Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirecting virus esurf.biz and springfiles


  • Please log in to reply
15 replies to this topic

#1 akon144

akon144

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 01 March 2016 - 05:33 AM

Hi, my name is Anastasia and I’m new to this site but I hope you ‘ll help me with my virus problem. But my facts first : I run Windows 10 and I have Kaspersky Antivirus (the original paid program  not cracked ) and I mentioned that because Kaspersky blocks the download of other antivirus programs.

For the past 2 weeks I’m being tormented by a redirecting/hijacking virus esurf.biz and springfiles, that I can’t get rid of , no matter what I do.

I have tried everything written in various sites, every removal guide. Nothing worked

I also downloaded and used the following programs

 

Adware-Removal-Tool.exe  by TSA  -nothing found Kaspersky TDSSKiller - nothing found (log produced)

Emsisoft Emergency Kit  - found sth( log produced)

Adw cleaner-run twice, found the Springfiles and remove them ( log produced)

 

After all that  the redirect virus still exists

 

I have blocked all the URL that redirects me (onclickads, smartnewtab, bet  ..) but of course this is not the answer

I would appreciate any help I can get.



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 01 March 2016 - 08:02 AM

Hi Anastasia :)

My name is Aura and I'll be assisting you with your issue. Let's get a first look at your system, follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 akon144

akon144
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 01 March 2016 - 11:43 AM

Thanks for your fast reply, now as i'm writting the virus is redirecting me. Here is the log you asked

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by user (administrator) on 01-03-2016 at 18:37:18
Running from "C:\Users\user\Desktop"
Microsoft Windows 10 Home  (X64)
Model: H55M-D2H Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Ethernet" nexthop=192.168.1.1 publish=Yes
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="Ethernet" address=192.168.1.159 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-V1PEI56
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 1C-6F-65-23-BE-20
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::10d8:40a2:7922:3660%2(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.159(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::1%2
                                       192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 52195173
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-58-C0-B7-1C-6F-65-23-BE-20
   DNS Servers . . . . . . . . . . . : fe80::1%2
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{222F2319-7689-48F0-951C-DC8BADA383E6}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:14c5:2b3e:a1b9:b073(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::14c5:2b3e:a1b9:b073%8(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-58-C0-B7-1C-6F-65-23-BE-20
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  fe80::1
 
Name:    google.com
Addresses:  2a00:1450:400c:c0b::8b
 64.233.184.102
 64.233.184.138
 64.233.184.100
 64.233.184.139
 64.233.184.101
 64.233.184.113
 
 
Pinging google.com [64.233.184.113] with 32 bytes of data:
Reply from 64.233.184.113: bytes=32 time=110ms TTL=40
Reply from 64.233.184.113: bytes=32 time=360ms TTL=40
 
Ping statistics for 64.233.184.113:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 110ms, Maximum = 360ms, Average = 235ms
Server:  UnKnown
Address:  fe80::1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=790ms TTL=47
Reply from 206.190.36.45: bytes=32 time=520ms TTL=47
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 520ms, Maximum = 790ms, Average = 655ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  2...1c 6f 65 23 be 20 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.159    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.159    276
    192.168.1.159  255.255.255.255         On-link     192.168.1.159    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.159    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.159    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.159    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8    306 ::/0                     On-link
  2    276 ::/0                     fe80::1
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:5ef5:79fb:14c5:2b3e:a1b9:b073/128
                                    On-link
  2    276 fe80::/64                On-link
  8    306 fe80::/64                On-link
  2    276 fe80::10d8:40a2:7922:3660/128
                                    On-link
  8    306 fe80::14c5:2b3e:a1b9:b073/128
                                    On-link
  1    306 ff00::/8                 On-link
  2    276 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/01/2016 06:36:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-V1PEI56)
Description: Η ενεργοποίηση της εφαρμογής Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App απέτυχε με σφάλμα: -2147024770. Ανατρέξτε στο αρχείο καταγραφής Microsoft-Windows-TWinUI/Operational για πρόσθετες πληροφορίες.
 
