 - 05:52 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,508 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:49 PM

Posted 09 February 2016 - 07:02 PM

I see uTorrent...very risky to use to download free stuff such as music, movies and cracked software. Suggest you uninstall it as it

contains adware as well.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Perfectide

Perfectide
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 09 February 2016 - 07:41 PM

looks better now.

 

Adwcleaner log

 

# AdwCleaner v5.033 - Logfile created 09/02/2016 at 20:46:34
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Lucio - LUCIOPC
# Running from : C:\Users\Lucio\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : MPCKpt
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Genius
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genius
 
***** [ Files ] *****
 
File Found : C:\WINDOWS\SysNative\drivers\MPCKpt.sys
File Found : C:\WINDOWS\SysWOW64\findit.xml
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Stpro.exe
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {ielnksrch}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
 
***** [ Web browsers ] *****
 
[C:\Users\Lucio\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : search.mpc.am
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1339 bytes] ##########
 
 
ran JRT twice and log was overwritten 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64 
Ran by Lucio (Administrator) on 09/02/2016 Tue at 21:21:17.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/02/2016 Tue at 21:23:04.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#4 buddy215

buddy215

  • Moderator
  • 13,508 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:49 PM

Posted 09 February 2016 - 08:23 PM

Looking at your other topic and this one scan result....you seem to be an adware magnet...:)

 

Looking at the volume of programs / games, etc installed it is likely that Eset will take quiet some time complete. You may want to

let run while you sleep.

Just curious....where in the world are you?

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Perfectide

Perfectide
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 10 February 2016 - 12:44 PM

Sorry for the delay followed your advice and left my PC on overnight. Here's the MalwareBytes Log, I think my PC turned off during the scan so I might have to run ESET again. 

 

Oh and i'm from Argentina, what gave it away? 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/2/2016
Scan Time: 2:05 PM
Logfile: MBAMlog.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.10.05
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Lucio
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 460958
Time Elapsed: 23 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AIRTOSTRONG.EXE, Quarantined, [4dc0530cc6d3d75f107c864cf40dc33d], 
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AIRTOSTRONG.EXE, Quarantined, [4dc0530cc6d3d75f107c864cf40dc33d], 
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ADWCLEANER_4.204.EXE, Quarantined, [a36a97c8b2e7072f8de4050ac44039c7], 
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\mtAirtostrong, Quarantined, [64a94d12b6e3c57108a483d1877d20e0], 
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ADWCLEANER_4.204.EXE, Quarantined, [7697aeb1f7a2a88efa770f00d52fce32], 
PUP.Optional.Linkury, HKU\S-1-5-21-2721185343-3989965362-117390667-1001\SOFTWARE\mtAirtostrong, Quarantined, [d7362738841587af9d0c44107f855fa1], 
 
Registry Values: 4
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\adwcleaner_4.204.exe|Debugger, svchost.exe, Quarantined, [a36a97c8b2e7072f8de4050ac44039c7]
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\adwcleaner_4.204.exe|Debugger, svchost.exe, Quarantined, [7697aeb1f7a2a88efa770f00d52fce32]
PUP.Optional.Linkury, HKU\S-1-5-21-2721185343-3989965362-117390667-1001\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=AR&userid=44412f75-04f3-5ab5-ed92-5a8df7a83f4a&searchtype=sc&installDate=09/02/2016&barcodeid=50045888&channelid=888&av=windows, Quarantined, [40cdfe61c8d178beca639650fa099c64]
PUP.Optional.Linkury, HKU\S-1-5-21-2721185343-3989965362-117390667-1001\ENVIRONMENT|SNF, C:\ProgramData\Airtostrongs\snp.sc, Quarantined, [8b82510e3b5e73c3bc70598d40c3d828]
 
Registry Data: 1
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[4dc0c798851489ad6dbcc814709426da]
 
Folders: 3
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs, Quarantined, [8c812b343564d6609c7efced1ce69868], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\ondemand, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
 
Files: 32
PUP.Optional.MorePowerfulCleaner, C:\WINDOWS\SYSTEM32\drivers\MPCKpt.sys, Delete-on-Reboot, [9352aeb710669624da3f1a4057336a3e], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Airsoft.dll, Quarantined, [e429b5aafe9b59dd62c42dabfd0401ff], 
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airtostrong\Airtostrong.exe, Quarantined, [4dc0530cc6d3d75f107c864cf40dc33d], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Alphatrax.exe, Quarantined, [8c8174eb326740f6fe278f49f50c6b95], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Iszap.exe, Quarantined, [5eaf7ee15d3c2313ba6ddefa758c16ea], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Scotis.dll, Quarantined, [8f7e5609732644f252933c9c827ffe02], 
PUP.Optional.Linkury.ShrtCln, C:\Program Files\Common Files\tpjgy3cc.exe, Quarantined, [e429da85663382b41a728b4747bad828], 
Trojan.Agent.MSIL, C:\Users\Lucio\AppData\Local\dontouch.exe, Quarantined, [6ba2b9a6b3e66fc7b823e8eb2cd58a76], 
PUP.Optional.CrossRider, C:\Users\Lucio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTPS_D19TQK5T6QCJAC.CLOUDFRONT.NET_0.LOCALSTORAGE, Quarantined, [0a035f003a5f93a3daf2b69bed17ae52], 
PUP.Optional.CrossRider, C:\Users\Lucio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTPS_D19TQK5T6QCJAC.CLOUDFRONT.NET_0.LOCALSTORAGE-JOURNAL, Quarantined, [e528a1be0099bf77993338197391956b], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\ff.HP, Quarantined, [8c812b343564d6609c7efced1ce69868], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\ff.NT, Quarantined, [8c812b343564d6609c7efced1ce69868], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\snp.sc, Quarantined, [8c812b343564d6609c7efced1ce69868], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Airtostrong.d.dat, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Airtostrong.dat, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Alphatrax.exe.config, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\conf.config, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Config.xml, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\confpro.config, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Eco-Phase.bin, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Goldtax.bin, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\HatOzetam.bin, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Homeair.bin, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Iszap.exe.config, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\KonIs.bin, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\md.xml, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\PrxCfg.xml, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\RoundZozdex.bin, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Stockis.bin, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Tondex.dat, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Treejob.dat, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\uninstall.dat, Quarantined, [44c9bba4920788aedd4621c915ed649c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
Side note. There's this "MPCKpt" that keeps popping up in every scan I make, which won't go away since my first thread. You can see it here in a recent AdwCleaner log after running MBAM
# AdwCleaner v5.033 - Logfile created 10/02/2016 at 14:48:52
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Lucio - LUCIOPC
# Running from : C:\Users\Lucio\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : MPCKpt
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Lucio\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : search.mpc.am
 
