Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    REvil ransomware is back in full attack mode and leaking data

Featured Deal: Build a career in IT management with 11 certification courses for $40

Generic User Avatar

Multiple unknown programs are running without my consent

Started by Blakesr17 , Nov 27 2016 08:01 PM

  • Please log in to reply
6 replies to this topic

#1 Blakesr17

Blakesr17

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:02:00 PM

Posted 27 November 2016 - 08:01 PM

2. I have a bunch of programs running that I did not allow to start. What is odd is I have not downloaded any type of program from a unknown non-trusted source in a LONG time. 
So i assume it is something that has been on my computer for awhile and just decided to show up recently.
 
I should have probably asked for help a long time ago, but I ended up waiting for unknown reasons and hope that I am not to late to be saved.
 
Programs I THINK are viruses that I know I did not download:
AnonymizerLauncher.exe - (Anonymizer Gadget).
d7cdfd6647a228c2c6273ed652730ac5.exe - a lot of exe's with similar names.
proxycheck.exe - Multiple instances run at the same time. Located in AnonymizerGadget.
Itibiti.exe - Soft phone?
OpenWith.exe - multiple instances.
E92A.tmp - multiple similar files.
Note-up.exe
knsq3AE8.tmpfs
fstint.exe
 
I also get a lot of popup's asking me to installed programs because "google users also have downloaded these programs".
My computer in-turn slows down due to all these programs running their bleep. Earlier today, I had 3 virus programs scanning my computer. I never downloaded, let alone installed them.
 
A few weeks ago, I noticed my computer was at 100% for DISK, Memory, and CPU. When i managed to look at the program running, it was actively looking through my computer, whereas i did a force-shutdown on my computer and I haven't seen it since. 
Although I want to keep topic similar to viruses I have, I believe by getting rid of these viruses, my browser will also get fixed (since the tutorials did not work).
 
Screenshots of popup's and running programs:
http://imgur.com/a/NgNVq - apps google users installed.
http://imgur.com/a/a6Lsk - this program finished installing when I never gave permission for it to start.
http://imgur.com/a/dmhoS - some of these sketchy programs just restart themselves when they are closed.
http://imgur.com/a/xdJUA - one of the virus scanners that run on a daily basis.
 
 
 
3. Computer Specs:
OS Name Microsoft Windows 10 Home
Version 10.0.14393 Build 14393
System Type x64-based PC
Processor AMD A10-7850K Radeon R7, 12 Compute Cores 4C+8G, 3700 Mhz, 2 Core(s), 4 Logical Processor(s)
BIOS Mode UEFI
Platform Role Desktop
Installed Physical Memory (RAM) 8.00 GB
Total Physical Memory 6.94 GB
Available Physical Memory 3.53 GB
Total Virtual Memory 10.4 GB
Available Virtual Memory 6.37 GB
Page File Space 3.42 GB
 
 
4. Steps I have taken to get rid of viruses:
-Ran a full scan in windows defender (it detected viruses and removed them - supposedly).
-Ran a quick scan in windows defender (same as full scan).
-Ran a custom scan in windows defender of files that I know are most likely infected (such as temp files)
-Ran malware bytes, but it ended up not working because of getting stuck on "needs updating".
- Used a program called "Remove on Next Reboot" to try and delete some of the EXE's that I know are viruses and won't let me get rid of them.
- Uninstalled a few of my games I do not play anymore, to clear up scan times.
 
 
 
I have this gut feeling like my computer will run just as it did when I first got it, if all these issues get dealt with. I also do not have a backup of my files, although I can backup pictures and music if need be, since everything else can be easily re-downloaded.
 

BC AdBot (Login to Remove)

 

#2 TazzyOpz

TazzyOpz

  • Avatar image
  • Members
  • 100 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:00 PM

Posted 27 November 2016 - 08:59 PM

Not sure If I'm authorized to help here? However once an Advisor or Moderator comments here they can take over.
For now I'd recommend doing the following.

[-Running AdwCleaner-]
Download AdwCleaner from here and save it to your Desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile


[-Running RogueKiller-]
Download RogueKiller from here and save it to your Desktop.

