Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scans found suspicious registry entries.


  • Please log in to reply
9 replies to this topic

#1 RichardPacino

RichardPacino

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 07 May 2017 - 07:18 PM

Dear Bleeping Computer community,

 

I would appreciate if somebody could have a look at these registry entries found by scan engines I occassionally use.

 

As those are in registry I am trying to be on the safe side and ask the forum whether I should go ahead to delete them or they are harmless. Below are the results.

 

Thank you for your help.

...........................................................................................................................................................................................

Panda Cloud Cleaner found:

 

Key: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED
Value: HIDEFILEEXT

.........................................................................................................................................................................................

Norton Power Eraser found:

 

REGISTRY\MACHINE\SOFTWARE\Classes\.pif\""

.........................................................................................................................................................................................

ADWCleaner found:

***** [ Services ] *****
No malicious services found.

***** [ Folders ] *****
No malicious folders found.

***** [ Files ] *****
No malicious files found.

***** [ DLL ] *****
No malicious DLLs found.

***** [ WMI ] *****
No malicious keys found.

***** [ Shortcuts ] *****
No infected shortcut found.

***** [ Scheduled Tasks ] *****
No malicious task found.

***** [ Registry ] *****
Key Found:  HKU\S-1-5-21-3150868597-2209938022-2956630858-1001\Software\APN PIP
Key Found:  HKCU\Software\APN PIP
Key Found:  [x64] HKCU\Software\APN PIP
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\A81E737A17150D040843D72D34240018
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\A81E737A17150D040843D72D34240018
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A81E737A17150D040843D72D34240018
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A81E737A17150D040843D72D34240018
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\A81E737A17150D040843D72D34240018
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\A81E737A17150D040843D72D34240018

***** [ Web browsers ] *****
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\VISITOR\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\VISITOR\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [2104 Bytes] - [04/05/2017 08:05:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2177 Bytes] ##########

 

 



BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:11:43 AM

Posted 09 May 2017 - 10:25 AM

Delete everything found in AdwCleaner.

 

Download Farbar MiniToolBox and save the file to your desktop.

  1. Open MiniToolBox by right-clicking it and selecting Run as Administrator.

  2. Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

  1. Paste the log file contents into a post.

     

 

 

 

 

Download Malwarebytes Anti-Malware from the provided link.

  1. Launch MBAM by clicking the .EXE file you downloaded.

  2. Run the installation wizard.

  3. Once complete, open MBAM and click Scan.

  4. Let the scan complete, then make sure all threats are selected and click Quarantine.

  5. Once done, go to History > Logs. Select the most recent Scan Log and paste its contents into a post.

 

 

 

Download ESET Online Scanner and save it to your desktop

 

  1. Double-click on the ESET Online Scanner icon to launch ESET.

  2. Click through the prompts and select “Enable detection of potentially unwanted applications.”

  3. Click “Scan” and let the tool run.

  4. Once done, click the “Save to text file...” Save the file to your desktop and paste the contents into a post.

 

Download SecurityCheck by screen317.

 

  1. Click on the downloaded file and follow the instructions in the box on the screen.

  2. Paste the log file contents into a post.

  3. Important: If you get an error message, please restart your computer and try again.

 

 

Download Junkware Removal Tool and save it to your desktop.

  1. Double-click on the JRT.exe file on your desktop.

  2. Let JRT scan your computer and remove any infections.

  3. On your desktop, there will be a logfile called JRT.txt. Paste its contents into a post.


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda

#3 RichardPacino

RichardPacino
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 09 May 2017 - 10:29 PM

Thank you iMacg3 for your help.
 
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Richard (administrator) on 09-05-2017 at 18:06:53
Running from "C:\Users\Richard\Desktop"
Microsoft Windows 10 Home  (X64)
Model: HP Pavilion Notebook Manufacturer: HP
Boot Mode: Normal
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= FF Proxy Settings: ==============================
========================= Hosts content: =================================
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu
0.0.0.0 adadvisor.net
0.0.0.0 tag1.adaptiveads.com
0.0.0.0 www.adbanner.ro
0.0.0.0 wad.adbasket.net
There are 13171 entries.
========================= IP Configuration: ================================
Broadcom BCM43142 802.11 bgn Wi-Fi M.2 Adapter = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration
 