########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [706 bytes] ##########
 

Edited by Perfectide, 10 February 2016 - 12:54 PM.


#6 buddy215

buddy215

  • Moderator
  • 13,508 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:49 PM

Posted 10 February 2016 - 01:25 PM

See if you can find the Eset Scan Results. Best to see what it may have found and removed.

 

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the desktop.

 

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 buddy215

buddy215

  • Moderator
  • 13,508 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:49 PM

Posted 10 February 2016 - 01:38 PM

I was just curious where + 3 hours from my Central USA time zone was...Greenland was a possibility and never saw a user from there.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Perfectide

Perfectide
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 10 February 2016 - 05:14 PM

ESET log:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1c0c88131d3bdd4fa3180d507f9df09b
# end=init
# utc_time=2016-02-10 12:42:02
# local_time=2016-02-09 09:42:02 (-0300, Argentina Standard Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 28054
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1c0c88131d3bdd4fa3180d507f9df09b
# end=updated
# utc_time=2016-02-10 12:57:18
# local_time=2016-02-09 09:57:18 (-0300, Argentina Standard Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=1c0c88131d3bdd4fa3180d507f9df09b
# engine=28054
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-02-10 02:00:11
# local_time=2016-02-09 11:00:11 (-0300, Argentina Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 7958554 0 0
# scanned=103668
# found=16
# cleaned=0
# scan_time=3772
sh=F7526E1A1AFAECA390F9DC3A37683CC4F91AAEA7 ft=1 fh=c71c001157d1f5fa vn="a variant of Win32/Adware.ConvertAd.ACL application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\hnspACB9.tmp.vir"
sh=352FEB9EB456A986FD500D129709ED0159852DED ft=1 fh=04c5ffd1c154d146 vn="a variant of Win32/Adware.ConvertAd.ABN application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\jnsp943D.tmp.vir"
sh=06319D8738FAB1A732CA3C1CB8C8189DC2AE501C ft=1 fh=455b5e76806c45a4 vn="a variant of Win32/Adware.ConvertAd.AFU application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\knsu7AF2.tmpfs.vir"
sh=F329C7C4417472A5378499C54FC1C6B13C508E06 ft=1 fh=7f0ac90ec2ac75ae vn="a variant of Win32/Adware.ConvertAd.AGI application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\rnss8F76.exe.vir"
sh=29CA6AE7169802A1B00CC8569CAB4DB88973E1F4 ft=1 fh=d7c7309755a6a582 vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\vnsy45A6.tmp.vir"
sh=94CC139FAC855D6DE7419DCD3956B501FB8399A9 ft=1 fh=c71c001177d332b5 vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ospd_us_013010228\onesoftperday_widget.exe.vir"
sh=DEF5812A34C64D9F23597235ACAED6597C4F035E ft=1 fh=f4cc48bb6e7a83a0 vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ospd_us_013010228\ospd_us_013010228.exe.vir"
sh=64540FF4682AC89B0ECECC9F2EC8DCFB1580BD96 ft=1 fh=7a5926c286ff30a8 vn="a variant of Win32/Adware.MaxDriver.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.12704\ioproduct.exe.vir"
sh=6C4C59D7906C7E38E27237909875314072B317F2 ft=1 fh=64dde6e24048da97 vn="a variant of Win32/Adware.MaxDriver.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.12704\SpaceSondPro_Service.exe.vir"
sh=C6E310F6E780160B817AF2F7CE3D416BB800585F ft=1 fh=04e9c0f8fc34af3e vn="Win32/Adware.ConvertAd.AGE application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\E46AB3C0-1454594694-11D5-AE67-C86000D13964\onso8FF6.tmp.vir"
sh=0F5363D7EC1502CE4AD298C7B3B8EC776CED9E3C ft=1 fh=bf28f9153f80c234 vn="a variant of Win32/Adware.ConvertAd.AER.gen application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\E46AB3C0-1454594694-11D5-AE67-C86000D13964\pnso8FF7.exe.vir"
sh=F329C7C4417472A5378499C54FC1C6B13C508E06 ft=1 fh=7f0ac90ec2ac75ae vn="a variant of Win32/Adware.ConvertAd.AGI application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\E46AB3C0-1454594694-11D5-AE67-C86000D13964\rnso8FF5.exe.vir"
sh=D33FB1A6814C9773FB63C70B86EEF1D7AF1F7BE3 ft=1 fh=c2ba7a01ea658567 vn="a variant of Win32/Adware.EoRezo.AJ application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\ospd_us_013010228\upospd_us_013010228.exe.vir"
sh=5200C4E67B22BA327883CA52EB8FB917AB18ECCB ft=1 fh=706fc20e151a9f9a vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\ospd_us_013010228\Download\myoffergroup_ar.exe.vir"
sh=29CA6AE7169802A1B00CC8569CAB4DB88973E1F4 ft=1 fh=d7c7309755a6a582 vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=43D4A2D221E1B03D761A14F3A617606F437BFBF8 ft=1 fh=9ea9e354f56b2eb9 vn="a variant of MSIL/Kryptik.EWB trojan" ac=I fn="C:\Users\Lucio\AppData\Local\dontouch.exe"
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1c0c88131d3bdd4fa3180d507f9df09b
# end=init
# utc_time=2016-02-10 05:15:03
# local_time=2016-02-10 02:15:03 (-0300, Argentina Standard Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 28057
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1c0c88131d3bdd4fa3180d507f9df09b
# end=updated
# utc_time=2016-02-10 05:16:46
# local_time=2016-02-10 02:16:46 (-0300, Argentina Standard Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1c0c88131d3bdd4fa3180d507f9df09b
# end=restart
# utc_time=2016-02-10 07:43:41
# local_time=2016-02-10 04:43:41 (-0300, Argentina Standard Time)
# country="United States"
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 7979164 0 0
# scanned=404313
# found=33
# cleaned=0
# scan_time=8813
sh=FDF37010AF2BEADE4097A3EB1486DF54EB3AB160 ft=1 fh=b1f56da8b77a8381 vn="a variant of MSIL/Amonetize.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\REACHit\REACHit.exe.vir"
