Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Skype fake windows security alert dialog box pop up


  • Please log in to reply
35 replies to this topic

#1 Skillful

Skillful

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 07 June 2016 - 01:03 AM

Hi,

 

Win 8.1 I was using Skype program two days ago, and I had just signed in, and I had a dialogue box appear. I was in a hurry, so I didn't take screenshots, but if I remember correctly the title was "Windows Security Alert" and the buttons were "Ok" and "Cancel". The message was something about "This website or the website you are trying to view is dangerous. You should not load this site". I can't remember if I clicked ok or cancel or the red x button top right in that dialogue box, but once I did, the dialogue box came straight back, so close it again, and it closed then came back, this went about 5 times so that's when I decided to end Skype program through the task manager. I then restarted it if I remember correctly and that dialogue box was gone.

 

So, was this windows defender saying that Skype program has loaded something eg I know Skype program has ads that get loaded, maybe defender picked up something, or was this some malicious software that may have come through skype somehow? Have not visited any bad websites recently. My skype is a few months old and I have not updated, I say not now each time it asks when I start it up. I don't want skype to auto update hence why I kept saying no.

 

Is there a way to check if defender picked up on something at the time, eg is there a history somewhere so I can tell if this is legit or if its malicious? I read on another forum something about maybe Skype uses Active X controls and you need to disable that in Internet Explorer. I know in Windows Maintenance it said that at 1:56 that Skype was not responding and had to close, but that was me manually closing it?



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 07 June 2016 - 08:06 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

 http://nicolascoolman.com/download/zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#3 Skillful

Skillful
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 08 June 2016 - 01:18 AM

I was not able to download ZHP scan, as the author website was acting a bit strange, I tried a different browser and same thing. Can't find a download button and fonts are really big, things are out of place, like maybe a mistake in the code somewhere. Is there another website download ZHPscan from?

 

 

 

 

 

Adware Cleaner

# AdwCleaner v5.119 - Logfile created 08/06/2016 at 15:00:22
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 8.1 Pro  (X64)
# Username : *edited*

# Running from : C:\Users\*edited*\Downloads\adwcleaner_5.119.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [613 bytes] - [08/06/2016 15:00:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [685 bytes] ##########
 

 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 8.1 Pro x64
Ran by Bq (Administrator) on Wed 08/06/2016 at 15:39:50.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/06/2016 at 15:40:10.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Adware removal by TSA

 

Adware.searchfly ->> File ->> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.344.0_x64__8wekyb3d8bbwe\controls\SearchFlyout.js

 

[-] Deleted ->> File ->> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.344.0_x64__8wekyb3d8bbwe\controls\SearchFlyout.js

 

 

 

Zemana Antimalware

Zemana AntiMalware 2.20.2.911 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/6/8
Operating System       : Windows 8.1 64-bit
Processor              : 8X Intel® Core™ i7-4770K CPU @ 3.50GHz
BIOS Mode              : Legacy
CUID                   : *edited*
Scan Type              : Deep Scan
Duration               : 2m 40s
Scanned Objects        : 156729
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects
 


Edited by Skillful, 08 June 2016 - 01:23 AM.


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 08 June 2016 - 04:27 PM

Zhp Cleaner...

 

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Minitoolbox scan.

 

 

Please download Minitoolbox and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.



#5 Skillful

Skillful
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 09 June 2016 - 12:15 AM

I notice some things need anti virus and or firewall disabled, is that just those specific programs, or each program after it? I had them disabled for JRT but then turned them back on for the others.

The Eset online scanner linked to mac, I found windows but it and mac version i could not find a , trial version.

 

 

Got ZHP to work

 

~ ZHPCleaner v2016.8.13.324 by Nicolas Coolman (2015/08/13)
~ Run by *edited* (Administrator)  (09/06/2016 14:34:21)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Scan
~ Report : C:\Users\Bq\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\*edited*\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1 Pro, 64-bit  (Build 9600)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Result of repair
~ Any repair made
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 65860
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0


~ End of search in 1 minutes
===================
ZHPCleaner-[S]-09062016-14_33_24.txt
ZHPCleaner-[S]-09062016-14_35_49.txt
 

 

Malwarebytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/06/2016
Scan Time: 2:47 PM
Logfile: Malwarebytes1.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.08.07
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Bq

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 285544
Time Elapsed: 4 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Mini Tool Box

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Bq (administrator) on 09-06-2016 at 14:59:30
Running from "C:\Users\Bq\Downloads"
Microsoft Windows 8.1 Pro  (X64)
Model: Z87-HD3 Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Nw
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : gateway
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : *edited*
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : *edited*(Preferred)
   Temporary IPv6 Address. . . . . . : *edited*(Preferred)
   Link-local IPv6 Address . . . . . : *edited*(Preferred)
   IPv4 Address. . . . . . . . . . . : *edited*(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, 9 June 2016 2:45:32 PM
   Lease Expires . . . . . . . . . . : Thursday, 9 June 2016 3:45:32 PM
   Default Gateway . . . . . . . . . : *edited*
                                       10.0.0.138
   DHCP Server . . . . . . . . . . . : 10.0.0.138
   DHCPv6 IAID . . . . . . . . . . . : *edited*
   DHCPv6 Client DUID. . . . . . . . : *Edited*
   DNS Servers . . . . . . . . . . . : 10.0.0.138
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : *edited*
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : *edited*
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : *edited*(Preferred)
   Link-local IPv6 Address . . . . . : *edited*(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : *edited*
   DHCPv6 Client DUID. . . . . . . . : *edited*
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dsldevice.gateway
Address:  10.0.0.138

Name:    google.com
Addresses:  2404:6800:4006:806::200e
      *edited*


Pinging google.com [2404:6800:4006:806::200e] with 32 bytes of data:
Reply from 2404:6800:4006:806::200e: time=18ms
Reply from 2404:6800:4006:806::200e: time=18ms

Ping statistics for 2404:6800:4006:806::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 18ms, Average = 18ms
Server:  dsldevice.gateway
Address:  10.0.0.138

