Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

shmokiads.com unremoveable redirect adware ?


  • Please log in to reply
10 replies to this topic

#1 ArshiaGaming

ArshiaGaming

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 25 February 2017 - 04:27 PM

so recently when i try to enter some websites (e.g nexusmods.com/skyrim) i get redirected to the website mentioned above and then a random add page.i installed kasperskytdsskiller , malwarebytes, hitman pro and adwcleaner and no luck , they detected several viruses but my problem hasn't been solved.it seems as if its undetectable. i also removed some suspicious program , my laptop is fairly new so there wasn't much . what should i do ? 


Edited by hamluis, 25 February 2017 - 04:59 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:47 PM

Posted 25 February 2017 - 05:39 PM

I know you have used MBAM but I would like to see a new scan using it by following the directions below...same for AdwCleaner.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

  • Instructions for MBAM
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Instructions for AdwCleaner:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Download Zemana AntiMalware and install it

  • Run the application
  • Click "Next" and then Scan
  • When the scan has finished click Next to remove any threats.
  • Click the bars in the top right corner to display the logs, double click your log
  • copy and paste the log into your reply
  • download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

Edited by buddy215, 25 February 2017 - 05:40 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 ArshiaGaming

ArshiaGaming
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 26 February 2017 - 11:49 AM

 

I know you have used MBAM but I would like to see a new scan using it by following the directions below...same for AdwCleaner.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

  • Instructions for MBAM
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Instructions for AdwCleaner:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Download Zemana AntiMalware and install it

  • Run the application
  • Click "Next" and then Scan
  • When the scan has finished click Next to remove any threats.
  • Click the bars in the top right corner to display the logs, double click your log
  • copy and paste the log into your reply
  • download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

 

thanks for the reply , unfortunately the problem is still there. heres the logs

for malwarebytes

 

Malwarebytes
[www.malwarebytes.com
 
-Log Details-
Scan Date: 2/26/17
Scan Time: 8:07 AM
Logfile: mwb.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1064
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-5PMEI5V\MSI-PC
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413877
Time Elapsed: 1 min, 43 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)]

Edited by ArshiaGaming, 26 February 2017 - 11:49 AM.


#4 ArshiaGaming

ArshiaGaming
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 26 February 2017 - 11:51 AM

adwcleaner

 

# AdwCleaner v6.043 - Logfile created 26/02/2017 at 08:12:22
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-24.1 [Local]
# Operating System : Windows 10 Enterprise  (X64)
# Username : MSI-PC - DESKTOP-5PMEI5V
# Running from : C:\Users\MSI-PC\Desktop\adwcleaner_6.043 (1).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1022 Bytes] - [20/02/2017 13:17:39]
C:\AdwCleaner\AdwCleaner[C2].txt - [1357 Bytes] - [25/02/2017 11:23:33]
C:\AdwCleaner\AdwCleaner[C3].txt - [1503 Bytes] - [25/02/2017 12:59:06]
C:\AdwCleaner\AdwCleaner[C4].txt - [987 Bytes] - [26/02/2017 08:12:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [1160 Bytes] - [20/02/2017 13:17:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [1308 Bytes] - [20/02/2017 13:38:33]
C:\AdwCleaner\AdwCleaner[S2].txt - [1379 Bytes] - [23/02/2017 13:20:09]
C:\AdwCleaner\AdwCleaner[S3].txt - [1453 Bytes] - [25/02/2017 11:15:50]
C:\AdwCleaner\AdwCleaner[S4].txt - [1525 Bytes] - [25/02/2017 11:23:19]
C:\AdwCleaner\AdwCleaner[S5].txt - [1671 Bytes] - [25/02/2017 12:57:37]
C:\AdwCleaner\AdwCleaner[S6].txt - [1817 Bytes] - [26/02/2017 08:12:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1570 Bytes] ##########

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Enterprise x64 
Ran by MSI-PC (Administrator) on Sun 02/26/2017 at  8:18:28.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 3 
 
Successfully deleted: C:\Users\MSI-PC\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD} (Empty Folder)
Successfully deleted: C:\Users\MSI-PC\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Public\Desktop\hotspot shield.lnk (Shortcut) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/26/2017 at  8:21:44.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zemana 

 