sh=3B28684D476297B0DFA7BCFE739308D2C70224F1 ft=1 fh=627c448e1ab99e43 vn="a variant of MSIL/Amonetize.AB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\REACHit\packages\672b1077-44d6-4fa4-8e9b-c37dd3a35f77\amdide.exe.vir"
sh=FDFF8694E88A3E2F5D5E3DC90542A3EBDB7CAA06 ft=1 fh=f2ff11d352a1c862 vn="a variant of Win64/BubbleSound.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SpaceSoundPro\SpaceSoundPro.dll.vir"
sh=000A222B8BB791B59978C8373428D5B1F58EC1A0 ft=1 fh=c71c0011d61c2cdf vn="a variant of Win32/BubbleSound.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SpaceSoundPro\SpaceSoundPro.exe.vir"
sh=F7526E1A1AFAECA390F9DC3A37683CC4F91AAEA7 ft=1 fh=c71c001157d1f5fa vn="a variant of Win32/Adware.ConvertAd.ACL application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\hnspACB9.tmp.vir"
sh=352FEB9EB456A986FD500D129709ED0159852DED ft=1 fh=04c5ffd1c154d146 vn="a variant of Win32/Adware.ConvertAd.ABN application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\jnsp943D.tmp.vir"
sh=06319D8738FAB1A732CA3C1CB8C8189DC2AE501C ft=1 fh=455b5e76806c45a4 vn="a variant of Win32/Adware.ConvertAd.AFU application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\knsu7AF2.tmpfs.vir"
sh=F329C7C4417472A5378499C54FC1C6B13C508E06 ft=1 fh=7f0ac90ec2ac75ae vn="a variant of Win32/Adware.ConvertAd.AGI application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\rnss8F76.exe.vir"
sh=29CA6AE7169802A1B00CC8569CAB4DB88973E1F4 ft=1 fh=d7c7309755a6a582 vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\vnsy45A6.tmp.vir"
sh=94CC139FAC855D6DE7419DCD3956B501FB8399A9 ft=1 fh=c71c001177d332b5 vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ospd_us_013010228\onesoftperday_widget.exe.vir"
sh=DEF5812A34C64D9F23597235ACAED6597C4F035E ft=1 fh=f4cc48bb6e7a83a0 vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ospd_us_013010228\ospd_us_013010228.exe.vir"
sh=9434D1A5D56479988254608D5289E1E9D488DC54 ft=1 fh=c2a767356ec8b23d vn="a variant of Win64/BubbleSound.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro\Spacesoundpro.exe.vir"
sh=64540FF4682AC89B0ECECC9F2EC8DCFB1580BD96 ft=1 fh=7a5926c286ff30a8 vn="a variant of Win32/Adware.MaxDriver.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.12704\ioproduct.exe.vir"
sh=6C4C59D7906C7E38E27237909875314072B317F2 ft=1 fh=64dde6e24048da97 vn="a variant of Win32/Adware.MaxDriver.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.12704\SpaceSondPro_Service.exe.vir"
sh=C6E310F6E780160B817AF2F7CE3D416BB800585F ft=1 fh=04e9c0f8fc34af3e vn="Win32/Adware.ConvertAd.AGE application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\E46AB3C0-1454594694-11D5-AE67-C86000D13964\onso8FF6.tmp.vir"
sh=0F5363D7EC1502CE4AD298C7B3B8EC776CED9E3C ft=1 fh=bf28f9153f80c234 vn="a variant of Win32/Adware.ConvertAd.AER.gen application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\E46AB3C0-1454594694-11D5-AE67-C86000D13964\pnso8FF7.exe.vir"
sh=F329C7C4417472A5378499C54FC1C6B13C508E06 ft=1 fh=7f0ac90ec2ac75ae vn="a variant of Win32/Adware.ConvertAd.AGI application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\E46AB3C0-1454594694-11D5-AE67-C86000D13964\rnso8FF5.exe.vir"
sh=D33FB1A6814C9773FB63C70B86EEF1D7AF1F7BE3 ft=1 fh=c2ba7a01ea658567 vn="a variant of Win32/Adware.EoRezo.AJ application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\ospd_us_013010228\upospd_us_013010228.exe.vir"
sh=5200C4E67B22BA327883CA52EB8FB917AB18ECCB ft=1 fh=706fc20e151a9f9a vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\ospd_us_013010228\Download\myoffergroup_ar.exe.vir"
sh=29CA6AE7169802A1B00CC8569CAB4DB88973E1F4 ft=1 fh=d7c7309755a6a582 vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=0632EEA894744EFCFADEF2D524D6F15CAF4E86A8 ft=1 fh=8c929980ff1376a1 vn="a variant of Win32/Toolbar.Linkury.AO potentially unwanted application" ac=I fn="C:\Program Files\Common Files\tpjgy3cc.exe"
sh=7F8E6104CDA0A2A51FBAC30F432AD12E09141DAD ft=1 fh=e4f53d8f9b2ab50d vn="a variant of MSIL/Toolbar.Linkury.AG potentially unwanted application" ac=I fn="C:\Program Files\Common Files\fzto4st2\e888fkj0rv52k.exe"
sh=233CE8343829AE9628A5A20365C4391771860CD5 ft=1 fh=9aa42d4a63ea4a76 vn="Win32/Toolbar.Linkury.AQ potentially unwanted application" ac=I fn="C:\ProgramData\Airtostrong\Airsoft.dll"
sh=91F0DD3FF94F06C8898D9C43782E9AE7F81B610D ft=1 fh=4e6aa9643b8c40d4 vn="a variant of Win32/Toolbar.Linkury.AO potentially unwanted application" ac=I fn="C:\ProgramData\Airtostrong\Airtostrong.exe"
sh=82880A649543E8AD5C38FD468E16F6278BA3FDD3 ft=1 fh=ee32c7cfd242266c vn="a variant of Win64/Toolbar.Linkury.K potentially unwanted application" ac=I fn="C:\ProgramData\Airtostrong\Alphatrax.exe"
sh=A82D4C73A22E03F74A4406482C60162EA4F393B0 ft=1 fh=0f12ffd8fa2eeb35 vn="a variant of Win32/Toolbar.Linkury.AP potentially unwanted application" ac=I fn="C:\ProgramData\Airtostrong\Iszap.exe"
sh=57AC090A5AD10C6ED875C7FE867B977EEBE744C8 ft=1 fh=92691cdca2e15307 vn="a variant of Win64/Toolbar.Linkury.M potentially unwanted application" ac=I fn="C:\ProgramData\Airtostrong\Scotis.dll"
sh=233CE8343829AE9628A5A20365C4391771860CD5 ft=1 fh=9aa42d4a63ea4a76 vn="Win32/Toolbar.Linkury.AQ potentially unwanted application" ac=I fn="C:\Users\All Users\Airtostrong\Airsoft.dll"
sh=91F0DD3FF94F06C8898D9C43782E9AE7F81B610D ft=1 fh=4e6aa9643b8c40d4 vn="a variant of Win32/Toolbar.Linkury.AO potentially unwanted application" ac=I fn="C:\Users\All Users\Airtostrong\Airtostrong.exe"
sh=82880A649543E8AD5C38FD468E16F6278BA3FDD3 ft=1 fh=ee32c7cfd242266c vn="a variant of Win64/Toolbar.Linkury.K potentially unwanted application" ac=I fn="C:\Users\All Users\Airtostrong\Alphatrax.exe"
