Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

An announcement is made over my speakers whenever I have youTube open


  • Please log in to reply
9 replies to this topic

#1 teelions

teelions

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 11 October 2016 - 05:41 PM

Using Windows 7, Opera browser

 
Strange problem. An announcement is made over my speakers whenever I have youtube open. It doesn't matter what video is playing. It always takes me my surprise so I never really hear exactly what is said. But it is a woman's recorded voice in a non-American accent. Maybe an East Indian or British but I can't be certain. She says "_______ complete."  Then there's a faint electronic beep shortly after. Its only in Youtube and it started one day ago. If I have Youtube open for an hour I might hear it three times.  
 
I have a recording but can't see a means of attaching it here. Please help me with that?

Edited by teelions, 11 October 2016 - 05:50 PM.


BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:44 AM

Posted 11 October 2016 - 05:57 PM

Hi teelions,

 

Let's try get that fixed up for you...

 

29bgcgg.jpg  Please download AdwCleaner and save to your Desktop.

  • Right click and "Run as Administrator"
  • Click on the Scan button.
  • After the scan has finished, click Clean and ok the reboot
  • When complete, your machine will restart and a log file will appear
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

2zh1g08.jpg  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Right click and "Run as Administrator".
  • The tool will open and start scanning your system.
  • On completion a log will open, note the saved JRT.txt on your desktop to copy into your reply

malwarebytes_icon_mini_by_linux_rules-d9  Please download and install MalwareBytes Anti-Malware.

  • You may want to uncheck the free trial for the premium version during installation.
  • Let the database version update on first run, before proceeding
  • Click "Scan now"
  • Click "remove threats" to remove all and follow the reboot instructions.
  • To export the log click on History > then click your scan log > Export > text file
  • Save on your desktop

Please copy and paste the logs into your reply.

 

Does the problem persist?

 

TsVk!



#3 teelions

teelions
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 11 October 2016 - 07:41 PM

 
 
I actually ran this morning both AdwCleaner and Malwarebytes, which is always on on my PC. Below are those results, plus JRT below.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/11/2016
Scan Time: 9:31 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.10.11.06
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: GATEWAY
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 438724
Time Elapsed: 26 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 21
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [ca28c4d35842f343b6b828e20500fd03], 
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [ca28c4d35842f343b6b828e20500fd03], 
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [ca28c4d35842f343b6b828e20500fd03], 
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [29c9088fe6b42d09910f8f671ce826da], 
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Quarantined, [29c9088fe6b42d09910f8f671ce826da], 
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\REI_AxControl.ReiEngine, Quarantined, [29c9088fe6b42d09910f8f671ce826da], 
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\REI_AxControl.ReiEngine, Quarantined, [29c9088fe6b42d09910f8f671ce826da], 
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Quarantined, [cf23bed9bcde70c67d2425d149bb2cd4], 
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [9e54e9aeb9e1a591cbc923d315ef09f7], 
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0, Quarantined, [a9493e59f1a90531fa79070339ccb64a], 
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, Quarantined, [3fb33d5a6f2b16204b4912e4e71d44bc], 
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0, Quarantined, [41b1a5f2fc9e93a3244f47c38085ad53], 
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{605D0329-A9EF-4DD5-9E7E-D034B3E39736}, Delete-on-Reboot, [2dc56631a7f3bf7708e6d930be475ca4], 
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FA3B5F80-65E6-4702-9289-90A300339073}, Delete-on-Reboot, [19d904931f7b3cfa39b35aaf4db804fc], 
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Reimage Reminder, Delete-on-Reboot, [b33ff4a3970364d2648721e8887d3ec2], 
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ReimageUpdater, Delete-on-Reboot, [af43c8cf603a1c1aeffe57b24bbab34d], 
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR, Quarantined, [668cc4d358428aac5e1a759555b02fd1], 
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [07ebcec9eeac58dee8ac5d99aa5aa759], 
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0, Quarantined, [cc26286f2377b2841e551ceeed18ef11], 
PUP.Optional.Reimage, HKU\S-1-5-21-960190848-1114197340-3619103695-1000\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Quarantined, [5a988413ccce61d50b93fbfb1ee6e719], 
PUP.Optional.Reimage, HKU\S-1-5-21-960190848-1114197340-3619103695-1000\SOFTWARE\REIMAGE\PC REPAIR, Quarantined, [e60c0f88c6d480b65748fafc3cc86b95], 
 