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
Reply from 2001:4998:44:204::a7: time=340ms
Reply from 2001:4998:44:204::a7: time=339ms

Ping statistics for 2001:4998:44:204::a7:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 339ms, Maximum = 340ms, Average = 339ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...*Edited* ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
      *edit
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
*edited*
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/08/2016 06:31:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (06/08/2016 03:39:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/08/2016 03:38:11 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/07/2016 05:25:01 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/06/2016 06:42:17 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/06/2016 05:01:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (06/06/2016 01:56:29 AM) (Source: Application Hang) (User: )
Description: The program Skype.exe version 7.18.0.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14d8

Start Time: 01d1bf42a14e949f

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id: 101658f7-2b36-11e6-be95-94de807d20b6

Faulting package full name:

Faulting package-relative application ID:

Error: (06/05/2016 04:51:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: atidxx32.dll, version: 8.17.10.525, time stamp: 0x53b754db
Exception code: 0xc0000005
Fault offset: 0x000742c7
Faulting process ID: 0x1834
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report ID: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (06/05/2016 04:49:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: atidxx32.dll, version: 8.17.10.525, time stamp: 0x53b754db
Exception code: 0xc0000005
Fault offset: 0x000742c7
Faulting process ID: 0xae8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report ID: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (06/04/2016 05:11:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.


System errors:
=============
Error: (06/08/2016 06:32:29 PM) (Source: DCOM) (User: Nw)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/08/2016 06:31:59 PM) (Source: DCOM) (User: Nw)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/08/2016 03:49:19 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 15:21:51 on ‎08/‎06/‎2016 was unexpected.

Error: (06/08/2016 03:49:15 PM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)
Description: 32212256844795966642260336

Error: (06/07/2016 11:00:38 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (06/07/2016 05:26:01 PM) (Source: DCOM) (User: Nw)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/07/2016 05:25:31 PM) (Source: DCOM) (User: Nw)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/06/2016 08:10:32 PM) (Source: DCOM) (User: Nw)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/06/2016 08:10:02 PM) (Source: DCOM) (User: Nw)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/06/2016 06:43:33 PM) (Source: DCOM) (User: Nw)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2016-06-08 18:31:32.640
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-06 05:01:14.093
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-24 17:58:26.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-16 21:09:25.334
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-11 18:40:33.475
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-12 06:49:46.171
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-11 02:10:57.015
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-08 04:12:12.586
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-06 14:48:52.657
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-03 05:16:44.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MoTeC i2 Pro 1.1 (HKLM-x32\...\{F8ED3A87-B7BD-4045-A258-7AB3D56A1E3A}) (Version: 7.00.4522 - MoTeC)
MoTeC i2 Standard 1.1 (HKLM-x32\...\{71381E5E-A13E-456F-97F6-4EF773D1F521}) (Version: 7.00.4524 - MoTeC)
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
rFactor2 (HKLM-x32\...\rFactor2) (Version:  - )
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.911 - Zemana Ltd.)

========================= Devices: ================================

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_8C22&SUBSYS_50011458&REV_04\3&11583659&0&FB
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 12%
Total physical RAM: 8076.78 MB
Available physical RAM: 7087.7 MB
Total Virtual: 8588.78 MB
Available Virtual: 7457.06 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.45 GB) (Free:70.08 GB) NTFS
3 Drive e: () (Removable) (Total:3.76 GB) (Free:2.89 GB) FAT32

========================= Users: ========================================

User accounts for \\NW

Administrator            Bq                       Guest                    


**** End of log ****
 

 

 

Security check

 

SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]
WebSite: www.safezone.cc
DateLog: 09.06.2016 14:59:54
Path starting: C:\Users\Bq\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Bq
VersionXML: 3.04is-08.06.2016
___________________________________________________________________________

Windows 8.1(6.3.9600) (x64) Professional Lang: English(0809)
Installation date OS: 05.02.2016 23:45:47
LicenseStatus: Windows®, Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: Internet Explorer (C:\Program Files\Internet Explorer\iexplore.exe)
SystemDrive: C: FS: [NTFS] Capacity: [111.4 Gb] Used: [41.3 Gb] Free: [70.1 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18283 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Automatic Updates disabled
Date install updates: 2016-04-15 15:50:55
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service has stopped
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.4518.1014
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.20.911
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.31 (64-bit) v.5.31.0
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.18 v.7.18.112 Warning! Download Update
^Optional update.^
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 44.0 (x86 en-US) v.44.0 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
MBAMScheduler (MBAMScheduler) - The service has stopped
MBAMService (MBAMService) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
----------------------------- [ End of Log ] ------------------------------
 


Edited by Skillful, 09 June 2016 - 12:42 AM.


#6 Skillful

Skillful
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 09 June 2016 - 12:43 AM

I have edited out some stuff like gateway and ipaddress and route table, I'm not sure which is ok to post and which isn't, still have the unedited if you need them :)



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 09 June 2016 - 05:50 PM

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


#8 Skillful

Skillful
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 10 June 2016 - 07:05 AM

Adsfix

 

---------- | AdsFix | g3n-h@ckm@n | 3_09.06.2016.1

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 18:34:52 - 10/06/2016

update on : 09/06/2016 | 11.35 by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Bq\Downloads\adsfix_3_09.06.2016.1.exe
Boot: Normal boot
[Bq (Administrator)] - [NW] -  (Australia [0809])
SID = S-1-5-21-251241379-2071700029-1508196371-1001 || [4271205e5e]
PC : Gigabyte Technology Co., Ltd. - Z87-HD3 - To be filled by O.E.M.
Processor : X64 - 3492 - Intel® Core™ i7-4770K CPU @ 3.50GHz
Bios : American Megatrends Inc. - 04/17/2013 - V.F2
CoreTemp : 29.8� C - Max : 105� C

