Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MalwareBytes continuously blocking outgoing malicious websites


  • Please log in to reply
11 replies to this topic

#1 bwoodwth

bwoodwth

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 15 May 2017 - 01:24 PM

I have downloaded and tried everything I could find that removes spyware, malware etc. for the past 3 days. It appears to be only on Chrome. This includes running  Hitman, adwcleaner, JRT, CC Cleaner, Rkill, Spybot, on and on.  I have reset my Chrome settings and even deleted and reinstalled Chrome. Malwarebytes as well as the others keep saying the computer is clean, yet MWB keeps blocking these sites, usually every 5 to 10 minutes. Very annoying!


Edited by hamluis, 15 May 2017 - 02:12 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:52 PM

Posted 15 May 2017 - 02:21 PM

Download Farbar MiniToolBox and save the file to your desktop.

  1. Open MiniToolBox by right-clicking it and selecting Run as Administrator.

  2. Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

  1. Paste the log file contents into a post.

 

 

 

Download SecurityCheck by screen317.

 

  1. Click on the downloaded file and follow the instructions in the box on the screen.

  2. Paste the log file contents into a post.

  3. Important: If you get an error message, please restart your computer and try again.

 

Download ESET Online Scanner and save it to your desktop

 

  1. Double-click on the ESET Online Scanner icon to launch ESET.

  2. Click through the prompts and select “Enable detection of potentially unwanted applications.”

  3. Click “Scan” and let the tool run.

  4. Once done, click the “Save to text file...” Save the file to your desktop and paste the contents into a post.

 

Download Rkill from one of the below three links. (Use the one that runs on your PC without being blocked).

Link 1

Link 2

Link 3

 

  1. Double-click on the file you downloaded (either rkill.exe, iExplore.exe, or rkill.com) to launch Rkill.

  2. If a black box appears, the program is running correctly. If nothing happens, then try another link.

  3. Let the scan complete, then paste the contents of the text file that pops up at the end into a post.

  4. Important: Do not restart your computer once the scan is done!

 

Download Google Chrome Cleanup Tool and save it to your desktop.

  1. Open the program and start a scan.

  2. Paste the logfile contents into a post.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#3 bwoodwth

bwoodwth
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 15 May 2017 - 09:22 PM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by David (administrator) on 15-05-2017 at 16:26:31
Running from "C:\Users\David\Desktop"
Microsoft Windows 10 Home  (X64)
Model: Inspiron 15-7569 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 3165 = Wi-Fi (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-S6KB38J
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : AC-2B-6E-5B-E5-47
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3165
   Physical Address. . . . . . . . . : AC-2B-6E-5B-E5-46
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e959:3b50:65d:4169%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.6(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, May 15, 2017 4:16:58 PM
   Lease Expires . . . . . . . . . . : Monday, May 15, 2017 5:16:59 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 145501038
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-82-36-E1-AC-2B-6E-5B-E5-46
   DNS Servers . . . . . . . . . . . : 209.18.47.62
                                       209.18.47.61
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 3:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2cfe:156d:9d85:dccf(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2cfe:156d:9d85:dccf%15(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 251658240
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-82-36-E1-AC-2B-6E-5B-E5-46
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Reusable ISATAP Interface {95F89B50-6178-4382-9846-3FA8110CD0B3}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cac-lb-02.rr.com
Address:  209.18.47.62
 
Name:    google.com
Addresses:  2607:f8b0:4002:c06::71
 74.125.21.138
 74.125.21.102
 74.125.21.101
 74.125.21.100
 74.125.21.139
 74.125.21.113
 
 
Pinging google.com [74.125.21.113] with 32 bytes of data:
Reply from 74.125.21.113: bytes=32 time=44ms TTL=46
Reply from 74.125.21.113: bytes=32 time=25ms TTL=46
 
Ping statistics for 74.125.21.113:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 25ms, Maximum = 44ms, Average = 34ms
Server:  dns-cac-lb-02.rr.com
Address:  209.18.47.62
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=99ms TTL=47
Reply from 98.138.253.109: bytes=32 time=71ms TTL=47
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 71ms, Maximum = 99ms, Average = 85ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...ac 2b 6e 5b e5 47 ......Microsoft Wi-Fi Direct Virtual Adapter
 14...ac 2b 6e 5b e5 46 ......Intel® Dual Band Wireless-AC 3165
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.6     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link       192.168.0.6    311
      192.168.0.6  255.255.255.255         On-link       192.168.0.6    311
    192.168.0.255  255.255.255.255         On-link       192.168.0.6    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       192.168.0.6    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       192.168.0.6    311
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15    331 ::/0                     On-link
  1    331 ::1/128                  On-link
 15    331 2001::/32                On-link
 15    331 2001:0:9d38:953c:2cfe:156d:9d85:dccf/128
                                    On-link
 14    311 fe80::/64                On-link
 15    331 fe80::/64                On-link
 15    331 fe80::2cfe:156d:9d85:dccf/128
                                    On-link
 14    311 fe80::e959:3b50:65d:4169/128
                                    On-link
  1    331 ff00::/8                 On-link
 14    311 ff00::/8                 On-link
 15    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/15/2017 04:24:07 PM) (Source: DellSupportAssistRemedationService.exe) (User: )
Description: [10] FATAL- createOSProfileSymbollink() failed, give up create profile collection process #StackInfo#
 
