Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with potential Trojan


  • Please log in to reply
3 replies to this topic

#1 Blocky858

Blocky858

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 24 July 2016 - 05:41 AM

Hello. I am in need of some assistance/guidance on an issue I have. 

 

A few nights ago, I was going about my usual business online, when all of a sudden a bar appeared on the top of my screen. The bar read "Netbar" and had an apparent URL search box, along with a reload button, back button, etc. I minimized my browser, but it seemed permanently entrenched there, as there was no exit button visible, and it was messing with the resolution of my monitor and such. I took to the web, searching about this.

 

Apparently, this was a very dangerous trojan that can wreck my PC. All the sites I went to recommended me downloading SpyHunter. I downloaded it, and did a scan, which came back with a large amount of results. However, it required me to pay a large sum of money in order to remove them, and I don't have access to that kind of money currently. So, I just exited out of SpyHunter, worried and disappointed.

 

Evidently, I was just able to open task manager and stop the NetBar process, which made it disappear. At the end of the night, nothing bad had happened, so I went to bed. The next day, I was experiencing some internet connectivity issues. Whether this and NetBar are connected, I do not know. The bar that had appeared the night before had not been there in the morning. However, I went to the control panel and found that Netbar was listed in the uninstall list, so of course, I uninstalled it.

 

I scanned with Windows Defender, and that came up with nothing of note. The websites I had been to though, had warned that NetBar was not detectable through conventional anti-virus software, and also was not uninstallable, as it roots itself into your PC's registry.

 

Yet, a few days have passed and Netbar has not appeared again. My computer has been running normally, but my internet seems to keep having trouble connecting, a problem it previously did not have prior to the appearance of Netbar. Tonight, I was browsing around when my internet kept going out randomly, and that's when I started searching more about it.

 

I found a topic on this forum criticizing SpyHunter, saying that it uses false positives and false advertising among other things. The thing about all the websites I visited, though, searching for info about Netbar, all were big supporters of Spyhunter, offering it as the only choice on how to remove the program.

 

So, I decided to sign up and make a thread here about it. I have been distressed about this, as the sites I visited say it can ruin your PC, steal personal information, and the like. 

 

However, I have not seen anything about it on any other site other than supporters of Spyhunter, and after reading about the deceitfulness about the company, I now wonder whether this is a trick by them in order to try and try and get people to pay to remove things that aren't that dangerous...

 

...Or if it is an actual virus that is a serious threat.

 

I don't know if anyone else has ever heard of this "NetBar" but if anyone could shed some light on it, I would appreciate it.

 

If it turns out to be a false claim made by supporters by Spyhunter in order to create profit, and is actually just a harmless program that I already dealt with, I would be happy.

If it turns out to be an actual extremely dangerous virus as I have been lead to believe, PLEASE tell me how to remove it, as Windows Defender & Malwarebytes have both failed at detecting it.

 

Thanks.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 24 July 2016 - 06:31 AM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply

 

NoBot Scan.

 

  • Please download NoBot.
  • Save it to your desktop.
  • Right Click Run As Administrator.
  • Then click the scan button.
  • Allow completion.
  • Then hit file button.
  • Scan Logs.
  • Double click the log and post it here.


#3 Blocky858

Blocky858
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 24 July 2016 - 04:19 PM



 

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.

  • Double click on adwcleaner.exe to run the tool.

  • Click on Scan button.

  • When the scan has finished click on Clean button.

  • Your computer will be rebooted automatically. A text file will open after the restart.

  • Please post the contents of that logfile with your next reply.

  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.

  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.

  • The tool will open and start scanning your system.

  • Please be patient as this can take a while to complete depending on your system's specifications.

  • On completion, a log is saved to your desktop and will automatically open.

  • Please post the JRT log.

  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply

 

NoBot Scan.

 

  • Please download NoBot.

  • Save it to your desktop.

  • Right Click Run As Administrator.

  • Then click the scan button.

  • Allow completion.

  • Then hit file button.

  • Scan Logs.

  • Double click the log and post it here.

 

 

Here is what I got...

