Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Launchpage.org Google Chrome help


  • Please log in to reply
17 replies to this topic

#1 GabrielGortnova

GabrielGortnova

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 26 April 2017 - 11:17 AM

I am a complete noob with this and have had extreme problems with launchpage. Ive read  a thread here that settled it with firefox but one mine is with chrome and two it seemed extremely complex. I am considering using this self help guide by your page. https://www.bleepingcomputer.com/virus-removal/remove-launchpage.org-home-page-hijacker but Id like to seek help first. I am in big trouble if I dont get this fixed and please no techy things as I am not familiar at all with it. I believe this started when i downloaded a game but the laptop sensed the setup of the app in the cd drive even though there was no cd. Ive tried uninstalling, resetting, using malwarebytes and avira antivirus but nothing is happening. i may not reply quickly but I appreciate any help, thanks!



BC AdBot (Login to Remove)

 


#2 GabrielGortnova

GabrielGortnova
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 26 April 2017 - 11:21 AM

Ive also uninstalled any apps that were installed on the same day even those i knew were legit, same thing goes for my extensions. The settings for chrome which state the startup pages for me are empty. Fyi the link for the game was this one https://skidrowgamesreloaded.com/kenshi/ under the "another torrent" part of the page at the near bottom. one i downloaded the file it setup a kind of offline browser i cant remember what that lead me to  the torrent itself. Ive removed the torrent and its data as far as i know



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:00 AM

Posted 26 April 2017 - 11:43 AM

Hello , yes it's a browser hijacker. Run these.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
Click Go and post the result (MTB.txt). A copy of MTB.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Download and run Zemana AntiMalware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 GabrielGortnova

GabrielGortnova
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 26 April 2017 - 11:54 AM

Alright 

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Gabby (administrator) on 27-04-2017 at 00:54:01
Running from "C:\Users\Gabby\Downloads"
Microsoft Windows 10 Home  (X64)
Model: Aspire E5-575 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Qualcomm Atheros QCA9377 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global taskoffload=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Gabriel
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.name
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 54-AB-3A-F7-74-7C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 96-E9-79-9B-1D-D7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Qualcomm Atheros QCA9377 Wireless Network Adapter
   Physical Address. . . . . . . . . : 94-E9-79-9B-1D-D7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c8c1:2ba7:11d7:3c99%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.22(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, 25 April 2017 11:24:58 PM
   Lease Expires . . . . . . . . . . : Thursday, 27 April 2017 11:27:55 PM
   Default Gateway . . . . . . . . . : fe80::213:33ff:fee7:31d6%3
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 60090745
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-AE-9C-37-54-AB-3A-F7-74-7C
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.domain.name:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  2404:6800:4005:801::200e
 216.58.197.110
 
 
Pinging google.com [216.58.197.110] with 32 bytes of data:
Reply from 216.58.197.110: bytes=32 time=117ms TTL=52
Reply from 216.58.197.110: bytes=32 time=683ms TTL=52
 
Ping statistics for 216.58.197.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 117ms, Maximum = 683ms, Average = 400ms
Server:  UnKnown
Address:  192.168.1.1
 
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=736ms TTL=49
Reply from 98.139.183.24: bytes=32 time=362ms TTL=49
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 362ms, Maximum = 736ms, Average = 549ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  8...54 ab 3a f7 74 7c ......Realtek PCIe GBE Family Controller
 15...96 e9 79 9b 1d d7 ......Microsoft Wi-Fi Direct Virtual Adapter
  3...94 e9 79 9b 1d d7 ......Qualcomm Atheros QCA9377 Wireless Network Adapter
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.22     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link      192.168.1.22    311
     192.168.1.22  255.255.255.255         On-link      192.168.1.22    311
    192.168.1.255  255.255.255.255         On-link      192.168.1.22    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.1.22    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.1.22    311
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    311 ::/0                     fe80::213:33ff:fee7:31d6
  1    331 ::1/128                  On-link
  3    311 fe80::/64                On-link
  3    311 fe80::c8c1:2ba7:11d7:3c99/128
                                    On-link
  1    331 ff00::/8                 On-link
  3    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/25/2017 04:44:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: MRT.exe, version: 5.47.13703.0, time stamp: 0x58dec9f9
Faulting module name: combase.dll, version: 10.0.14393.953, time stamp: 0x58ba5954
Exception code: 0xc0000005
Fault offset: 0x00000000000b071c
Faulting process id: 0x814
Faulting application start time: 0xMRT.exe0
Faulting application path: MRT.exe1
Faulting module path: MRT.exe2
Report Id: MRT.exe3
Faulting package full name: MRT.exe4
Faulting package-relative application ID: MRT.exe5
 
