Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded a virus, now I get constantly redirected to tradeadexchange . com


  • Please log in to reply
12 replies to this topic

#1 EnricoUniverse

EnricoUniverse

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 13 June 2016 - 04:15 PM

I accidentally downloaded a virus and now on every browser that I have checked (Google Chrome and Microsoft Edge) I get constantly redirected to tradeadexchange . com. I have reset my computer to remove all programs but keep personal files and I have removed the biggest part of the virus using Malwarebytes and tons of other adware removers. I have also reset my modem but I just keep getting redirected to this tradeadexchange . com website if my Malwarebytes protection is disabled. Malwarebytes blocks the websites from opening, which is great, but why doesn't it delete it? How can I get rid of this annoying virus? I'm on WIndows 10 by the way.

 

I don't know if this helps but I'm willing to donate a few bucks via PayPal to the person that helps me get rid of this virus.


Edited by EnricoUniverse, 13 June 2016 - 04:41 PM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 13 June 2016 - 04:48 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#3 EnricoUniverse

EnricoUniverse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 14 June 2016 - 03:17 PM

The download link you provided for ZHP scanner seems to be outdated, so I had to Google for an updated version. Some of the logs have been created in Dutch language, I hope this doesn't matter...

 

AdwCleaner:

# AdwCleaner v5.119 - Logbestand aangemaakt 14/06/2016 op 19:16:54
# Laatste update 30/05/2016 door Xplode
# Database : 2016-06-13.1 [Server]
# Besturingssysteem : Windows 10 Home  (X64)
# Gebruikersnaam : Enrico - ENRICOUNIVERSE
# Gestart vanuit : C:\Users\Enrico\Downloads\adwcleaner_5.119 (1).exe
# Optie : Verwijderen
# Ondersteuning : http://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Mappen ] *****
 
[-] Map verwijderd : C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip
 
***** [ Bestanden ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Snelkoppelingen ] *****
 
 
***** [ Geplande taken ] *****
 
 
***** [ Register ] *****
 
 
***** [ Internetbrowsers ] *****
 
[-] [C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] verwijderd : websearch.search-guide.info
[-] [C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] verwijderd : search.conduit.com
[-] [C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] verwijderd : mysearchresults.com
[-] [C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] verwijderd : search.v9.com
[-] [C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] verwijderd : hfmkllfplegemejikoabfpjdaoncphip
 
*************************
 
:: "Tracing" sleutels verwijderd
:: Winsock instellingen gereset
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1849 bytes] - [13/06/2016 21:06:58]
C:\AdwCleaner\AdwCleaner[C2].txt - [1648 bytes] - [14/06/2016 19:16:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [1631 bytes] - [13/06/2016 21:05:15]
C:\AdwCleaner\AdwCleaner[S2].txt - [372 bytes] - [14/06/2016 18:49:21]
C:\AdwCleaner\AdwCleaner[S3].txt - [1806 bytes] - [14/06/2016 18:50:55]
C:\AdwCleaner\AdwCleaner[S4].txt - [1879 bytes] - [14/06/2016 19:13:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2012 bytes] ##########

 

 
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by Enrico (Administrator) on di 14-06-2016 at 20:23:49,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on di 14-06-2016 at 20:25:31,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Adware Removal Tool:
[-] Deleted ->> File ->> C:\Users\Enrico\Appdata\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
ZHP:
~ ZHPCleaner v2016.6.14.74 by Nicolas Coolman (2016/06/14)
~ Run by Enrico (Administrator)  (14/06/2016 20:47:08)
~ State version : Versie OK
~ Type : Reparatie
~ Report : C:\Users\Enrico\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Enrico\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 10586)
 
 
---\\  Services (0)
~ Geen schadelijk of onnodig element gevonden.
 
 
---\\  Browser internet (0)
~ Geen schadelijk of onnodig element gevonden.
 
 
---\\  Hosts file (1)
~ The hosts file is rechtmatig (22)
 
 
---\\  Scheduled automatic tasks. (0)
~ Geen schadelijk of onnodig element gevonden.
 
 
---\\  Explorer ( Bestand, Map) (7)
VERPLAATST map: C:\WINDOWS\Installer\MSI216.tmp-  =>Empty
VERPLAATST map: C:\WINDOWS\Installer\MSI821.tmp-  =>Empty
VERPLAATST map: C:\WINDOWS\Installer\MSI8822.tmp-  =>Empty
VERPLAATST map: C:\WINDOWS\Installer\MSIA198.tmp-  =>Empty
VERPLAATST map: C:\WINDOWS\Installer\MSIA5CF.tmp-  =>Empty
VERPLAATST map: C:\WINDOWS\Installer\MSICCA3.tmp-  =>Empty
VERPLAATST map: C:\WINDOWS\Installer\MSID485.tmp-  =>Empty
 
 
---\\  Register ( Sleutel, Waarde, Data) (3)
VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13D0C58787ED3CD4895B6D428DC066EB [C:\Program Files\Epic Games\Launcher\Portal\Content\UI\WidgetCarousel\CarouselNavRight.png]  =>PUP.Optional.NavRight
VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D95A8D46AEFC32408CF29E5267BFDC7 [C:\Program Files\Epic Games\Launcher\Portal\Content\New UI\CarouselNavRight.png]  =>PUP.Optional.NavRight
VERWIJDERD sleutel*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50335C09296751C4C9125CCC6DB5EDC6 [C:\Program Files\Epic Games\Launcher\Engine\Binaries\Win64\CrashReportClient.exe]  =>.Superfluous.CrashReports
 