 

ADW Cleaner Scan:
 
# AdwCleaner v5.201 - Logfile created 24/07/2016 at 16:37:12
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-24.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Harrison - HARRISON-PC
# Running from : C:\Users\Harrison\Downloads\adwcleaner_5.201.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\ytd video downloader
[#] Folder Deleted : C:\ProgramData\Application Data\ytd video downloader
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\Users\Harrison\AppData\Roaming\Solvusoft
[-] Folder Deleted : C:\Users\Harrison\AppData\Local\CEF
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk
[-] File Deleted : C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\Harrison\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Solvusoft
[-] Key Deleted : HKCU\Software\GreenTree Applications\YTD
[-] Key Deleted : HKLM\SOFTWARE\Solvusoft
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1897 bytes] - [24/07/2016 16:37:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [2135 bytes] - [24/07/2016 16:36:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2043 bytes] ##########
 
JRT Scan:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by Harrison (Administrator) on Sun 07/24/2016 at 16:42:20.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Harrison\AppData\Local\nico mak computing (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/24/2016 at 16:43:22.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Adware Removal Scan:
 
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
 
Adware Removal Tool 5.1
Time: 2016_07_24_16_44_57
OS: Windows 10 Home - x64 Bit
Account Name: Harrison
Adware Definition: 07232016
Elapsed time: 04:11
Scan Status:- Automatic Done
 
\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\
 
File Found : Adware.Youndoo : C:\Users\Harrison\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage
File Found : Adware.Youndoo : C:\Users\Harrison\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal
File Found : Adware.Youndoo : C:\Users\Harrison\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage
File Found : Adware.Youndoo : C:\Users\Harrison\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal
 
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
 
Adware Removal Tool 5.1
Time: 2016_07_24_16_44_57
OS: Windows 10 Home - x64 Bit
Account Name: Harrison
Adware Definition: 07232016
Elapsed time: 04:11
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
[-] Deleted ->> File ->> C:\Users\Harrison\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage
 
[-] Deleted ->> File ->> C:\Users\Harrison\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal
 
[-] Deleted ->> File ->> C:\Users\Harrison\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage
 
[-] Deleted ->> File ->> C:\Users\Harrison\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal
 
ZHP Cleaner Scan:
 
~ ZHPCleaner v2016.8.13.324 by Nicolas Coolman (2015/08/13)
~ Run by Harrison (Administrator)  (24/07/2016 16:59:48)
~ State version : Version KO
~ Type : Repair
~ Report : C:\Users\Harrison\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Harrison\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 10586)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (21)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (33)
MOVED file: C:\Users\Harrison\AppData\Roaming\abracadabra_2105.exe    =>PUP.Optional.Pirrit
MOVED file: C:\Users\Harrison\AppData\Roaming\NetBar.exe [Copyright ©  2016 - Installer]  =>PUP.Optional.Pirrit
MOVED file: C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage    =>PUP.Optional.Generic
MOVED file: C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal    =>PUP.Optional.Generic
MOVED file: C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lucky-patcher.en.uptodown.com_0.localstorage    =>PUP.Optional.UpToDown
MOVED file: C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lucky-patcher.en.uptodown.com_0.localstorage-journal    =>PUP.Optional.UpToDown
MOVED folder: C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>PUP.Optional.DomaIQ
MOVED folder: C:\WINDOWS\Installer\MSI17FF.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI234F.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2351.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI3129.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI352A.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI44F3.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI49D4.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4EF6.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI57C9.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI65CE.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6648.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6F7E.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI73D3.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI74D0.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI81F7.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI84DE.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI84F.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9412.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9BA5.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIA2D8.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC4C8.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC6BD.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID31B.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID574.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIE66D.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIF708.tmp-  =>Empty
 
 
---\\  Registry ( Key, Value, Data) (1)
DELETED key*: HKCU\Software\NetBar []  =>PUP.Optional.Pirrit
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 680
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 34
 
 
~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-24072016-16_59_55.txt
ZHPCleaner-[S]-24072016-16_59_18.txt
 
Zemana AntiMalware Scan:
 