Zemana AntiMalware 2.72.2.101 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/2/26
Operating System       : Windows 10 64-bit
Processor              : 8X Intel® Core™ i7-6700HQ CPU @ 2.60GHz
BIOS Mode              : Legacy
CUID                   : 12CD89F0C3A0D873A2C17B
Scan Type              : System Scan
Duration               : 4m 41s
Scanned Objects        : 67365
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Proxy Server (User)
Status             : Scanned
Object             : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Potentially Unwanted Modification
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:58063;https=127.0.0.1:58063;socks=127.0.0.1:58062
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0

security check

 

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 26.02.2017 08:45:03
Path starting: C:\Users\MSI-PC\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: MSI-PC
VersionXML: 3.94is-22.02.2017
___________________________________________________________________________
 
Windows 10(6.3.14393) (x64) Enterprise Lang: English(0409)
Installation date OS: 11.11.2016 03:34:07
LicenseStatus: Windows®, Enterprise edition Volume activation will expire : 232036 minutes
LicenseStatus: Office 15, OfficeProPlusVL_KMS_Client edition Volume activation will expire : 232036 minutes
Boot Mode: Normal
Default Browser: Microsoft Edge (C:\Windows\system32\LaunchWinApp.exe)
SystemDrive: C: FS: [NTFS] Capacity: [146 Gb] Used: [70.3 Gb] Free: [75.7 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.14393.0 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
 
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x64 v.15.0.4420.1017
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
HitmanPro 3.7 v.3.7.15.281
Malwarebytes version 3.0.6.1469 v.3.0.6.1469
Zemana AntiMalware v.2.72.101
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player v.2.2.4
WinRAR 5.31 (64-bit) v.5.31.0 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.31 v.7.31.104 Warning! Download Update
^Optional update.^
---------------------------- [ ProxyAndVPNs ] -----------------------------
Hotspot Shield 6.0.4 v.6.0.4 Warning! This app can show ads.
Hotspot Shield 6.0.4 Embedded v.6.0.4.9836 Warning! This app can show ads.
Hotspot Shield Service (hshld) - The service is running
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe v.6.0.4.9836
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.4.9.43295 Warning! P2P-client.
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 23 NPAPI v.23.0.0.162 Warning! Download Update
Adobe Acrobat Reader DC v.15.023.20070 [+]
------------------------------- [ Browser ] -------------------------------
Google Chrome v.52.0.2743.116 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Users\MSI-PC\AppData\Local\Google\Chrome\Application\chrome.exe v.52.0.2743.116
------------------ [ AntivirusFirewallProcessServices ] -------------------
HitmanPro Scheduler (HitmanProScheduler) - The service is running
C:\Program Files\HitmanPro\hmpsched.exe v.3.7.0.5
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.415
C:\Program Files\Windows Defender\MsMpEng.exe v.4.10.14393.0
C:\Program Files\Windows Defender\MpCmdRun.exe v.4.10.14393.0
C:\Program Files\Windows Defender\NisSrv.exe v.4.10.14393.0
Windows Defender Service (WinDefend) - The service is running
Windows Defender Network Inspection Service (WdNisSvc) - The service is running
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.2.72.0.101
----------------------------- [ End of Log ] ------------------------------


#5 ArshiaGaming

ArshiaGaming
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 26 February 2017 - 11:53 AM

so heres some interesting things i found , first , zemana would find one unwanted modification everytime i scan and after multiple scans it finaly removed it , second , i redownloaded malwarebytes and clicked on (check for update) and i dont think it updated 


Edited by ArshiaGaming, 26 February 2017 - 12:09 PM.


#6 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:47 PM

Posted 26 February 2017 - 12:53 PM

If you haven't attempted to uninstall Hotspot Shield I suggest you use Download Revo Uninstaller Freeware to uninstall.

 

Uninstall uTorrent (using uTorrent to download free stuff is very risky...and often illegal.

 

I see Edge is the default browser and Google Chrome needs updating. Is Edge where the ads are showing?

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 ArshiaGaming

ArshiaGaming
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 26 February 2017 - 03:26 PM

If you haven't attempted to uninstall Hotspot Shield I suggest you use Download Revo Uninstaller Freeware to uninstall.

 

Uninstall uTorrent (using uTorrent to download free stuff is very risky...and often illegal.

