Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Removing iskySoft


  • This topic is locked This topic is locked
3 replies to this topic

#1 clickitysplit

clickitysplit

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 26 October 2016 - 08:57 PM

Hi --

 

Thanks for being here to help!

 

I've looked at some similar posts and I've uninstalled what I could from Windows (10) programs and features.  I still get the popup asking to let it make changes to my computer.

I've downloaded and run AdwCleaner, JRT, and FRST.  Together the 4 logs were too long to post, so I've attached them.

 

Thanks again!

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:46 PM

Posted 29 October 2016 - 12:45 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll => No File
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\PROGRA~3\iSkysoft\VIDEOC~1\WSBROW~1.DLL => No File
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=6E9414DAE9EF72B8
CHR Plugin: (Native Client) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\54.0.2840.71\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (iTunes Application Detector) - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-24]
C:\Program Files (x86)\Common Files\iSkysoft
C:\ProgramData\iSkysoft
U3 idsvc; no ImagePath
C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {38C85923-0A49-4027-BADC-77CACE48502D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {47DCE063-D461-499F-B6CB-33EB446E774C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {694C309F-9D93-4C63-801E-914639B911FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {73892367-C9C7-41BE-A84B-B6921A178CFC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {89345880-83C7-4870-8CFD-88755DCCB5A5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8F80EF26-CA60-49BE-8BBE-760C1ADD55A6} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A5F815CD-A835-4A58-918E-2D7C91D3162B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AE83E4B1-A92C-4C5E-A293-A4C3F24DA2CC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C4D42F3A-0F59-40A8-A469-47BC6BAF6DBC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D25CA6D0-F968-492E-B689-E4FDE4182812} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DD6A144C-A348-4689-A6A2-C838D2ACAB86} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E39DAB79-FBC7-41D2-B759-346F56D4EA78} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

For your added security I suggest that you update the following programs.

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 9 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170090}) (Version: 1.7.0.90 - Oracle)

When the updates are completed and you have restarted the computer remove what remains of these versions via the Control Panel > Programs > Programs and Features.
==

Update the programs using the the instructions foreach of the appropriate program.

JAVA

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882
===

Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
<<<>>>

ADOBE FLASH PLAYER

Go to this page with Firefox to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
===

ADOBE AIR

Navigate to this page.
https://get.adobe.com/air/

==============

Please post the Fixlog.txt and let me know if the problem persists.

#3 clickitysplit

clickitysplit
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 29 October 2016 - 05:51 PM