CPU #1 value:0 %
CPU #2 value:6 %
CPU #3 value:0 %
CPU #4 value:6 %
CPU #5 value:0 %
CPU #6 value:0 %
CPU #7 value:81 %
CPU #8 value:6 %
Total Overall CPU Usage value:12 %

System : Windows 8.1 Pro (64 bits) Professional
RAM memory = Total (MB) : 8271 | Free (MB) : 6547
Pagefile = Total (MB) : 8795 | Free (MB) : 6954
Virtual = Total (MB) : 4194 | Free (MB) : 3930

C:\ -> [Fixed] | [] | Total : 111.45 Go | Free : 69.54 Go -> NTFS (SSD) [SATA]
E:\ -> [Removable] | [] | Total : 3.76 Go | Free : 2.89 Go -> FAT32 [USB]

Registry saved, to restore :  Click on Options & Restore the register (C:\AdsFix\Save\Registry [10.06.2016 @ 18_34_52]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2016-04-15 15:47:16
Last downloaded : 2016-04-15 15:48:56
Last installation : 2016-04-15 15:50:55
Next search : 2016-06-10 23:16:59

Microsoft : +

---------- | Browsers

IE : 11.0.9600.18124     (© Microsoft Corporation. All rights reserved.)
FF : 44.0.0.5866     (©Firefox and Mozilla Developers; available under the MPL 2 license.)

---------- | Security (atcav : 0)

AV : Windows Defender Disabled
AS : Windows Defender Disabled
AM : Malwarebytes' Anti-Malware   (2.3.173.0)     [Update : 09/06/2016 14:46:14]
FW :
WMI : OK
WU: Windows Update Service [Manual(3)] = Order
AS: Windows Defender [Manual(3)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 21.0.0.213

---------- | Killed processes

872 | [Owner : SYSTEM |Parent : 600(services.exe)] - (.AMD - AMD External Events Service Module.) - (6.14.11.1164) = C:\Windows\System32\atiesrxx.exe
324 | [Owner : SYSTEM |Parent : 600(services.exe)] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4264) = C:\Windows\System32\igfxCUIService.exe
364 | [Owner : SYSTEM |Parent : 872(atiesrxx.exe)] - (.AMD - AMD External Events Client Module.) - (6.14.11.1164) = C:\Windows\System32\atieclxx.exe
1212 | [Owner : SYSTEM |Parent : 600(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.3.9600.17480) = C:\Windows\System32\spoolsv.exe
2272 | [Owner : Bq |Parent : 948(svchost.exe)] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.3.9600.17415) = C:\Windows\System32\taskhostex.exe
3028 | [Owner : LOCAL SERVICE |Parent : 600(services.exe)] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.7903) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
736 | [Owner : LOCAL SERVICE |Parent : 456(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.3.9600.17415) = C:\Windows\System32\WUDFHost.exe
2216 | [Owner : Bq |Parent : 684()] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4264) = C:\Windows\System32\igfxEM.exe
3320 | [Owner : Bq |Parent : 2324(explorer.exe)] - (.Logitech Inc. - Logitech WingMan Event Monitor.) - (5.10.127.0) = C:\Program Files\Logitech\Gaming Software\LWEMon.exe
3580 | [Owner : Bq |Parent : 3564()] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3664 | [Owner : Bq |Parent : 3580(MOM.exe)] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

---------- | Tasks



---------- | Services


---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\WINDOWS\System32\dnsapi.dll : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot

Repaired : [HKLM | Minimal\vga.sys] :  -> Driver
Repaired : [HKLM | Minimal\vgasave.sys] :  -> Driver



Repaired : [HKLM | Network\vga.sys] :  -> Driver
Repaired : [HKLM | Network\vgasave.sys] :  -> Driver

---------- | Winsock


---------- | DNS


---------- | Register

Deleted successfully : [HKU\S-1-5-21-251241379-2071700029-1508196371-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : HKU\S-1-5-21-251241379-2071700029-1508196371-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} : C:\Users\Bq\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

---------- | Folders | Files

Deleted successfully : C:\Users\Bq\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico     (.-.)     

---------- | .LNK


---------- | opening unknown extension


---------- | Proxy


---------- | Internet Explorer

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\WINDOWS\System32\blank.htm
Repaired : [HKU\S-1-5-21-251241379-2071700029-1508196371-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] :  -> 2
Repaired : [HKU\S-1-5-21-251241379-2071700029-1508196371-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] :  -> 1
Repaired : [HKU\S-1-5-21-251241379-2071700029-1508196371-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] :  -> 1
Repaired : [HKU\S-1-5-21-251241379-2071700029-1508196371-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] :  -> 1
Repaired : [HKU\S-1-5-21-251241379-2071700029-1508196371-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0

---------- | Yandex



---------- | Google Chrome



---------- | Chromium



---------- | Comodo Dragon



---------- | Firefox

Deleted successfully : C:\Users\Bq\AppData\Roaming\Mozilla\Firefox\Profiles\x85sfia2.default\sessionstore.js     (.-.)     


---------- | SeaMonkey



---------- | Pale moon



---------- | Opera



---------- | Spark



---------- | StartMenuInternet


---------- | Javascript


---------- | Firewall


---------- | ADS


---------- | Temporary files

[All Users] Temporary files deleted : 0 Ko
[Bq] Temporary files deleted : 110725 Ko
[Default] Temporary files deleted : 0 Ko
[Default.migrated] Temporary files deleted : 0 Ko
[Public] Temporary files deleted : 0 Ko
[C:\WINDOWS\Temp] Temporary files deleted : 49008 Ko
[C:\Temp] Temporary files deleted : 0 Ko


Other(s) report(s)


---------- | Listing


---------- | C:\Program Files (x86)