Double-click RogueKiller.exe
Click the Scan button.
Once the scan is finished You can view the Scan log by clicking the Report button. Then copy and paste the scan log here.
It is recommend to post the scan log here before removing any files detected unless you know for sure the file found is infected.

Edited by TazzyOpz, 27 November 2016 - 09:02 PM.

I.T Field Technician
C#, .Net, and Python.
Head Developer of NoBot est. 2015

#3 Blakesr17

Blakesr17
  • Topic Starter

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:02:00 PM

Posted 28 November 2016 - 07:59 AM

Not sure If I'm authorized to help here? However once an Advisor or Moderator comments here they can take over.
For now I'd recommend doing the following.

[-Running AdwCleaner-]
Download AdwCleaner from here and save it to your Desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile


[-Running RogueKiller-]
Download RogueKiller from here and save it to your Desktop.

Double-click RogueKiller.exe
Click the Scan button.
Once the scan is finished You can view the Scan log by clicking the Report button. Then copy and paste the scan log here.
It is recommend to post the scan log here before removing any files detected unless you know for sure the file found is infected.

AdwCleaner Log
Spoiler
#AdwCleaner v6.030 - Logfile created 27/11/2016 at 21:43:15
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-26.2 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Blake - DRAGONSPC
# Running from : C:\Users\Blake\Desktop\NEW DOWNLOADS FOLDER\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
[-] Service deleted: 1aba884a9bc34fe898a044cb5e348150
[-] Service deleted: 4949ca9a4e858a3f60be51795162382c
[-] Service deleted: gupojoke
[-] Service deleted: AppVerifier
[-] Service deleted: EsgScanner
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files (x86)\00000000-1480289811-0000-0000-448A5B9A9CF6
[-] Folder deleted: C:\ProgramData\d7187fcf-03e3-0
[-] Folder deleted: C:\ProgramData\d7187fcf-1127-1
[-] Folder deleted: C:\Users\Blake\AppData\Local\00000000-1480273569-0000-0000-448A5B9A9CF6
[-] Folder deleted: C:\Users\Blake\.proxycheck
[-] Folder deleted: C:\Users\Blake\.AnonymizerLauncher
[-] Folder deleted: C:\Users\Blake\AppData\Local\NowUSeeItPlayer
[-] Folder deleted: C:\Users\Blake\AppData\Local\AnonymizerLauncher
[-] Folder deleted: C:\Users\Blake\AppData\Roaming\One System Care
[-] Folder deleted: C:\Users\Blake\AppData\Roaming\ProxyGate
[-] Folder deleted: C:\Users\Blake\AppData\Roaming\Advancedpccare.net
[-] Folder deleted: C:\Users\Blake\AppData\Roaming\efo
[#] Folder deleted on reboot: C:\Users\Blake\AppData\Roaming\advancedpccare.net
[-] Folder deleted: C:\Users\Blake\AppData\Roaming\wyupdate au
[-] Folder deleted: C:\Users\Blake\AppData\Roaming\Interstatnogui
[-] Folder deleted: C:\Program Files\Advanced PC-Care
[-] Folder deleted: C:\ProgramData\Advancedpccare.net
[-] Folder deleted: C:\ProgramData\App-verifier
[#] Folder deleted on reboot: C:\ProgramData\advancedpccare.net
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Advancedpccare.net
[#] Folder deleted on reboot: C:\ProgramData\Application Data\App-verifier
[#] Folder deleted on reboot: C:\ProgramData\Application Data\advancedpccare.net
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NowUSeeIt Player
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC-Care
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
[-] Folder deleted: C:\Program Files (x86)\GreenTree Applications
[-] Folder deleted: C:\Program Files (x86)\Itibiti Soft Phone
[-] Folder deleted: C:\Program Files (x86)\Note-up
[-] Folder deleted: C:\Program Files (x86)\OneSystemCare
[-] Folder deleted: C:\Program Files (x86)\CleanBrowser
[-] Folder deleted: C:\Program Files (x86)\NowUSeeItPlayer
[-] Folder deleted: C:\Program Files (x86)\AnonymizerGadget
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Note-up
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\NUIns
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Itibiti
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\DailyBee
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\AnonymizerLauncher
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\DailyBee
[#] Folder deleted on reboot: C:\Users\Blake\AppData\Roaming\efo
[-] Folder deleted: C:\Users\Blake\AppData\Roaming\AGData
[-] Folder deleted: C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl
 