 
---\\  Samenvatting van elementen gevonden op uw werkstation (2)
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.NavRight
http://www.nicolascoolman.fr/?p=5145  =>.Superfluous.CrashReports
 
 
---\\  Een ander verwijdering. (7)
~ Registersleutel Tracing Verwijderd (7)
~ Verwijder de oude rapporten ZHPCleaner. (0)
 
 
---\\Resultaat van reparaties
~ Reparatie succesvol uitgevoerd
~ Browser niet gevonden (Mozilla Firefox)
~ Browser niet gevonden (Opera Software)
 
 
---\\Statistics
~ Items gescand : 230
~ Items gevonden : 0
~ Items gecancelled : 0
~ Items gerepareerd : 10
 
 
~ End of clean in 00h00mn04s
~====================
ZHPCleaner-[R]-14062016-20_47_12.txt
ZHPCleaner-[S]-14062016-20_45_00.txt
 
Zemana:
Zemana AntiMalware 2.20.2.985 (Geïnstalleerd)
 
-------------------------------------------------------
Scan resultaat                : Compleet
Scan datum                    : 2016-6-14
Besturingssysteem             : Windows 10 64-bit
Processor                     : 4X Intel® Core™ i3-4150 CPU @ 3.50GHz
BIOS modus                    : UEFI
CUID                          : 12D1C0C53ACC51DCDFA7FC
Scan type                     : Diepe scan
Tijdsduur                     : 75m 40s
Gescande objecten             : 433419
Gedetecteerde objecten        : 16
Geexcludeerde objecten        : 0
Lees niveau                   : Normal
Automatische upload           : Aangeschakeld
Alle uitbreidingen includeren : Uitgeschakeld
Documenten scannen            : Uitgeschakeld
Domein informatie             : WORKGROUP,0,2
 
Gedetecteerde objecten
-------------------------------------------------------
 
XBL Client IPsec Issuing CA
Status                     : Gescand
Pad                        : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\EBE112F56D5FE0BA23289319C89D7784A10CEB61\Blob
MD5                        : -
Uitgever                   : -
Grootte                    : -
Versie                     : -
Detectie                   : Verdacte Root CA
Actie                      : Verwijderen
Gerelateerde objecten      :
                Registervermelding - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\EBE112F56D5FE0BA23289319C89D7784A10CEB61\Blob = 040000000100000010000000A129428BDC24255F001C2231839F4ACF0F0000000100000020000000D204FF5F30BA82CE88AAE3E51F1BDA6174DCACFC10EF9B4F3D34A7E2060E17C1140000000100000014000000C1FE37707C5A391226ECC094CD8094B1A875E4D81900000001000000100000008D60C3850D05F8FDFC5BA4075818997F030000000100000014000000EBE112F56D5FE0BA23289319C89D7784A10CEB615C00000001000000040000000008000020000000010000003E0300003082033A30820222A00302010202101DE1679891ABE54E81BBDF3FB8BECA8C300D06092A864886F70D01010B050030263124302206035504030C1B58424C20436C69656E742049507365632049737375696E67204341301E170D3133303931363032313133335A170D3238303932313032313133335A30263124302206035504030C1B58424C20436C69656E742049507365632049737375696E6720434130820122300D06092A864886F70D01010105000382010F003082010A0282010100EDC512ABD002BA2A4AA0BC2E03163D428168098F1513BA17A241F8A43260131C1FB6C470DB2AC02E2527D2FFC12812D1E09A33F094B446C21C349EF667FFDFE386D3D7183A101453ECDD2D58E507DF7DF5A0A52FCC20E2FC8E26669021CBFEB458341B6A4887B349C6276129E2431524C83FF3863C97A32057A1598C70E2BBE75F234A8DB11A17607F66D33E44563528831C6F2B925E221184C08B527043754F83E08B7676B589B3351DA691E5EFB3846706250128EA1D8A19431238FB316DC8D29AB2E24683AB1FE9F5F60A6F79D716ED2E0609DAF9FDC72F75B450E9C66E2EBF07A555071C091372058A607EAE6873FFD1BE30549465EC074A92C8A288C5D70203010001A3643062300E0603551D0F0101FF0404030202A4301D0603551D250416301406082B0601050507030106082B0601050507030230120603551D130101FF040830060101FF020100301D0603551D0E04160414C1FE37707C5A391226ECC094CD8094B1A875E4D8300D06092A864886F70D01010B05000382010100334964CF97C373A90F7112E27A22FC49C5DA76CF4141F194194C876263A15B54BBB82CE3659D7EA70E412CA6621C255F42B1DCE554AB828BC41E7EE02FDC105E4104C5F3250CD864357B206BD35B6BC4A28CD02167D812743EE0A5A40BEB3FB65C209B5170BE80D5AF0A970FF7220F7E976A881E85A0EDAC9CE42BB01C4FA6C8ABEC5DA66876D01D732BDCC08404101852F74F96CBD366FD57D3388C50FC93EB16787A28AE36E80EBC89BC944D511DAD65C13F51158D13FB2E612721D92F8E70C4EE2A95035E043DE9C5954D483B41C5803793180C14C5F706764605D5E69EC0A1797917782B53596BABABD8DDF1FAB2F15C8D1CC30A405660630F03398A05A2
 