[08/06/2016 15:55:32] - |D| - [1.52 Ko] - C:\Program Files (x86)\Adware Removal Tool by TSA
[06/02/2016 09:41:00] - |D| - [64681.07 Ko] - C:\Program Files (x86)\ATI Technologies
[22/08/2013 23:36:15] - |D| - [198930.21 Ko] - C:\Program Files (x86)\Common Files
[23/08/2013 01:36:33] - |ASH| - [0.17 Ko] - C:\Program Files (x86)\desktop.ini
[11/05/2016 06:25:17] - |D| - [38133.58 Ko] - C:\Program Files (x86)\i2pro0896
[06/02/2016 08:16:20] - |D| - [3518.04 Ko] - C:\Program Files (x86)\Intel
[23/08/2013 01:36:30] - |D| - [6700.41 Ko] - C:\Program Files (x86)\Internet Explorer
[09/06/2016 14:46:13] - |D| - [58101.41 Ko] - C:\Program Files (x86)\Malwarebytes Anti-Malware
[06/02/2016 14:40:53] - |D| - [144585.6 Ko] - C:\Program Files (x86)\Microsoft Office
[23/08/2013 01:36:30] - |D| - [23.37 Ko] - C:\Program Files (x86)\Microsoft.NET
[20/02/2016 19:54:15] - |D| - [35522.61 Ko] - C:\Program Files (x86)\MoTeC
[22/02/2016 18:27:28] - |D| - [4152.22 Ko] - C:\Program Files (x86)\MoTeCpro
[06/02/2016 09:08:49] - |D| - [89490.86 Ko] - C:\Program Files (x86)\Mozilla Firefox
[08/06/2016 15:54:17] - |D| - [25.15 Ko] - C:\Program Files (x86)\MSBuild
[08/06/2016 15:54:17] - |D| - [36083.75 Ko] - C:\Program Files (x86)\Reference Assemblies
[05/03/2016 00:14:14] - |RD| - [77901.81 Ko] - C:\Program Files (x86)\Skype
[23/08/2013 01:36:30] - |D| - [1421.63 Ko] - C:\Program Files (x86)\Windows Defender
[23/08/2013 01:36:30] - |D| - [5814 Ko] - C:\Program Files (x86)\Windows Mail
[23/08/2013 01:36:30] - |D| - [3237.53 Ko] - C:\Program Files (x86)\Windows Media Player
[23/08/2013 01:36:30] - |D| - [225.5 Ko] - C:\Program Files (x86)\Windows Multimedia Platform
[23/08/2013 01:36:30] - |D| - [7298.06 Ko] - C:\Program Files (x86)\Windows NT
[23/08/2013 01:36:30] - |D| - [5366.64 Ko] - C:\Program Files (x86)\Windows Photo Viewer
[23/08/2013 01:36:30] - |D| - [225.5 Ko] - C:\Program Files (x86)\Windows Portable Devices
[23/08/2013 01:36:30] - |SHD| - [0 Ko] - C:\Program Files (x86)\Windows Sidebar
[23/08/2013 01:36:30] - |D| - [0 Ko] - C:\Program Files (x86)\WindowsPowerShell
[08/06/2016 16:02:31] - |D| - [15567.7 Ko] - C:\Program Files (x86)\Zemana AntiMalware

---------- | C:\Program Files

[06/02/2016 09:40:26] - |D| - [56440.72 Ko] - C:\Program Files\AMD
[06/02/2016 09:41:03] - |D| - [5462.25 Ko] - C:\Program Files\ATI Technologies
[22/08/2013 23:36:15] - |D| - [62074.52 Ko] - C:\Program Files\Common Files
[23/08/2013 01:36:45] - |ASH| - [0.17 Ko] - C:\Program Files\desktop.ini
[06/02/2016 09:40:23] - |D| - [31080.52 Ko] - C:\Program Files\Intel
[23/08/2013 01:36:31] - |D| - [25691.37 Ko] - C:\Program Files\Internet Explorer
[19/02/2016 23:23:30] - |D| - [13980.41 Ko] - C:\Program Files\Logitech
[06/02/2016 14:41:21] - |D| - [580.34 Ko] - C:\Program Files\Microsoft Office
[08/06/2016 15:54:16] - |D| - [25.15 Ko] - C:\Program Files\MSBuild
[08/06/2016 15:54:16] - |D| - [33794.67 Ko] - C:\Program Files\Reference Assemblies
[26/07/2012 17:22:18] - |HD| - [0 Ko] - C:\Program Files\Uninstall Information
[23/08/2013 01:36:31] - |D| - [10001.23 Ko] - C:\Program Files\Windows Defender
[22/11/2014 10:45:27] - |D| - [8757.62 Ko] - C:\Program Files\Windows Journal
[23/08/2013 01:36:31] - |D| - [6164.5 Ko] - C:\Program Files\Windows Mail
[23/08/2013 01:36:31] - |D| - [5242.06 Ko] - C:\Program Files\Windows Media Player
[23/08/2013 01:36:31] - |D| - [279.5 Ko] - C:\Program Files\Windows Multimedia Platform
[23/08/2013 01:36:31] - |D| - [7642.06 Ko] - C:\Program Files\Windows NT
[23/08/2013 01:36:31] - |D| - [6276.14 Ko] - C:\Program Files\Windows Photo Viewer
[23/08/2013 01:36:31] - |D| - [279.5 Ko] - C:\Program Files\Windows Portable Devices
[23/08/2013 01:36:31] - |SHD| - [0 Ko] - C:\Program Files\Windows Sidebar
[23/08/2013 01:36:31] - |HD| - [622171.55 Ko] - C:\Program Files\WindowsApps
[23/08/2013 01:36:31] - |D| - [0 Ko] - C:\Program Files\WindowsPowerShell
[14/02/2016 08:51:53] - |D| - [5215.59 Ko] - C:\Program Files\WinRAR

---------- | C:\Program Files (x86)\Common Files

[06/02/2016 14:43:26] - |D| - [90.8 Ko] - C:\Program Files (x86)\Common Files\DESIGNER
[06/02/2016 09:40:23] - |D| - [69399.37 Ko] - C:\Program Files (x86)\Common Files\Intel
[23/08/2013 01:36:30] - |D| - [84975.5 Ko] - C:\Program Files (x86)\Common Files\Microsoft Shared
[23/08/2013 01:36:30] - |D| - [2.64 Ko] - C:\Program Files (x86)\Common Files\Services
[05/03/2016 00:14:15] - |D| - [2343.63 Ko] - C:\Program Files (x86)\Common Files\Skype
[23/08/2013 01:36:30] - |D| - [42118.28 Ko] - C:\Program Files (x86)\Common Files\System

