Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some form of adware?


  • Please log in to reply
5 replies to this topic

#1 rbereb

rbereb

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 04 October 2016 - 06:10 AM

Hello, I just got surprised with this weird adware. At least I think it's just adware.
Basically what it does is it randomly loads up Chrome (while before there were no chrome processes running) and redirects it to random ad websites. All the redirect links look something like this.

rrXIxed.png
I've dealt with adware before but they were easy to spot. Afraid to leave my pc running for a virus scan, wrote this in a hurry before going to school. Not sure what to do with this.. any ideas?



BC AdBot (Login to Remove)

 


#2 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:11:29 PM

Posted 04 October 2016 - 10:29 AM

Hello! My name is The Codesee, nice to meet you   :)
 
Please follow the steps below:
 
:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox
  • Select the items below and press go
  • Post the log in your next reply
    • List Installed Programs
    • List Restore Points
    • List last 10 Event Viewer log
    • Flush DNS

:step2: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open called checkup.txt.
  • Post the log in your next reply

:step3: Please download TFC (Temp File Cleaner) to your desktop

  • Close all open applications
  • Double click TFC
  • Click the start button and the program will run
  • When done, press OK to restart your computer

Logs I expect in your next reply:

  • MiniToolBox Log
  • Security Check Log


#3 rbereb

rbereb
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 04 October 2016 - 05:35 PM

Hello :) thank you for your response!
Logs below, running TFC right after posting this
Not sure how else to post this, so I apologize in advance for the wall of text

MTB log:
 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by RikkieB (administrator) on 04-10-2016 at 17:49:02
Running from "C:\Users\RikkieB\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: MS-7850 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/04/2016 05:41:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2016 05:38:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (10/04/2016 05:01:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2016 04:42:11 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18163 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a24
 
Start Time: 01d21e4d720abba3
 
Termination Time: 3
 
Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE
 
Report Id: b77d3250-8a40-11e6-9b4d-d8cb8a37f2a5
 
Error: (10/04/2016 04:15:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2016 09:56:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2016 03:26:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/03/2016 03:26:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/03/2016 03:13:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2016 09:27:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/04/2016 05:42:56 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (10/04/2016 05:42:56 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (10/04/2016 05:40:40 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/04/2016 05:39:40 PM) (Source: Service Control Manager) (User: )
Description: The Unsigned Themes service terminated with the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (10/04/2016 05:39:37 PM) (Source: Service Control Manager) (User: )
Description: The uxpatch service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
 
Error: (10/04/2016 05:39:37 PM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWow64\drivers\uxpatch.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (10/04/2016 05:38:53 PM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (10/04/2016 05:38:42 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (10/04/2016 05:38:40 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (10/04/2016 05:38:39 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
 
Microsoft Office Sessions:
=========================
Error: (10/04/2016 05:41:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2016 05:38:55 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (10/04/2016 05:01:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2016 04:42:11 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.181631a2401d21e4d720abba33C:\Program Files\Internet Explorer\IEXPLORE.EXEb77d3250-8a40-11e6-9b4d-d8cb8a37f2a5
 
Error: (10/04/2016 04:15:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2016 09:56:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2016 03:26:28 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Root\Office16\UccApi.DLL1
 
Error: (10/03/2016 03:26:28 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Root\Office16\UccApi.DLL1
 
