Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very paranoid over ransomware, could use educated opinions


  • Please log in to reply
8 replies to this topic

#1 weremole

weremole

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 05 August 2016 - 09:50 PM

Hello, my system is Windows 8.1
So I've had those Indian "Windows" scammers calling with a few months apart. It stunk fishy emmediately, I did my research and I know how the scam works so no control over my computer has been lended over.

But I'm still worried since it's the second call.
I've run Avast and Spybot repeated times and found nothing. I checked things out with Hijackthis (will post the log) and in searching for one of the filenames online in my paranoia I clicked a link that was connected to a worm that Avast immediately intercepted. I also scanned with Spybot right after and found nothing besides ad stuff and cookies (to my knowledge)

Here is the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 04:06:34, on 2016-08-06
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Tablet\Wacom\32\WacomDesktopCenter.exe
C:\Users\Daniel\AppData\Local\Dropbox\Update\DropboxUpdate.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ASUS\APRP\aprp.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Daniel\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Daniel\AppData\Roaming\uTorrent\updates\3.4.5_41162.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - Startup: Dropbox.lnk = Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service: AvrcpService - Realtek Semiconductor Corporation - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe
O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 11986 bytes

Spybot Search and Destroy:
Search results from Spybot - Search & Destroy

2016-08-06 04:05:23
Scan took 00:23:52.
6 items found.

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Daniel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MW5BNM5M\skype.com\#ui\preferences.sol
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54
Properties.size=220
Properties.md5=AA507A08D623902B8683C3E5741120F6
Properties.filedate=1470454162
Properties.filedatetext=2016-08-06 03:29:22

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Microsoft Management Console\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

Cookie: [SBI $49804B54] Browser: Cookie (8) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

Cache: [SBI $49804B54] Browser: Cache (53) (Browser: Cache, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

History: [SBI $49804B54] Browser: History (10) (Browser: History, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54


--- Spybot - Search & Destroy version: 2.6.44.134 DLL (build: 20160321) ---

2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2016-03-21 SDCleaner.exe (2.6.44.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2016-03-21 SDImmunize.exe (2.6.44.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2016-03-21 SDScan.exe (2.6.44.181)
2014-06-24 SDScript.exe (2.4.40.54)
2016-03-21 SDSettings.exe (2.6.44.141)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2016-05-02 spybotsd2-install-iefreezefix.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2016-08-05 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2016-03-21 DelZip192.dll (1.9.2.132)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2015-03-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2016-03-21 SDScanLibrary.dll (2.6.44.134)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2016-08-03 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-29 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2015-12-23 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2016-08-03 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2016-06-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2016-07-06 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2016-08-03 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2016-07-27 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2016-08-03 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

For good measure ADWcleaner:
# AdwCleaner v5.201 - Logfile created 06/08/2016 at 04:30:41
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-04.3 [Server]
# Operating system : Windows 8.1 (X64)
# Username : Daniel - DANIEL
# Running from : D:\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_bmplayer-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_uhytajrtpo-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_uhytajrtpo-a.akamaihd.net_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2304 bytes] - [06/08/2016 00:19:33]
C:\AdwCleaner\AdwCleaner[C2].txt - [1198 bytes] - [06/08/2016 04:30:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [2064 bytes] - [06/08/2016 00:17:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [1316 bytes] - [06/08/2016 04:29:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1417 bytes] ##########

Also in installing Spybot or using ADWCleaner my Microsoft Defender was turned off.
Spybot also seemed to place a lot of Windows system files in quarantee in the two times I ran it before the link clicking incident.