---------- | C:\Program Files\Common Files

[06/02/2016 09:40:26] - |D| - [551 Ko] - C:\Program Files\Common Files\ATI Technologies
[19/02/2016 23:23:30] - |D| - [1471.23 Ko] - C:\Program Files\Common Files\Logitech
[23/08/2013 01:36:31] - |D| - [49612.26 Ko] - C:\Program Files\Common Files\microsoft shared
[23/08/2013 01:36:31] - |D| - [2.64 Ko] - C:\Program Files\Common Files\Services
[23/08/2013 01:36:31] - |D| - [10437.39 Ko] - C:\Program Files\Common Files\System

---------- | C:\Users\Bq

[06/02/2016 09:41:56] - |HD| - [932732.38 Ko] - C:\Users\Bq\AppData
[06/02/2016 07:18:02] - |RD| - [0.4 Ko] - C:\Users\Bq\Contacts
[06/02/2016 09:41:56] - |RD| - [514568.88 Ko] - C:\Users\Bq\Desktop
[06/02/2016 07:17:50] - |RD| - [416.83 Ko] - C:\Users\Bq\Documents
[06/02/2016 07:17:50] - |RD| - [3898169.87 Ko] - C:\Users\Bq\Downloads
[06/02/2016 09:41:56] - |RD| - [80.27 Ko] - C:\Users\Bq\Favorites
[06/02/2016 08:31:38] - |SHD| - [24.71 Ko] - C:\Users\Bq\IntelGraphicsProfiles
[06/02/2016 07:17:50] - |RD| - [2.17 Ko] - C:\Users\Bq\Links
[06/02/2016 07:17:50] - |RD| - [0.49 Ko] - C:\Users\Bq\Music
[06/02/2016 09:41:56] - |ASH| - [1024 Ko] - C:\Users\Bq\NTUSER.DAT
[06/02/2016 09:41:56] - |ASH| - [1580 Ko] - C:\Users\Bq\ntuser.dat.LOG1
[06/02/2016 09:41:56] - |ASH| - [2336 Ko] - C:\Users\Bq\ntuser.dat.LOG2
[06/02/2016 09:41:56] - |ASH| - [64 Ko] - C:\Users\Bq\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TM.blf
[06/02/2016 09:41:56] - |ASH| - [512 Ko] - C:\Users\Bq\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TMContainer00000000000000000001.regtrans-ms
[06/02/2016 09:41:56] - |ASH| - [512 Ko] - C:\Users\Bq\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TMContainer00000000000000000002.regtrans-ms
[06/02/2016 09:45:48] - |ASH| - [0.02 Ko] - C:\Users\Bq\ntuser.ini
[06/02/2016 07:17:50] - |RD| - [0.49 Ko] - C:\Users\Bq\Pictures
[06/02/2016 07:17:50] - |RD| - [0.28 Ko] - C:\Users\Bq\Saved Games
[06/02/2016 07:18:02] - |RD| - [1.83 Ko] - C:\Users\Bq\Searches
[07/02/2016 02:53:23] - |D| - [296 Ko] - C:\Users\Bq\Tracing
[06/02/2016 07:17:50] - |RD| - [0.49 Ko] - C:\Users\Bq\Videos
[09/06/2016 14:26:53] - |A| - [349.89 Ko] - C:\Users\Bq\ZHPCleaner.exe

---------- | C:\Users\Bq\AppData\Roaming

[14/02/2016 08:55:36] - |D| - [48.12 Ko] - C:\Users\Bq\AppData\Roaming\.rFactor
[06/02/2016 07:18:01] - |D| - [0 Ko] - C:\Users\Bq\AppData\Roaming\Adobe
[06/02/2016 09:45:50] - |D| - [0 Ko] - C:\Users\Bq\AppData\Roaming\ATI
[06/02/2016 09:45:49] - |D| - [0 Ko] - C:\Users\Bq\AppData\Roaming\Identities
[19/02/2016 23:02:20] - |D| - [25.58 Ko] - C:\Users\Bq\AppData\Roaming\Logishrd
[19/02/2016 23:02:20] - |D| - [0 Ko] - C:\Users\Bq\AppData\Roaming\Logitech
[06/02/2016 07:25:36] - |D| - [1.53 Ko] - C:\Users\Bq\AppData\Roaming\Macromedia
[06/02/2016 09:41:56] - |SD| - [785.91 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft
[20/02/2016 19:54:27] - |D| - [242.79 Ko] - C:\Users\Bq\AppData\Roaming\MoTeC
[06/02/2016 09:08:56] - |D| - [116732.61 Ko] - C:\Users\Bq\AppData\Roaming\Mozilla
[07/02/2016 02:53:10] - |D| - [34638.25 Ko] - C:\Users\Bq\AppData\Roaming\Skype
[14/02/2016 08:53:04] - |D| - [0.48 Ko] - C:\Users\Bq\AppData\Roaming\WinRAR
[09/06/2016 14:26:35] - |D| - [464.82 Ko] - C:\Users\Bq\AppData\Roaming\ZHP