XBL Server IPsec Issuing CA
Status                     : Gescand
Pad                        : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\645984515AB9FB7AE8065B9DDB0E908F8E870ED5\Blob
MD5                        : -
Uitgever                   : -
Grootte                    : -
Versie                     : -
Detectie                   : Verdacte Root CA
Actie                      : Verwijderen
Gerelateerde objecten      :
                Registervermelding - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\645984515AB9FB7AE8065B9DDB0E908F8E870ED5\Blob = 040000000100000010000000883B67F463E6CF1E76D83CB649493C200F0000000100000020000000CB9A58551D9FFE3B073AEB03AD59AFA0B28E7B88568B875ADBEFF88204B77D0A1400000001000000140000006029E57429B846962BDFF966A0A027D31BBF6879190000000100000010000000E48BD9EE54CFD26D9862DA326CEC69C9030000000100000014000000645984515AB9FB7AE8065B9DDB0E908F8E870ED55C00000001000000040000000008000020000000010000003E0300003082033A30820222A00302010202104B6F9D94F5C0AC48A692C187AB61B5D0300D06092A864886F70D01010B050030263124302206035504030C1B58424C205365727665722049507365632049737375696E67204341301E170D3133303931363032313131395A170D3238303932313032313131395A30263124302206035504030C1B58424C205365727665722049507365632049737375696E6720434130820122300D06092A864886F70D01010105000382010F003082010A0282010100B8708D6AD04695BC74C188F7719A933A6BE7A4CE8A82F791AA7987CE6A2D615339B32AC3C42EE07F011B0DFD242464F5DBB6CDC2542F9280F0DF84A7581E61630A82EE9D60A2330F5B7B40211CAD7DB0F7F4D7D2FA7CDAC911E1182DE64BF43C3E1AABEC804BCB70356942C9780007FADC8553F78C639148995701C153881814B1ED535BCC8E9BA5717CBF18C899A31D85428A9972054E48A92035339A8ADC7044664BD17D4DCE46F7A03E517338A8AF2449BFFE7FB15A9362E05FD88802BC010C75EC407CCF89E704F60D42130A907D61B6CAF3BA7AA953157E86F51FEFE76A039799C351BCF6F692A19A0C21E909C9A695F12EE5BB021C318E4D409A020A130203010001A3643062300E0603551D0F0101FF0404030202A4301D0603551D250416301406082B0601050507030106082B0601050507030230120603551D130101FF040830060101FF020100301D0603551D0E041604146029E57429B846962BDFF966A0A027D31BBF6879300D06092A864886F70D01010B050003820101001045D3A1B342000E20225E1DDF68FFF1B5FD3ABE2ADB266805781BD43CD72A80D36E32ADA9B87CE22237CC6A1AF9738D62CB8B1CF778D6A5D9883E4B36BABA468F760B18DC2136669FDDB367D084FA130F37E78A116A16BA0926E78D35DEC0B5BB1A7F6CA74C7EC78FC62E4AF124E89606C28F486B77B703928CC88757D44BCEAFEFF98ADF656F9162CF8B208EDD6E0D6FBE4CACE06C46814A091870E0CDFDF996C36BAB727F0007C28695DD473EDADAA6651F144EEFDCDF0CBD271E8E7218E7FE3D3603A0E9F594199DACE46F0A154026DFF4D9F09DF42371CEF3F15BEB17C4134EA0CE576B9444FB9088A9957C9696C2B41F6BC59869D1A8EC61E3064DE376
 
un-stop.info
Status                     : Gescand
Pad                        : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0B4F4C9234A7F1EFBDB4C91CCB4366BFAB593806\Blob
MD5                        : -
Uitgever                   : -
Grootte                    : -
Versie                     : -
Detectie                   : Verdacte Root CA
Actie                      : Verwijderen
Gerelateerde objecten      :
                Registervermelding - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0B4F4C9234A7F1EFBDB4C91CCB4366BFAB593806\Blob = 1900000001000000100000008C7DA2513590F98AEFA5E6F438A4B8BE0F000000010000002000000043467207DAC7741EDF5E9BC4B88BBD8504BC8331200C46E939F0E64F491A3DE00300000001000000140000000B4F4C9234A7F1EFBDB4C91CCB4366BFAB593806140000000100000014000000C7551E6E1C313FF185FE3C56D46238743EB74D842000000001000000330300003082032F30820217A0030201020209008D2072DC44F12A70300D06092A864886F70D01010B0500302E3115301306035504030C0C756E2D73746F702E696E666F31153013060355040A0C0C756E2D73746F702E696E666F301E170D3136303630383135353434345A170D3236303630363135353434345A302E3115301306035504030C0C756E2D73746F702E696E666F31153013060355040A0C0C756E2D73746F702E696E666F30820122300D06092A864886F70D01010105000382010F003082010A0282010100BEC3C06DD0F60A614685EFC54F1F6BE6A9B87F57E9E2562704A7EDA744506875661EC7254426AFA0D8F2289F572038E1371D4199D493D82E8FD0DBA64F61478CF44A6A6CE5AA61FE5CF2D8C0C7E27A5AC306C42D4E7E6630084AB1E0E7F8905B4CD4F75A3CFAB97CFA5C70892735107E1BEBF40D0ADAFA11199F38D0ED9946FBBE088617F680E08CF086CCDB773C0448DDD9E5A662DA4D708813A96A4F9B0084CE5FDBE6E402118C4392A0F73BEF23273AE32342104F21FFC1B50A687088DA42DC64761B1D7602EFA2DDBB11A71D526B862CB99BDAD9F0ADCDF481537955724F3D9EBC62FF8F9E582007EC26331723C9E116E89F8C17940CABB1724BE5E15AF10203010001A350304E301D0603551D0E04160414C7551E6E1C313FF185FE3C56D46238743EB74D84301F0603551D23041830168014C7551E6E1C313FF185FE3C56D46238743EB74D84300C0603551D13040530030101FF300D06092A864886F70D01010B0500038201010015CBBB2DDB1B12240FB92AA41F13244DD797FD42E639CEDA05ADDF4E0C0FF1C4AC227635A22A6D3B90EAF50DB0A9C5F2B3A0862375A9842BD306C378D700748847A65710949ECBD48E56783D3180D9161827336EE2C67095BCE2031A426B3142E1FC371C808B91295ECDAFE418A7027E352BFA4D5A41FA1DE4509E585DA95C235C8BBEA3039C76F65BB18D1F65DDFFF658CC95620AD9D9C5137EBFF07E9242DD16FB89B4D45892249C33A9AC1A905BC320AFEFA573A360E00689274C774300ED105025CCA89A36E43DCF0D1FF84AFA032CDD53B4C999EBA2959743E94CC1CB4FAFA29DE0D1E392ABB135D30DAA335C753BA47CDD1C838A93636E3E5BFC341896
 