[i] 16-08-06 00:15:32
[i] 16-08-06 00:15:32 Product Macromedia.FlashPlayer.Cookies
[+] 16-08-06 00:15:32 Moving into quarantine C:\Users\Daniel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MW5BNM5M\skype.com\#ui\preferences.sol
[+] 16-08-06 00:15:32 Successfully cleaned C:\Users\Daniel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MW5BNM5M\skype.com\#ui\preferences.sol
[i] 16-08-06 00:15:32
[i] 16-08-06 00:15:32 Product FastClick
[+] 16-08-06 00:15:32 Moving into quarantine Cookie (Internet Explorer (User): Daniel)Cookie:daniel@fastclick.net/ ()
[+] 16-08-06 00:15:33 Successfully cleaned Cookie (Internet Explorer (User): Daniel)Cookie:daniel@fastclick.net/ ()
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product CasaleMedia
[+] 16-08-06 00:15:33 Moving into quarantine Cookie (Internet Explorer (User): Daniel)Cookie:daniel@casalemedia.com/ ()
[+] 16-08-06 00:15:33 Successfully cleaned Cookie (Internet Explorer (User): Daniel)Cookie:daniel@casalemedia.com/ ()
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product DoubleClick
[+] 16-08-06 00:15:33 Moving into quarantine Cookie (Internet Explorer (User): Daniel)Cookie:daniel@doubleclick.net/ ()
[+] 16-08-06 00:15:33 Successfully cleaned Cookie (Internet Explorer (User): Daniel)Cookie:daniel@doubleclick.net/ ()
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product MediaPlex
[+] 16-08-06 00:15:33 Moving into quarantine Cookie (Internet Explorer (User): Daniel)Cookie:daniel@mediaplex.com/ ()
[+] 16-08-06 00:15:33 Successfully cleaned Cookie (Internet Explorer (User): Daniel)Cookie:daniel@mediaplex.com/ ()
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product Internet Explorer
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Internet Explorer\TypedURLs
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Internet Explorer\TypedURLs
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product MS Management Console
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Microsoft Management Console\Recent File List
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Microsoft Management Console\Recent File List
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product MS Media Player
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product MS DirectDraw
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product MS DirectInput
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\DirectInput\MostRecentApplication\Name
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\DirectInput\MostRecentApplication\Id
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\DirectInput\MostRecentApplication\Name
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\DirectInput\MostRecentApplication\Id
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product MS Regedit
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product Windows.OpenWith
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CST\OpenWithList
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CST\OpenWithList
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product Windows Explorer
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product Windows Media SDK
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product WinRAR
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\WinRAR\ArcHistory
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\WinRAR\General\LastFolder
[+] 16-08-06 00:15:33 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\WinRAR\DialogEditHistory\ExtrPath
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\WinRAR\ArcHistory
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\WinRAR\General\LastFolder
[+] 16-08-06 00:15:33 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\WinRAR\DialogEditHistory\ExtrPath
[i] 16-08-06 00:15:33
[i] 16-08-06 00:15:33 Product Cookie
[+] 16-08-06 00:15:33 Moving into quarantine Internet Explorer (User) (Daniel)Cookies
[+] 16-08-06 00:15:34 Successfully cleaned Internet Explorer (User) (Daniel)Cookies
[i] 16-08-06 00:15:34
[i] 16-08-06 00:15:34 Product Cache
[+] 16-08-06 00:15:34 Moving into quarantine Internet Explorer (User) (Daniel)Cache
[+] 16-08-06 00:15:40 Successfully cleaned Internet Explorer (User) (Daniel)Cache
[i] 16-08-06 00:15:40
[i] 16-08-06 00:15:40 Product History
[+] 16-08-06 00:15:40 Moving into quarantine Internet Explorer (User) (Daniel)History
[+] 16-08-06 00:15:40 Moving into quarantine Google Chrome (Default)History
[+] 16-08-06 00:15:40 Successfully cleaned Internet Explorer (User) (Daniel)History
[+] 16-08-06 00:15:41 Successfully cleaned Google Chrome (Default)History
[i] 16-08-06 00:15:41
[i] 16-08-06 00:15:41 Summary
[i] 16-08-06 00:15:41 Errors while cleaning 0
[i] 16-08-06 00:15:41 Files moved into quarantine 36
[i] 16-08-06 00:15:41 Files successfully cleaned 36


