Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Files with Adware & Quarantined files with Malawarebytes


  • Please log in to reply
20 replies to this topic

#1 BeccaB04

BeccaB04

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 02 November 2016 - 10:47 AM

Hello new forum, my name is Becca and I have been advised to post in here.  First, I would like to say thank you for what help I have received, and your patience and guidance.  Ok let me start at the beginning.  Around the end of September or beginning of October my laptop started acting krazy.  I would check for Windows updates and try to download and install them only to have them fail, or all fail but 1 or 2 would go through.  And one day it said I had 61 updates, because it had not updated in over a week.  So I had already been trouble shooting, me reading articles and feed back in MIcrosoft support or or on Microsoft -tech.  Then I notice one day this user “Updatus” came up.  Well there is no one on my laptop ever, just me.  I went back again trouble shooting and went word for word  in this steps found on Microsoft support to remove this account.  I backed up a copy of my registry keys first and then I thought I had this account deleted only for it to be back tomorrow.  The next day, I am changing some settings in control panel and was going to back up some stuff when I get this error message saying I could not back up because files in the Task Scheduler were corrupt or tampered with.  So when I opened the Task Scheduler Ig showed me that HP Active Health Scan (HPSA)was the same error, along with all of these;pc health Analysis, HP Support Solutions, Frame work updates, MC updates_scheduler, Dispatch Recovery Tasks, Windows Parental Controls, Back up Monitor, and Automatic updates.  So I found a link to someone that needed help that was having some of the same issues I was having and I followed the list and instructions to a tee.  First, I opened cmd at start, ran as administrator ran sfc/scannow and it completed stating they found errors but they were able to fix them and the changes would take place after reboot.  But they never were corrected.  So I would continue to read on-line and try and fix different things but with no help.  Then 2 days after my entire system shut me out because of  “Not enough Free Space/Memory.  No c drive, no internet, no windows exe would open it was like having a worthless piece of bleep.  Then my fiance got this Trojan removal file from Norton.  It was on me trouble shooting on Norton that I was introduced to Bleeping Computers forum.  After reading on the forum I installed Malwarebytes, adware, and some others.  Posted forum in Wimdow 7 forum here at Bleeping Computers.  I will post link to that and was suggested to post here.  I am almost ready to restart from factory could really use help please.

 

http://www.bleepingcomputer.com/forums/t/629847/virus-or-not-windows-7-unknown-users-and-crazy-files/?view=getnewpost

Attached Files



BC AdBot (Login to Remove)

 


#2 BeccaB04

BeccaB04
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 02 November 2016 - 10:55 AM

Attached File  Addition.txt   65.07KB   9 downloads Attached File  FRST.txt   79.17KB   8 downloads Here are the frst.txt and  the Addition.txt files 



#3 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:28 PM

Posted 02 November 2016 - 11:22 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


If you have a log file from your previous Malwarebytes scan, please post it here.

UpdatusUser - try this: http://www.askvg.com/tip-what-is-updatususer-folder-and-how-to-remove-it-from-windows-explorer/
 

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:28 PM

Posted 05 November 2016 - 02:00 AM


Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 BeccaB04

BeccaB04
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 06 November 2016 - 03:02 PM

Hi Jo*,
Sorry, I have had a family emergency and I just got both of your responses at once. I am on my way back in town and will be able to do all of your suggestions and will place all my findings here. Thank you so much for your help and your patience. This has been a difficult week.
Grateful for all your help,
Becca

#6 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:28 PM

Posted 08 November 2016 - 11:08 AM

please follow the instructions from post #3
http://www.bleepingcomputer.com/forums/t/631158/infected-files-with-adware-quarantined-files-with-malawarebytes/#entry4113350
otherwise this topic will be closed soon.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 BeccaB04

BeccaB04
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 09 November 2016 - 02:31 PM

Hey Jo* thank you for your patience, it has been a very hectic week.  Here is the check.txt. I am doing the other suggestions and will be posting those also.