Chrome Startup Url
Status                     : Gescand
MD5                        : -
Uitgever                   : -
Grootte                    : -
Versie                     : -
Detectie                   : Verdachte browser instelling
Actie                      : Gerapporteerd als veilig
Gerelateerde objecten      :
                Browser instellingen - Chrome Startup Url
 
Chrome Homepage
Status                     : Gescand
MD5                        : -
Uitgever                   : -
Grootte                    : -
Versie                     : -
Detectie                   : Verdachte browser instelling
Actie                      : Gerapporteerd als veilig
Gerelateerde objecten      :
                Browser instellingen - Chrome Homepage
 
V5ZKOA66YO.exe
Status                     : Gescand
Pad                        : %systemroot%\.old\users\enrico\appdata\local\temp\v5zkoa66yo.exe
MD5                        : 9486B846677AC228B40699239D7C1649
Uitgever                   : -
Grootte                    : 1516612
Versie                     : 0.0.0.0
Detectie                   : Adware:Win32/EoRezo!Sig
Actie                      : Quarantaine
Gerelateerde objecten      :
                Bestand - %systemroot%\.old\users\enrico\appdata\local\temp\v5zkoa66yo.exe
 
_iu14D2N.tmp
Status                     : Gescand
Pad                        : %systemroot%\.old\users\enrico\appdata\local\temp\_iu14d2n.tmp
MD5                        : 0D73CD181CE7DEA238231B239D60C3B9
Uitgever                   : Optimal Software s.r.o.
Grootte                    : 1181128
Versie                     : 51.1052.0.0
Detectie                   : Win32/Adware.OptimalSoftware!Ep
Actie                      : Quarantaine
Gerelateerde objecten      :
                Bestand - %systemroot%\.old\users\enrico\appdata\local\temp\_iu14d2n.tmp
 
testnextversion.exe
Status                     : Gescand
Pad                        : %systemroot%\.old\users\enrico\appdata\local\temp\lb97fio93z\testnextversion.exe
MD5                        : 162B5FB3E6A0D00196B1EEED94A24CA9
Uitgever                   : -
Grootte                    : 2117120
Versie                     : 5.3.1.8
Detectie                   : Trojan:Win32/Tazzi.A!Mtke
Actie                      : Quarantaine
Gerelateerde objecten      :
                Bestand - %systemroot%\.old\users\enrico\appdata\local\temp\lb97fio93z\testnextversion.exe
 
nsa851.tmp
Status                     : Gescand
Pad                        : %systemroot%\.old\users\enrico\appdata\local\temp\nsa851.tmp
MD5                        : 7245948747E0713AB2D7ABF54D60859E
Uitgever                   : -
Grootte                    : 260608
Versie                     : -
Detectie                   : Adware:Win32/BrowserHijack.Gen
Actie                      : Quarantaine
Gerelateerde objecten      :
                Bestand - %systemroot%\.old\users\enrico\appdata\local\temp\nsa851.tmp
 
Decode.exe
Status                     : Gescand
Pad                        : %systemroot%\.old\users\enrico\appdata\local\temp\mpc\source\decode.exe
MD5                        : 7C49AA4B85169A4DBBF2DDE97E7FFB83
Uitgever                   : DotCash Limited
Grootte                    : 64992
Versie                     : 1.0.0.1
Detectie                   : Scareware:Win32/FakeAV-DJ!Ep
Actie                      : Quarantaine
Gerelateerde objecten      :
                Bestand - %systemroot%\.old\users\enrico\appdata\local\temp\mpc\source\decode.exe
 
IDH.dll
Status                     : Gescand
Pad                        : %systemroot%\.old\users\enrico\appdata\local\temp\is-urslg.tmp\idh.dll
MD5                        : AAE8CAC7745292E33D15FF37AB948F28
Uitgever                   : -
Grootte                    : 1495552
Versie                     : 0.0.0.7
Detectie                   : Adware:Win32/Fooster.A!Ckar
Actie                      : Quarantaine
Gerelateerde objecten      :
                Bestand - %systemroot%\.old\users\enrico\appdata\local\temp\is-urslg.tmp\idh.dll
 