[i] 16-08-06 04:05:28
[i] 16-08-06 04:05:28 Product Macromedia.FlashPlayer.Cookies
[+] 16-08-06 04:05:28 Moving into quarantine C:\Users\Daniel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MW5BNM5M\skype.com\#ui\preferences.sol
[+] 16-08-06 04:05:28 Successfully cleaned C:\Users\Daniel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MW5BNM5M\skype.com\#ui\preferences.sol
[i] 16-08-06 04:05:28
[i] 16-08-06 04:05:28 Product MS Management Console
[+] 16-08-06 04:05:28 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Microsoft Management Console\Recent File List
[+] 16-08-06 04:05:28 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Microsoft Management Console\Recent File List
[i] 16-08-06 04:05:28
[i] 16-08-06 04:05:28 Product Windows Explorer
[+] 16-08-06 04:05:28 Moving into quarantine HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+] 16-08-06 04:05:28 Successfully cleaned HKEY_USERS\S-1-5-21-376529667-1385047027-2335158986-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i] 16-08-06 04:05:28
[i] 16-08-06 04:05:28 Product Cookie
[+] 16-08-06 04:05:28 Moving into quarantine Internet Explorer (User) (Daniel)Cookies
[+] 16-08-06 04:05:28 Successfully cleaned Internet Explorer (User) (Daniel)Cookies
[i] 16-08-06 04:05:28
[i] 16-08-06 04:05:28 Product Cache
[+] 16-08-06 04:05:28 Moving into quarantine Internet Explorer (User) (Daniel)Cache
[+] 16-08-06 04:05:28 Successfully cleaned Internet Explorer (User) (Daniel)Cache
[i] 16-08-06 04:05:28
[i] 16-08-06 04:05:28 Product History
[+] 16-08-06 04:05:28 Moving into quarantine Internet Explorer (User) (Daniel)History
[+] 16-08-06 04:05:28 Successfully cleaned Internet Explorer (User) (Daniel)History
[i] 16-08-06 04:05:28
[i] 16-08-06 04:05:28 Summary
[i] 16-08-06 04:05:28 Errors while cleaning 0
[i] 16-08-06 04:05:28 Files moved into quarantine 6
[i] 16-08-06 04:05:28 Files successfully cleaned 6

My computer is working fine otherwise and the only performance issue has been red and purple screen artifacts when running Photoshop that was simply a cause of me using a tiny scratch disk.
I would be ever so greatful to shine some light on this or anything else that might be wrong.

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. Due to the inclusion of a HiJack This Log with topic. ~ Animal

BC AdBot (Login to Remove)

 


#2 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 08 August 2016 - 06:18 PM

Welcome to Bleeping Computer weremole,

 

The logs you posted really shows nothing amiss. Maybe a little security software overkill, in fact, with both Spybot and Malwarebytes.

 

Open HijackThis again

 

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.


Edited by Jintan, 08 August 2016 - 06:19 PM.

Ad eundum quo no duck ante iit

#3 weremole

weremole
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 09 August 2016 - 01:52 AM

That is such a relief. I backed up all work files and reformatted anyway however. I do have a habit of making things dificult for myself. But I gather I'm only loosing a day or so reinstalling everything.

 

To make sure what programs I should keep or not I'll still post a Hijackthis log. My factory settings involve a trial version of McAfee wich will run out in time. I also have Malwarebytes Anti Exploit alongside it,

 