sh=A82D4C73A22E03F74A4406482C60162EA4F393B0 ft=1 fh=0f12ffd8fa2eeb35 vn="a variant of Win32/Toolbar.Linkury.AP potentially unwanted application" ac=I fn="C:\Users\All Users\Airtostrong\Iszap.exe"
sh=57AC090A5AD10C6ED875C7FE867B977EEBE744C8 ft=1 fh=92691cdca2e15307 vn="a variant of Win64/Toolbar.Linkury.M potentially unwanted application" ac=I fn="C:\Users\All Users\Airtostrong\Scotis.dll"
sh=43D4A2D221E1B03D761A14F3A617606F437BFBF8 ft=1 fh=9ea9e354f56b2eb9 vn="a variant of MSIL/Kryptik.EWB trojan" ac=I fn="C:\Users\Lucio\AppData\Local\dontouch.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1c0c88131d3bdd4fa3180d507f9df09b
# end=init
# utc_time=2016-02-10 05:56:23
# local_time=2016-02-10 02:56:23 (-0300, Argentina Standard Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 28066
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1c0c88131d3bdd4fa3180d507f9df09b
# end=updated
# utc_time=2016-02-10 06:04:05
# local_time=2016-02-10 03:04:05 (-0300, Argentina Standard Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=1c0c88131d3bdd4fa3180d507f9df09b
# engine=28066
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-02-10 09:20:09
# local_time=2016-02-10 06:20:09 (-0300, Argentina Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 8028152 0 0
# scanned=570557
# found=21
# cleaned=21
# scan_time=11763
sh=FDF37010AF2BEADE4097A3EB1486DF54EB3AB160 ft=1 fh=b1f56da8b77a8381 vn="a variant of MSIL/Amonetize.AE potentially unwanted application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\REACHit\REACHit.exe.vir"
sh=3B28684D476297B0DFA7BCFE739308D2C70224F1 ft=1 fh=627c448e1ab99e43 vn="a variant of MSIL/Amonetize.AB potentially unwanted application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\REACHit\packages\672b1077-44d6-4fa4-8e9b-c37dd3a35f77\amdide.exe.vir"
sh=FDFF8694E88A3E2F5D5E3DC90542A3EBDB7CAA06 ft=1 fh=f2ff11d352a1c862 vn="a variant of Win64/BubbleSound.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SpaceSoundPro\SpaceSoundPro.dll.vir"
sh=000A222B8BB791B59978C8373428D5B1F58EC1A0 ft=1 fh=c71c0011d61c2cdf vn="a variant of Win32/BubbleSound.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SpaceSoundPro\SpaceSoundPro.exe.vir"
sh=F7526E1A1AFAECA390F9DC3A37683CC4F91AAEA7 ft=1 fh=c71c001157d1f5fa vn="a variant of Win32/Adware.ConvertAd.ACL application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\hnspACB9.tmp.vir"
sh=352FEB9EB456A986FD500D129709ED0159852DED ft=1 fh=04c5ffd1c154d146 vn="a variant of Win32/Adware.ConvertAd.ABN application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\jnsp943D.tmp.vir"
sh=06319D8738FAB1A732CA3C1CB8C8189DC2AE501C ft=1 fh=455b5e76806c45a4 vn="a variant of Win32/Adware.ConvertAd.AFU application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\knsu7AF2.tmpfs.vir"
sh=F329C7C4417472A5378499C54FC1C6B13C508E06 ft=1 fh=7f0ac90ec2ac75ae vn="a variant of Win32/Adware.ConvertAd.AGI application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\rnss8F76.exe.vir"
sh=29CA6AE7169802A1B00CC8569CAB4DB88973E1F4 ft=1 fh=d7c7309755a6a582 vn="multiple threats (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964\vnsy45A6.tmp.vir"
sh=94CC139FAC855D6DE7419DCD3956B501FB8399A9 ft=1 fh=c71c001177d332b5 vn="a variant of Win32/AdWare.EoRezo.AU application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ospd_us_013010228\onesoftperday_widget.exe.vir"
sh=DEF5812A34C64D9F23597235ACAED6597C4F035E ft=1 fh=f4cc48bb6e7a83a0 vn="a variant of Win32/AdWare.EoRezo.AU application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ospd_us_013010228\ospd_us_013010228.exe.vir"
sh=9434D1A5D56479988254608D5289E1E9D488DC54 ft=1 fh=c2a767356ec8b23d vn="a variant of Win64/BubbleSound.A potentially unwanted application (deleted)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro\Spacesoundpro.exe.vir"
sh=64540FF4682AC89B0ECECC9F2EC8DCFB1580BD96 ft=1 fh=7a5926c286ff30a8 vn="a variant of Win32/Adware.MaxDriver.A application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.12704\ioproduct.exe.vir"
sh=6C4C59D7906C7E38E27237909875314072B317F2 ft=1 fh=64dde6e24048da97 vn="a variant of Win32/Adware.MaxDriver.C application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.12704\SpaceSondPro_Service.exe.vir"
sh=C6E310F6E780160B817AF2F7CE3D416BB800585F ft=1 fh=04e9c0f8fc34af3e vn="Win32/Adware.ConvertAd.AGE application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\E46AB3C0-1454594694-11D5-AE67-C86000D13964\onso8FF6.tmp.vir"
sh=0F5363D7EC1502CE4AD298C7B3B8EC776CED9E3C ft=1 fh=bf28f9153f80c234 vn="a variant of Win32/Adware.ConvertAd.AER.gen application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\E46AB3C0-1454594694-11D5-AE67-C86000D13964\pnso8FF7.exe.vir"
sh=F329C7C4417472A5378499C54FC1C6B13C508E06 ft=1 fh=7f0ac90ec2ac75ae vn="a variant of Win32/Adware.ConvertAd.AGI application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\E46AB3C0-1454594694-11D5-AE67-C86000D13964\rnso8FF5.exe.vir"
sh=D33FB1A6814C9773FB63C70B86EEF1D7AF1F7BE3 ft=1 fh=c2ba7a01ea658567 vn="a variant of Win32/Adware.EoRezo.AJ application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\ospd_us_013010228\upospd_us_013010228.exe.vir"
sh=5200C4E67B22BA327883CA52EB8FB917AB18ECCB ft=1 fh=706fc20e151a9f9a vn="multiple threats (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Local\ospd_us_013010228\Download\myoffergroup_ar.exe.vir"
sh=29CA6AE7169802A1B00CC8569CAB4DB88973E1F4 ft=1 fh=d7c7309755a6a582 vn="multiple threats (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lucio\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=7F8E6104CDA0A2A51FBAC30F432AD12E09141DAD ft=1 fh=e4f53d8f9b2ab50d vn="a variant of MSIL/Toolbar.Linkury.AG potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files\Common Files\fzto4st2\e888fkj0rv52k.exe"
 