 

 

 

Results of screen317's Security Check version 1.014 --- 12/23/15  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton AntiVirus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (2.0.0.4003)   
 Java 8 Update 111  
 Java 8 Update 45  
 Java version 32-bit out of Date! 
 Google Chrome (54.0.2840.59) 
 Google Chrome (54.0.2840.71) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Norton AntiVirus Engine 22.8.0.50 NAV.exe 
 Common Files Microsoft Shared Microsoft Online Services smss.exe -?- 
 Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE 
 Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe 
 Symantec Norton Online Backup NOBuAgent.exe  
 Symantec Norton Online Backup NOBuClient.exe  
 Common Files Microsoft Shared Microsoft Online Services audiodg.exe -?- 
 Common Files Microsoft Shared Microsoft Online Services  -?- 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 

 

 



#8 BeccaB04

BeccaB04
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 09 November 2016 - 03:23 PM

Hey Jo* I ran Malwarebytes Rootkit and No Malware was found.



#9 BeccaB04

BeccaB04
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 09 November 2016 - 04:03 PM

Jo* I have already ran the last one on your list in my first forum before having a Bleeping Computer tech have me start a post in this forum.  I have adware, Fixit, Malewarebytes files quatrrantined as well as others.  I will wait and not do anything until i get your next post.  If you want me to post those results as well I can.  Thank you for all your help.



#10 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:28 PM

Posted 09 November 2016 - 04:27 PM

Hello,
 

***


Copy FRST / FSRT64.exe to your desktop!

Log on to all your user accounts now - without restarting !

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3303001&SearchSource=48&CUI=UN84667456210092124&UM=2","hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN14290916163269716&UM=2","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP","hxxp://www.google.com/"
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3303001&SearchSource=48&CUI=UN84667456210092124&UM=2","hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN14290916163269716&UM=2","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP","hxxp://www.google.com/"
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: D - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {0418a46d-ac67-11e5-826b-c485082026e5} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {0ac767d5-de05-11e4-9fa7-c485082026e5} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {0b182614-80f3-11e2-84af-c485082026e5} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {6e0d2da6-6b02-11e2-b121-c485082026e5} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {7314d4d3-c05a-11e5-952d-c485082026e5} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {94ffadf2-2989-11e4-b320-c485082026e5} - D:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {9e4a1273-b762-11e5-8723-c485082026e5} - F:\windows\Data\Autorun.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {bc1db6ba-f91c-11e2-9743-c485082026e5} - G:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {c7555b02-359f-11e5-9d14-c485082026e5} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {eeb17377-ee98-11e4-bf9c-e8039ab3ed76} - D:\HTC_Sync_Manager_PC.exe
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1827809378-912741919-3246080145-1000\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ManualProxies: 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1827809378-912741919-3246080145-1001 -> DefaultScope {E78995B4-248C-41A8-A8FB-98671E0441D5} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1827809378-912741919-3246080145-1001 -> {C289D4D7-1E43-4476-945A-95826EAE1F8D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1827809378-912741919-3246080145-1001 -> {E78995B4-248C-41A8-A8FB-98671E0441D5} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EraserUtilDrv11521; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.8.0.50\Definitions\SDSDefs\20161017.025\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.8.0.50\Definitions\SDSDefs\20161017.025\EX64.SYS [X]
2012-05-04 03:26 - 2012-05-04 03:27 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-04 03:22 - 2012-05-04 03:22 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-05-04 03:24 - 2012-05-04 03:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-04 03:22 - 2012-05-04 03:24 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-05-04 03:25 - 2012-05-04 03:26 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {EC6A5FA7-C93E-453F-92FA-62CAD9B5121B} - System32\Tasks\{19892AC0-8462-4C73-ABD7-8AFB0429383D} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [120]
EmptyTemp:
RemoveProxy:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Chrome Software Cleaner

---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 BeccaB04

BeccaB04
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 09 November 2016 - 07:15 PM

Jo

I realized to tell you i tried #1 and #2 for the UpDatuus user account. I am trying #3.  Do you want me to do that before I start with your last post or not.