Registry Values: 7
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0, REI_AxControl 1.0 Type Library, Quarantined, [a9493e59f1a90531fa79070339ccb64a]
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0, REI_AxControl 1.0 Type Library, Quarantined, [41b1a5f2fc9e93a3244f47c38085ad53]
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{605D0329-A9EF-4DD5-9E7E-D034B3E39736}|Path, \ReimageUpdater, Delete-on-Reboot, [2dc56631a7f3bf7708e6d930be475ca4]
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FA3B5F80-65E6-4702-9289-90A300339073}|Path, \Reimage Reminder, Delete-on-Reboot, [19d904931f7b3cfa39b35aaf4db804fc]
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR|CflPath, C:\ProgramData\Reimage Protector\cfl.rei, Quarantined, [668cc4d358428aac5e1a759555b02fd1]
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0, REI_AxControl 1.0 Type Library, Quarantined, [cc26286f2377b2841e551ceeed18ef11]
PUP.Optional.Reimage, HKU\S-1-5-21-960190848-1114197340-3619103695-1000\SOFTWARE\REIMAGE\PC REPAIR|QuitMessage,  , Quarantined, [e60c0f88c6d480b65748fafc3cc86b95]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 11
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector, Quarantined, [ce24f2a5b9e1181e1f6eea0cbc482ed2], 
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results, Quarantined, [ce24f2a5b9e1181e1f6eea0cbc482ed2], 
PUP.Optional.Reimage, C:\rei\AV, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\AV\Microsoft.VC90.CRT, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Results, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.2.6, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.2.6\RUN20160103_0011, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Temp, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Temp\20160103_0011, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Temp\20160103_0011\DownloaderTemp, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
 
Files: 27
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\cfl.rei, Quarantined, [ce24f2a5b9e1181e1f6eea0cbc482ed2], 
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ProtectorPackage.log, Quarantined, [ce24f2a5b9e1181e1f6eea0cbc482ed2], 
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ProtectorUpdater.log, Quarantined, [ce24f2a5b9e1181e1f6eea0cbc482ed2], 
PUP.Optional.Reimage, C:\rei\AV\HBEDV.KEY, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\AV\avupdate.conf, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\AV\avupdate.exe, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\AV\avupdate_msg.avr, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\AV\savapi3_restart.exe, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\AV\savapi3_start.exe, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\AV\savapi3_stop.exe, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\AV\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\AV\Microsoft.VC90.CRT\msvcr90.dll, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\cfl.rei, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\cpuidsdk.dll, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\rei1826.ini, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\reimage.qsr, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\SupportInfoTool.ini, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.2.6\RUN20160103_0011\Compress.res, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.2.6\RUN20160103_0011\debug-repair-2.log, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.2.6\RUN20160103_0011\debug-repair.log, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.2.6\RUN20160103_0011\Info_EnvironmentVars.res, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.2.6\RUN20160103_0011\Info_Installed.rec, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.2.6\RUN20160103_0011\JunkScanRes.xml, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.2.6\RUN20160103_0011\out.log, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.2.6\RUN20160103_0011\RegistryScanRes.xml, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.Reimage, C:\rei\Temp\20160103_0011\ApplicationList.ini, Quarantined, [04ee385fb2e892a47e101bdb47bdfc04], 
PUP.Optional.SpeedItUp, C:\Windows\Reimage.ini, Quarantined, [5d952b6c8c0e4beb7e67cc322cd8966a], 
 
Physical Sectors: 0
(No malicious items detected)
 
(end)
------------------------------------------------------------------------------------------------------------------------------------------
 
# AdwCleaner v4.208 - Logfile created 30/07/2015 at 10:05:11
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : GATEWAY - TERRY2013
# Running from : K:\PRIVATE\Downloads\CCleaner\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : vToolbarUpdater18.8.0
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Found : C:\Users\GATEWAY\AppData\Roaming\Adobe AIFF Format CS6 Prefs
File Found : C:\Users\GATEWAY\AppData\Roaming\PLGComp.ini
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Folder Found : C:\Users\GATEWAY\AppData\Local\PackageAware
Folder Found : C:\Users\GATEWAY\AppData\Local\Temp\Expat_Shield
Folder Found : C:\Users\GATEWAY\AppData\Roaming\Mozilla\Firefox\Profiles\noa0z9fg.default\Extensions\Avg@toolbar
Folder Found : C:\Users\tlyons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\STool
Key Found : [x64] HKCU\Software\Avg Secure Update
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\STool
Key Found : HKLM\SOFTWARE\Avg Secure Update
Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKU\.DEFAULT\Software\IGearSettings
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v39.0 (x86 en-US)
 
