Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus removed connected to internet 0 access though


  • Please log in to reply
14 replies to this topic

#1 Keganh

Keganh

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 28 July 2016 - 06:43 PM

Windows 7 Realtek pcie gbe family controller
I removed some adware then poof no Internet 100% this computer already tried netsh winsock reset. Feel like it has to do with host files. Btw doing this from phone so bare with me lol.
I attached 3 files that might help you :). Picture is of ipconfig. Any help is appreciated

Attached Files


Edited by hamluis, 29 July 2016 - 07:35 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Keganh

Keganh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 29 July 2016 - 07:00 PM

Still need help

#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:58 AM

Posted 31 July 2016 - 08:33 AM

Try doing a system restore.  Use a date prior to the date you went after the adware.  At this point I'm more concerned about reestablishing the ability to get online as you will need to be able to download specific tools to search for malware or other nasties.

 

What did you use to remove the adware?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 Keganh

Keganh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 31 July 2016 - 12:22 PM

Adware cleaner. Tried restoring to a few points and all of them failed. I believe this was a variant of the shopperz Trojan and i already removed the fake dnsapi file and what seems like most of the persistent registry. I can use my phone to xfer txt logs and programs needed as well.

#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:58 AM

Posted 31 July 2016 - 01:03 PM

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  
 
mbam1_zps98e7fba9.png
 
3)  Click on Settings, you will see a image like the one below.
 
malware%20settings_zpsixkea5sd.png
 
When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits
 
4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.
 
5)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.
 
 

 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log.
 
Post this in your topic.
 
 

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.
 
If there are no malicious programs are found you will receive the following message.
 
adwcleaner%20111_zpsiduqrrrp.png
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.



Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 31 July 2016 - 01:04 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Keganh

Keganh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 31 July 2016 - 01:46 PM

Doing what I can add I can't do the online scan and Kaspersky had its options in parameters changed.

How do I post the logs seeing as I don't have Internet and phones can't open Txt files?

Edited by Keganh, 31 July 2016 - 02:05 PM.


#7 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:04:58 AM

Posted 31 July 2016 - 02:21 PM

I didn't want to suggest this because it's better to fix the problem(malware) then work around it, but maybe it will help you atleast get online. Try resetting the host files, or see if they are even there. See here for instructions. Another work around might be to create another user account on the PC, however that might have side effects if infected by malware.

 

As for sending files, does your phone and computer have bluetooth? If so, try this?


Edited by Trikein, 31 July 2016 - 02:24 PM.


#8 Keganh

Keganh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 31 July 2016 - 02:29 PM

I have the log files on my phone but phones can not open .Txt files so I can not paste them here as requested I would have to upload them somewhere which was my request aso to where. Already replaced my host file to defaulthe. I still get an error saying local host is blocked from fss though

Edited by Keganh, 31 July 2016 - 03:12 PM.


#9 Keganh

Keganh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 31 July 2016 - 04:41 PM

I used Malwarebytes then the Kaspersky then adware cleaner which is all I can do as no internet and all 3 came back with 0 infections threats etc. But still no internet access. Already did sfc scan now after all 3 aswell. This was a shoppers or variant of infection of that helps and the whole FSS coming up with local host is being blocked

Edited by Keganh, 31 July 2016 - 04:48 PM.


#10 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:04:58 AM

Posted 31 July 2016 - 05:27 PM

Sorry, I haven't done malware removal in 5+ years so you would be better served waiting for dc3. I just wanted to chime in the resetting idea. In order to go further, I think you need to find some way to post the logs. Can you upload them to google drive or something else then share a link? Can you email them to me and I copy/paste? Tecknowhelp at gmail dot com if interested. Let me know here if you send them so I know to check.


Edited by Trikein, 31 July 2016 - 05:32 PM.


