Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Big malware problem


  • Please log in to reply
8 replies to this topic

#1 Scott633

Scott633

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 30 June 2016 - 04:07 PM

Good Evening,

My wife has downloaded some evil virus onto my fairly new laptop. I am a complete novice when I comes to this kind of thing. It is connecting to wifi, although not showing the network properly. but is not letting me onto the Internet.

Any help would be most appreciated

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 30 June 2016 - 07:46 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#3 Scott633

Scott633
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 01 July 2016 - 07:57 AM

Hi, without wanting to sound stupid, how can I download these if I can't get online? Download onto another terminal and put them on a USB stick?

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 01 July 2016 - 06:14 PM

Hi, without wanting to sound stupid, how can I download these if I can't get online? Download onto another terminal and put them on a USB stick?

 

 

Yes indeed. :)



#5 Scott633

Scott633
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 09 July 2016 - 06:54 AM

Hi, firstly i was unable to run the Adware removal tool and the zemanta deep scan program due to may apparent lack of internet access. My network is fine and it was internet access on the bottom right network icon.
 
Adwcleaner
 
# AdwCleaner v5.201 - Logfile created 09/07/2016 at 13:04:56
# Updated 30/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Local]
# Operating system : Windows 10 Home  (X64)
# Username : scott - DESKTOP-E368C17
# Running from : C:\Users\scott\Desktop\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum
 
***** [ Services ] *****
 
[-] Service Deleted : cherimoya
[-] Service Deleted : CltMngSvc
[-] Service Deleted : Orbiter
[-] Service Deleted : SMUpd
[-] Service Deleted : SMUpdd
[-] Service Deleted : TheCalendarService
[-] Service Deleted : MPCProtectService
[-] Service Deleted : MPCKpt
[-] Service Deleted : zdengine
[-] Service Deleted : CloudPrinter
[-] Service Deleted : ProntSpooler
[-] Service Deleted : zdwfp
[-] Service Deleted : backlh
[-] Service Deleted : zigipyro
[-] Service Deleted : Quoteex
[-] Service Deleted : pyvukedozbt
[!] Service Not Deleted : zigipyro
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\SearchModule
[-] Folder Deleted : C:\ProgramData\CloudPrinter
[-] Folder Deleted : C:\ProgramData\Logic Handler
[-] Folder Deleted : C:\ProgramData\Quoteex
[-] Folder Deleted : C:\ProgramData\Quoteexs
[-] Folder Deleted : C:\ProgramData\e97dd7af-1f53-1
[-] Folder Deleted : C:\ProgramData\e97dd7af-1f87-1
[-] Folder Deleted : C:\ProgramData\e97dd7af-2663-0
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[-] Folder Deleted : C:\Users\Public\Documents\Guid
[-] Folder Deleted : C:\Program Files (x86)\CalendarTool
[-] Folder Deleted : C:\Program Files (x86)\Max Driver Updater
[#] Folder Deleted : C:\Program Files (x86)\MPC Cleaner
[#] Folder Deleted : C:\Program Files (x86)\ORBTR
[-] Folder Deleted : C:\Program Files (x86)\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\SystemHealer