???
????
Adobe Creative Cloud
Adobe Photoshop CC 2015.5
Adobe Reader XI (11.0.17) - Svenska
Alcor Micro USB Card Reader Driver 
ASUS Launcher
ASUS Manager
ASUS Manager - Ai Booting
ASUS Manager - Ai Charger II
ASUS Manager - Backup & Recovery
ASUS Manager - PC Cleanup
ASUS Manager - Power Manager
ASUS Manager - Update
ASUS Music Maker
ASUSDVD
ASUSDVD
AsusVibe2.0
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink PhotoDirector 3
CyberLink PhotoDirector 3
CyberLink PowerDirector 10
D3DX10
eManual
Firebird SQL Server - MAGIX Edition
Fotogalerie
Fotogalleriet
Fotograf Galerisi
Galeria de Fotografias
Galería de fotos
Galerie de photos
Google Chrome
Google Update Helper
Intel® Management Engine Components
McAfee Internet Security
McAfee WebAdvisor
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23918
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23918
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
Movie Maker
MSVCRT
MSVCRT110
MSXML 4.0 SP3 Parser
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Photo Common
Photo Common
Photo Common
Photo Common
Photo Common
Photo Common
Photo Common
Photo Common
Photo Common
Photo Common
Photo Common
Photo Common
Photo Common
Photo Common
Photo Common
Photo Gallery
Photo Gallery
Photo Gallery
Photo Gallery
Photo Gallery
Raccolta foto
REALTEK Bluetooth Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
S?????? f?t???af???
Valokuvavalikoima
WebStorage
Windows Live
Windows Live ???
Windows Live ???
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Liven peruspaketti


#4 weremole

weremole
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 10 August 2016 - 09:38 AM

So everything seems fine and I've struggled greatly getting all the Windows updates in line to have my software running (never thought I'd say this but i wished I had Windows 10 so a reset wheren't half a decade behind). Today I had a thing where my Google adress bar ridrected to Yahoo. I kept calm and scanned with everything. JRT picked up an added registry file line and fixed it. I ran RKill in safe mode and found nothing except Windows Defender was turned off, but I have MCAfee so that's understandable I gather. I also went into the Hosts file and deleted an extra ",1" something had put there.

 

I guess I'll post a more recent log.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:35:41, on 2016-08-10
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Users\Daniel\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
O23 - Service: AvrcpService - Realtek Semiconductor Corporation - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe
O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Service Installer TrueKey (InstallerService) - Unknown owner - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel® Biometric and Context Agent Service (IntelBCAsvc) - Intel® Corporation - C:\Program Files\Intel\BCA\pabeSvc64.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
O23 - Service: McAfee Boot Delay Start Service (McBootDelayStartSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Intel Security PEF Service (PEFService) - Intel Security, Inc. - C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: Intel Security True Key Helper Service (TrueKeyServiceHelper) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 12781 bytes


#5 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 13 August 2016 - 03:45 PM

I surely apologize. I do not come here as often as I should, and expected I would get an email notification if a reply was made.

 

I suggest you uninstall these two:

 

McAfee WebAdvisor - Gives incorrect advice.
McAfee Security Scan - Only scans, so useless.

 

Then just open HijackThis again

 

In HijackThis, click Config - Misc Tools. Scroll down, and click "Uninstall HijackThis" to finish things up.


Ad eundum quo no duck ante iit

#6 weremole

weremole
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 13 August 2016 - 07:16 PM

No problem. Thank you for putting up with my neurosis. Alright, that McAfee stuff is gone. However there is however no HijackThis uninstall to click on.and it doesn't exist in the Add/Remove Program Manager drop down.



#7 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 14 August 2016 - 06:05 PM

Sounds okay then. I might mention the first thing anyone should do is save any files (documents, pictures etc.) to an external drive. Get them out of harms way, Though ransomware pretty much is luck of the draw often, and really not as often as one might think, best to be safe. If the hard drive dies, you already have saved your important files.


Ad eundum quo no duck ante iit

#8 weremole

weremole
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 15 August 2016 - 12:33 PM

Got you covered. My paranoia have one bonus, I always back up everything.

 

Thank you for putting up with me.



#9 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 15 August 2016 - 01:33 PM

Glad to provide some reassurance. :thumbup2:


Ad eundum quo no duck ante iit




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users