 
CCleaner logs:
 
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
No Task AdobeAAMUpdater-1.0-LucioPC-Lucio Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task akip5zft C:\Program Files\Common Files\fzto4st2\e888fkj0rv52k.exe
Yes Task AutoPico Daily Restart "C:\Users\Lucio\Desktop\New folder\AutoPico.exe" /silent
No Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task MSIAfterburner MICRO-STAR INTERNATIONAL CO., LTD. C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s
Yes Task {BB708AE5-9C58-401A-8395-8A1E98D8F5B8} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Lucio\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=cor
 
 
 
 
No HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run EvolveClient Echobit LLC "C:\Program Files\Evolve\EvolveClient.exe" -autorun
No HKCU:Run f.lux Flux Software LLC "C:\Users\Lucio\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
No HKCU:Run GalaxyClient
No HKCU:Run Pushbullet Pushbullet inc "C:\Program Files (x86)\Pushbullet\pushbullet.exe" -show false
No HKCU:Run RadeonPro John Mautari "C:\Program Files (x86)\RadeonPro\RadeonPro.exe"
No HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
No HKCU:Run Steam Valve Corporation "D:\Steam\steam.exe" -silent
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
No HKLM:Run BlueStacks Agent C:\Program Files (x86)\BlueStacks\HD-Agent.exe
No HKLM:Run EaseUS EPM tray C:\Users\Lucio\Desktop\New folder\bin\EpmNews.exe
No HKLM:Run iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run Maurus C:\Program Files (x86)\Genius\Maurus\mousehid.exe
No HKLM:Run NCUpdateHelper C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
No HKLM:Run Raptr Raptr, Inc "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run StartCN Advanced Micro Devices, Inc. "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
No HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run VirtualCloneDrive Elaborate Bytes AG "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
No HKLM:Run XboxStat Microsoft Corporation "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
No Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Lucio\AppData\Roaming\Dropbox\bin\Dropbox.exe
No Startup User MEGAsync.lnk Mega Limited C:\ProgramData\MEGAsync\MEGAsync.exe
 
 
 