Windows IP Configuration
   Host Name . . . . . . . . . . . . : DESKTOP-QE970CD
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : DC-4A-3E-F0-B8-7A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 4A-E2-44-C4-83-FB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
   Physical Address. . . . . . . . . : 48-E2-44-C4-83-FB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ad2e:5553:a39c:f1d3%2(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 9, 2017 5:44:29 PM
   Lease Expires . . . . . . . . . . : Wednesday, May 10, 2017 5:44:33 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 38330948
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-8D-64-F4-DC-4A-3E-F0-B8-7A
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{05B79897-DF7D-4B16-A542-D6DB441A224D}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:4ea:2391:cda3:2e1c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::4ea:2391:cda3:2e1c%16(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 318767104
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-8D-64-F4-DC-4A-3E-F0-B8-7A
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1
Name:    google.com
Addresses:  2607:f8b0:400a:808::200e
   216.58.193.110

Pinging google.com [216.58.193.110] with 32 bytes of data:
Reply from 216.58.193.110: bytes=32 time=29ms TTL=57
Reply from 216.58.193.110: bytes=32 time=31ms TTL=57
Ping statistics for 216.58.193.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 29ms, Maximum = 31ms, Average = 30ms
Server:  UnKnown
Address:  192.168.1.1
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
   2001:4998:44:204::a7
   2001:4998:58:c02::a9
   206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=69ms TTL=53
Reply from 98.138.253.109: bytes=32 time=140ms TTL=53
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 69ms, Maximum = 140ms, Average = 104ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...dc 4a 3e f0 b8 7a ......Realtek PCIe FE Family Controller
  6...4a e2 44 c4 83 fb ......Microsoft Wi-Fi Direct Virtual Adapter
  2...48 e2 44 c4 83 fb ......Broadcom 802.11n Network Adapter
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.10     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link      192.168.1.10    311
     192.168.1.10  255.255.255.255         On-link      192.168.1.10    311
    192.168.1.255  255.255.255.255         On-link      192.168.1.10    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.1.10    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.1.10    311
===========================================================================
Persistent Routes:
  None
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16    331 ::/0                     On-link
  1    331 ::1/128                  On-link
 16    331 2001::/32                On-link
 16    331 2001:0:5ef5:79fb:4ea:2391:cda3:2e1c/128
                                    On-link
  2    311 fe80::/64                On-link
 16    331 fe80::/64                On-link
 16    331 fe80::4ea:2391:cda3:2e1c/128
                                    On-link
  2    311 fe80::ad2e:5553:a39c:f1d3/128
                                    On-link
  1    331 ff00::/8                 On-link
  2    311 ff00::/8                 On-link
 16    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (05/09/2017 05:32:59 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/09/2017 05:17:01 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (05/09/2017 08:57:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Error: (05/08/2017 02:06:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Error: (05/08/2017 02:06:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Error: (05/08/2017 02:06:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Error: (05/08/2017 02:01:25 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (05/08/2017 09:15:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Error: (05/07/2017 12:53:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: mrt.exe, version: 5.47.13703.0, time stamp: 0x58dec9f9
Faulting module name: combase.dll, version: 10.0.14393.953, time stamp: 0x58ba5954
Exception code: 0xc0000005
Fault offset: 0x00000000000b071c
Faulting process id: 0x19bc
Faulting application start time: 0xmrt.exe0
Faulting application path: mrt.exe1
Faulting module path: mrt.exe2
Report Id: mrt.exe3
Faulting package full name: mrt.exe4
Faulting package-relative application ID: mrt.exe5
Error: (05/07/2017 12:53:27 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

System errors:
=============
Error: (05/09/2017 05:46:29 PM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
%%2147500037 = Unspecified error

Error: (05/09/2017 05:45:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (05/09/2017 05:43:41 PM) (Source: Service Control Manager) (User: )
Description: The Virtual Disk service failed to start due to the following error:
%%3 = The system cannot find the path specified.

Error: (05/09/2017 05:43:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (05/09/2017 05:43:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (05/09/2017 05:43:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (05/09/2017 05:43:24 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (05/09/2017 05:42:41 PM) (Source: Service Control Manager) (User: )
Description: The Virtual Disk service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (05/09/2017 05:42:41 PM) (Source: Service Control Manager) (User: )
Description: The Block Level Backup Engine Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (05/09/2017 05:42:39 PM) (Source: Service Control Manager) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (05/09/2017 05:32:59 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
Error: (05/09/2017 05:17:01 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (05/09/2017 08:57:32 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (05/08/2017 02:06:47 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (05/08/2017 02:06:45 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (05/08/2017 02:06:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (05/08/2017 02:01:25 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (05/08/2017 09:15:36 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (05/07/2017 12:53:43 PM) (Source: Application Error)(User: )
Description: mrt.exe5.47.13703.058dec9f9combase.dll10.0.14393.95358ba5954c000000500000000000b071c19bc01d2c76b199ee136C:\Windows\system32\mrt.exeC:\Windows\System32\combase.dll173a8fac-5b00-42ee-ae9d-6526c406db68
Error: (05/07/2017 12:53:27 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