 

I see Edge is the default browser and Google Chrome needs updating. Is Edge where the ads are showing?

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

tnx for the reply , hotspot and utorrent were probably not the issue but i uninstalled them anyway , also this problem exist on every browser i tried (chrome and IE )

 

heres the log for windows startups

 

Yes HKCU:Run BingSvc © 2015 Microsoft Corporation C:\Users\MSI-PC\AppData\Local\Microsoft\BingSvc\BingSvc.exe

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run DAEMON Tools Pro Agent "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
Yes HKCU:Run IDMan C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\MSI-PC\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run uTorrent BitTorrent Inc. "C:\Users\MSI-PC\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
Yes HKLM:Run LogMeIn Hamachi Ui LogMeIn Inc. "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
Yes HKLM:Run Malwarebytes TrayApp Malwarebytes C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run ShadowPlay Microsoft Corporation "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run WindowsDefender "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Yes HKLM:Run ZAM Copyright 2017. "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
Yes Startup Common Killer Network Manager.lnk Rivet Networks C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
Yes Startup Common SteelSeries Engine 3.lnk SteelSeries ApS C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe

heres install

 

3D Builder Microsoft Corporation 2/23/2017 12.0.3131.0
Adobe Acrobat Reader DC Adobe Systems Incorporated 2/23/2017 402 MB 15.023.20070
Adobe Flash Player 23 NPAPI Adobe Systems Incorporated 11/10/2016 19.2 MB 23.0.0.162
Adobe Photoshop Express Adobe Systems Incorporated 2/26/2017 1.3.1.19
Alarms & Clock Microsoft Corporation 2/23/2017 10.1701.10103.0
App Installer Microsoft Corporation 2/23/2017 1.0.10332.0
Asmedia USB Host Controller Driver Asmedia Technology 11/10/2016 10.3 MB 1.16.28.1
Battery Calibration Micro-Star International Co., Ltd. 11/10/2016 421 KB 1.0.1508.1001
Calculator Microsoft Corporation 2/23/2017 10.1702.312.0
Camera Microsoft Corporation 2/25/2017 2017.125.40.0
CCleaner Piriform 2/26/2017 19.4 MB 5.27
DAEMON Tools Pro Disc Soft Ltd 11/16/2016 8.0.0.0631
Dragon Gaming Center Micro-Star International Co., Ltd. 11/10/2016 4.58 MB 1.0.1501.2801
Duolingo - Learn Languages for Free Duolingo Inc. 2/26/2017 2016.423.1.0
Dying Light: The Following - Enhanced Edition 12/1/2016 24.5 GB 1
Eclipse Manager Ounce Digital 2/26/2017 2.2.1.31
Elsword version v6.1109.1.2 KOGGAMES 11/12/2016 6.94 GB v6.1109.1.2
Feedback Hub Microsoft Corporation 2/23/2017 1.1612.10312.0
Flipboard Flipboard 2/26/2017 2.1.1.0
Fresh Paint Microsoft Corporation 2/26/2017 3.1.10156.0
GATES TO AESGAARD - Episode 1 11/15/2016
Get Office Microsoft Corporation 2/23/2017 17.7909.7600.0
Google Chrome Google Inc. 11/10/2016 52.0.2743.116
Groove Music Microsoft Corporation 2/25/2017 10.17012.10301.0
HitmanPro 3.7 SurfRight B.V. 2/23/2017 11.1 MB 3.7.15.281
Hotspot Shield 6.0.4 AnchorFree Inc. 2/20/2017 28.6 MB 6.0.4
Intel® Management Engine Components Intel Corporation 11/10/2016 11.0.0.1162
Intel® Processor Graphics Intel Corporation 10/6/2015 20.19.15.4300
Intel® Rapid Storage Technology Intel Corporation 11/10/2016 14.5.0.1081
Intel® Wireless Bluetooth® Intel Corporation 11/10/2016 5.14 MB 17.1.1527.1534
Intel® PROSet/Wireless Software Intel Corporation 11/10/2016 204 MB 18.12.0
Intel® Security Assist Intel Corporation 11/10/2016 1.11 MB 1.0.0.532
Internet Download Manager 11/10/2016
KB9X Radio Switch Driver ENE TECHNOLOGY INC. 11/10/2016 1.1.2.0
Killer Performance Suite Rivet Networks 11/10/2016 1.1.56.1122
LogMeIn Hamachi LogMeIn, Inc. 11/16/2016 6.62 MB 2.2.0.541
LOOT version 0.10.2 LOOT Team 12/6/2016 106 MB 0.10.2
Mail and Calendar Microsoft Corporation 2/25/2017 17.7920.40507.0
Malwarebytes version 3.0.6.1469 Malwarebytes 2/26/2017 125 MB 3.0.6.1469
Maps Microsoft Corporation 2/26/2017 5.1611.3342.0
Messaging Microsoft Corporation 11/11/2016 3.19.1001.0
Microsoft Office Professional Plus 2013 Microsoft Corporation 11/10/2016 34.2 MB 15.0.4420.1017
Microsoft OneDrive Microsoft Corporation 1/20/2017 84.7 MB 17.3.6743.1212
Microsoft Solitaire Collection Microsoft Studios 2/25/2017 3.15.2140.0