Error: (04/25/2017 04:41:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (04/19/2017 12:11:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: RTKXI.EXE, version: 1.0.0.0, time stamp: 0x48630000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0
Exception code: 0xc0000005
Fault offset: 0x00026dc9
Faulting process id: 0x16cc
Faulting application start time: 0xRTKXI.EXE0
Faulting application path: RTKXI.EXE1
Faulting module path: RTKXI.EXE2
Report Id: RTKXI.EXE3
Faulting package full name: RTKXI.EXE4
Faulting package-relative application ID: RTKXI.EXE5
 
Error: (04/12/2017 11:28:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GABRIEL)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/12/2017 11:28:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GABRIEL)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/12/2017 04:33:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GABRIEL)
Description: Package Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (04/11/2017 08:42:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GABRIEL)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/08/2017 12:09:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: GABRIEL)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/08/2017 12:09:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: GABRIEL)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/08/2017 12:09:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: GABRIEL)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (04/26/2017 11:28:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/26/2017 12:24:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/25/2017 11:38:33 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/25/2017 11:27:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/25/2017 11:23:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/25/2017 11:19:39 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/25/2017 11:00:34 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/25/2017 10:45:15 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/25/2017 09:41:51 PM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)
Description: 32212256841564096
 
Error: (04/25/2017 09:42:22 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:30:35 PM on ‎4/‎25/‎2017 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (04/25/2017 04:44:53 PM) (Source: Application Error)(User: )
Description: MRT.exe5.47.13703.058dec9f9combase.dll10.0.14393.95358ba5954c000000500000000000b071c81401d2bd9fdf2c8fe1C:\WINDOWS\system32\MRT.exeC:\WINDOWS\System32\combase.dll6f584a5a-2a05-4222-958a-b0cad6987686
 
Error: (04/25/2017 04:41:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (04/19/2017 12:11:35 AM) (Source: Application Error)(User: )
Description: RTKXI.EXE1.0.0.048630000ntdll.dll10.0.14393.47958256ca0c000000500026dc916cc01d2b84b2b09e3ddC:\Program Files (x86)\Koei\RTKXI\RTKXI.EXEC:\WINDOWS\SYSTEM32\ntdll.dll860a95fa-21ea-4a2e-95d9-2e599b2c3c3a
 
Error: (04/12/2017 11:28:24 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: GABRIEL)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (04/12/2017 11:28:24 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: GABRIEL)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (04/12/2017 04:33:34 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: GABRIEL)
Description: Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe+App
 
Error: (04/11/2017 08:42:31 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: GABRIEL)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927141
 
Error: (04/08/2017 12:09:59 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: GABRIEL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (04/08/2017 12:09:56 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: GABRIEL)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2144927141
 
Error: (04/08/2017 12:09:56 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: GABRIEL)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2144927141
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3024 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3006 - Acer Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{BC5A9829-B67F-4E3A-83EE-0CDBDB6FBA1C}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5917.02 - CyberLink Corp.)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3015 - Acer Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Marvel Ultimate Alliance 2 (HKLM-x32\...\Marvel Ultimate Alliance 2_is1) (Version:  - )
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Movavi Video Converter 17 (HKLM-x32\...\Movavi Video Converter 17) (Version: 17.2.1 - Movavi)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7830.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10299 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
RTKXI (HKCU\...\InstallShield_{64893225-ADBA-469E-B114-F3B2C1FBBA77}) (Version: 1.00.0000 - Koei)
RTKXI (HKLM-x32\...\{64893225-ADBA-469E-B114-F3B2C1FBBA77}) (Version: 1.00.0000 - Koei) Hidden
STAR WARS® - Battlefront® II (HKLM-x32\...\1421404701_is1) (Version: 2.0.0.5 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
This War of Mine - Anniversary Edition (HKLM-x32\...\This War of Mine - Anniversary Edition_is1) (Version:  - )
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
**** End of log ****


#5 GabrielGortnova

GabrielGortnova
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 26 April 2017 - 11:58 AM

Im running Zemana as we speak. Should I keep Malwarebytes on my computer? 