=========================== Installed Programs ============================
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.900 - Broadcom Corporation)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.3.4 - Foolish IT LLC)
Crystal Security (HKLM-x32\...\{7CBAC602-1220-46C5-B2B9-1DFABDB9813D}) (Version: 3.5.0.195 - Kardo Kristal) Hidden
Crystal Security (HKLM-x32\...\Crystal Security 3.5.0.195) (Version: 3.5.0.195 - Kardo Kristal)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Event Manager (HKLM-x32\...\{116DBCAF-9544-4592-9156-AC99F6C2D426}) (Version: 3.10.0016 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.42.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HostsMan 4.7.105 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.7.105.0 - abelhadigital.com)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.4.14.41 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.6.14.19 - HP Inc.)
Macrium Reflect Free Edition (HKLM\...\{595B8A7B-253D-4A4E-95C2-A823EDDD5496}) (Version: 6.3.1745 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Malwarebytes Anti-Exploit version 1.9.1.1394 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1394 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4919.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 53.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 53.0.2 (x64 en-US)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.2 - Mozilla)
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4919.1002 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
RogueKiller version 12.10.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.7.0 - Adlice Software)
Sandboxie 5.18 (64-bit) (HKLM\...\Sandboxie) (Version: 5.18 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
VoodooShield version 3.59 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 3.59 - VoodooSoft, LLC)
========================= Devices: ================================
Name:
Description:
Class Guid:
Manufacturer:
Service:
Device ID: ACPI\ASD0001\2&DABA3FF&0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

========================= Memory info: ===================================
Percentage of memory in use: 17%
Total physical RAM: 15820.25 MB
Available physical RAM: 13041.43 MB
Total Virtual: 18252.25 MB
Available Virtual: 15319.46 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:930.96 GB) (Free:883.12 GB) NTFS
3 Drive z: () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
========================= Users: ========================================
User accounts for \\DESKTOP-QE970CD
Administrator            BANK                     DefaultAccount          
defaultuser0             Guest                    Richard                 
VISITOR                 
========================= Restore Points ==================================
29-04-2017 16:43:57 Revo Uninstaller Pro's restore point - Mozilla Firefox 53.0 (x86 en-US)
29-04-2017 16:59:20 Installed Classic Shell
29-04-2017 17:28:31 AVAST,MBAE,SANDBOXIE
29-04-2017 18:20:19 SECUNIA ,HOSTMAN
29-04-2017 19:17:59 Windows Modules Installer
30-04-2017 02:02:03 Revo Uninstaller Pro's restore point - HP 3D DriveGuard
30-04-2017 02:02:43 Removed HP 3D DriveGuard.
30-04-2017 02:10:58 AFTER SECURITY SOFTWARE
30-04-2017 02:55:13 Windows Modules Installer
30-04-2017 03:05:00 Installed HP CoolSense
01-05-2017 02:09:15 Before Office
02-05-2017 23:59:16 BEFORE VOODOOSHIELD UPDATE
07-05-2017 18:08:43 Windows Update
10-05-2017 00:32:51 BEFORE ADW CLEANER
**** End of log ****

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/9/2017
Scan Time: 6:11 PM
Logfile: MBAM.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2017.05.09.08
Rootkit Database: v2017.04.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: Richard
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366893
Time Elapsed: 18 min, 3 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)

 

 

ESET did not give me an option to save to text file as there was NO THREAT FOUND.

 

 Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Avast Antivirus   
Windows Defender  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 SpywareBlaster 5.5   
 Secunia PSI (3.0.0.11005)  
 HostsMan 4.7.105   
 Panda Cloud Cleaner  
 Google Chrome (58.0.3029.96)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Exploit mbae-svc.exe  
 Malwarebytes Anti-Exploit mbae64.exe  
 Malwarebytes Anti-Exploit mbae.exe  
 Windows Defender MSASCuiL.exe  
 Windows Defender MpCmdRun.exe  
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast x64 aswidsagenta.exe
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Richard (Administrator) on Tue 05/09/2017 at 18:41:23.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 0
 

Registry: 0
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/09/2017 at 18:46:05.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:11:43 AM

Posted 10 May 2017 - 08:26 AM

Were you able to clean all registry threats found by AdwCleaner?

 

 

Download Sophos Virus Removal Tool and save it to your desktop.