IDH.dll
Status                     : Gescand
Pad                        : %systemroot%\.old\users\enrico\appdata\local\temp\is-dh7o6.tmp\idh.dll
MD5                        : AAE8CAC7745292E33D15FF37AB948F28
Uitgever                   : -
Grootte                    : 1495552
Versie                     : 0.0.0.7
Detectie                   : Adware:Win32/Fooster.A!Ckar
Actie                      : Quarantaine
Gerelateerde objecten      :
                Bestand - %systemroot%\.old\users\enrico\appdata\local\temp\is-dh7o6.tmp\idh.dll
 
vnl1[1].exe
Status                     : Gescand
Pad                        : %systemroot%\.old\users\enrico\appdata\local\microsoft\windows\inetcache\ie\r4wdbee8\vnl1[1].exe
MD5                        : BCABA6F89B827DFD4A663EAAB5AF1109
Uitgever                   : -
Grootte                    : 5795266
Versie                     : 1.2.0.0
Detectie                   : RiskTool:Win32/BitCoinMiner
Actie                      : Quarantaine
Gerelateerde objecten      :
                Bestand - %systemroot%\.old\users\enrico\appdata\local\microsoft\windows\inetcache\ie\r4wdbee8\vnl1[1].exe
 
FinalInstaller_dotnet4[1].exe
Status                     : Gescand
Pad                        : %systemroot%\.old\users\enrico\appdata\local\microsoft\windows\inetcache\ie\fr4kgo0p\finalinstaller_dotnet4[1].exe
MD5                        : A3078153A7A53BFC0A7A0B8FD20D757A
Uitgever                   : -
Grootte                    : 3030016
Versie                     : 1.0.0.0
Detectie                   : Adware:Win32/Fortif.A!Crkl
Actie                      : Quarantaine
Gerelateerde objecten      :
                Bestand - %systemroot%\.old\users\enrico\appdata\local\microsoft\windows\inetcache\ie\fr4kgo0p\finalinstaller_dotnet4[1].exe
 
SilentInstaller_dotnet4[1].exe
Status                     : Gescand
Pad                        : %systemroot%\.old\users\enrico\appdata\local\microsoft\windows\inetcache\ie\mqmh8fne\silentinstaller_dotnet4[1].exe
MD5                        : C3E674FF10BC0C9F3BC899411D5D5FBC
Uitgever                   : -
Grootte                    : 321024
Versie                     : 0.5.0.6
Detectie                   : Adware:Win32/Generic!Etee
Actie                      : Quarantaine
Gerelateerde objecten      :
                Bestand - %systemroot%\.old\users\enrico\appdata\local\microsoft\windows\inetcache\ie\mqmh8fne\silentinstaller_dotnet4[1].exe
 
setupfa_4435[1].exe
Status                     : Gescand
Pad                        : %systemroot%\.old\users\enrico\appdata\local\microsoft\windows\inetcache\ie\mqmh8fne\setupfa_4435[1].exe
MD5                        : A6C58D144C1573F543B7227D4FA2CD6D
Uitgever                   : -
Grootte                    : 4912268
Versie                     : 3.0.2.8
Detectie                   : Malware:Win32/Tamaca!Eeme
Actie                      : Quarantaine
Gerelateerde objecten      :
                Bestand - %systemroot%\.old\users\enrico\appdata\local\microsoft\windows\inetcache\ie\mqmh8fne\setupfa_4435[1].exe
 
 
Schoonmaak resultaat
-------------------------------------------------------
Schoongemaakt                 : 14
Als veilig gerapporteerd      : 2
Mislukte objecten             : 0


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 14 June 2016 - 09:54 PM

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Minitoolbox scan.

 

 

Please download Minitoolbox and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.



#5 EnricoUniverse

EnricoUniverse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 15 June 2016 - 02:05 PM

I haven't had time to do these scans but what I did find out is that Malwarebytes blocks this Tradeadexchange website on ALL of my computers at home. It also seems like the only website where Malwarebytes has to block this website is on www.orlygift.com

 

If you have Malwarebytes can you please go to www.orlygift.com and check if Malwarebytes blocks this Tradeadexchange website on your computer too? So I can see if this is a problem on my side or the websites side. You have to disable AdBlock if you have that extension.



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 15 June 2016 - 02:48 PM

I have already had the trial of Malwarebytes on this machine, so I would not be able to help you there.



#7 EnricoUniverse

EnricoUniverse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 17 June 2016 - 01:48 PM

I found some time to do these scans. Some of these take very long haha. Are these logs helpful?
 
Malwarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scandatum: 17-6-2016
Scantijd: 18:13
Logboekbestand: AntiVirus.txt
Beheerder: Ja
 
Versie: 2.2.1.1043
Malware-database: v2016.06.17.04
Rootkit-database: v2016.05.27.01
Licentie: Premium
Malware-bescherming: Ingeschakeld
Bescherming tegen kwaadaardige websites: Ingeschakeld
Zelfbescherming: Uitgeschakeld
 
Besturingssysteem: Windows 10
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Enrico
 
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 295440
Verstreken tijd: 9 min, 52 sec
 
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
 
Processen: 0
(Geen kwaadaardige items gedetecteerd)
 
Modules: 0
(Geen kwaadaardige items gedetecteerd)
 
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
 
Registerwaarden: 0
(Geen kwaadaardige items gedetecteerd)
 
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
 
Mappen: 0
(Geen kwaadaardige items gedetecteerd)
 
Bestanden: 0
(Geen kwaadaardige items gedetecteerd)
 
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
 
 
(end)
 
ESET:
I didn't get a log because it couldn't find any infections.
 