Tahnks,

Becca



#12 BeccaB04

BeccaB04
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 09 November 2016 - 08:03 PM

Hey Jo*,

Here is the result from fixlog.Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016

Ran by Becca (09-11-2016 18:25:57) Run:1
Running from C:\Users\Becca\Downloads
Loaded Profiles: Becca (Available Profiles: Becca)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3303001&SearchSource=48&CUI=UN84667456210092124&UM=2","hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN14290916163269716&UM=2","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP","hxxp://www.google.com/"
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3303001&SearchSource=48&CUI=UN84667456210092124&UM=2","hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN14290916163269716&UM=2","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP","hxxp://www.google.com/"
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: D - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {0418a46d-ac67-11e5-826b-c485082026e5} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {0ac767d5-de05-11e4-9fa7-c485082026e5} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {0b182614-80f3-11e2-84af-c485082026e5} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {6e0d2da6-6b02-11e2-b121-c485082026e5} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {7314d4d3-c05a-11e5-952d-c485082026e5} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {94ffadf2-2989-11e4-b320-c485082026e5} - D:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {9e4a1273-b762-11e5-8723-c485082026e5} - F:\windows\Data\Autorun.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {bc1db6ba-f91c-11e2-9743-c485082026e5} - G:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {c7555b02-359f-11e5-9d14-c485082026e5} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {eeb17377-ee98-11e4-bf9c-e8039ab3ed76} - D:\HTC_Sync_Manager_PC.exe
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1827809378-912741919-3246080145-1000\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ManualProxies: 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1827809378-912741919-3246080145-1001 -> DefaultScope {E78995B4-248C-41A8-A8FB-98671E0441D5} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1827809378-912741919-3246080145-1001 -> {C289D4D7-1E43-4476-945A-95826EAE1F8D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1827809378-912741919-3246080145-1001 -> {E78995B4-248C-41A8-A8FB-98671E0441D5} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EraserUtilDrv11521; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.8.0.50\Definitions\SDSDefs\20161017.025\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.8.0.50\Definitions\SDSDefs\20161017.025\EX64.SYS [X]
2012-05-04 03:26 - 2012-05-04 03:27 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-04 03:22 - 2012-05-04 03:22 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-05-04 03:24 - 2012-05-04 03:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-04 03:22 - 2012-05-04 03:24 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-05-04 03:25 - 2012-05-04 03:26 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Becca\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {EC6A5FA7-C93E-453F-92FA-62CAD9B5121B} - System32\Tasks\{19892AC0-8462-4C73-ABD7-8AFB0429383D} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [120]
EmptyTemp:
RemoveProxy:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
Chrome StartupUrls => removed successfully
Chrome StartupUrls => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => key removed successfully
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0418a46d-ac67-11e5-826b-c485082026e5}" => key removed successfully
HKCR\CLSID\{0418a46d-ac67-11e5-826b-c485082026e5} => key not found. 
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ac767d5-de05-11e4-9fa7-c485082026e5}" => key removed successfully
HKCR\CLSID\{0ac767d5-de05-11e4-9fa7-c485082026e5} => key not found. 
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b182614-80f3-11e2-84af-c485082026e5}" => key removed successfully
HKCR\CLSID\{0b182614-80f3-11e2-84af-c485082026e5} => key not found. 
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0d2da6-6b02-11e2-b121-c485082026e5}" => key removed successfully
HKCR\CLSID\{6e0d2da6-6b02-11e2-b121-c485082026e5} => key not found. 
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7314d4d3-c05a-11e5-952d-c485082026e5}" => key removed successfully
HKCR\CLSID\{7314d4d3-c05a-11e5-952d-c485082026e5} => key not found. 
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94ffadf2-2989-11e4-b320-c485082026e5}" => key removed successfully
HKCR\CLSID\{94ffadf2-2989-11e4-b320-c485082026e5} => key not found. 
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e4a1273-b762-11e5-8723-c485082026e5}" => key removed successfully
HKCR\CLSID\{9e4a1273-b762-11e5-8723-c485082026e5} => key not found. 
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc1db6ba-f91c-11e2-9743-c485082026e5}" => key removed successfully
HKCR\CLSID\{bc1db6ba-f91c-11e2-9743-c485082026e5} => key not found. 
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7555b02-359f-11e5-9d14-c485082026e5}" => key removed successfully
HKCR\CLSID\{c7555b02-359f-11e5-9d14-c485082026e5} => key not found. 
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eeb17377-ee98-11e4-bf9c-e8039ab3ed76}" => key removed successfully
HKCR\CLSID\{eeb17377-ee98-11e4-bf9c-e8039ab3ed76} => key not found. 
C:\windows\system32\GroupPolicy\User => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\system32\GroupPolicyUsers\S-1-5-21-1827809378-912741919-3246080145-1000\User => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C289D4D7-1E43-4476-945A-95826EAE1F8D}" => key removed successfully
HKCR\CLSID\{C289D4D7-1E43-4476-945A-95826EAE1F8D} => key not found. 
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E78995B4-248C-41A8-A8FB-98671E0441D5}" => key removed successfully
HKCR\CLSID\{E78995B4-248C-41A8-A8FB-98671E0441D5} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
"HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\Program Files\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\54.0.2840.71\pdf.dll => not found.
C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll => not found.
MozillaMaintenance => service removed successfully
dbx => service removed successfully
EraserUtilDrv11521 => service removed successfully
NAVENG => service could not remove
NAVEX15 => service could not remove
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log => moved successfully
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log => moved successfully
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log => moved successfully
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC6A5FA7-C93E-453F-92FA-62CAD9B5121B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC6A5FA7-C93E-453F-92FA-62CAD9B5121B}" => key removed successfully
C:\windows\System32\Tasks\{19892AC0-8462-4C73-ABD7-8AFB0429383D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{19892AC0-8462-4C73-ABD7-8AFB0429383D}" => key removed successfully
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1827809378-912741919-3246080145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 292879384 B
Java, Flash, Steam htmlcache => 41874 B
Windows/system/drivers => 36594958 B
Edge => 0 B
Chrome => 818754869 B
Firefox => 151849262 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 11135885 B
Public => 0 B
ProgramData => 0 B
systemprofile => 43880774 B
systemprofile32 => 153931 B
LocalService => 2036206 B
NetworkService => 3651558 B
Becca => 329448487 B
 