 
-\\ Google Chrome v44.0.2403.125
 
[C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1QzuyEyEzzyB0F0Czy0DzzzzzytByCyBtDyEtN0D0Tzu0SyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=830739215&ir=
[C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\tlyons\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\tlyons\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\tlyons\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla
 
*************************
 
AdwCleaner[R0].txt - [5493 bytes] - [30/07/2015 10:05:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5552 bytes] ##########
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# AdwCleaner v4.208 - Logfile created 30/07/2015 at 10:40:41
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : GATEWAY - TERRY2013
# Running from : K:\PRIVATE\Downloads\CCleaner\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater18.8.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\GATEWAY\AppData\Local\Temp\Expat_Shield
Folder Deleted : C:\Users\GATEWAY\AppData\Local\PackageAware
Folder Deleted : C:\Users\GATEWAY\AppData\Roaming\Mozilla\Firefox\Profiles\noa0z9fg.default\Extensions\Avg@toolbar
Folder Deleted : C:\Users\tlyons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
File Deleted : C:\Users\GATEWAY\AppData\Roaming\Adobe AIFF Format CS6 Prefs
File Deleted : C:\Users\GATEWAY\AppData\Roaming\PLGComp.ini
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\STool
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\IGearSettings
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v39.0 (x86 en-US)
 
 
-\\ Google Chrome v44.0.2403.125
 
[C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1QzuyEyEzzyB0F0Czy0DzzzzzytByCyBtDyEtN0D0Tzu0SyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=830739215&ir=
[C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\tlyons\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\tlyons\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\tlyons\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla
 
*************************
 
AdwCleaner[R0].txt - [5663 bytes] - [30/07/2015 10:05:11]
AdwCleaner[S0].txt - [5578 bytes] - [30/07/2015 10:40:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5637  bytes] ##########
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# AdwCleaner v6.021 - Logfile created 11/10/2016 at 10:20:35
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-11.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : GATEWAY - TERRY2013
# Running from : K:\PRIVATE\Downloads\bleepingcomputer\adwcleaner_6.021.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  vToolbarUpdater40.2.9
Service Found:  WtuSystemSupport
 
 
***** [ Folders ] *****
 
Folder Found:  C:\ProgramData\Avg_Update_0116tb
Folder Found:  C:\Users\GATEWAY\AppData\Local\Assistant
Folder Found:  C:\Users\GATEWAY\AppData\Local\avg web tuneup
Folder Found:  C:\Program Files\Common Files\AVG Secure Search
Folder Found:  C:\ProgramData\AVG Secure Search
Folder Found:  C:\ProgramData\AVG Security Toolbar
Folder Found:  C:\ProgramData\avg web tuneup
Folder Found:  C:\ProgramData\Application Data\AVG Secure Search
Folder Found:  C:\ProgramData\Application Data\AVG Security Toolbar
Folder Found:  C:\ProgramData\Application Data\avg web tuneup
Folder Found:  C:\Program Files (x86)\avg web tuneup
Folder Found:  C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found:  C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
 
 
***** [ Files ] *****
 
File Found:  C:\Users\GATEWAY\AppData\Roaming\Mozilla\Firefox\Profiles\x9pjns3r.default-1441456240181\extensions\Avg@toolbar.xpi
File Found:  C:\Users\GATEWAY\AppData\Roaming\Mozilla\Firefox\Profiles\x9pjns3r.default-1441456240181\searchplugins\avg-secure-search.xml
File Found:  C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatSrv
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatSrv
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatWd
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatWd
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found:  HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
Key Found:  HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
Key Found:  [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKU\S-1-5-21-960190848-1114197340-3619103695-1000\Software\Reimage
Key Found:  HKCU\Software\Reimage
Key Found:  HKLM\SOFTWARE\AVG Tuneup
Key Found:  [x64] HKCU\Software\Reimage
Key Found:  [x64] HKLM\SOFTWARE\Reimage
Key Found:  HKU\S-1-5-21-960190848-1114197340-3619103695-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data Found:  HKU\S-1-5-21-960190848-1114197340-3619103695-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SearchProtect
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SearchProtectAll
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Found:  HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found:  HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found:  HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearchdial.com
Chrome pref Found:  [C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - chfdnecihphmhljaaejmgoiahnihplgn
Chrome pref Found:  [C:\Users\tlyons\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - chfdnecihphmhljaaejmgoiahnihplgn
 