Microsoft Sticky Notes Microsoft Corporation 2/23/2017 1.6.2.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11/10/2016 9.63 MB 8.0.61187
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 11/10/2016 12.8 MB 8.0.61186
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 Microsoft Corporation 11/10/2016 14.0 MB 9.0.30729.7523
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 Microsoft Corporation 11/10/2016 12.5 MB 9.0.30729.7523
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 12/1/2016 18.4 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 12/1/2016 16.3 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 12/1/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 12/1/2016 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Corporation 11/10/2016 152 KB 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Corporation 11/10/2016 152 KB 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Corporation 11/10/2016 152 KB 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Corporation 11/10/2016 152 KB 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 11/10/2016 20.5 MB 12.0.21005.1
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40649 Microsoft Corporation 11/10/2016 144 KB 12.0.40649
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40649 Microsoft Corporation 11/10/2016 144 KB 12.0.40649
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40649 Microsoft Corporation 11/10/2016 144 KB 12.0.40649
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40649 Microsoft Corporation 11/10/2016 144 KB 12.0.40649
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 Microsoft Corporation 12/6/2016 19.5 MB 14.0.24212.0
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24210 Microsoft Corporation 11/10/2016 144 KB 14.0.24210
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24210 Microsoft Corporation 11/10/2016 148 KB 14.0.24210
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 11/10/2016 8.12 MB 10.0.50908
Movies & TV Microsoft Corporation 2/25/2017 10.17012.10301.0
MSI Remind Manager 11/10/2016
Nero2016-BROM-Express-17.0.8000 11/10/2016
Network Speed Test Microsoft Research 2/26/2017 1.0.0.23
NVIDIA GeForce Experience 3.1.2.31 NVIDIA Corporation 12/1/2016 2.52 MB 3.1.2.31
NVIDIA Graphics Driver 376.54 NVIDIA Corporation 2/26/2017 376.54
NVIDIA PhysX System Software 9.16.0318 NVIDIA Corporation 12/1/2016 406 MB 9.16.0318
Oblivion Bethesda Softworks 11/10/2016 14.6 MB 1.00.0000
Oblivion - Construction Set Bethesda Softworks 11/17/2016 14.6 MB 1.00.0000
OneNote Microsoft Corporation 2/25/2017 17.7870.57621.0
Paid Wi-Fi & Cellular Microsoft Corporation 2/23/2017 1.1607.6.0
People Microsoft Corporation 2/26/2017 10.1.3410.0
Photos Microsoft Corporation 2/25/2017 16.1118.10000.0
PicsArt PicsArt Inc. 2/26/2017 5.1.0.0
Realtek Card Reader Realtek Semiconductor Corp. 11/10/2016 11.0 MB 6.3.9600.31213
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 11/10/2016 45.6 MB 6.0.1.7786
SCM Application 11/10/2016 8.00 MB 13.016.01229
Shantae Half-Genie Hero 1/22/2017 2.97 MB
Sizing Options Application 11/10/2016 51.8 MB 3.0.1512.1801
Skype Preview Skype 2/25/2017 11.11.110.0
Skype™ 7.31 Skype Technologies S.A. 2/9/2017 167 MB 7.31.104
SteelSeries Engine 3.9.2 SteelSeries ApS 11/16/2016 3.9.2
Store Microsoft Corporation 2/23/2017 11610.1001.25.0
Store Purchase App Microsoft Corporation 2/23/2017 11608.1000.2431.0
Synaptics Pointing Device Driver Synaptics Incorporated 11/10/2016 46.4 MB 19.0.6.1
Tips Microsoft Corporation 2/23/2017 4.5.6.0
Translator Microsoft Corporation 2/26/2017 4.6.2.0
UninstallMG100 Driver 11/10/2016 61.8 MB
VLC media player VideoLAN 11/10/2016 128 MB 2.2.4
Voice Recorder Microsoft Corporation 2/23/2017 10.1702.301.0
Vulkan Run Time Libraries 1.0.26.0 LunarG, Inc. 2/26/2017 1.66 MB 1.0.26.0
Weather Microsoft Corporation 2/25/2017 4.18.37.0
WinRAR 5.31 (64-bit) win.rar GmbH 11/10/2016 5.09 MB 5.31.0
Wrye Bash Wrye & Wrye Bash Development Team 12/7/2016 0.3.0.6
Wunderlist 6 Wunderkinder GmbH 2/26/2017 3.6.25.0
Xbox Microsoft Corporation 2/25/2017 24.26.14000.0
Xbox Identity Provider Microsoft Corporation 2/23/2017 11.19.19003.0
XSplit Gamecaster SplitmediaLabs 11/10/2016 102 MB 1.9.1409.2316
Zemana AntiMalware Zemana Ltd. 2/26/2017 16.3 MB 2.72.101
µTorrent BitTorrent Inc. 2/2/2017 3.4.9.43295