---------- | C:\Users\Bq\AppData\Local

[06/02/2016 09:45:50] - |D| - [69.49 Ko] - C:\Users\Bq\AppData\Local\ATI
[08/06/2016 15:51:09] - |D| - [433.94 Ko] - C:\Users\Bq\AppData\Local\Diagnostics
[20/02/2016 19:53:59] - |D| - [79849 Ko] - C:\Users\Bq\AppData\Local\Downloaded Installations
[15/04/2016 23:54:44] - |D| - [690.37 Ko] - C:\Users\Bq\AppData\Local\ElevatedDiagnostics
[02/04/2016 00:54:46] - |D| - [0.16 Ko] - C:\Users\Bq\AppData\Local\ExeOutput
[06/02/2016 09:51:17] - |AH| - [142.57 Ko] - C:\Users\Bq\AppData\Local\IconCache.db
[19/02/2016 23:03:20] - |D| - [47.09 Ko] - C:\Users\Bq\AppData\Local\Logitech
[06/02/2016 09:41:56] - |D| - [596585.88 Ko] - C:\Users\Bq\AppData\Local\Microsoft
[06/02/2016 14:40:53] - |D| - [93.9 Ko] - C:\Users\Bq\AppData\Local\Microsoft Help
[20/02/2016 19:54:38] - |D| - [0 Ko] - C:\Users\Bq\AppData\Local\MoTeC
[06/02/2016 09:08:56] - |D| - [2.58 Ko] - C:\Users\Bq\AppData\Local\Mozilla
[06/02/2016 07:17:51] - |D| - [70613.69 Ko] - C:\Users\Bq\AppData\Local\Packages
[08/06/2016 16:02:19] - |D| - [0 Ko] - C:\Users\Bq\AppData\Local\Programs
[11/03/2016 01:19:32] - |A| - [0.02 Ko] - C:\Users\Bq\AppData\Local\resmon.resmoncfg
[27/02/2016 22:20:10] - |D| - [51.37 Ko] - C:\Users\Bq\AppData\Local\SimRacingTools
[06/02/2016 09:41:56] - |D| - [141.78 Ko] - C:\Users\Bq\AppData\Local\Temp
[06/02/2016 07:17:52] - |D| - [0 Ko] - C:\Users\Bq\AppData\Local\VirtualStore
[08/06/2016 16:02:24] - |D| - [28134.35 Ko] - C:\Users\Bq\AppData\Local\Zemana

---------- | C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu

[06/02/2016 07:18:02] - |ASH| - [0.17 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[06/02/2016 09:41:56] - |RD| - [18.61 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

---------- | C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

[06/02/2016 09:41:56] - |RD| - [3.8 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[06/02/2016 09:41:56] - |RD| - [1.45 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[06/02/2016 07:18:02] - |RD| - [0.17 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[06/02/2016 09:41:56] - |ASH| - [0.55 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[06/02/2016 09:41:56] - |A| - [0.36 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[06/02/2016 09:45:49] - |A| - [1.41 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[06/02/2016 09:41:56] - |D| - [0.17 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[06/02/2016 09:41:56] - |A| - [0.36 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[06/02/2016 07:18:02] - |RD| - [0.17 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[06/02/2016 09:41:56] - |RD| - [6.18 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[14/02/2016 08:52:49] - |D| - [3.99 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

---------- | C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[06/02/2016 07:18:02] - |ASH| - [0.17 Ko] - C:\Users\Bq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\ProgramData

[23/08/2013 00:45:52] - |SHD| - [9573951.85 Ko] - C:\ProgramData\Application Data
[06/02/2016 09:45:50] - |D| - [0.18 Ko] - C:\ProgramData\ATI
[23/08/2013 00:45:52] - |SHD| - [11.49 Ko] - C:\ProgramData\Desktop
[23/08/2013 00:45:52] - |SHD| - [1.38 Ko] - C:\ProgramData\Documents
[09/06/2016 14:40:47] - |D| - [10056.92 Ko] - C:\ProgramData\Malwarebytes
[22/08/2013 23:36:15] - |SD| - [792426.31 Ko] - C:\ProgramData\Microsoft
[06/02/2016 14:40:53] - |D| - [50.11 Ko] - C:\ProgramData\Microsoft Help
[20/02/2016 19:54:21] - |D| - [32 Ko] - C:\ProgramData\MoTeC
[06/02/2016 09:40:38] - |D| - [28385.94 Ko] - C:\ProgramData\Package Cache
[06/02/2016 07:17:51] - |D| - [23.66 Ko] - C:\ProgramData\PRICache
[23/08/2013 01:36:30] - |D| - [0.97 Ko] - C:\ProgramData\regid.1991-06.com.microsoft
[07/02/2016 02:53:06] - |D| - [42040 Ko] - C:\ProgramData\Skype
[23/08/2013 00:45:52] - |SHD| - [101.95 Ko] - C:\ProgramData\Start Menu
[23/08/2013 00:45:52] - |SHD| - [0 Ko] - C:\ProgramData\Templates

---------- | C:\WINDOWS\Tasks

[23/08/2013 00:45:54] - |AH| - [0.01 Ko] - C:\WINDOWS\Tasks\SA.DAT

---------- | C:\WINDOWS\System32\Tasks

[23/08/2013 01:36:31] - |D| - [0 Ko] - C:\WINDOWS\System32\Tasks\Microsoft

Analyzed : 289381 | Modified : 6 | Deleted : 8

---------- |EOF| ---------- | 19:25:22 | [21 Ko]
 

 

 

Rsthosts

 

-|x| RstHosts v2.0 - Rapport créé le 10/06/2016 à 21:01:24
-|x| Système d'exploitation : Windows 8.1 Pro  (64 bits)
-|x| Nom d'utilisateur : Bq - NW (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\WINDOWS\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 22/08/2013 - 23:25:43
Date de modification : 10/06/2016 - 21:01:13
Date de dernier accès : 10/06/2016 - 21:01:13

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1       localhost
::1             localhost

-|x|- E.O.F - C:\RstHosts.txt - 594 bytes -|x|-
 

 

 

Prescan

 

 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_09.06.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 21:17:44

Updated 09/06/2016 | 11.30 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html

[Bq (Administrator)] - [NW]
SID = S-1-5-21-251241379-2071700029-1508196371-1001

Boot: Normal boot
System : Windows 8.1 Pro (64 bits) Professional
ProcessorNameString : Intel® Core™ i7-4770K CPU @ 3.50GHz
Identifier : Intel64 Family 6 Model 60 Stepping 3
CoreTemp : 29.8 Celsius - Max : 105 Celsius

