Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some trouble with trotux


  • Please log in to reply
7 replies to this topic

#1 jamievoom

jamievoom

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 29 September 2016 - 11:40 AM

.. a novel by Dr. Seuss.

 

Hey everyone! Posting here for the first time, I hope someone can help me out as I'm at the point of wanting to rip my hair out with frustration. I ended up being caught out by the trotux virus earlier today. With the advice of people online I downloaded and ran both Malwarebytes Anti-Malware and ADWCleaner which detected malware and removed it. Also, I uninstalled the trotax programme I found in my list of installed programmes in the control panel. However.. it's still there.

 

When I click to open Chrome, it opens on the trotax home page but also opens it in a seperate window to where I clicked. (I can't quite explain that bit so I attached a screenshot below). 

 

I am not signed in on this (what I assume is) fake chrome as I'm cautious of entering my login details but I have tried to reset the settings on this fake chrome with no luck. Any help is appreciated! Thanks everybody

Attached Files


Edited by hamluis, 29 September 2016 - 11:54 AM.
Moved from MRL to Am I infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:10:18 PM

Posted 29 September 2016 - 12:04 PM

Hello! My name is The Codesee, nice to meet you  :)
 
Please follow the steps below:
 
:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox
  • Select the items below and press go
  • Post the log in your next reply
    • List Installed Programs
    • List Restore Points
    • List last 10 Event Viewer log
    • Flush DNS

:step2: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open called checkup.txt.
  • Post the log in your next reply

:step3: Please download TFC (Temp File Cleaner) to your desktop

  • Close all open applications
  • Double click TFC
  • Click the start button and the program will run
  • When done, press OK to restart your computer

Logs I expect in your next reply:

  • MiniToolBox Log
  • Security Check Log


#3 jamievoom

jamievoom
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 29 September 2016 - 12:25 PM

Thanks so much!

 



 

MiniToolBox by Farbar  Version: 17-06-2016

Ran by Jamie (administrator) on 29-09-2016 at 18:20:34
Running from "C:\Users\Jamie\Downloads"
Microsoft Windows 8.1  (X64)
Model: LIFEBOOK A512 Manufacturer: FUJITSU
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/29/2016 03:54:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 44203
 
Error: (09/29/2016 03:54:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 44203
 
Error: (09/29/2016 03:54:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/29/2016 03:53:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28578
 
Error: (09/29/2016 03:53:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28578
 
Error: (09/29/2016 03:53:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/29/2016 03:53:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14391
 
Error: (09/29/2016 03:53:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14391
 
Error: (09/29/2016 03:53:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/29/2016 03:45:59 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1398
 
Start Time: 01d21a5f755ba96c
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 69ad1149-8653-11e6-8306-681729c3e40b
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (09/29/2016 06:19:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2016 06:19:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2016 05:24:14 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2016 05:24:14 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2016 05:20:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2016 05:20:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2016 05:19:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2016 05:19:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2016 05:16:45 PM) (Source: BTHUSB) (User: )
Description: The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.
 
Error: (09/29/2016 05:14:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (09/29/2016 03:54:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 44203
 
Error: (09/29/2016 03:54:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 44203
 
Error: (09/29/2016 03:54:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/29/2016 03:53:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28578
 
Error: (09/29/2016 03:53:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28578
 
Error: (09/29/2016 03:53:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/29/2016 03:53:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14391
 
Error: (09/29/2016 03:53:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14391
 