 
7-Zip 9.20 (x64 edition) Igor Pavlov 10/6/2015 9.16 MB 9.20.00.0
Adobe Flash Player 19 NPAPI Adobe Systems Incorporated 10/1/2016 35.8 MB 19.0.0.226
Adobe Photoshop CC 2015 Adobe Systems Incorporated 16.0
Adobe Reader XI (11.0.10) Adobe Systems Incorporated 4/4/2015 367 MB 11.0.10
Adobe Shockwave Player 12.1 Adobe Systems, Inc. 12.1.7.157
AdVenture Capitalist Hyper Hippo Productions Ltd.
Alarms & Clock Microsoft Corporation 29/12/2015 10.1512.58020.0
Alien Swarm Valve
Amazing World Ganz
AMD Install Manager Advanced Micro Devices, Inc. 18/1/2016 5.00
App connector Microsoft Corporation 5/12/2015 1.3.3.0
Apple Application Support (32-bit) Apple Inc. 20/9/2015 148 MB 4.0.2
Apple Application Support (64-bit) Apple Inc. 20/9/2015 159 MB 4.0.2
Apple Mobile Device Support Apple Inc. 20/9/2015 42.8 MB 9.0.0.26
Apple Software Update Apple Inc. 20/9/2015 4.63 MB 2.1.4.131
Arc Perfect World Entertainment 14/1/2016 1.0.0.9668
Arma 3 Bohemia Interactive
Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 1/5/2015 4.53 MB 1.14.3.0
Bandisoft MPEG-1 Decoder
Battlefield 4™ Electronic Arts 1.7.2.45672
Battlelog Standalone Realmware 26/6/2015 5.00 KB 1.0.0
Battlelog Web Plugins EA Digital Illusions CE AB 2.7.1
BF4 Settings Editor Realmware 26/6/2015 5.00 KB 1.1
BitRaider Streaming Client BitRaider, LLC 1.3.3.4098
Blade & Soul NC Interactive, LLC 19/1/2016 1.0.63.237
Blood of Old AndrewWatt96
Bonjour Apple Inc. 20/9/2015 3.28 MB 3.1.0.1
Borderless Gaming Codeusa Software 24/12/2015 8.4
Brawlhalla Blue Mammoth Games
Brothers - A Tale of Two Sons 505 Games 29/11/2015
Calculator Microsoft Corporation 20/1/2016 10.1601.49020.0
Card Hunter Blue Manchu
CCleaner Piriform 5.12
Cheat Engine 6.4 Cheat Engine 7/6/2015
Clicker Heroes
Codename CURE Hoobalugalar_X
Creativerse Playful Corporation
Dark Messiah Of Might And Magic R.G. Mechanics, spider91 22/11/2015
DARK SOULS - Prepare To Die Edition 14/8/2015
Din's Curse GOG.com 26/9/2015 2.0.0.1
Din's Curse - Demon War GOG.com 26/9/2015 2.0.0.1
Dirty Bomb Splash Damage®
Discord Hammer & Chisel, Inc. 31/12/1969 0.0.284
Divinity - Original Sin Enhanced Edition GOG.com 22/11/2015 2.0.0.3
DRAGON BALL XENOVERSE DIMPS
Dragon Nest Europe
Dragon's Dogma Online CAPCOM CO., LTD. 28/9/2015 142 MB 1.00.0000
Dropbox Dropbox, Inc. 3.4.3
Dungeon Defenders II Trendy Entertainment
Eldritch
ESET Online Scanner v3
Eternal Senia Holy Priest
Evolve Echobit, LLC 23/4/2015 1.8.18
Evolve Evolve Labs 31/12/1969 0.1.17
f.lux
Free Download Manager 3.8 Bittorrent plugin 19/5/2015
GameRanger GameRanger Technologies 6/9/2015
Garry's Mod Facepunch Studios
Glyph Trion Worlds, Inc. 27/4/2015
GOCCO OF WAR 22/1/2016 1
Google Chrome Google Inc. 4/4/2015 48.0.2564.109
Grand Theft Auto V Rockstar Games 9/4/2015 "1.00.0000"
Guild Wars 2 NCsoft Corporation, Ltd.
Guns of Icarus Online Muse Games
Heaven Benchmark version 4.0 Unigine Corp. 26/5/2015 4.0
Hi-Rez Studios Authenticate and Update Service Hi-Rez Studios 3/12/2015 3.0.0.0
HxD Hex Editor version 1.7.7.0 Ma螔 H顤z 24/11/2015 1.7.7.0
Java 8 Update 66 Oracle Corporation 19/12/2015 177 MB 8.0.660.18
Java 8 Update 66 (64-bit) Oracle Corporation 19/12/2015 46.4 MB 8.0.660.18
Java SE Development Kit 8 Update 40 (64-bit) Oracle Corporation 4/4/2015 332 MB 8.0.400.25
Killing Floor Tripwire Interactive
KMSpico v9.3.1 5/2/2016 9.3.1
Left 4 Dead 2 Valve
Livestreamer 1.12.2
Mail and Calendar Microsoft Corporation 10/2/2016 17.6568.16901.0
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 10/2/2016 2.2.0.1024
Mass Effect™ 3 Electronic Arts 1.05.0.0
Maurus Gaming Mouse 9/2/2016
MEGAsync Mega Limited
Messaging + Skype Microsoft Corporation 22/1/2016 2.13.20000.0
Metro Last Light Redux v.1.0.0.7.u1 22/4/2015
Microsoft Office Professional Plus 2013 Microsoft Corporation 8/12/2015 15.0.4569.1506