 

  1. Double-click on the EXE file you downloaded to launch the Installation Wizard.

  2. Follow the Install Wizard prompts to install Sophos.

  3. Once all the virus definitions are done updating, click Start Scanning.

  4. If no threats are found, just close the program. If threats are found, click Details, the View Log File.

  5. Copy and paste the logfile into your reply. Close the threat details screen and then select Start Cleanup.

  6. Click Exit to quit the program.

 

 

Download Malwarebytes Anti-Rootkit and save it to your desktop.

  1. Double-click on the .EXE file that you downloaded and follow the extracting prompt.

  2. Find the MBAR folder and launch the executable in the folder.

  3. Select the option to Update the virus definitions.

  4. Once done updating, MBAR will scan your computer.

  5. When complete, please click Cleanup to remove the threats. Do NOT click inside the window when MBAR is doing the cleanup process.

  6. When finished, restart the PC.

  7. Post these logs in a forum post, which are inside the MBAR folder: mbar-log(date) and system-log.txt.


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda

#5 RichardPacino

RichardPacino
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 11 May 2017 - 12:00 AM

Hi iMacg3,

 

AdwCleaner cleaned all the registry threats.

 

Sophos Virus removal tool did not find any threats.

 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
  main:    v2017.05.10.07
  rootkit: v2017.04.02.01
Windows 10 x64 NTFS
Internet Explorer 11.1066.14393.0
Richard :: DESKTOP-QE970CD [administrator]
5/10/2017 5:49:14 PM
mbar-log-2017-05-10 (17-49-14).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 368644
Time elapsed: 24 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)


#6 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:11:43 AM

Posted 11 May 2017 - 09:04 AM

Have there been any odd behaviors with your computer recently?

 

Download Hitman Pro and save it to your desktop.(32 bit)(64 bit)

  1. Double-click on the Hitman Pro EXE file on your desktop.

  2. Once it's open, click Settings, then uncheck Scan for Tracking Cookies. 

  3. Click OK, then click Next.

  4. Select No, I only want to perform a one time scan the click Next.

  5. HitmanPro will start scanning your system. Once done scanning, HitmanPro will display a screen with any threats found. Important: Click on the drop-down tab next to the infection name and then click Apply to All > Ignore. If not, you could cause damage to your operating system! Make sure you choose to Ignore the files and then click next. You will be at the results window. Click "Save Log" and save it to your desktop. Paste its contents into a post.

 

Download Temp File Cleaner and save it to your desktop.

 

  1. Double-click on TFC.exe to launch the program.

  2. Click on Scan to start the cleaning process.

  3. TFC may ask you to restart the computer.


Edited by iMacg3, 11 May 2017 - 09:10 AM.

Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda

#7 RichardPacino

RichardPacino
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 11 May 2017 - 01:33 PM

The only strange thing was I could not delete Sophos Removal Tool icon from the desktop in user profile. However I deleted it in Admin account. Other than that all seems ok.

 

HitmanPro 3.7.18.284
www.hitmanpro.com
   Computer name . . . . : DESKTOP-QE970CD
   Windows . . . . . . . : 10.0.0.14393.X64/4
   User name . . . . . . : DESKTOP-QE970CD\Richard
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2017-05-11 11:18:24
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1
   Objects scanned . . . : 1,597,787
   Files scanned . . . . : 28,482
   Remnants scanned  . . : 317,827 files / 1,251,478 keys
Repairs _____________________________________________________________________
   hosts
   C:\Windows\system32\drivers\etc\
 
 
 
I ran TFC. 99 MB cleaned.


#8 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:11:43 AM

Posted 11 May 2017 - 02:26 PM

Your computer seems to be clean!

 

Download Xplode Delfix and save it to your desktop.

 

  1. Run the Delfix file you downloaded.

  2. Make sure that Remove disinfecton tools is selected and that nothing else is checked. This will remove all the tools we used to clean up the malware.

  3. Click OK and paste the log file for Delfix into a post. Delete Delfix from your computer.

  4. Once finished running Delfix, your computer is clean.


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda

#9 RichardPacino

RichardPacino
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 11 May 2017 - 10:50 PM

Thank you again iMacg3.

 

What about those two remaining registry entries? Leave them or should I delete them?

 

Panda Cloud Cleaner found:

 

Key: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED
Value: HIDEFILEEXT

.........................................................................................................................................................................................

Norton Power Eraser found:

 

REGISTRY\MACHINE\SOFTWARE\Classes\.pif\""



#10 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:11:43 AM

Posted 12 May 2017 - 07:56 AM

Delete them and then run Xplode Delfix.


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users