Minitoolbox:

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Enrico (administrator) on 17-06-2016 at 20:43:29
Running from "C:\Users\Enrico\Downloads"
Microsoft Windows 10 Home  (X64)
Model: Alienware X51 R2 Manufacturer: Alienware
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
0.0.0.0 keystone.mwbsys.com
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
Dell Wireless 1506 802.11b/g/n (2.4GHz) = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-verbinding* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-verbinding* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : EnricoUniverse
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dynamic.ziggo.nl
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Dell Wireless 1506 802.11b/g/n (2.4GHz)
   Physical Address. . . . . . . . . : 48-5A-B6-44-64-43
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter LAN-verbinding* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1A-5A-B6-44-64-43
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : dynamic.ziggo.nl
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F8-BC-12-FE-4E-3C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7cf7:caf5:d677:67e8%5(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.178.15(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : vrijdag 17 juni 2016 20:40:48
   Lease Expires . . . . . . . . . . : vrijdag 17 juni 2016 21:40:48
   Default Gateway . . . . . . . . . : 192.168.178.1
   DHCP Server . . . . . . . . . . . : 192.168.178.1
   DHCPv6 IAID . . . . . . . . . . . : 167296018
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-EF-85-02-F8-BC-12-FE-4E-3C
   DNS Servers . . . . . . . . . . . : 89.101.251.228
                                       89.101.251.229
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter LAN-verbinding* 4:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:c44:b04:3f57:4df0(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::c44:b04:3f57:4df0%3(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 318767104
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-EF-85-02-F8-BC-12-FE-4E-3C
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.dynamic.ziggo.nl:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : dynamic.ziggo.nl
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  089-101-251228.ntlworld.ie
Address:  89.101.251.228
 
Name:    google.com
Addresses:  2a00:1450:400e:802::200e
 216.58.212.142
 
 
Pinging google.com [216.58.212.206] with 32 bytes of data:
Reply from 216.58.212.206: bytes=32 time=16ms TTL=56
Reply from 216.58.212.206: bytes=32 time=10ms TTL=56
 
Ping statistics for 216.58.212.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 16ms, Average = 13ms
Server:  089-101-251228.ntlworld.ie
Address:  89.101.251.228
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=132ms TTL=49
Reply from 98.139.183.24: bytes=32 time=132ms TTL=49
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 132ms, Maximum = 132ms, Average = 132ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  6...48 5a b6 44 64 43 ......Dell Wireless 1506 802.11b/g/n (2.4GHz)
  7...1a 5a b6 44 64 43 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...f8 bc 12 fe 4e 3c ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  3...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.178.1   192.168.178.15     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.178.0    255.255.255.0         On-link    192.168.178.15    276
   192.168.178.15  255.255.255.255         On-link    192.168.178.15    276
  192.168.178.255  255.255.255.255         On-link    192.168.178.15    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.178.15    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.178.15    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  3    306 2001::/32                On-link
  3    306 2001:0:9d38:6abd:c44:b04:3f57:4df0/128
                                    On-link
  5    276 fe80::/64                On-link
  3    306 fe80::/64                On-link
  3    306 fe80::c44:b04:3f57:4df0/128
                                    On-link
  5    276 fe80::7cf7:caf5:d677:67e8/128
                                    On-link
  1    306 ff00::/8                 On-link
  5    276 ff00::/8                 On-link
  3    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/17/2016 08:40:40 PM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: ekrn.exe, versie: 9.0.376.1, tijdstempel: 0x570dfc05
Naam van module met fout: combase.dll, versie: 10.0.10586.103, tijdstempel: 0x56a849ab
Uitzonderingscode: 0xc0000602
Foutmarge: 0x0000000000074e98
Id van proces met fout: 0x10e0
Starttijd van toepassing met fout: 0xekrn.exe0
Pad naar toepassing met fout: ekrn.exe1
Pad naar module met fout: ekrn.exe2
Rapport-id: ekrn.exe3
Volledige pakketnaam met fout: ekrn.exe4
Relatieve toepassings-id van pakket met fout: ekrn.exe5
 
Error: (06/14/2016 11:12:21 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (06/14/2016 10:12:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ENRICOUNIVERSE)
Description: Het pakket Microsoft.MicrosoftOfficeHub_17.7031.23501.0_x64__8wekyb3d8bbwe+Microsoft.MicrosoftOfficeHub is beëindigd omdat het onderbreken te lang duurde.
 
Error: (06/14/2016 08:24:11 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (06/13/2016 11:31:11 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
 
Error: (06/13/2016 10:08:10 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (06/13/2016 09:04:54 PM) (Source: Application Hang) (User: )
Description: Het programma Todoist.exe, versie 2.7.6.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.
 
Proces-id: 159c
 
Starttijd: 01d1c582aa1e95d6
 
Eindtijd: 4294967295
 
Toepassingspad: C:\Users\Enrico\AppData\Local\Todoist\WindowsDesktopApp\Todoist.exe
 
Rapport-id: b5083f64-3199-11e6-b9b4-f8bc12fe4e3c
 
Volledige pakketnaam met fout: 
 
Relatieve toepassings-id van pakket met fout:
 
Error: (06/13/2016 09:04:51 PM) (Source: Application Hang) (User: )
Description: Het programma Skype.exe, versie 7.24.0.104 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.
 