Microsoft Silverlight Microsoft Corporation 13/11/2015 143 MB 5.1.40728.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 14/1/2016 8.57 MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 21/11/2015 9.06 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 4/5/2015 2.85 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 23/4/2015 1.53 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 4/5/2015 2.83 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 4/4/2015 1.16 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10/9/2015 13.6 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 20/5/2015 1.17 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 29/1/2016 32.6 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 29/1/2016 27.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 Microsoft Corporation 14.0.23026.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 Microsoft Corporation 14.0.23506.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 13/11/2015 10.0.50903
Microsoft Wi-Fi Microsoft Corporation 5/12/2015 1.1511.2.0
Microsoft Xbox 360 Accessories 1.2 Microsoft 7/4/2015 9.08 MB 1.20.146.0
Minion ZAM Network LLC 1/9/2015 2.0
MouseRecorder v1.0.47 Bartels Media GmbH 14/11/2015 1.0.47
MSI Afterburner 4.1.1 MSI Co., LTD 4.1.1
Need for Speed™ Most Wanted Electronic Arts 1.5.0.0
Netflix Netflix, Inc. 31/1/2016 6.5.32.0
Nexon Game Manager
NGHL rofi 27/12/2015 1.34
NINELIVES version 0.21.02 SmokymonkeyS 14/1/2016 0.21.02
Notepad++ Notepad++ Team 6.8.8
NVIDIA Cg Toolkit 3.1 April 2012 NVIDIA Corporation 9/4/2015
NVIDIA PhysX NVIDIA Corporation 3/1/2016 18.5 MB 9.12.1031
Old Calculator for Windows 10 http://winaero.com 1.1
OpenAL
Orborun Tiny Lab Productions
Origin Electronic Arts, Inc. 9.5.11.2855
ORION: Prelude Spiral Game Studios
Path of Exile Grinding Gear Games
PAYDAY 2 OVERKILL - a Starbreeze Studio.
PAYDAY: The Heist OVERKILL Software
PCSX2 - Playstation 2 Emulator
Pentagram SVN The Pentagram Team 24/11/2015
Phantasy Star Online 2: EPISODE 3 SEGA 7/4/2015
Phone Microsoft Corporation 7/1/2016 2.12.14001.0
PlanetSide 2 Sony Online Entertainment
PlanetSide 2 Daybreak Games
PunkBuster Services Even Balance, Inc. 0.993
Pushbullet version 312 Pushbullet Inc 31/5/2015 312
Quintet Carmine T. Guida
RadeonPro 1.0 (Build 1.1.1.0) 26/5/2015
Rainbow Six Siege - Open Beta Ubisoft
Raptr
Razer Cortex Razer Inc. 4/11/2015 6.3.19.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 6.0.1.7541
Relic Hunters Zero Rogue Snail
Revo Uninstaller Pro 3.1.2 VS Revo Group, Ltd. 7/4/2015 3.1.2
RivaTuner Statistics Server 6.4.0 Unwinder 6.4.0
Robocraft Freejam
Rockstar Games Social Club Rockstar Games 1.1.6.8
RuneScape Launcher 1.2.7 Jagex Ltd 20/9/2015 16.5 MB 1.2.7
Samsung USB Driver for Mobile Phones Samsung Electronics Co., Ltd. 1.5.55.0
Skype™ 7.6 Skype Technologies S.A. 20/7/2015 103 MB 7.6.105
Smite Hi-Rez Studios 3/12/2015 2.19.3115.0
SNOW Poppermost Productions
SoftEther VPN Client SoftEther VPN Project 28/9/2015 4.19.9578
Spiral Knights Three Rings
Star Wars: The Old Republic Electronic Arts, Inc. 1.00
Steam Valve Corporation 2.10.91.91
Store Microsoft Corporation 28/1/2016 2015.25.24.0
Sven Co-op Sven Co-op Team
SWAT 4
SWAT 4 - The Stetchkov Syndicate Sierra Entertainment, Inc. 15/11/2015 1.0.0
Swat Downloader VOWS Productions 2.4
Sway Microsoft Corporation 2/2/2016 17.6629.20261.0
TeamSpeak 3 Client TeamSpeak Systems GmbH 3.0.18
The Elder Scrolls Online Zenimax Online Studios 1.0.0.0
Tom Clancy's Ghost Recon Ubisoft Entertainment 6/9/2015 2.0.0.6
Tom Clancy's Ghost Recon Future Soldier Ubisoft
Tom Clancy's Rainbow 6 VEGAS 2 Ubisoft
Torchlight 2.v 1.25.5.2 + 1 DLC Repack by Fenixx (01.06.2013) 15/12/2015 Torchlight 2.v 1.25.5.2 + 1 DLC
Trove Trion Worlds, Inc.
Ultima 8 Electronic Arts 1.0.0.1
Ultima IX - Ascension GOG.com 24/11/2015 2.0.0.13
Unity Web Player Unity Technologies ApS 5.3.2f1
Unturned Nelson Sexton
Uplay Ubisoft 7.4
Victor Vran 10/8/2015
VirtualCloneDrive Elaborate Bytes 5.5.0.0
VLC media player VideoLAN 2.2.1
Warframe Digital Extremes
Warhammer: End Times - Vermintide Fatshark
WinDirStat 1.1.2
Windows DVD Player Microsoft Corporation 5/12/2015 3.6.13291.0
Windows Software Development Kit for Windows 8.1 Microsoft Corporation 8.100.26936
µTorrent 2.2.1
 