Thanks nasdaq.  The fix required a reboot, and after rebooting the malware prompt did not appear.  It seems the issue is solved.  The fixlog text is below.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-10-2016
Ran by Eric (29-10-2016 15:41:35) Run:1
Running from C:\Users\Eric\Downloads
Loaded Profiles: Eric & SQLTELEMETRY$LOCAL (Available Profiles: Eric & SQLAgent$LOCAL & MSSQL$LOCAL & MSSQLLaunchpad$LOCAL & SQLTELEMETRY$LOCAL & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll => No File
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\PROGRA~3\iSkysoft\VIDEOC~1\WSBROW~1.DLL => No File
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=6E9414DAE9EF72B8
CHR Plugin: (Native Client) -
C:\Users\Eric\AppData\Local\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\54.0.2840.71\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (iTunes Application Detector) - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Eric\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-24]
C:\Program Files (x86)\Common Files\iSkysoft
C:\ProgramData\iSkysoft
U3 idsvc; no ImagePath
C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 ->
C:\Users\Eric\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID:
HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 ->
C:\Users\Eric\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {38C85923-0A49-4027-BADC-77CACE48502D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {47DCE063-D461-499F-B6CB-33EB446E774C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {694C309F-9D93-4C63-801E-914639B911FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {73892367-C9C7-41BE-A84B-B6921A178CFC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {89345880-83C7-4870-8CFD-88755DCCB5A5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task:
{8F80EF26-CA60-49BE-8BBE-760C1ADD55A6} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A5F815CD-A835-4A58-918E-2D7C91D3162B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AE83E4B1-A92C-4C5E-A293-A4C3F24DA2CC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C4D42F3A-0F59-40A8-A469-47BC6BAF6DBC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D25CA6D0-F968-492E-B689-E4FDE4182812} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DD6A144C-A348-4689-A6A2-C838D2ACAB86} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E39DAB79-FBC7-41D2-B759-346F56D4EA78} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}" => key removed successfully
"HKCR\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}" => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iSkysoft Helper Compact.exe => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DelaypluginInstall => value removed successfully
"HKCR\PROTOCOLS\Handler\WSISVCUchrome" => key removed successfully
Chrome HomePage => removed successfully
"C:\Users\Eric\AppData\Local\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File" => not found.
C:\Users\Eric\AppData\Local\Google\Chrome\Application\54.0.2840.71\pdf.dll => not found.
C:\Users\Eric\AppData\Local\Google\Chrome\Application\54.0.2840.71\gcswf32.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => not found.
C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
CHR Extension: (Chrome Media Router) - C:\Users\Eric\AppData\Local\Google\Chrome\User => not found
Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-24] => Error: No automatic fix found for this entry.
C:\Program Files (x86)\Common Files\iSkysoft => moved successfully
C:\ProgramData\iSkysoft => moved successfully
idsvc => service removed successfully
"C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
"HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"C:\Users\Eric\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File" => not found.
"HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
CustomCLSID: => key could not remove. ErrorCode: 0xC000003B
HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"C:\Users\Eric\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File" => not found.
"HKU\S-1-5-21-2893721056-811697302-2389718867-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38C85923-0A49-4027-BADC-77CACE48502D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38C85923-0A49-4027-BADC-77CACE48502D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47DCE063-D461-499F-B6CB-33EB446E774C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47DCE063-D461-499F-B6CB-33EB446E774C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{694C309F-9D93-4C63-801E-914639B911FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{694C309F-9D93-4C63-801E-914639B911FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73892367-C9C7-41BE-A84B-B6921A178CFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73892367-C9C7-41BE-A84B-B6921A178CFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89345880-83C7-4870-8CFD-88755DCCB5A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89345880-83C7-4870-8CFD-88755DCCB5A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
Task: => Error: No automatic fix found for this entry.
{8F80EF26-CA60-49BE-8BBE-760C1ADD55A6} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5F815CD-A835-4A58-918E-2D7C91D3162B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5F815CD-A835-4A58-918E-2D7C91D3162B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE83E4B1-A92C-4C5E-A293-A4C3F24DA2CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE83E4B1-A92C-4C5E-A293-A4C3F24DA2CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4D42F3A-0F59-40A8-A469-47BC6BAF6DBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4D42F3A-0F59-40A8-A469-47BC6BAF6DBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D25CA6D0-F968-492E-B689-E4FDE4182812}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D25CA6D0-F968-492E-B689-E4FDE4182812}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD6A144C-A348-4689-A6A2-C838D2ACAB86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD6A144C-A348-4689-A6A2-C838D2ACAB86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E39DAB79-FBC7-41D2-B759-346F56D4EA78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E39DAB79-FBC7-41D2-B759-346F56D4EA78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 64953502 B
Java, Flash, Steam htmlcache => 103333489 B
Windows/system/drivers => 24699868 B
Edge => 2114341 B
Chrome => 569270797 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 14754 B
NetworkService => 4600 B
Eric => 101029695 B
SQLAgent$LOCAL => 0 B
MSSQL$LOCAL => 0 B
MSSQLLaunchpad$LOCAL => 0 B
SQLTELEMETRY$LOCAL => 0 B
DefaultAppPool => 0 B
 
RecycleBin => 3801347757 B
EmptyTemp: => 4.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:42:36 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:46 PM

Posted 30 October 2016 - 08:42 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users