Error: (10/03/2016 03:13:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2016 09:27:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.5 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.1 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Auto Clicker v2.2 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 2.2 - MurGee.com)
Auto Mouse Click v13.1 (HKLM-x32\...\{F5E3859D-0720-41F0-BAF5-4CBCDFD8F406}_is1) (Version: 13.1 - MurGee.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.1.7.5658 - BlueStack Systems, Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Cave Story+ (HKLM-x32\...\Cave Story+_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0191 - Disc Soft Ltd)
Discord (HKCU\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 11.4.21 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Europe MapleStory (HKLM-x32\...\Europe MapleStory_is1) (Version:  - Nexon)
f.lux (HKCU\...\Flux) (Version:  - )
Fences (HKLM\...\{10CD364B-FFCC-48BE-B469-B9622A033075}) (Version: 1.0 - Stardock Corporation) Hidden
Fences (HKLM-x32\...\Fences) (Version:  - Stardock Corporation)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
ƒOƒŠƒUƒCƒA‚̉ʎÀ (HKLM-x32\...\FW_Grisaia) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hot Virtual Keyboard (HKLM\...\{0F896F26-E9C0-4331-BB90-28CDDA490C93}_is1) (Version: 8.4.1.0 - Comfort Software Group)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
LibreOffice 4.4.4.3 (HKLM-x32\...\{5B6D82BB-CC1A-431E-8991-3E57855F99C5}) (Version: 4.4.4.3 - The Document Foundation)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MapleRoyals version 10.0.5 (HKLM-x32\...\{F4D5EE65-CE54-41A5-804D-428D19987D76}_is1) (Version: 10.0.5 - MapleRoyals)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 16.0.7167.2060 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mumble 1.2.15 (HKLM-x32\...\{6364CB48-2FFE-4205-ABF7-0F94BB50824E}) (Version: 1.2.15 - Thorvald Natvig)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.6.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.6.48 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.0.6.48 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
OctaneRender 2.23.2 R6.2 for Cinema 4D Demo version 2.23.2 R6.2 Demo (HKLM-x32\...\c4doctane_is1) (Version: 2.23.2 R6.2 Demo - OTOY Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
OpenSSL 1.0.2e (32-bit) (HKLM-x32\...\OpenSSL (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
osu! (HKLM-x32\...\{5f56e7f3-af92-408a-845f-a35fbef5e407}) (Version: latest - ppy Pty Ltd)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.29.1145.0 - Hi-Rez Studios)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PokeMMO (HKLM-x32\...\PokeMMO_is1) (Version:  - PokeMMO)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QuickTime Alternative 3.2.2 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.58.411.2012 - Realtek)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.7.19.0 - Red Giant, LLC)
ROBLOX Player for RikkieB (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for RikkieB (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
ShellShock Live (HKLM\...\Steam App 326460) (Version:  - kChamp Games)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0310 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.0.6.48 - NVIDIA Corporation) Hidden
Simply Chess (HKLM\...\Steam App 312280) (Version:  - BlueLine Games)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 1.0.38.171.g5e1cd7b2 - Spotify AB)
STAR WARS™ Battlefront™ Beta (HKLM-x32\...\{8A863B64-C9BE-4203-9ED7-92981CF690D3}) (Version: 1.0.3.51560 - Electronic Arts)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Labyrinth of Grisaia version 1.0 (HKLM-x32\...\{497D2F6E-DE97-4E40-B580-382D2AB0A7B7}_is1) (Version: 1.0 - The Labyrinth of Grisaia)
Trapcode Suite 64-bit (HKLM\...\{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant) Hidden
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant)
TunnelBear (HKLM-x32\...\{16e8ed28-0234-485c-9898-d1fb0462161a}) (Version: 2.3.20.1 - TunnelBear)
TunnelBear (HKLM-x32\...\{8B95DB67-29B8-4479-BBC5-3122BCB0AF1E}) (Version: 2.3.20.1 - TunnelBear) Hidden
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 3.0.0.1 - Manuel Hoefs (Zottel))
Undertale (HKLM-x32\...\Steam App 391540) (Version:  - tobyfox)
UxStyle Core Beta (HKLM-x32\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.17-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WorldPainter 2.0.2 (HKLM\...\4144-4862-0472-7103) (Version: 2.0.2 - pepsoft.org)
========================= Restore Points ==================================
 
02-10-2016 20:24:08 Scheduled Checkpoint
 
**** End of log ****
 

Security check log:

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 45  
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Google Chrome (53.0.2785.143) 
 Google Chrome (plugins...) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 10% 
````````````````````End of Log``````````````````````
 

 

 

Hello! My name is The Codesee, nice to meet you   :)
 
Please follow the steps below:
 
:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox
  • Select the items below and press go
  • Post the log in your next reply
    • List Installed Programs
    • List Restore Points
    • List last 10 Event Viewer log
    • Flush DNS

:step2: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open called checkup.txt.
  • Post the log in your next reply

:step3: Please download TFC (Temp File Cleaner) to your desktop

  • Close all open applications
  • Double click TFC
  • Click the start button and the program will run
  • When done, press OK to restart your computer

Logs I expect in your next reply:

  • MiniToolBox Log
  • Security Check Log

 

 



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:29 AM

Posted 05 October 2016 - 02:10 AM

Hello,

Please download AdwCleaner from here

Run the program and click the Scan button. Once the scan is done click on Report to see the created log, please post its contents in your next reply.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 rbereb

rbereb
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 October 2016 - 06:27 AM

 # AdwCleaner v6.020 - Logfile created 05/10/2016 at 13:22:28

# Updated on 14/09/2016 by ToolsLib
# Database : 2016-10-03.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : RikkieB - RIKKIEB-PC
# Running from : C:\Users\RikkieB\Downloads\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\RikkieB\AppData\Local\PackageAware
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\RikkieB\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mystartsearch.com/?type=hp&ts=1425828421&from=cor&uid=HitachiXHTS547564A9E384_J2180053H50X2CH50X2CX
Chrome pref Found:  [C:\Users\RikkieB\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.delta-homes.com/?type=hp&ts=1434698281&z=393ca44e4027804e1866be9g6z4cazaqbtabao3b5c&from=ient06182&uid=H
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [2001 Bytes] - [05/10/2016 13:22:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2074 Bytes] ##########
 

 

Hello,

Please download AdwCleaner from here

Run the program and click the Scan button. Once the scan is done click on Report to see the created log, please post its contents in your next reply.



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:29 AM

Posted 05 October 2016 - 09:42 AM

Please rerun the program but now click the Clean button.

 

When done, please restart your computer and let me know how things are running now and what problems you still have left.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users