#9 buddy215

buddy215

  • Moderator
  • 13,508 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:49 PM

Posted 10 February 2016 - 06:35 PM

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and then choosing Disable on the right.

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

 

Yes Task akip5zft C:\Program Files\Common Files\fzto4st2\e888fkj0rv52k.exe Choose Delete...not just Disable

 

Yes Task AutoPico Daily Restart "C:\Users\Lucio\Desktop\New folder\AutoPico.exe" /silent This is used to reactivate unlicensed Windows and Office....which one is  being reactivated?

 

Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task MSIAfterburner MICRO-STAR INTERNATIONAL CO., LTD. C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s
 
Yes Task {BB708AE5-9C58-401A-8395-8A1E98D8F5B8} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Lucio\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=cor

Delete...not just Disable

 

Delete this Windows Startup:

No HKLM:Run EaseUS EPM tray C:\Users\Lucio\Desktop\New folder\bin\EpmNews.exe

 

Update Adobe Flash Player 19 NPAPI Adobe Systems Incorporated 10/1/2016 35.8 MB 19.0.0.226 Old Flash is a malware magnet

 

Uninstall these programs:

ESET Online Scanner v3

Free Download Manager 3.8 Bittorrent plugin 19/5/2015 (or keep it....but likely a main source of the malware and adware)

µTorrent 2.2.1 (adware intensive and source of malware when used to download free stuff)

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

  • Make sure the following options are checked
  • Internet Services
  • System Restore
  • Security Center/Action Center
  • Windows Update
  •  
  • Click Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Perfectide

Perfectide
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 10 February 2016 - 07:00 PM

Done everything on CCleaner but this:


 Delete this Windows Startup:

No HKLM:Run EaseUS EPM tray C:\Users\Lucio\Desktop\New folder\bin\EpmNews.exe

 

CCleaner cannot find the file to delete.

 

SecurityCheck log

 

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 66  
 Adobe Reader XI  
 Google Chrome (48.0.2564.103) 
 Google Chrome (48.0.2564.109) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

Edited by Perfectide, 10 February 2016 - 07:11 PM.


#11 buddy215

buddy215

  • Moderator
  • 13,508 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:49 PM

Posted 10 February 2016 - 07:10 PM

Use the second link...here

Edit: I got a 404 there, too.

 

Run the Farbar Service Scanner

 

How is the computer running? Up to par or not?


Edited by buddy215, 10 February 2016 - 07:14 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 Perfectide

Perfectide
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 10 February 2016 - 07:13 PM

Farbar Service Scanner Version: 27-01-2016
Ran by Lucio (administrator) on 10-02-2016 at 21:12:40
Running from "C:\Users\Lucio\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable
 
 
System Restore:
============
 
System Restore Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"="0"
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#13 Perfectide

Perfectide
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 10 February 2016 - 07:20 PM

Looking much better now, there's no AdWare I can personally see, however i'm curious if everything has been fully removed. Thanks for your time and help!


Edited by Perfectide, 10 February 2016 - 07:21 PM.


#14 buddy215

buddy215

  • Moderator
  • 13,508 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:49 PM

Posted 10 February 2016 - 07:26 PM

Odd report...what happens when you click on Goo ?

 

The report says your Windows Firewall is disabled. Verify that. If it is disabled, can you reenable? You may have

a firewall in your router...if so ....is it enabled?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 Perfectide

Perfectide
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 10 February 2016 - 07:33 PM

Firewall was manually disabled, it is enabled now. Clicking on the google link takes me here: https://www.google.com.ar/?gfe_rd=cr&ei=ata7VpiiJ8yB8QfM7ruACA&gws_rd=ssl

 

Entered router settings. SPI Firewall in basic security settings is disabled.


Edited by Perfectide, 10 February 2016 - 07:37 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users