*************************
 
C:\AdwCleaner\AdwCleaner[R0].txt - [5663 Bytes] - [30/07/2015 10:05:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [5741 Bytes] - [30/07/2015 10:40:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [8138 Bytes] - [11/10/2016 10:20:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8211 Bytes] ##########
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# AdwCleaner v6.021 - Logfile created 11/10/2016 at 10:39:34
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-11.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : GATEWAY - TERRY2013
# Running from : K:\PRIVATE\Downloads\bleepingcomputer\adwcleaner_6.021.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[!] Service not deleted: vToolbarUpdater40.2.9
[!] Service not deleted: WtuSystemSupport
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\Avg_Update_0116tb
[-] Folder deleted: C:\Users\GATEWAY\AppData\Local\Assistant
[-] Folder deleted: C:\Users\GATEWAY\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
[-] Folder deleted: C:\ProgramData\AVG Secure Search
[-] Folder deleted: C:\ProgramData\AVG Security Toolbar
[-] Folder deleted: C:\ProgramData\avg web tuneup
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Security Toolbar
[#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder deleted: C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\GATEWAY\AppData\Roaming\Mozilla\Firefox\Profiles\x9pjns3r.default-1441456240181\extensions\Avg@toolbar.xpi
[-] File deleted: C:\Users\GATEWAY\AppData\Roaming\Mozilla\Firefox\Profiles\x9pjns3r.default-1441456240181\searchplugins\avg-secure-search.xml
[-] File deleted: C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatSrv
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatSrv
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatWd
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatWd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\S-1-5-21-960190848-1114197340-3619103695-1000\Software\Reimage
[#] Key deleted on reboot: HKCU\Software\Reimage
[-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
[#] Key deleted on reboot: [x64] HKCU\Software\Reimage
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] Key deleted: HKU\S-1-5-21-960190848-1114197340-3619103695-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKU\S-1-5-21-960190848-1114197340-3619103695-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SearchProtect
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SearchProtectAll
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mysearchdial.com
[-] [C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: chfdnecihphmhljaaejmgoiahnihplgn
[-] [C:\Users\tlyons\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: chfdnecihphmhljaaejmgoiahnihplgn
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [8618 Bytes] - [11/10/2016 10:39:34]
C:\AdwCleaner\AdwCleaner[R0].txt - [5663 Bytes] - [30/07/2015 10:05:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [5741 Bytes] - [30/07/2015 10:40:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [8358 Bytes] - [11/10/2016 10:20:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8910 Bytes] ##########
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64 
Ran by GATEWAY (Administrator) on Tue 10/11/2016 at 20:22:24.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Successfully deleted: C:\Users\GATEWAY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BX2XR179 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\GATEWAY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q7SX2MBX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BX2XR179 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q7SX2MBX (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/11/2016 at 20:25:18.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Yes, still going on. Can I attach a sample audio?


#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:44 AM

Posted 11 October 2016 - 09:16 PM

Hi teelions,

 

An audio sample doesn't really help me, I trust that you can still hear it though.

 

Let's remove some more entries...

 

2evtder.jpg  Please download CCleaner and install it

  • Run the cleaner section, but please avoid the registry cleaner.

34hammr.jpg Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • please copy and paste the log into your reply.

If prompted by your firewall allow DIG.exe
If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

 

149nkg7.jpg Please download Farbar Service Scanner and run it

  • Please check all of the boxes then click Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log into your reply.

2eeagd2.jpg Please download RogueKiller and run it

  • Click Scan and then Scan again to start the application
  • Please be patient the scan can take quite some time
  • When it completes close the browser pop up.
  • Check all of the check boxes and Remove Items
  • When completed click Open Report then Open TXT
  • Copy and paste the output into your next reply

TsVk!


Edited by TsVk!, 11 October 2016 - 09:28 PM.