Memory RAM = Total (MB) : 8271 | Free (MB) : 7574
Pagefile = Total (MB) : 8795 | Free (MB) : 8056
Virtual = Total (MB) : 4194 | Free (MB) : 4008

¤¤¤¤¤¤¤¤¤¤ # Components of starting up


¤¤¤¤¤¤¤¤¤¤¤ # Drives

E:\-> [Removable] | [] | Total : 3.76 Go | Free : 2.89 Go -> FAT32 [USB]
C:\-> [Fixed] | [] | Total : 111.45 Go | Free : 70.1 Go -> NTFS (SSD) [SATA]

¤¤¤¤¤¤¤¤¤¤ # Windows updates

Last detection : 2016-04-15 15:47:16
Downloaded last ones : 2016-04-15 15:48:56
Installed last ones : 2016-04-15 15:50:55
Next search : 2016-06-10 23:16:59

Microsoft : +


¤¤¤¤¤¤¤¤¤¤ # Sessions

C:\WINDOWS\system32\config\systemprofile
C:\Windows\ServiceProfiles\LocalService
C:\Windows\ServiceProfiles\NetworkService
C:\Users\Bq

Registry saved , to restore :  Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [10.06.2016 @ 21_17_25])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore

¤¤¤¤¤¤¤¤¤¤ # Browsers

IE : 11.0.9600.18124     (© Microsoft Corporation.)
FF : 44.0.0.5866     (©Firefox and Mozilla Developers; available under the MPL 2 license.)

¤¤¤¤¤¤¤¤¤¤ # FlashPlayer

ActiveX : 21.0.0.213

���������� # Security

AV : Windows Defender Disabled
AS : Windows Defender Disabled
AM : Malwarebytes Anti-Malware   (2.3.173.0)     []
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Manual(3)] = stopped
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ # Stopped processes

900 | [Owner :  |Parent : 608] - (.AMD - AMD External Events Service Module.) - (6.14.11.1164) = C:\Windows\System32\atiesrxx.exe
388 | [Owner :  |Parent : 900] - (.AMD - AMD External Events Client Module.) - (6.14.11.1164) = C:\Windows\System32\atieclxx.exe
460 | [Owner :  |Parent : 608] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4264) = C:\Windows\System32\igfxCUIService.exe
1296 | [Owner :  |Parent : 608] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.3.9600.17480) = C:\Windows\System32\spoolsv.exe
1400 | [Owner : Bq |Parent : 972] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.3.9600.17415) = C:\Windows\System32\taskhostex.exe
1496 | [Owner : Bq |Parent : 1464] - (.Microsoft Corporation - Windows Explorer.) - (6.3.9600.17667) = C:\Windows\explorer.exe
2932 | [Owner : SYSTEM |Parent : 608] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.9600.17787) = C:\Windows\System32\SearchIndexer.exe
2952 | [Owner : LOCAL SERVICE |Parent : 608] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.7903) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1280 | [Owner : LOCAL SERVICE |Parent : 428] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.3.9600.17415) = C:\Windows\System32\WUDFHost.exe
128 | [Owner : Bq |Parent : 2028] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4264) = C:\Windows\System32\igfxEM.exe
3052 | [Owner : Bq |Parent : 1496] - (.Logitech Inc. - Logitech WingMan Event Monitor.) - (5.10.127.0) = C:\Program Files\Logitech\Gaming Software\LWEMon.exe
3148 | [Owner : Bq |Parent : 3132] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3224 | [Owner : Bq |Parent : 3148] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1092 | [Owner :  |Parent : 608] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.3.9600.16497) = C:\Windows\System32\sppsvc.exe

¤¤¤¤¤¤¤¤¤¤ # Winlogon user


¤¤¤¤¤¤¤¤¤¤ # Winlogon machine


¤¤¤¤¤¤¤¤¤¤ # SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !




¤¤¤¤¤¤¤¤¤¤ # IFEO


¤¤¤¤¤¤¤¤¤¤ # Mountpoints2



¤¤¤¤¤¤¤¤¤¤ # Windows

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

¤¤¤¤¤¤¤¤¤¤ # Security center




¤¤¤¤¤¤¤¤¤¤ # Services


Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ # Internet Explorer


¤¤¤¤¤¤¤¤¤¤ # reparsepoint



¤¤¤¤¤¤¤¤¤¤ # Offsets


¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry




¤¤¤¤¤¤¤¤¤¤ # ADS


Prefetch -> cleaned


E:\ : Vaccinated (Vaccin created by Pre_Scan)

���������� | Hidden files

~ [Windows] : Hidden : 5 | Restored : 3
~ [AppData] : Hidden : 1 | Restored : 1


¤¤¤¤¤¤¤¤¤¤ # Drives

 Disk: 0   Size=114G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    07-NTFS    350M   Yes   No         2,048      716,800
  1    1    07-NTFS    114G   No    No       718,848  233,719,808

¤¤¤¤¤¤¤¤¤¤

Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1

End : 21:21:12


¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 167
 

 

 

 

9lab scan

 

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 128.39590

Windows 8.1 (Version 6.3, Build 0, 64-bit Edition)
Internet Explorer 9.11.9600.18283
Bq :: NW

10/06/2016 9:39:16 PM
9lab-log-2016-06-10 (21-39-16).txt

Scan type: Full
Objects scanned: 37869
Time Elapsed: 5 m 23 s

Registry Values detected: 1
Risk.Path [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command (Default)]