 

Edit:

 

It has seen launchpage as a threat, getting my hopes up! This is the only site so far thats been able to help me for the past week


Edited by GabrielGortnova, 26 April 2017 - 11:59 AM.


#6 GabrielGortnova

GabrielGortnova
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 26 April 2017 - 12:02 PM

It has detected some of my apps files as threats, most of my games are torrented and I believe the files it has detected might be vital to the games. What would you suggest?



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:00 AM

Posted 26 April 2017 - 12:03 PM

MBam is an excellent app. If it's the Free version you must update prior to running.

Zemana..
Once the scan has completed click graph icon on the top right of the programs User interface.
Double click to open the latest log-file.
Copy it to your clipboard.
Post the log here in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:00 AM

Posted 26 April 2017 - 12:08 PM

OOOPs,, It may clean the file and leave the infection in Quarantine.. I guess you can remove one and see if the game is affected.. This is a problem with many torrents, free app and free malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 GabrielGortnova

GabrielGortnova
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 26 April 2017 - 12:10 PM

Zemana AntiMalware 2.72.179.388 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017 4 27
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i3-7100U CPU @ 2.40GHz
BIOS Mode              : UEFI
CUID                   : 120074E3D0B576D87395C9
Scan Type              : System Scan
Duration               : 12m 8s
Scanned Objects        : 63839
Detected Objects       : 4
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Internet Explorer Shortcut
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Shortcut
 
Chrome Shortcut
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
steam_api.dll
Status             : Scanned
Object             : %userprofile%\downloads\games\this.war.of.mine.anniversary.edition-prophet\ppt-wmae\prophet\steam_api.dll
MD5                : 3BEFDB4EBCC0F69CDBE9A566BB332834
Publisher          : -
Size               : 1322500
Version            : 7.4.0.0
Detection          : PUA:Win32/SoftCrack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\games\this.war.of.mine.anniversary.edition-prophet\ppt-wmae\prophet\steam_api.dll
 
jijetionreasicult.default
Status             : Scanned
Object             : NE->c:\users\gabby\appdata\roaming\profiles\jijetionreasicult.default
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Trotux.FakeProfile!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)


#10 GabrielGortnova

GabrielGortnova
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 26 April 2017 - 12:15 PM

Oh btw i know about the shortcut on desktop that has an extra launchpagestuff in its target line. Problem is with the taskbar at first the only problem was the icon was doubling but the launchpage wasnt showing up. Though if i open it from the file location, launchpage is still there. I would have just let it be and settle for the double icon but sometimes it lead me to weird search engines and it alarmed me so i went here



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:00 AM

Posted 26 April 2017 - 12:16 PM

It appears to have fixed That...
What you should do if you continue to torrent .. is download ,save it and then scan that file with Avira before running it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 GabrielGortnova

GabrielGortnova
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 26 April 2017 - 12:18 PM

I stopped the torrent and attempted to delete any remnants. I still havent moved zemara though, can i opt to remove the files that are parts of the game because im not sure how ill get it back from quarantine. Should i click next for zemara?



#13 GabrielGortnova

GabrielGortnova
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 26 April 2017 - 12:35 PM

i think it works! how do i know this wont happen again?



#14 GabrielGortnova

GabrielGortnova
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 26 April 2017 - 12:41 PM

Hey uhm really amazing what you did but it turns out the game did need the file, ive restored it with zemara but my other antiviruses (avira and MB) are now acting up and the game plainly wont work, any idea with this?



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:00 AM

Posted 26 April 2017 - 12:44 PM

It appears to have fixed That...
What you should do if you continue to torrent .. is download ,save it and then scan that file with Avira before running it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users