#11 Keganh

Keganh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 31 July 2016 - 05:34 PM

Well all 3 logs requested are completely blank as I removed it all prior to posting. Regedit keys etc. The only log that I can post that has useful info is the fss log which just states:
Attempt to access local host returned error local host blocked other error Lan connected
Attempt to access Google up error:other error
Same for Google. Com and yahoo. Com

Oh and file check : about 20 files all digitally signed and that's it lol

But yes I can throw them on Google Drive. I'll get the logs again and throw them up

Edited by Keganh, 31 July 2016 - 05:38 PM.


#12 Keganh

Keganh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 31 July 2016 - 05:47 PM

https://drive.google.com/folderview?id=0B7y2s2Q4Vff8ek9uZjdnWVJJTVk

There is the folder with all the requested files

#13 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:04:58 AM

Posted 31 July 2016 - 06:27 PM

First, let me state what log entry I saw that made me suggest host file reset;

 

Error: (07/28/2016 07:17:55 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (07/28/2016 07:15:24 PM) (Source: ISCT Agent) (User: )

Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

 

Here are logs found on drive linked above.

 

LOG 1

AdwCleaner[C7].txt

Details

Activity

No recorded activity

Your work is being synced to this computer so you can edit offline with Docs, Sheets, Slides or Drawings.

LEARN MORE

CHANGE SETTINGS

 

 

# AdwCleaner v5.201 - Logfile created 31/07/2016 at 18:41:01

# Updated 30/06/2016 by ToolsLib

# Database : 2016-06-30.2 [Server]

# Operating system : Windows 7 Ultimate Service Pack 1 (X64)

# Username : Kegan - KEGAN-PC

# Running from : E:\Kegan\Desktop\AdwCleaner.exe

# Option : Clean

# Support : https://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

 

***** [ Files ] *****

 

 

***** [ DLLs ] *****

 

 

***** [ WMI ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Kegan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com

[-] [C:\Users\Kegan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

 

*************************

 

:: "Tracing" keys deleted

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C1].txt - [6521 bytes] - [26/07/2016 09:56:20]

C:\AdwCleaner\AdwCleaner[C2].txt - [2046 bytes] - [28/07/2016 18:52:36]

C:\AdwCleaner\AdwCleaner[C3].txt - [1717 bytes] - [31/07/2016 11:39:18]

C:\AdwCleaner\AdwCleaner[C4].txt - [2283 bytes] - [31/07/2016 15:04:14]

C:\AdwCleaner\AdwCleaner[C5].txt - [2287 bytes] - [31/07/2016 16:55:33]

C:\AdwCleaner\AdwCleaner[C6].txt - [2444 bytes] - [31/07/2016 17:28:05]

C:\AdwCleaner\AdwCleaner[C7].txt - [1384 bytes] - [31/07/2016 18:41:01]

C:\AdwCleaner\AdwCleaner[R0].txt - [18518 bytes] - [31/07/2015 18:25:38]

C:\AdwCleaner\AdwCleaner[S0].txt - [18196 bytes] - [31/07/2015 18:27:28]

C:\AdwCleaner\AdwCleaner[S10].txt - [2028 bytes] - [31/07/2016 17:38:23]

C:\AdwCleaner\AdwCleaner[S11].txt - [2316 bytes] - [31/07/2016 18:40:05]

C:\AdwCleaner\AdwCleaner[S1].txt - [6758 bytes] - [26/07/2016 09:55:21]

C:\AdwCleaner\AdwCleaner[S2].txt - [1768 bytes] - [28/07/2016 18:34:51]

C:\AdwCleaner\AdwCleaner[S3].txt - [1841 bytes] - [28/07/2016 18:52:12]

C:\AdwCleaner\AdwCleaner[S4].txt - [1536 bytes] - [31/07/2016 11:38:43]

C:\AdwCleaner\AdwCleaner[S5].txt - [2085 bytes] - [31/07/2016 15:03:45]

C:\AdwCleaner\AdwCleaner[S6].txt - [2095 bytes] - [31/07/2016 16:53:27]

C:\AdwCleaner\AdwCleaner[S7].txt - [1926 bytes] - [31/07/2016 16:57:13]

C:\AdwCleaner\AdwCleaner[S8].txt - [2258 bytes] - [31/07/2016 17:25:13]

C:\AdwCleaner\AdwCleaner[S9].txt - [1953 bytes] - [31/07/2016 17:30:49]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [2410 bytes] ##########

 
LOG 2

 

 

Text

FSS.txt

Details

Activity

No recorded activity

Your work is being synced to this computer so you can edit offline with Docs, Sheets, Slides or Drawings.