Files detected: 15
[3688374325B992DEF12793500307566D] Trojan.FPL.Rotbrow.vb [c:\users\bq\appdata\roaming\ZHP\Quarantine\hosts]
[D5072764C1315C4A50759BC1EF3DB804] Trojan.FPL.Rotbrow.vb [c:\users\bq\appdata\roaming\ZHP\Tempo.txt]
[714E5B820ADCBD939604EF113714C1BE] Trojan.FPL.Rotbrow.vb [c:\users\bq\appdata\roaming\ZHP\Trace.txt]
[13619BD0B5C01C0C8DFF30E515D6E482] Trojan.FPL.Rotbrow.vb [c:\users\bq\appdata\roaming\ZHP\ZHPCleaner-[S]-09062016-14_33_24.txt]
[EFB148939BCBBD3B8F7801998EEA02A6] Trojan.FPL.Rotbrow.vb [c:\users\bq\appdata\roaming\ZHP\ZHPCleaner-[S]-09062016-14_35_49.txt]
[DC99B381AE8F73EF165DC636EB998ED6] Trojan.FPL.Rotbrow.vb [c:\users\bq\appdata\roaming\ZHP\ZHPCleaner.exe]
[186BB0E1838F7B658C54D8F67FB1E0C6] Trojan.FPL.Rotbrow.vb [c:\users\bq\appdata\roaming\ZHP\ZHPCleaner.txt]
[7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vb [c:\users\bq\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[DC99B381AE8F73EF165DC636EB998ED6] Malware.MPL.Heur.vb [c:\users\bq\ZHPCleaner.exe]
[9CEF63FDE7A3A91A747CEB26D00FCED3] Malware.Win32.Gen.sm [C:\Pre_Scan\smss.exe]
[9BDBDFE43570B8B6EB6856416B293684] PUP.Win32.Amonetize.ad!s1 [C:\SimRacingTools\uninstall.exe]
[58F7AE008538E3867A327956390D0470] Malware.Win32.Gen.cc!s1 [C:\Users\Bq\Desktop\ZHPCleaner-2015.8.13.324.exe]
[F794E988B53804105BF915ABDAFAFCD7] Malware.Win32.Gen.sm [C:\Users\Bq\Downloads\MiniToolBox.exe]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.486E.sm!ff [C:\Users\Bq\Downloads\rsthosts_2.0.exe]
[5AF95A03D4665EE721F01400E99D8855] PUP.Win32.Amonetize.ad!s1 [C:\Users\Bq\Downloads\SimRacingTools_installer_206.exe]

 



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 10 June 2016 - 01:37 PM

Any issues to speak of?



#10 Skillful

Skillful
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 10 June 2016 - 11:37 PM

The dialogue box when running skype that I mentioned hasn't come back at all.

 

I did get a new tab opened in firefox on it's own. The tab page was to my router[the router name not the any numbers or IP]. This also happened about 2 weeks ago, and also on the 8/2/16. No bad websites, no relation to certain websites as I had firefox open but was not on pc at the time.

 

The only other thing is I was on a game server that got hacked on the 8/5/16 and language was changed to russian on the game server, I changed my IP after that. But this redirect happened 3months before so it may not be related. Not sure it's actually a "redirect" as there's no back button on the specific tab... just a new tab going to the router log in. No username or pw is typed or anything, just sits there blank.

 

I did check the ethernet in networking center control panel earlier, and it has only been up for 1hr 10mins so at 1:14pm it was maybe dropped out. The new tab appeared at 12:25pm. I was away from pc so wasn't able to see if anything still worked or not. It could just be the router dropping out or something?

 

No problems with internet connection or any other issues. Do I still need to try and run that eset scanner?



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 11 June 2016 - 03:22 PM

If you could run eset that would be great. :)



#12 Skillful

Skillful
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 11 June 2016 - 07:40 PM

Just ran Eset online scanner from here

 

https://www.eset.com/int/home/online-scanner/

 

Took about 10mins, no threat found and no log file. This was it's own little program, didn't use internet browser to scan. Did have links in the program to 'try it now 30days' as opposed to a one off scan, I'm guessing it's the same scan as it had similar things to check for under advanced settings? eg scan for potentially unsafe programs or scan/close programs that may interfere with this scan. No log file as no threat.



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 11 June 2016 - 07:56 PM

Disable IPV6

 

https://support.microsoft.com/en-us/kb/929852

 

 

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.




Change some settings.



Use this tool to remove the Tunnel adapters.





Disable Computer Browser Service



1. Press the Windows + R key at the same time, a Run Window will appear

2. Type or copy and paste Services.msc hit enter.

3. Scroll to the Computer Browser Service

4. Right-Click Computer Browser Service and choose Stop the service.

5. Right Click Computer Browser Service again select Properties.

6. Change the Startup type to disabled.

8cPC1j3.png
7. Hit Apply then Ok.





Uninstall Netbt Driver.



1. Press the Windows + R key at the same time, a Run Window will appear.

2. Now enter or copy and paste devmgmt.msc in the Run Window and click on OK

3. Click on View and select Show Hidden Devices

Crp3oNM.png



4. Then click on and unfold Non-Plug and Play Driver

27sS1dS.png




5. Then find NET BT, Right-click the device and choose to Uninstall the Driver.

6. Reboot your device when asked.





Hit enter after each command.




1. Open Start and type cmd, then right-click Command Prompt and choose Run as Administrator

2. Once Command Prompt has started enter the following command. nbtstat -R

3. Wait for that command to complete, a new line will appear, now enter the following command. nbtstat -RR

4 Wait for that command to complete, a new line will appear, now enter the following command. Shutdown – R


Disable netbios over tcpip.

 

 

Windows key & r at the same time.
Type or copy and paste ncpa.cpl hit enter.
Right click your connection hit properties.
Select internet protocol version 4 then properties.
Select Advanced, then Wins tab.
Put a tick next to Disable Net Bios over TCPIP.

 

 

 

Use DNS Jumper to set your dns to google dns.

 

http://www.sordum.org/7952/dns-jumper-v2-0/

 

 

Please post a fresh minitoolbox log after this.



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 11 June 2016 - 07:58 PM

Also, your chipset driver is not installed. What is the exact make and model of your machine?



#15 Skillful

Skillful
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 11 June 2016 - 08:03 PM

I ran the automatic disable ipv6 but in network connection and sharing still shows both ipv4 and ipv6 still connected. Would I need to manually disable ipv6?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users