#5 teelions

teelions
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 12 October 2016 - 08:00 PM

RogueKiller:
 
RogueKiller V12.7.1.0 (x64) [Oct 10 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : GATEWAY [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 10/12/2016 16:56:07 (Duration : 03:20:07)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WtuSystemSupport ("C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe") -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WtuSystemSupport ("C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe") -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\0615piUpdateInfo.job -- C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe ( /SETINFO /CMPID=0615pi /INFORETRY=3 /RUNBY=AV) -> Found
[Suspicious.Path] \0615piUpdateInfo -- C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe (/SETINFO /CMPID=0615pi /INFORETRY=3 /RUNBY=AV) -> Found
 
¤¤¤ Files : 2 ¤¤¤
[Hidden.ADS][Stream] C:\Windows:AstInfo -> Found
[Hidden.ADS][Stream] C:\Users\GATEWAY\AppData\Local:QOylb0xnWUeGS9zSdtj -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] x9pjns3r.default-1441456240181 : user_pref("browser.startup.homepage", "https://us-mg6.mail.yahoo.com/neo/launch?action=inbox"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-75ZF5A0 ATA Device +++++
--- User ---
[MBR] b9f3bf3ab36892b11f60b61deed1fba0
[BSP] 62e972cd7a2b8bcbd4b5051a3ee438d8 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive6: Generic- MicroSD USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive7: WD My Book USB Device +++++
--- User ---
[MBR] 577a219daf70b10eb69f7480d24b63be
[BSP] 3066188525c72fbe47d409baf60ad325 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive8: TOSHIBA MK3252GSX USB Device +++++
--- User ---
[MBR] c94774760633186fffe6f634d03f6a55
[BSP] fd3a368ea9d0927a492f00757104dbb9 : Empty|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
----------------------------------------------------------------------------------------------------------------------------------------------------------------
 

Farbar Service Scanner Version: 27-01-2016
Ran by GATEWAY (administrator) on 12-10-2016 at 16:53:43
Running from "K:\PRIVATE\Downloads\bleepingcomputer\New folder"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
-----------------------------------------------------------------------------------------------------------------------------------------------------------------

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
AVG AntiVirus Free Edition      
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spyder3Express     
 AVG Web TuneUp   
 Java 8 Update 73  
 Java version 32-bit out of Date! 
 Adobe Flash Player 23.0.0.185  
 Mozilla Firefox (47.0.1) 
 Google Chrome (53.0.2785.116) 
 Google Chrome (53.0.2785.143) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Malwarebytes Anti-Exploit mbae64.exe   
 MediaMall MediaMallServer.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 


#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:44 AM

Posted 12 October 2016 - 08:57 PM

Ok.

 

2eeagd2.jpg  Please open RougueKiller, check the following entries and Delete.

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WtuSystemSupport ("C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe") -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WtuSystemSupport ("C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe") -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[Suspicious.Path] %WINDIR%\Tasks\0615piUpdateInfo.job -- C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe ( /SETINFO /CMPID=0615pi /INFORETRY=3 /RUNBY=AV) -> Found
[Suspicious.Path] \0615piUpdateInfo -- C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe (/SETINFO /CMPID=0615pi /INFORETRY=3 /RUNBY=AV) -> Found
[Hidden.ADS][Stream] C:\Users\GATEWAY\AppData\Local:QOylb0xnWUeGS9zSdtj -> Found

Please copy and paste the log in your reply.

 

malwarebytes_icon_mini_by_linux_rules-d9  Please re run MalwareBytes Anti-Malware.

 

Copy and paste the log in your reply.

 

Does the problem still persist?

 

TsVk!


Edited by TsVk!, 12 October 2016 - 09:01 PM.


#7 teelions

teelions
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 12 October 2016 - 11:19 PM

THANKS!

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/12/2016
Scan Time: 11:42 PM
Logfile: mw.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.10.13.02
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: GATEWAY
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 435438
Time Elapsed: 28 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:44 AM

Posted 12 October 2016 - 11:37 PM

No more sound?



#9 teelions

teelions
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 13 October 2016 - 09:08 AM

No more sound!



#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:44 AM

Posted 13 October 2016 - 04:15 PM

Good stuff. :)

 

Let's just run one more scan to check remnants and then remove the tools we have used.

 

iokzrb.jpg Download Sophos Free Virus Removal Tool and save it to your desktop.

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • You can uninstall Sophos now.

To finish up, let's remove the tools we have used...

 

BWuhenj.png Download DelFix and move the executable to your Desktop;

  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply.

 

Please update Java, this is very important.

 

You can also remove CCleaner if you wish, though you may choose to keep this handy application.

 

How did you go? Any questions?

 

TsVk!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users