[-] Folder Deleted : C:\Program Files (x86)\CleanBrowser
[-] Folder Deleted : C:\Program Files (x86)\Hostify
[-] Folder Deleted : C:\Program Files (x86)\WeatherChickn
[-] Folder Deleted : C:\Program Files (x86)\sunnyday
[-] Folder Deleted : C:\Program Files (x86)\comoBoss
[-] Folder Deleted : C:\Program Files (x86)\52D95AA2-1467301724-E511-90AB-DC4A3ED57F2F
[#] Folder Deleted : C:\Program Files (x86)\sunnyday
[-] Folder Deleted : C:\Program Files (x86)\SunnyDay21
[#] Folder Deleted : C:\Program Files (x86)\SunnyDay21
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\CalendarTool
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\zdengine
[-] Folder Deleted : C:\Users\scott\AppData\Local\SearchProtect
[-] Folder Deleted : C:\Users\scott\AppData\Local\WikiZ
[-] Folder Deleted : C:\Users\scott\AppData\Local\WINTUNEPRO
[-] Folder Deleted : C:\Users\scott\AppData\Local\SunnyDay21
[-] Folder Deleted : C:\Users\scott\AppData\Local\52D95AA2-1467314782-E511-90AB-DC4A3ED57F2F
[-] Folder Deleted : C:\Users\scott\AppData\Local\csdi_monetize_220160630
[#] Folder Deleted : C:\Users\scott\AppData\Local\SunnyDay21
[-] Folder Deleted : C:\Users\scott\AppData\Local\tuto_monetize_120160630
[-] Folder Deleted : C:\Users\scott\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\scott\AppData\Roaming\CalendarTool
[-] Folder Deleted : C:\Users\scott\AppData\Roaming\WikiZ
[-] Folder Deleted : C:\Users\scott\AppData\Roaming\MCorp
[-] Folder Deleted : C:\Users\scott\AppData\Roaming\QuickCleaner
[-] Folder Deleted : C:\Users\scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage
[-] Folder Deleted : C:\Program Files\WebDiscoverBrowser
[-] Folder Deleted : C:\Program Files\Common Files\Noobzo
[-] Folder Deleted : C:\Users\scott\AppData\Local\app
[#] Folder Deleted : C:\Users\scott\AppData\Roaming\MCorp
[-] Folder Deleted : C:\uninst
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\ProgramData\smp2.exe
[-] File Deleted : C:\Users\Public\Desktop\MPC Cleaner.lnk
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk
[-] File Deleted : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
[-] File Deleted : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll
[-] File Deleted : C:\WINDOWS\AdBlock.exe
[-] File Deleted : C:\WINDOWS\systwin.exe
[-] File Deleted : C:\WINDOWS\SysWOW64\findit.xml
[-] File Deleted : C:\WINDOWS\SysWOW64\zdengineOff.ini
[-] File Deleted : C:\WINDOWS\SysWOW64\zdengine.dll
[-] File Deleted : C:\Users\scott\Desktop\Hostify.lnk
[-] File Deleted : C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pinhfkamckbogjgmbmdkdebbbpnmlaef_0.localstorage
[-] File Deleted : C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[-] File Deleted : C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[-] File Deleted : C:\WINDOWS\SysNative\zdengineOff.ini
[-] File Deleted : C:\WINDOWS\SysNative\zdengine64.dll
[-] File Deleted : C:\WINDOWS\SysNative\drivers\cherimoya.sys
[#] File Deleted : C:\WINDOWS\SysNative\drivers\MPCKpt.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\bsdpr64.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\bsdpf64.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\zdwfp64.sys
[#] File Deleted : C:\WINDOWS\AdBlock.exe
 