LEARN MORE

CHANGE SETTINGS

 

 

Farbar Service Scanner Version: 27-01-2016

Ran by Kegan (administrator) on 31-07-2016 at 18:28:45

Running from "E:\Kegan\Desktop"

Microsoft Windows 7 Ultimate  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

LAN connected.

Attempt to access Google IP returned error. Other errors

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo.com returned error: Other errors

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

 

 

System Restore:

============

 

System Restore Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

 

LOG 3
mbar scan.txt
Details
Activity
No recorded activity
Your work is being synced to this computer so you can edit offline with Docs, Sheets, Slides or Drawings.
LEARN MORE
CHANGE SETTINGS
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/31/2016
Scan Time: 6:33 PM
Logfile: mbar scan.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kegan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403226
Time Elapsed: 5 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Warn
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#14 Keganh

Keganh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 31 July 2016 - 06:29 PM

Thank you! Btw I added 1 more log from about 5 days ago of stuff I already deleted can you do that one too? Same folder. I already replaced my host file with a default one though. Maybe I got permissions or something wrong.

The registry in the new logs were ones that I had to bendure under system installer permissions to delete

Edited by Keganh, 31 July 2016 - 06:30 PM.


#15 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:04:58 AM

Posted 31 July 2016 - 10:04 PM

Sorry, family called. Here all other logs I can access. I don't have a reader for enc1 files. Kaspersky log? Also, I might be able to write a script that would automatically download, strip to plain text, and upload to a test BC account. Just brainstorming the security precautions required.

 

LOG 4

 

RogueKiller V12.4.0.0 [Jul 18 2016] (Free) by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/download/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Kegan [Administrator]

Started from : E:\Kegan\Desktop\RogueKiller.exe

Mode : Scan -- Date : 07/26/2016 10:08:57

 

¤¤¤ Processes : 5 ¤¤¤

[Suspicious.Path] TeamViewer_Service.exe(1932) -- E:\Kegan\temp\TeamViewer\Version7\TeamViewer_Service.exe[7] -> Found

[Suspicious.Path] TeamViewer.exe(2988) -- E:\Kegan\temp\TeamViewer\Version7\TeamViewer.exe[7] -> Found

[Suspicious.Path] tv_w32.exe(2924) -- E:\Kegan\temp\TeamViewer\Version7\tv_w32.exe[7] -> Found

[Suspicious.Path] tv_x64.exe(2948) -- E:\Kegan\temp\TeamViewer\Version7\tv_x64.exe[7] -> Found

[Suspicious.Path] (SVC) TeamViewer7 -- E:\Kegan\temp\TeamViewer\Version7\TeamViewer_Service.exe[x] -> Found

 

¤¤¤ Registry : 6 ¤¤¤

[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{08ACFB57-8187-47f0-AF93-56360D03634A} -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TeamViewer7 (E:\Kegan\temp\TeamViewer\Version7\TeamViewer_Service.exe) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TeamViewer7 (E:\Kegan\temp\TeamViewer\Version7\TeamViewer_Service.exe) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TeamViewer7 (E:\Kegan\temp\TeamViewer\Version7\TeamViewer_Service.exe) -> Found

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 1 ¤¤¤

[Tr.DnsPatcher][File] C:\Windows\SysWOW64\dnsapi.dll -> Found

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ADATA SSD S510 120GB +++++

--- User ---

[MBR] 11d5a9900cd4379a888f2f182a01208b

[BSP] 63364ea083a282823584af7b7845d5e4 : Legit.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: ST1000DL002-9TT153 +++++

--- User ---

[MBR] b0ef6ff112f0f5396b52599550a38d7d

[BSP] 28576e224df9dbb345881480bf56d28c : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK

 

LOG 5

 

Zoek.exe v5.0.0.1 Updated 27-09-2015

Tool run by Kegan on Sun 07/31/2016 at 20:26:03.35.

Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64

Running in: Normal Mode No Internet Access Detected

Launched: E:\Kegan\Desktop\zoek.exe [Scan all users] [Script inserted] 

 

==== System Restore Info ======================

 

7/31/2016 8:28:08 PM Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\7af43c85-630a-4ced-8b56-816f28f8dbd9 deleted successfully

C:\PROGRA~2\InterLok deleted successfully

C:\PROGRA~2\Setup Support for Registry Booster deleted successfully

C:\PROGRA~2\COMMON~1\Overwolf deleted successfully

C:\Program Files\HitmanPro deleted successfully

C:\PROGRA~3\Hi-Rez Studios deleted successfully

C:\PROGRA~3\HitmanPro deleted successfully

C:\PROGRA~3\Insight Software deleted successfully

C:\PROGRA~3\K773 deleted successfully

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully

C:\Users\Kegan\AppData\Roaming\Awesomium deleted successfully

C:\Users\Kegan\AppData\Roaming\Malwarebytes deleted successfully

C:\Users\Kegan\AppData\Roaming\Publish Providers deleted successfully

C:\Users\Kegan\AppData\Local\CrashDumps deleted successfully

C:\Users\Kegan\AppData\Local\EmieBrowserModeList deleted successfully

C:\Users\Kegan\AppData\Local\EmieSiteList deleted successfully

C:\Users\Kegan\AppData\Local\EmieUserList deleted successfully

C:\Users\Kegan\AppData\Local\lisa deleted successfully

C:\Users\Kegan\AppData\Local\MEGAsync deleted successfully

C:\Users\Kegan\AppData\Local\PACE Anti-Piracy deleted successfully

C:\Users\Kegan\AppData\Local\Skype deleted successfully

C:\Users\Kegan\AppData\Local\VirtualStore deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Batch Command(s) Run By Tool======================

 

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\7af43c85-630a-4ced-8b56-816f28f8dbd9 not found

C:\PROGRA~2\InterLok not found

C:\PROGRA~2\Setup Support for Registry Booster not found

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found

C:\Users\Kegan\AppData\Roaming\WB.CFG deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} deleted

"C:\Users\Kegan\AppData\Roaming\LSS\.sdr" deleted

"C:\Users\Kegan\AppData\Roaming\Verizon\BinaryDB.db" deleted

"C:\Users\Kegan\AppData\Roaming\LSS" deleted

"C:\Users\Kegan\AppData\Roaming\Verizon" deleted

 

==== Firefox Extensions ======================

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Kegan\AppData\Roaming\Mozilla\Firefox\Profiles\x2omswrb.default-1462194417042

6D657ABADF217DBB17CF0A0AF44A7E29 - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll - Nexon Game Controller

 

 

==== Fake Chromium Profiles Check ======================

 

Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted

 

==== Chromium Look ======================

 

Google Chrome Version: 46.0.2490.86

 

 

 

==== Chromium Fix ======================

 

C:\Users\Kegan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.cmptch.com_0.localstorage-journal deleted successfully

C:\Users\Kegan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage-journal deleted successfully

C:\Users\Kegan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully

C:\Users\Kegan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.runescape.com_0.localstorage-journal deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Kegan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

C:\Users\Kegan\AppData\Local\Mozilla\Firefox\Profiles\x2omswrb.default-1462194417042\cache2 emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\Kegan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=11 folders=4 15514 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Guest\AppData\Local\Temp emptied successfully

C:\Users\Kegan\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Kegan\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Sun 07/31/2016 at 20:36:46.62 ======================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users