Zemana AntiMalware 2.21.2.139 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/7/24
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-3450 CPU @ 3.10GHz
BIOS Mode              : Legacy
CUID                   : 125A521D7072FC3881D1D9
Scan Type              : Deep Scan
Duration               : 7m 37s
Scanned Objects        : 415292
Detected Objects       : 5
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
SoftProvide.exe
Status             : Scanned
Object             : %programfiles%\softprovide\softprovide.exe
MD5                : D840F7F659687020BA85C7F3CC13DB74
Publisher          : -
Size               : 502784
Version            : 1.0.0.0
Detection          : Malware:Win32/Blackoat.A!Ecrk
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\softprovide\softprovide.exe
                Process - 2368 - C:\Program Files (x86)\Softprovide\SoftProvide.exe
                Registry Entry - HKLM\System\CurrentControlSet\Services\SoftProvide\ImagePath = "C:\Program Files (x86)\Softprovide\SoftProvide.exe"
 
abracadabra_2105.exe
Status             : Scanned
Object             : %appdata%\zhp\quarantine\abracadabra_2105.exe
MD5                : ED042CE9A26106B4A413EA7062CBE11A
Publisher          : OOO RM Engineering
Size               : 1210456
Version            : 5.7.9.4
Detection          : Adware:Win32/Quarand!Lkit
Cleaning Action    : Quarantine
Related Objects    :
                File - %appdata%\zhp\quarantine\abracadabra_2105.exe
 
NetBar.exe
Status             : Scanned
Object             : %appdata%\zhp\quarantine\netbar.exe
MD5                : 9BF7D8FA5919AB697C32B8EEE5649222
Publisher          : OOO RM Engineering
Size               : 2042704
Version            : 1.0.0.0
Detection          : Malware:Win32/Quarand!Lkit
Cleaning Action    : Quarantine
Related Objects    :
                File - %appdata%\zhp\quarantine\netbar.exe
 
a[1].exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\inetcache\ie\x3nfdehe\a[1].exe
MD5                : 5A16F04972E6020EEEEDEA1B470FA2E5
Publisher          : -
Size               : 1167221
Version            : -
Detection          : Adware:Win32/Tamaca!Ekir
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\inetcache\ie\x3nfdehe\a[1].exe
 
Installer.exe
Status             : Scanned
Object             : %programfiles%\netbar\installer.exe
MD5                : 9BF7D8FA5919AB697C32B8EEE5649222
Publisher          : OOO RM Engineering
Size               : 2042704
Version            : 1.0.0.0
Detection          : Malware:Win32/Quarand!Lkit
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\netbar\installer.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 5
Reported as safe      : 0
Failed                : 0
 
NoBot Scan:
 
-----------------------------------------------------------
' Build Version: 1.0.1.4
' Operating System: Microsoft Windows NT 6.2.9200.0
' Scan Started By: Harrison
' Log Created: 7/24/2016 5:15:00 PM
-----------------------------------------------------------
 
====================-(Scan Summary)-===================
 
Files Scanned: 67
Files Found: 1
Registry Items Scanned: 55
Registry Items Found: 1
 
Total Objects Found: 2
 
 
====================-(User Options)-==================
*Checked Suspicious File Paths*
*Scanned Registry Startup*
 
====================-(Files Found)-===================
 
C:\Users\Harrison\AppData\Local\Discord\app-0.0.292\Discord.exe
 
===============-(Registry Items Found)-===============
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run=Discord
 
==================-(Files Scanned)-=================
 
C:\Users\Harrison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files (x86)\BitX\bitxsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\conhost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Users\Harrison\Downloads\NoBot.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\dwm.exe
C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\svchost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\svchost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Users\Harrison\AppData\LocalLow\lpm.dat
C:\Users\Harrison\AppData\LocalLow\rbxcsettings.rbx
C:\Users\Harrison\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Users\Harrison\AppData\Local\IconCache.db
C:\Users\Harrison\AppData\Local\IconCache.db.backup


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 24 July 2016 - 08:46 PM

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Minitoolbox scan.

 

 

Please download Minitoolbox and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users