 
***** [ Files ] *****
 
[#] File deleted: C:\WINDOWS\SysNative\drivers\1aba884a9bc34fe898a044cb5e348150.sys
[-] File deleted: C:\WINDOWS\SysNative\drivers\EsgScanner.sys
[-] File deleted: C:\Users\Public\Desktop\Knctr.lnk
[-] File deleted: C:\Users\Public\Desktop\Launch One System Care.lnk
[-] File deleted: C:\Users\Public\Desktop\Advanced PC-Care.lnk
[-] File deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\cap.exe
[-] File deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\cap4.exe
[-] File deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\ddnow.exe
[-] File deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\ddnow4.exe
[-] File deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\tinstall.exe
[-] File deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\tinstall4.exe
[-] File deleted: C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.localstorage
[-] File deleted: C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.localstorage-journal
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\AppVerifier
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\AppVerifier
[-] Key deleted: HKU\.DEFAULT\Software\WajIEnhance
[-] Key deleted: HKU\.DEFAULT\Software\INSTALLPATH\STATUS
[-] Key deleted: HKU\.DEFAULT\Software\b`nl{y
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\DailyBee
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnonymizerGadget
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
[-] Key deleted: HKU\S-1-5-21-1875098634-3825317018-639482358-1003\Software\One System Care
[-] Key deleted: HKU\S-1-5-21-1875098634-3825317018-639482358-1003\Software\NowUSeeItPlayer
[-] Key deleted: HKU\S-1-5-21-1875098634-3825317018-639482358-1003\Software\advancedpccare.net
[-] Key deleted: HKU\S-1-5-21-1875098634-3825317018-639482358-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
[#] Key deleted on reboot: HKU\S-1-5-18\Software\WajIEnhance
[#] Key deleted on reboot: HKU\S-1-5-18\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKU\S-1-5-18\Software\b`nl{y
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\DailyBee
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnonymizerGadget
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
[#] Key deleted on reboot: HKCU\Software\One System Care
[#] Key deleted on reboot: HKCU\Software\NowUSeeItPlayer
[#] Key deleted on reboot: HKCU\Software\advancedpccare.net
[-] Key deleted: HKLM\SOFTWARE\NowUSeeItPlayer
[-] Key deleted: HKLM\SOFTWARE\b`nl{y
[-] Key deleted: HKLM\SOFTWARE\Socia2Sear Browser Enhancer
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Note-up
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NUIns
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PopupProduct
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CleanBrowser
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF5B9F52-33EB-4788-9569-B402FBB81FEF}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Itibiti_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DailyBee
[#] Key deleted on reboot: [x64] HKCU\Software\One System Care
[#] Key deleted on reboot: [x64] HKCU\Software\NowUSeeItPlayer
[#] Key deleted on reboot: [x64] HKCU\Software\advancedpccare.net
[-] Key deleted: [x64] HKLM\SOFTWARE\advancedpccare.net
[-] Key deleted: [x64] HKLM\SOFTWARE\AppVerifier
[-] Key deleted: [x64] HKLM\SOFTWARE\b`nl{y
[-] Key deleted: [x64] HKLM\SOFTWARE\Socia2Sear Browser Enhancer
[-] Key deleted: [x64] HKLM\SOFTWARE\pcv-var
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Data restored: HKU\S-1-5-21-1875098634-3825317018-639482358-1003\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: HKU\S-1-5-21-1875098634-3825317018-639482358-1003\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data restored: HKU\S-1-5-21-1875098634-3825317018-639482358-1003\Software\Microsoft\Internet Explorer\Main [SearchAssistant]
[-] Data restored: HKU\S-1-5-21-1875098634-3825317018-639482358-1003\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data restored: HKU\S-1-5-21-1875098634-3825317018-639482358-1003\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Value deleted: HKU\S-1-5-21-1875098634-3825317018-639482358-1003\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] C:\WINDOWS\system32\userinit.exe,
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] C:\WINDOWS\system32\userinit.exe,
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\advancedpccare.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nowuseeitplayer.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ui.nowuseeitplayer.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.advancedpccare.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pricepeep.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.pricepeep00.pricepeep.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\advancedpccare.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nowuseeitplayer.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ui.nowuseeitplayer.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.advancedpccare.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pricepeep.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.pricepeep00.pricepeep.net
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
[-] Value deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
[#] Value deleted on reboot: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Note-up]
[-] Value deleted: HKU\S-1-5-21-1875098634-3825317018-639482358-1003\Software\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnonymizerGadget]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [AnonymizerGadget]
[-] Value deleted: HKU\S-1-5-21-1875098634-3825317018-639482358-1003\Software\Microsoft\Windows\CurrentVersion\Run [Interstatnogui]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Interstatnogui]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Interstatnogui]
[-] Key deleted: HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Add event reminder
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shell\Add event reminder
[-] Value deleted: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [NowUSeeItPlayer.exe]
[-] Key deleted: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Key deleted: HKLM\SOFTWARE\Classes\*\shell\Add event reminder
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: nonjdcjchghhkdoolnlbekcfllmednbl
[-] [C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eunqMgFKa8BBixgCxYiK2gEHWi5T6E1ifSVFq1dlWX7WzHFtQr2tyIXFmNdOfHPCSAxUZRg0UplhBHvdOOxPJvNH3a9ISZTr3m2lhx2I8l6v5M4edeKF02mO8vbHVZM5LnsKIzSzwUVoZFNg7Zs2fNy4T4HoaY,
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [9421 Bytes] - [23/10/2016 21:12:24]
C:\AdwCleaner\AdwCleaner[C2].txt - [19147 Bytes] - [27/11/2016 21:43:15]
C:\AdwCleaner\AdwCleaner[S0].txt - [8721 Bytes] - [23/10/2016 21:05:14]
C:\AdwCleaner\AdwCleaner[S1].txt - [20074 Bytes] - [27/11/2016 21:33:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [19368 Bytes] ##########
 