Proces-id: 1564
 
Starttijd: 01d1c58e9282d1b8
 
Eindtijd: 4294967295
 
Toepassingspad: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Rapport-id: b37c74dc-3199-11e6-b9b4-f8bc12fe4e3c
 
Volledige pakketnaam met fout: 
 
Relatieve toepassings-id van pakket met fout:
 
Error: (06/13/2016 06:39:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ENRICOUNIVERSE)
Description: Het pakket Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe+App is beëindigd omdat het onderbreken te lang duurde.
 
Error: (06/13/2016 06:14:37 PM) (Source: Microsoft Office 15) (User: )
Description: Application: firstrun.exe; IdentityType: LiveId; HasToken: 0; AutoOrgId: 0; Roaming: 0; SessionLicensing: 0; LvuxSqm: 0; SppReady: 0; CurrentHr: 0x803d0013; CorrelationId: {6A11B8B1-0F75-4CB9-B77A-49793BA64CC9}; OlsErrorCode: 0x9; CurrentProductReleaseId: O365ProPlusRetail; AllProductReleaseIds (from store): O365ProPlusRetail
 
 
System errors:
=============
Error: (06/17/2016 06:55:08 PM) (Source: Service Control Manager) (User: )
Description: De ESET Service-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist.
 
Error: (06/17/2016 12:06:29 AM) (Source: Service Control Manager) (User: )
Description: De User Data Access_164d38c-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (06/17/2016 12:06:29 AM) (Source: Service Control Manager) (User: )
Description: De User Data Storage_164d38c-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (06/17/2016 12:06:29 AM) (Source: Service Control Manager) (User: )
Description: De Contact Data_164d38c-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (06/17/2016 12:06:29 AM) (Source: Service Control Manager) (User: )
Description: De Host synchroniseren_164d38c-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (06/17/2016 12:06:29 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalActiveren{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar
 
Error: (06/16/2016 09:33:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalActiveren{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar
 
Error: (06/16/2016 08:09:41 PM) (Source: Service Control Manager) (User: )
Description: De Steam Client Service-service kan vanwege de volgende fout niet worden gestart: 
%%1053 = De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord.
 
 
Error: (06/16/2016 08:09:41 PM) (Source: Service Control Manager) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Steam Client Service.
 
Error: (06/16/2016 12:18:24 AM) (Source: Service Control Manager) (User: )
Description: De User Data Access_76627-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
 
Microsoft Office Sessions:
=========================
Error: (06/17/2016 08:40:40 PM) (Source: Application Error)(User: )
Description: ekrn.exe9.0.376.1570dfc05combase.dll10.0.10586.10356a849abc00006020000000000074e9810e001d1c8b91215d75eC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\WINDOWS\system32\combase.dll5e4da8cb-b3bb-4931-bd55-d7436e4d6f1d
 
Error: (06/14/2016 11:12:21 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (06/14/2016 10:12:02 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ENRICOUNIVERSE)
Description: Microsoft.MicrosoftOfficeHub_17.7031.23501.0_x64__8wekyb3d8bbwe+Microsoft.MicrosoftOfficeHub
 
Error: (06/14/2016 08:24:11 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
 
Error: (06/13/2016 11:31:11 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files\microsoft office 15\root\office15\lync.exe.Manifestc:\program files\microsoft office 15\root\office15\UccApi.DLL1
 
Error: (06/13/2016 10:08:10 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
 
Error: (06/13/2016 09:04:54 PM) (Source: Application Hang)(User: )
Description: Todoist.exe2.7.6.0159c01d1c582aa1e95d64294967295C:\Users\Enrico\AppData\Local\Todoist\WindowsDesktopApp\Todoist.exeb5083f64-3199-11e6-b9b4-f8bc12fe4e3c
 
Error: (06/13/2016 09:04:51 PM) (Source: Application Hang)(User: )
Description: Skype.exe7.24.0.104156401d1c58e9282d1b84294967295C:\Program Files (x86)\Skype\Phone\Skype.exeb37c74dc-3199-11e6-b9b4-f8bc12fe4e3c
 
Error: (06/13/2016 06:39:42 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ENRICOUNIVERSE)
Description: Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe+App
 