Error: (03/01/2016 06:34:13 PM) (Source: SideBySide) (User: )
Description: Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1" απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" στη γραμμή C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Η έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό.
Τα στοιχεία που έρχονται σε διένεξη είναι:.
Στοιχείο 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Στοιχείο 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (03/01/2016 06:34:13 PM) (Source: SideBySide) (User: )
Description: Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1" απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" στη γραμμή C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Η έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό.
Τα στοιχεία που έρχονται σε διένεξη είναι:.
Στοιχείο 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Στοιχείο 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (03/01/2016 06:30:12 PM) (Source: SideBySide) (User: )
Description: Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1" απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" στη γραμμή C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Η έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό.
Τα στοιχεία που έρχονται σε διένεξη είναι:.
Στοιχείο 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Στοιχείο 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (03/01/2016 06:30:12 PM) (Source: SideBySide) (User: )
Description: Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1" απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" στη γραμμή C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Η έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό.
Τα στοιχεία που έρχονται σε διένεξη είναι:.
Στοιχείο 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Στοιχείο 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (03/01/2016 06:29:23 PM) (Source: SideBySide) (User: )
Description: Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1" απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" στη γραμμή C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Η έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό.
Τα στοιχεία που έρχονται σε διένεξη είναι:.
Στοιχείο 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Στοιχείο 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (03/01/2016 06:29:23 PM) (Source: SideBySide) (User: )
Description: Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1" απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" στη γραμμή C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Η έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό.
Τα στοιχεία που έρχονται σε διένεξη είναι:.
Στοιχείο 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Στοιχείο 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (03/01/2016 06:28:08 PM) (Source: SideBySide) (User: )
Description: Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1" απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" στη γραμμή C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Η έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό.
Τα στοιχεία που έρχονται σε διένεξη είναι:.
Στοιχείο 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Στοιχείο 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (03/01/2016 06:28:08 PM) (Source: SideBySide) (User: )
Description: Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1" απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" στη γραμμή C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Η έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό.
Τα στοιχεία που έρχονται σε διένεξη είναι:.
Στοιχείο 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Στοιχείο 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (03/01/2016 06:27:56 PM) (Source: SideBySide) (User: )
Description: Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1" απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" στη γραμμή C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Η έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό.
Τα στοιχεία που έρχονται σε διένεξη είναι:.
Στοιχείο 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Στοιχείο 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
 
System errors:
=============
Error: (03/01/2016 06:37:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\WINDOWS\system32\SppExtComObj.exe -Embedding2{3C296D07-90AE-4FAC-86F9-65EAA8B82D22}
 
Error: (03/01/2016 06:37:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\WINDOWS\system32\SppExtComObj.exe -Embedding2{3C296D07-90AE-4FAC-86F9-65EAA8B82D22}
 
Error: (03/01/2016 06:36:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\WINDOWS\system32\SppExtComObj.exe -Embedding2{3C296D07-90AE-4FAC-86F9-65EAA8B82D22}
 
Error: (03/01/2016 06:36:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\WINDOWS\system32\SppExtComObj.exe -Embedding2{3C296D07-90AE-4FAC-86F9-65EAA8B82D22}
 
Error: (03/01/2016 06:35:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\WINDOWS\system32\SppExtComObj.exe -Embedding2{3C296D07-90AE-4FAC-86F9-65EAA8B82D22}
 
Error: (03/01/2016 06:35:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\WINDOWS\system32\SppExtComObj.exe -Embedding2{3C296D07-90AE-4FAC-86F9-65EAA8B82D22}
 
Error: (03/01/2016 06:34:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\WINDOWS\system32\SppExtComObj.exe -Embedding2{3C296D07-90AE-4FAC-86F9-65EAA8B82D22}
 
Error: (03/01/2016 06:34:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\WINDOWS\system32\SppExtComObj.exe -Embedding2{3C296D07-90AE-4FAC-86F9-65EAA8B82D22}
 
Error: (03/01/2016 06:33:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\WINDOWS\system32\SppExtComObj.exe -Embedding2{3C296D07-90AE-4FAC-86F9-65EAA8B82D22}
 
Error: (03/01/2016 06:33:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\WINDOWS\system32\SppExtComObj.exe -Embedding2{3C296D07-90AE-4FAC-86F9-65EAA8B82D22}
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2016-03-01 04:23:15.010
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-01 04:22:53.026
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-01 04:09:14.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Ashampoo Burning Studio 9.20 (HKLM-x32\...\Ashampoo Burning Studio 9_is1) (Version: 9.2.0 - ashampoo GmbH & Co. KG)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
DivXLand Media Subtitler 2.1.1 (HKLM-x32\...\{74D5F45B-EC9F-4083-9493-364D159FFFBE}_is1) (Version:  - divxland.org)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
K-Lite Mega Codec Pack 11.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.9.0 - KLCP)
LAV Filters 0.55.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.20 - Portforward, LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7720 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40642 - TeamViewer)
TuneUp Utilities Language Pack (en-US) (HKLM-x32\...\{A95A76C9-6F65-477E-83A0-9F884B6DC21B}) (Version: 12.0.3600.181 - TuneUp Software) Hidden
Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version:  - Media Converters)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Wondershare Video Editor(Build 3.1.2) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
Φροντίδα Toolwiz (HKLM-x32\...\ToolwizCareFree) (Version: 3.1.0.5500 - ToolWiz Care)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 85%
Total physical RAM: 1851.49 MB
Available physical RAM: 275.61 MB
Total Virtual: 3003.49 MB
Available Virtual: 847.33 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:148.56 GB) (Free:100.47 GB) NTFS
3 Drive e: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:363.23 GB) NTFS
 
========================= Users: ========================================
 
¦¨ ©£¦ε User \\DESKTOP-V1PEI56
 
Administrator            DefaultAccount           Guest                    
user                     
† ¤«¦Άγ ¦Ά¦΅Ά¨ι΅ £ § «¬®ε.
 