 
RogueKiller
Spoiler
 
not sure why the spoiler isn't working right.

Edited by Blakesr17, 28 November 2016 - 08:01 AM.

#4 TazzyOpz

TazzyOpz

  • Avatar image
  • Members
  • 100 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:00 PM

Posted 28 November 2016 - 10:50 AM

Remove what both have found. I See RK picked up Bit-torrent. You can deselect that if you're using that obviously or let it remove what it needs and you can re-install it after. However it looks like it has picked up a pretty big portion of your infection. After the removal let me know if it's running any better. And we will go from there.


I.T Field Technician
C#, .Net, and Python.
Head Developer of NoBot est. 2015

#5 Blakesr17

Blakesr17
  • Topic Starter

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:02:00 PM

Posted 28 November 2016 - 10:57 AM

I feel dumb for making this mistake. I was getting prepared to delete all the viruses and accidentally selected unselect all and only select 1 to be removed. Now I can't find out how to get into the window to delete them all.

(from roguekiller)

 

 

[Edit]: I have noticed one big thing that has been fixed since i did AdwCleaner. My internet is like 100% faster. When it took 3 hours to download a 3.5 gb game, it now takes about 30min.


Edited by Blakesr17, 28 November 2016 - 11:37 AM.

#6 TazzyOpz

TazzyOpz

  • Avatar image
  • Members
  • 100 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:00 PM

Posted 28 November 2016 - 12:46 PM

I feel dumb for making this mistake. I was getting prepared to delete all the viruses and accidentally selected unselect all and only select 1 to be removed. Now I can't find out how to get into the window to delete them all.

(from roguekiller)

 

 

[Edit]: I have noticed one big thing that has been fixed since i did AdwCleaner. My internet is like 100% faster. When it took 3 hours to download a 3.5 gb game, it now takes about 30min.

 

Just run the Roguekiller scan against. It should pickup the files that are remaining.


I.T Field Technician
C#, .Net, and Python.
Head Developer of NoBot est. 2015

#7 Blakesr17

Blakesr17
  • Topic Starter

  • Avatar image
  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:02:00 PM

Posted 29 November 2016 - 04:11 PM

Alright, sorry for the long wait. School happened and I had to deal with that First. I reran Rogue Killer and got rid of the viruses it found. which were practically the same as before.


Back to Am I infected? What do I do?


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·