and heres scheduled tasks 

 

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task Microsoft Office 15 Sync Maintenance for DESKTOP-5PMEI5V-MSI-PC DESKTOP-5PMEI5V Microsoft Corporation C:\Program Files\Microsoft Office\Office15\MsoSync.exe
Yes Task NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
Yes Task NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes Task NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes Task NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
Yes Task NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Yes Task NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
Yes Task OneDrive Standalone Update Task v2 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Yes Task {07D21D89-EF3C-46C0-A3B0-8996E6CD44EB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\KMSpico\unins000.exe"
 
 
 

also what is edge ?


Edited by ArshiaGaming, 26 February 2017 - 03:27 PM.


#8 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:47 PM

Posted 26 February 2017 - 03:59 PM

Suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run BingSvc © 2015 Microsoft Corporation C:\Users\MSI-PC\AppData\Local\Microsoft\BingSvc\BingSvc.exe

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run DAEMON Tools Pro Agent "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
Yes HKCU:Run IDMan C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\MSI-PC\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKLM:Run ShadowPlay Microsoft Corporation "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run ZAM Copyright 2017. "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
Yes Startup Common SteelSeries Engine 3.lnk SteelSeries ApS C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.e
 
Delete this item: Use CCleaner by clicking on it and choosing Delete on the right.
Yes HKCU:Run uTorrent BitTorrent Inc. "C:\Users\MSI-PC\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
Update Adobe Flash Player 23 NPAPI Adobe Systems Incorporated 11/10/2016 19.2 MB 23.0.0.162
 
Disable this Task:
Yes Task OneDrive Standalone Update Task v2 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
 
Delete this Task:
Yes Task {07D21D89-EF3C-46C0-A3B0-8996E6CD44EB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\KMSpico\unins000.exe"
 
Microsoft Edge is your Default browser according to this: (Security Check you ran)
Default Browser: Microsoft Edge (C:\Windows\system32\LaunchWinApp.exe)
 
I'm assuming you uninstalled those two programs...Utorrent and Hotspot Shield after copying the Three lists above.
 
I doubt after doing the above the problem is solved. So, if that is the case then you will need to start a new topic in the
malware removal forum by following the directions below.
 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.

 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 ArshiaGaming

ArshiaGaming
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 03 March 2017 - 01:51 PM

just change the home page to google and it got fixed.....



#10 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:47 PM

Posted 03 March 2017 - 01:59 PM

Great! Happy surfin'....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Analyzej

Analyzej

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 14 April 2017 - 03:16 PM

@ ArshiaGaming

Can you please check by resetting the DNS to public DNS i.e. 8.8.8.8

This seems due to DNS hijacking






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users