 
**** End of log ****


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 01 March 2016 - 11:47 AM

Thank you :) Follow the instructions below please.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 akon144

akon144
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 01 March 2016 - 01:01 PM

Hi again, here are the logs

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.3 (02.09.2016)

Operating System: Windows 10 Home x64

Ran by user (Administrator) on ’¨  01/03/2016 at 18:53:06,31

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\20puda3o.default\user.js (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on ’¨  01/03/2016 at 18:57:57,31

End of JRT log

 

 

# AdwCleaner v5.037 - Logfile created 01/03/2016 at 19:03:21

# Updated 28/02/2016 by Xplode

# Database : 2016-02-28.2 [Local]

# Operating system : Windows 10 Home  (x64)

# Username : user - DESKTOP-V1PEI56

# Running from : C:\Users\user\Desktop\AdwCleaner.exe

# Option : Scan

# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

 

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

 

C:\AdwCleaner\AdwCleaner[C1].txt - [1301 bytes] - [28/02/2016 13:09:33]

C:\AdwCleaner\AdwCleaner[C2].txt - [1143 bytes] - [29/02/2016 20:33:33]

C:\AdwCleaner\AdwCleaner[S1].txt - [1308 bytes] - [28/02/2016 13:03:27]

C:\AdwCleaner\AdwCleaner[S2].txt - [969 bytes] - [29/02/2016 20:30:34]

C:\AdwCleaner\AdwCleaner[S3].txt - [887 bytes] - [01/03/2016 19:03:21]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [959 bytes] ##########

………………………………………………………………………………………………………….

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 1/3/2016

Scan Time: 19:29

Logfile: malware.txt

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.03.01.05

Rootkit Database: v2016.02.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: user

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 362772

Time Elapsed: 20 min, 16 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 2

Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CONTROLSET001\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://stop-block.org/wpad.dat?68b5a2bcd3759251c5b6a1ccff1cccfe6479619, Quarantined, [c6d369195c3daf87e3c04233e0249d63]

Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2952964576-3545415688-3461625486-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://stop-block.org/wpad.dat?68b5a2bcd3759251c5b6a1ccff1cccfe6479619, Quarantined, [2673245ef3a6db5b343dd19f64a06898]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

(end)

 

 

An important notice: As I wrote, I have already had the AdwCleaner installed   so I didn’t do as you wrote

 

(Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);

Accept the EULA (I accept), let the database update,

then click on Scan;)

because I had done that yesterday when I ran the program for the first time. I just clicked SCAN

 

I can send you yestreday’s log too, when it found the spring files 

or uninstall the program and install it again, whatever you suggest..



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 01 March 2016 - 01:08 PM

If you could give me the logs with the detections for SpringFiles, it would be appreciated :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 akon144

akon144
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 01 March 2016 - 01:30 PM

of course i will, i dont know which one you need so i'll send them all C &S

 

c1 from 28/2/2016

 

# AdwCleaner v5.036 - Logfile created 28/02/2016 at 13:09:33
# Updated 22/02/2016 by Xplode
# Database : 2016-02-28.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : user - DESKTOP-V1PEI56
# Running from : C:\Users\user\Downloads\adwcleaner_5.036.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\users\user\AppData\Roaming\SpringFiles
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1076 bytes] - [28/02/2016 13:09:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [1308 bytes] - [28/02/2016 13:03:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1222 bytes] ##########
 
 
s1 from 28/2/2016
 
# AdwCleaner v5.036 - Logfile created 28/02/2016 at 13:03:27
# Updated 22/02/2016 by Xplode
# Database : 2016-02-28.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : user - DESKTOP-V1PEI56
# Running from : C:\Users\user\Downloads\adwcleaner_5.036.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\users\user\AppData\Roaming\SpringFiles
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( "hxxp://esurf.biz/?ssid=1455970168&a=1054210&src=sh&uuid=4b20a930-d885-44ec-b031-f60464d56796" )
Shortcut Infected : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( "hxxp://esurf.biz/?ssid=1455970168&a=1054210&src=sh&uuid=4b20a930-d885-44ec-b031-f60464d56796" )
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [1156 bytes] - [28/02/2016 13:03:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1229 bytes] ##########
 