***** [ DLLs ] *****
 
[N] File Not Restored : C:\WINDOWS\System32\dnsapi.dll
[-] File Restored : C:\WINDOWS\SysWOW64\dnsapi.dll
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : snp
[-] Task Deleted : snf
[-] Task Deleted : SMW_P
[-] Task Deleted : AdBlock
[-] Task Deleted : VirusRemover
[-] Task Deleted : psv_Bamex
[-] Task Deleted : psv_Lamron
[-] Task Deleted : psv_TonZoolux
[-] Task Deleted : SMW_UpdateTask_Time_3735343431393335382d5737325a786c5a3237344541
[-] Task Deleted : YCMServiceAgent
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdengine
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPID\zdengine.EXE
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[-] Key Deleted : HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.bglog
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.DataContainer
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.DataContainer.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.DataController
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.DataController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.DataTable
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.DataTable.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.DataTableFields
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.DataTableFields.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.DataTableHolder
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.DataTableHolder.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.LSPLogic
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.LSPLogic.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.ReadOnlyManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.ReadOnlyManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.WFPController
[-] Key Deleted : HKLM\SOFTWARE\Classes\zdengineLib.WFPController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{25B1494D-230A-42CF-BBF6-EC73868D13DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{176F706B-5175-479C-A3DF-32420F6FB01A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{38BE2BE8-EB8E-41D1-9D94-3B1697094D47}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53C267B2-B01D-410F-A4DD-A32962EE55F4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8804A543-42D3-4D71-9685-B0243D5526F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0F322D5-6A13-4CAB-84CF-FABB5690618E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AC3E336C-B524-47F0-9AA2-5F67AA056086}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C68E9BB6-3DBD-4C4B-910B-C5D84A7EBB03}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F577A1BA-D82D-4BB2-8430-B767285D081D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FF03983-EAA6-4628-8E7C-387B2D4F8EF2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A71C84A-1CC4-4201-B037-C81CE118D66F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{432599E9-40CF-41E3-951A-E1E81B7B1D29}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D215707-3E74-4E0E-A078-2C95E1CDE233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9295785F-8C01-4ED3-9322-8BE5C17CA141}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B98E44C8-7BB7-4A4A-B8D2-60874CA109B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C656BCEB-6B19-4992-9975-D53CEA283356}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5AC4B9C-8EE4-48AD-A77E-1560AD886A0B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6914FD3-FD8E-45AD-8993-901E7B2759FD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0106905-0EDD-4F56-BDB5-890A1F6E8F47}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E26E880F-176C-4007-B2A7-B8F27621EC51}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E776B534-9402-4049-87C3-089EC0F54BAF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCFBBE24-2ADA-4D6E-A381-DEC6E3EAEE21}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{63492C58-6CD7-4FF7-8495-06A6869643EE}
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\System Healer
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\WebDiscoverBrowser
[-] Key Deleted : HKCU\Software\MICROSOFT\OTUT
[-] Key Deleted : HKCU\Software\Wizzlabs
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
[-] Key Deleted : HKCU\Software\mtQuoteex
[-] Key Deleted : HKCU\Software\AppDataLow\Software\WikiZ
[-] Key Deleted : HKLM\SOFTWARE\MPC
[-] Key Deleted : HKLM\SOFTWARE\MPC AdCleaner
[-] Key Deleted : HKLM\SOFTWARE\ORBTR
[-] Key Deleted : HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\SPPDCOM
[-] Key Deleted : HKLM\SOFTWARE\SUNNYDAY
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Key Deleted : HKLM\SOFTWARE\MIITS LLC
[-] Key Deleted : HKLM\SOFTWARE\mtQuoteex
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetStream 1.0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PopupProduct
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hostify_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherChickn
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\comoBoss_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SunnyDay21_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\CALENDARTOOL
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebDiscoverBrowser
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Restored : HKU\S-1-5-21-2230319907-1326115258-3964011827-1002\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-2230319907-1326115258-3964011827-1002\Software\Microsoft\Internet Explorer\Main [SearchAssistant]
[-] Data Restored : HKU\S-1-5-21-2230319907-1326115258-3964011827-1002\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKU\S-1-5-21-2230319907-1326115258-3964011827-1002\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{91BF3807-DC07-4BEE-86C3-ED469DC2EFD0}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6E17E9D1-E62D-4263-8B78-9A7E7E2926B2}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3345AD06-DEA3-412A-8C5F-CB8F91013159}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Value Deleted : HKU\S-1-5-21-2230319907-1326115258-3964011827-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-2230319907-1326115258-3964011827-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{16e53d06-7822-49d6-858a-05608b400aab} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1cb92161-e5e3-47d0-81aa-78a0afe73ff5} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{26f93847-4458-42ce-9597-95860aab2535} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6db0c6fe-b959-425f-a8cf-9207daf1076e} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7326f506-5140-4113-bf0e-1bad357602eb} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{878c1643-c0be-11e5-a99e-806e6f6e6963} [NameServer]
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cadburygiftsdirect561507900e30a.inpref.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cadburygiftsdirect561507900e30a.inpref.com
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [usun.exe]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Caster]
[#] Value Deleted : HKU\S-1-5-21-2230319907-1326115258-3964011827-1002\Software\Microsoft\Windows\CurrentVersion\Run [Caster]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [comoBoss]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [AdBlock2]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WINCOMVES]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WINCOMSKI]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WINCOMO32]
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ProntSpooler
 