Error: (09/29/2016 03:53:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/29/2016 03:45:59 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20911139801d21a5f755ba96c4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe69ad1149-8653-11e6-8306-681729c3e40bmicrosoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-09-29 15:58:45.718
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-29 15:58:45.186
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-29 15:58:41.688
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-29 15:58:41.055
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-29 15:57:56.052
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-29 15:57:55.572
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-29 15:57:54.591
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-29 15:57:54.100
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-29 15:57:53.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-29 15:57:52.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.6.42178 - BitTorrent Inc.)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.411.108 - ALPS ELECTRIC CO., LTD.)
Any Audio Converter 5.8.8 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
Any Video Converter 5.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Anytime USB Charge Utility (HKLM\...\{A794229E-401E-44D4-A8B5-B21E975676DE}) (Version: 3.0.0.0 - FUJITSU LIMITED) Hidden
Anytime USB Charge Utility (HKLM-x32\...\InstallShield_{A794229E-401E-44D4-A8B5-B21E975676DE}) (Version: 3.0.0.0 - FUJITSU LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (HKLM\...\{A3E10CD4-8B55-404F-8AEE-9BB74B631E2C}) (Version: 16.111.7797 - AVG Technologies) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.101.2.40207 - AVG Technologies)
AVG 2016 (HKLM\...\{2A1503C0-5384-41F2-998C-B846187FA18F}) (Version: 16.0.4656 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.111.7797 - AVG Technologies)
AVG Zen (HKLM\...\{5A842DD0-1FE5-4699-B40A-2B3F3CCC51B1}) (Version: 1.101.4 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version:  - )
Celtx (2.9.1) (HKLM-x32\...\Celtx (2.9.1)) (Version: 2.9.1 (en-US) - Greyfirst)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5505.02 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3223.0 - CyberLink Corp.)
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.15.0134 - Fujitsu Technology Solutions)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.9.201 - Cast & Crew Production Software, LLC)
FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1221.6 - Sonix)
FMW 1 (HKLM\...\{1C3364DF-40B5-4DA4-9810-652A9A792FB1}) (Version: 1.132.1 - AVG Technologies) Hidden
Fujitsu BIOS Driver (HKLM\...\{7292FFCF-FA9A-4585-AB80-A71961F931AF}) (Version: 1.1.1.0 - FUJITSU LIMITED) Hidden
Fujitsu BIOS Driver (HKLM-x32\...\InstallShield_{7292FFCF-FA9A-4585-AB80-A71961F931AF}) (Version: 1.1.1.0 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (HKLM\...\{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED)
Fujitsu System Extension Utility (HKLM\...\{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.6.0.0 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.6.0.0 - FUJITSU LIMITED)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gramblr (HKCU\...\Gramblr) (Version: 1.0.0 - Gramblr)
Instant Eyedropper 1.75 (HKLM-x32\...\Instant Eyedropper_is1) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.20.1447 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
LIFEBOOK Application Panel (HKLM\...\{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.5.3.0 - FUJITSU LIMITED) Hidden
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.5.3.0 - FUJITSU LIMITED)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Multi Access Internet Security (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Plugfree NETWORK (HKLM\...\{35007EF6-5255-49C9-B0E7-C08052EE6663}) (Version: 7.1.001 - FUJITSU LIMITED) Hidden
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 7.1.0.1 - FUJITSU LIMITED)
Pointing Device Utility (HKLM\...\{DDC49774-40B9-47AE-9C63-5569C08C4082}) (Version: 2.1.0.0 - FUJITSU LIMITED) Hidden
Pointing Device Utility (HKLM-x32\...\InstallShield_{DDC49774-40B9-47AE-9C63-5569C08C4082}) (Version: 2.1.0.0 - FUJITSU LIMITED)
Power Saving Utility (HKLM\...\{CB0EA768-62F2-450E-88BC-74182237F564}) (Version: 43.0.0.0 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\InstallShield_{CB0EA768-62F2-450E-88BC-74182237F564}) (Version: 43.0.0.0 (00.002) - FUJITSU LIMITED)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
SILKYPIX Developer Studio 3.0 LE (HKLM-x32\...\{7F3487F5-E4FA-4A28-8196-6C9F785BC638}) (Version: 3 - Ichikawa Soft Laboratory) Hidden
SILKYPIX Developer Studio 3.0 LE (HKLM-x32\...\InstallShield_{7F3487F5-E4FA-4A28-8196-6C9F785BC638}) (Version: 3 - Ichikawa Soft Laboratory)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - FUJITSU LIMITED (FUJ02B1) System  (06/26/2013 1.23) (HKLM\...\068FEFD9ECB0E04D17792AACEDA1D0A43CD7F82C) (Version: 06/26/2013 1.23 - FUJITSU LIMITED)
Windows Driver Package - FUJITSU LIMITED (FUJ02E3) System  (07/02/2013 1.30.1.0) (HKLM\...\39B67640DB636F6D78D660BE574C0C5DC39D08CF) (Version: 07/02/2013 1.30.1.0 - FUJITSU LIMITED)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wireless Radio Switch Driver (HKLM\...\{13031CDF-00D2-4FCE-AB13-8430D8733574}) (Version: 1.1.0.0 - FUJITSU LIMITED) Hidden
Wireless Radio Switch Driver (HKLM-x32\...\InstallShield_{13031CDF-00D2-4FCE-AB13-8430D8733574}) (Version: 1.1.0.0 - FUJITSU LIMITED)
========================= Restore Points ==================================
 
14-09-2016 10:09:03 Windows Update
21-09-2016 21:22:00 Windows Update
29-09-2016 12:38:27 Scheduled Checkpoint
 
**** End of log ****
 

 

2.