 
c2  from 29/2/2016
 
# AdwCleaner v5.037 - Logfile created 29/02/2016 at 20:33:33
# Updated 28/02/2016 by Xplode
# Database : 2016-02-28.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : user - DESKTOP-V1PEI56
# Running from : C:\Users\user\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\SprgFiles
[-] Key Deleted : HKLM\SOFTWARE\SprgFiles
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1301 bytes] - [28/02/2016 13:09:33]
C:\AdwCleaner\AdwCleaner[C2].txt - [847 bytes] - [29/02/2016 20:33:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [1308 bytes] - [28/02/2016 13:03:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [969 bytes] - [29/02/2016 20:30:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1064 bytes] ##########
 
 s2  from 29/2/2016
# AdwCleaner v5.037 - Logfile created 29/02/2016 at 20:30:34
# Updated 28/02/2016 by Xplode
# Database : 2016-02-28.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : user - DESKTOP-V1PEI56
# Running from : C:\Users\user\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\SprgFiles
Key Found : HKLM\SOFTWARE\SprgFiles
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1301 bytes] - [28/02/2016 13:09:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [1308 bytes] - [28/02/2016 13:03:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [819 bytes] - [29/02/2016 20:30:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [891 bytes] ##########
 


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 01 March 2016 - 01:44 PM

Alright. The best way to deal with this right now, would be to completely uninstall Google Chrome and reinstall it.

If you are currently logged in Google Chrome with your Google account, and the sync is enabled, all your bookmarks, history, extensions, etc. will be sync'd back when you connect on the new installation. Once Google Chrome is installed, before reinstalling it, please delete the following folders.
C:\Program Files (x86)\Google
C:\Users\$USERNAME\AppData\Local\Google
Replace the $USERNAME by the name of your account userprofile name. You'll recognize it under C:\Users.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 akon144

akon144
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 01 March 2016 - 02:01 PM

ok i will unistall Google chrome and reinstall it. But is not clear with me what you said Replace the $USERNAME by the name of your account userprofile name. You'll recognize it under C:\Users. 

As soon as i do all that (it's gonna take a while) i'll get back to you, about the $USERNAME replacement.  :) 



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 01 March 2016 - 02:03 PM

Like for me it's C:\Users\Aura. Usually, it's the name of your user account :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 akon144

akon144
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 01 March 2016 - 03:23 PM

Dear Aura I want to inform you that my internet is really slow and I won't be able to conclude my job today, the installation is still in progress..so i'll contact you tomorrow to see if everything went ok..Have a nice evening :)



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 01 March 2016 - 05:20 PM

All good no worries :) I'll be waiting for you!

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 akon144

akon144
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 02 March 2016 - 11:12 AM

Aura hi, how are you today? :hello:

 

First, thanks for the clarification regarding \$USERNAME. The reason I couldn’t find it is that my username is user and not Anastasia ... :huh:

 

Now let me tell you about my progress

 

I installed Google Chrome , sync it with my profile, and now it seems to work ok, so far

 

But yesterday -while I was uninstalling Chrome and then trying to install it again- a lot of strange things happened at the same time, there are maybe unrelated, I don’t know, you should decide

1.     A msg appeared in the bottom right corner that I should activate my Windows 10. That is the first time I saw it, though I have the W10 for 15 days now. The msg now has been disappeared

2.     Another msg appeared in the bottom right corner too, in Greek!! That I was under attack from a malicious program. That is highly irregular because no antivirus of mine is in Greek language

3.     After a while  was another mgs from Kasperksy for blocking another malicious site http://sosikon.space/favicon

4.     When I had uninstalled Chrome yesterday, I opened windows edge to download again it , but was totally unresponsive, I mean I opened it and after 0.5 sec it shut down. I did that 5-6  times and

then I gave up and used Explorer

 

So what do you think?



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 02 March 2016 - 12:01 PM

How did you get Windows 10? Upgrade from an existing Windows installation? If so, which version?

And how did the message look like? Was it a notification? A pop-up? What did it say (if you can read Greek)?

That link returns a 502 error, the content might have been pulled.

There's numerous reports of Microsoft Edge not working properly on Windows 10. There might be corrupt files for it that needs to be repaired using SFC and/or DISM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 akon144

akon144
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 02 March 2016 - 12:38 PM

The windows were installed to my pc from a local pc store, though i paid for it i believe the are not original, but now the msg is gone.

 

About the fake msg i can't tell you much because my daughter saw it and report it to me, and i can read Greek but i haven't read it myself. 

 

I don't know what That link returns a 502 error, the content might have been pulled. means, i suppose that is deleted

 

regarding the Microsoft Edge, no comment.

 

The thing is that all these happened together make me anxious..maybe is nothing,  sorry 

 

So if you think that my problem is now completely solved, i feel relaxed and i want to thank you and the site very much for the support, I'm in debt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users