***** [ Web browsers ] *****
 
[-] [C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
[-] [C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com
[-] [C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M5B5732B2-9546-45E4-AA70-A89332A4F767&SearchSource=55&CUI=&UM=8&UP=SP2FA0646F-D5CF-4D0B-9C20-7209EABE2DB5&D=063016&SSPV=
[-] [C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M5B5732B2-9546-45E4-AA70-A89332A4F767&SearchSource=58&CUI=&UM=8&UP=SP2FA0646F-D5CF-4D0B-9C20-7209EABE2DB5&D=063016&q={searchTerms}&SSPV=
[-] [C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M5B5732B2-9546-45E4-AA70-A89332A4F767&SearchSource=55&CUI=&UM=8&UP=SP2FA0646F-D5CF-4D0B-9C20-7209EABE2DB5&D=063016&SSPV=
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [18979 bytes] - [09/07/2016 13:04:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [22833 bytes] - [09/07/2016 12:59:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [19127 bytes] ##########
 
JRT Scan
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by scott (Administrator) on 09/07/2016 at 13:14:34.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 6 
 
Failed to delete: C:\Program Files (x86)\mpc cleaner (Folder) 
Successfully deleted: C:\Users\Public\Desktop\mpc cleaner.lnk (Shortcut) 
Successfully deleted: C:\Users\scott\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Users\scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\search.lnk (Shortcut) 
Successfully deleted: C:\WINDOWS\prefetch\AVAST_FREE_ANTIVIRUS_SETUP_ON-742CC9DC.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\DRIVERQUERY.EXE-2F0BA7CB.pf (File) 
 
 
 
Registry: 4 
 
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\MPCKpt (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{268C0441-B11C-4D9D-953C-7ECD8481CCE5} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{268C0441-B11C-4D9D-953C-7ECD8481CCE5} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/07/2016 at 13:18:34.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ZHP

~ ZHPCleaner v2016.8.13.324 by Nicolas Coolman (2015/08/13)
~ Run by scott (Administrator) (09/07/2016 13:33:05)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : No network file
~ Type : Repair
~ Report : C:\Users\scott\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\scott\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 10586)


---\\ Services (1)
CLOSED : BsUpdate =>PUP.Optional.SoftwareUpdater


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (1)
~ The hosts file is legitimate (41)


---\\ Scheduled automatic tasks. (1)
DELETED task: [bvyvbvyf] [C:\Users\scott\AppData\Local\bvyvbvyf\bvyvbvyf.exe (Not File) ] =>Heuristic.Graftor


---\\ Explorer ( File, Folder) (12)
MOVED file: C:\Users\scott\AppData\Roaming\Dalting.exe =>PUP.Optional.Pirrit
MOVED file: C:\Users\scott\AppData\Roaming\Yearlam.exe =>PUP.Optional.Pirrit
MOVED file: C:\WINDOWS\System32\Tasks\bvyvbvyf =>Heuristic.Graftor
MOVED file: C:\Windows\Prefetch\COMBROADCASTER-RECOVER.EXE-687BE21A.pf =>PUP.Optional.EORezo
MOVED file: C:\Windows\Prefetch\COMBROADCASTER-RECOVER.TMP-6F915D36.pf =>PUP.Optional.EORezo
MOVED folder: C:\Users\scott\Documents\Updater =>PUP.Optional.Generic
MOVED folder: C:\WINDOWS\Installer\MSIADA5.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIBC2C.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIBD18.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIBDC5.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIBE81.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID549.tmp- =>Empty


---\\ Registry ( Key, Value, Data) (2)
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\BsUpdate ["C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe" (Not File)] =>PUP.Optional.SoftwareUpdater
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F357B544-0EFE-4AA2-A5D1-0E2460388CB3} [Linkury] =>PUP.Optional.Linkury


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 729
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 16


~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-09072016-13_33_24.txt
ZHPCleaner-[s]-09072016-13_32_30.txt

#6 Scott633

Scott633
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 09 July 2016 - 06:55 AM

I've obviously had to copy these onto an external hard drive and use another laptop to post them on here. This laptop is on the same laptop as the problem laptop.

#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 11 July 2016 - 04:23 AM

Sorry for the delay, you still need help?



#8 Scott633

Scott633
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 11 July 2016 - 07:55 AM

Yes please. My laptop is connected to my wifi. I know the wifi is working as other items are connected. On the task bar it says internet access, however there is no connectivity- all the browsers say no internet connection. I've tried to fiddle and compare to my other laptop and notice that IPv4 connectivity says not connected. Any help would be greatly appreciated. I'm quite the novice with the more technical aspect of computers.

#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 11 July 2016 - 04:33 PM

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users