RecycleBin => 11704092871 B
EmptyTemp: => 12.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:29:42 ====

 

 



#13 BeccaB04

BeccaB04
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 09 November 2016 - 08:58 PM

/ey Jo*,

Here is some things from 10/19/16

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/19/2016
Scan Time: 8:59 AM
Logfile: Malware Detected Threats.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.10.19.08
Rootkit Database: v2016.09.26.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Becca
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 431150
Time Elapsed: 56 min, 26 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Here is the scan report from malwarebytes antiviral on 10/19/16 at 8:58 am.  After that i ran adware and removed pup files and quarantined some.  I will wait in you ti get back with me.  It is telling on #3 to take owner and delete files with UpDatus user that ut us running in system.  I ran Chrome software and it said no programs found.
 
I am baffled do i have virus, malware or what?
 
Thanks, 
Becca
 
 
 
 
 
 
 

 

Attached Files



#14 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:28 PM

Posted 10 November 2016 - 03:23 AM

How the pc is running now?

Is the UpDatus user still there?

What other issues do you have with this pc now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 BeccaB04

BeccaB04
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 12 November 2016 - 08:25 AM

Yes the user is still there. I am more concerned about all these files I have quarantined I don't think they should all be. I still have things I can't access. I have my cd when I first purchased my laptop and everything is backed up. Should I just restore completely. And did I actually have Malware. I know that I had Aware it is removed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users