 


 

Results of screen317's Security Check version 1.014 --- 12/23/15  

   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
AVG AntiVirus Free Edition           
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Google Chrome (52.0.2743.116) 
 Google Chrome (53.0.2785.116) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#4 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:10:18 PM

Posted 29 September 2016 - 12:43 PM

Peer to Peer (P2P) Warning
 
You currently have µTorrent installed - this can be a huge contributor to infecting computers. Ransomware is also known to be spread through P2P file transfers. I highly recommend you remove µTorrent or at-least until your computer is clean.
 
Multiple Antivirus Softwares
 
According to your logs, you have three antivirus programs installed: Windows Defender, AVG Anti-Virus and McAfee Anti-Virus and Anti-Spyware. It's not recommended to have multiple antivirus programs as they often conflict with each other. 
 
Please choose one of these antivirus programs to keep and uninstall the rest by refering to the correct links below:

:step1: Please uninstall some programs
 
There's currently some programs on your PC that we need to remove. Press the Windows + R key on your keyboard and type in appwiz.cpl and press enter. Navigate to each of the following below one-by-one and click uninstall:

  • µTorrent

:step2: Please download Malwarebytes Anti-Malware to your desktop

  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log:

  • On the Malwarebytes Anti-Malware dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

:step3: Please download AdwCleaner to your desktop

  • Double click adwcleaner_x.xxx.exe.
  • If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once your computer's restarted, a log should appear.
  • Please post this in your next reply.

:step4: Please download Junkware Removal Tool to your desktop

  • Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.

:step5: Please update Java from the URL below
 
https://java.com/en/download/
 
Logs I expect in your next reply:

  • Malwarebytes Log
  • AdwCleaner Log
  • Junkware Removal Tool (JRT) Log

Please also update me on the status of the computer


Edited by The_Codesee, 29 September 2016 - 12:44 PM.


#5 jamievoom

jamievoom
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 29 September 2016 - 02:27 PM

Thank you!! I've uninstalled uTorrent and the additional virus softwares. The problem persists. 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 29/09/2016
Scan Time: 19:36
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.09.29.10
Rootkit Database: v2016.09.26.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Jamie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313280
Time Elapsed: 30 min, 8 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

# AdwCleaner v6.020 - Logfile created 29/09/2016 at 20:14:24

# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-28.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Jamie - JAMIE
# Running from : C:\Users\Jamie\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [5913 Bytes] - [29/09/2016 15:48:02]
C:\AdwCleaner\AdwCleaner[C2].txt - [798 Bytes] - [29/09/2016 20:14:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [5402 Bytes] - [29/09/2016 15:46:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [1263 Bytes] - [29/09/2016 20:08:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1016 Bytes] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.8 (09.20.2016)
Operating System: Windows 8.1 x64 
Ran by Jamie (Administrator) on 29/09/2016 at 20:21:34.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 6 
 
Successfully deleted: C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File) 
Successfully deleted: C:\windows\prefetch\AACFREE.EXE-6EEDB529.pf (File) 
Successfully deleted: C:\windows\prefetch\AVCFREE.EXE-D8E19FB3.pf (File) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/09/2016 at 20:26:07.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#6 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:10:18 PM

Posted 29 September 2016 - 02:31 PM

Please try resetting Chrome: https://support.google.com/chrome/answer/3296214?hl=en-GB



#7 jamievoom

jamievoom
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 29 September 2016 - 02:35 PM

Done! It opens as mentioned in the first post, unfortunately.  :smash:



#8 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:10:18 PM

Posted 29 September 2016 - 02:42 PM

:step1: Please download Revo Uninstaller to your desktop

  1. Double click revosetup.exe and follow the on-screen instructions.
  2. When the installation has completed, launch Revo Uninstaller.
  3. From the list of programs, select 'Google Chrome' and click uninstall.
  4. After a system restore point has been created, the programs default uninstaller will run.
  5. After the program has been uninstalled, select 'Advanced' from the scanning modes list 

30kf338.png

      6. Revo Uninstaller will now scan your computer for any left over files or registry entries relating to the program.

      7. When the leftover registry entries are displayed, click 'select all' and then 'delete' then press next.

      8. Follow instruction number 7 for when the leftover files and folders are displayed.

 

wkke4g.png

 

Then reinstall Chrome from the following URL: https://www.google.com/chrome/browser/desktop/index.html


Edited by The_Codesee, 29 September 2016 - 02:42 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users