Error: (06/13/2016 06:14:37 PM) (Source: Microsoft Office 15)(User: )
Description: Application: firstrun.exe; IdentityType: LiveId; HasToken: 0; AutoOrgId: 0; Roaming: 0; SessionLicensing: 0; LvuxSqm: 0; SppReady: 0; CurrentHr: 0x803d0013; CorrelationId: {6A11B8B1-0F75-4CB9-B77A-49793BA64CC9}; OlsErrorCode: 0x9; CurrentProductReleaseId: O365ProPlusRetail; AllProductReleaseIds (from store): O365ProPlusRetail
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-06-17 19:02:30.276
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-15 19:44:49.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-14 22:00:46.880
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\System Recovery\Repair\Backup\00192303B4CE639C05573A6A4F108F8FA7D9FFDC.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-06-14 22:00:46.859
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\System Recovery\Repair\Backup\00192303B4CE639C05573A6A4F108F8FA7D9FFDC.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-06-14 22:00:42.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\System Recovery\Repair\Backup\004335F5F246028C757858CB3DDCE8AEBA5493D5.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-06-14 22:00:42.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\System Recovery\Repair\Backup\004335F5F246028C757858CB3DDCE8AEBA5493D5.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-06-14 21:59:55.086
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\System Recovery\Repair\Backup\00D1FC7E49F39A07FA8E5E07628550BCDF2585D8.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-06-14 21:59:55.059
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\System Recovery\Repair\Backup\00D1FC7E49F39A07FA8E5E07628550BCDF2585D8.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-06-14 21:59:27.710
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\System Recovery\Repair\Backup\056637BC00C75C0D006284A649054A6836A3E69A.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-06-14 21:59:27.695
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\System Recovery\Repair\Backup\056637BC00C75C0D006284A649054A6836A3E69A.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Dell System Detect (HKCU\...\58d94f3ce2c27db0) (Version: 7.6.0.4 - Dell)
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.43.1 - Dropbox, Inc.) Hidden
Epic Games Launcher (HKLM\...\{CB510119-C58D-4443-BD87-59B2D951F019}) (Version: 1.1.31.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes Anti-Malware versie 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0413-0000-0000000FF1CE}) (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Software voor Intel® Chipset-apparaten (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
Todoist (HKCU\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.7.6.0 - Doist Ltd.)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 63%
Total physical RAM: 6060.8 MB
Available physical RAM: 2206.17 MB
Total Virtual: 7724.8 MB
Available Virtual: 3259.18 MB
 
========================= Partitions: =====================================
 
1 Drive c: (ENRICOSTUFF) (Fixed) (Total:920.38 GB) (Free:637.22 GB) NTFS
2 Drive d: (RESOURCE_CD) (CDROM) (Total:1 GB) (Free:0 GB) CDFS
3 Drive e: (ENRICODINGE) (Removable) (Total:7.45 GB) (Free:5.11 GB) FAT32
4 Drive f: (ENRICOSTUFF) (Removable) (Total:14.95 GB) (Free:1.6 GB) FAT32
 
========================= Users: ========================================
 
Gebruikersaccounts voor \\ENRICOUNIVERSE
 
Administrator            DefaultAccount           Enrico                   
Gast                     
De opdracht is voltooid.
 
 
**** End of log ****
 
Securitycheck:
SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]
WebSite: www.safezone.cc
DateLog: 17.06.2016 20:44:20
Path starting: C:\Users\Enrico\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Enrico
VersionXML: 3.07is-14.06.2016
___________________________________________________________________________
 
Windows 10(6.3.10586) (x64) Core Lang: Dutch(0413)
Installation date OS: 12.06.2016 21:05:47
LicenseStatus: Office 15, OfficeO365ProPlusR_Subscription1 edition Timebased activation will expire :75155 minutes
LicenseStatus: Windows®, Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [920.4 Gb] Used: [283.2 Gb] Free: [637.2 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.420.10586.0 [+]
User Account Control enabled
Automatic download and scheduled installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware versie 2.2.1.1043 v.2.2.1.1043
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.20 (32-bit) v.5.20.0 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.24 v.7.24.104
------------------------------- [ Browser ] -------------------------------
Google Chrome v.51.0.2704.84
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.51.0.2704.84
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe v.2.3.173.0
MBAMScheduler (MBAMScheduler) - The service is running
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe v.3.1.7.0
MBAMService (MBAMService) - The service is running
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe v.3.2.21.0
Windows Defender Network Inspection Service (WdNisSvc) - The service is running
C:\Program Files\Windows Defender\MsMpEng.exe v.4.9.10586.0
C:\Program Files\Windows Defender\MpCmdRun.exe v.4.9.10586.0
C:\Program Files\Windows Defender\NisSrv.exe v.4.9.10586.0
C:\Program Files\Windows Defender\MSASCui.exe v.4.9.10586.0
Windows Defender Service (WinDefend) - The service is running
Windows Defender Network Inspection Service (WdNisSvc) - The service is running
ZAM Controller Service (ZAMSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------


#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 17 June 2016 - 03:53 PM

Are you still having issues? If so I would suggest that you reset your router to factory setting then let me know of any other issues.



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 18 June 2016 - 04:13 PM

Do you have the same www tradeadexchange com popups like I do?

 
You still having issues? Did you reset your router?

Edited by Queen-Evie, 18 June 2016 - 09:07 PM.
deleted quote by Golden-Boy and instruction to start his own topic. Not relevant after splitting logs from Golden-Boy to form new topic.


#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 18 June 2016 - 04:21 PM

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


#11 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:06:29 AM

Posted 18 June 2016 - 09:18 PM

Golden-Boy, your posts were split to form a new topic.

Link to your posts http://www.bleepingcomputer.com/forums/t/617683/computer-freezing-is-it-malware/

Please read the private message I sent you.

#12 EnricoUniverse

EnricoUniverse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 19 June 2016 - 05:12 AM

 

Do you have the same www tradeadexchange com popups like I do?

 
You still having issues? Did you reset your router?

 

I found out that the issues where not caused by my computer being infected but because of the website (www.orlygift.com) self. If you are on Google Chrome and you press F12 on that website and search for "tradeadexchange" you will see that the "virus" is linked inside of the code.

Thanks for the help anyway.



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 19 June 2016 - 02:20 PM

Ok, have a great day. :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users