Error: (05/15/2017 04:24:07 PM) (Source: DellSupportAssistRemedationService.exe) (User: )
Description: [10] FATAL- Failed to create symbol link for profile! folderLocal:C:\ProgramData\Dell\SARemediation\Profile\, targetDellSupport:data\ #StackInfo#
 
Error: (05/15/2017 04:24:07 PM) (Source: DellSupportAssistRemedationService.exe) (User: )
Description: [10] ERROR- PartitionHelper.mount_dellsupport() for OS profile Failed! symbollinkPath:C:\ProgramData\Dell\SARemediation\Profile\, targetDellSupport:data\, Exception:utilities.FailedToMountException: mk_dellsupport_lnk can't find DSP! errno=0
   at utilities.SymlnkBroker.mk_dellsupport_lnk(String mountpoint, String targetFileRelativePath, Boolean isDirectory, List`1 targetKeyFiles)
   at utilities.Utils.CreateDSPFolderSymbollink(String symbollinkPath, String DSOFolder) #StackInfo#
 
Error: (05/15/2017 04:24:07 PM) (Source: DellSupportAssistRemedationService.exe) (User: )
Description: [10] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#
 
Error: (05/15/2017 04:23:20 PM) (Source: DellSupportAssistRemedationService.exe) (User: )
Description: [9] ERROR- Failed to change SOS status: False #StackInfo#
 
Error: (05/15/2017 04:23:20 PM) (Source: DellSupportAssistRemedationService.exe) (User: )
Description: [9] ERROR- PartitionHelper.mount_dellsupport() for OS profile Failed! symbollinkPath:C:\ProgramData\Dell\SARemediation\SOSControl, targetDellSupport:logs, Exception:utilities.FailedToMountException: mk_dellsupport_lnk can't find DSP! errno=0
   at utilities.SymlnkBroker.mk_dellsupport_lnk(String mountpoint, String targetFileRelativePath, Boolean isDirectory, List`1 targetKeyFiles)
   at utilities.Utils.CreateDSPFolderSymbollink(String symbollinkPath, String DSOFolder) #StackInfo#
 
Error: (05/15/2017 04:23:20 PM) (Source: DellSupportAssistRemedationService.exe) (User: )
Description: [9] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#
 
Error: (05/15/2017 04:21:14 PM) (Source: DellSupportAssistRemedationService.exe) (User: )
Description: [9] ERROR- Failed to change SOS status: False #StackInfo#
 
Error: (05/15/2017 04:21:14 PM) (Source: DellSupportAssistRemedationService.exe) (User: )
Description: [9] ERROR- PartitionHelper.mount_dellsupport() for OS profile Failed! symbollinkPath:C:\ProgramData\Dell\SARemediation\SOSControl, targetDellSupport:logs, Exception:utilities.FailedToMountException: mk_dellsupport_lnk can't find DSP! errno=0
   at utilities.SymlnkBroker.mk_dellsupport_lnk(String mountpoint, String targetFileRelativePath, Boolean isDirectory, List`1 targetKeyFiles)
   at utilities.Utils.CreateDSPFolderSymbollink(String symbollinkPath, String DSOFolder) #StackInfo#
 
Error: (05/15/2017 04:21:14 PM) (Source: DellSupportAssistRemedationService.exe) (User: )
Description: [9] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#
 
 
System errors:
=============
Error: (05/15/2017 04:16:54 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/15/2017 04:16:51 PM) (Source: Service Control Manager) (User: )
Description: The SDWSCService service failed to start due to the following error: 
%%2148204801 = A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
Error: (05/15/2017 04:16:51 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/15/2017 04:16:51 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/15/2017 03:29:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/15/2017 02:11:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/15/2017 02:10:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/15/2017 12:02:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/15/2017 09:28:39 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/15/2017 08:59:23 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (05/15/2017 04:24:07 PM) (Source: DellSupportAssistRemedationService.exe)(User: )
Description: [10] FATAL- createOSProfileSymbollink() failed, give up create profile collection process #StackInfo#
 
Error: (05/15/2017 04:24:07 PM) (Source: DellSupportAssistRemedationService.exe)(User: )
Description: [10] FATAL- Failed to create symbol link for profile! folderLocal:C:\ProgramData\Dell\SARemediation\Profile\, targetDellSupport:data\ #StackInfo#
 
Error: (05/15/2017 04:24:07 PM) (Source: DellSupportAssistRemedationService.exe)(User: )
Description: [10] ERROR- PartitionHelper.mount_dellsupport() for OS profile Failed! symbollinkPath:C:\ProgramData\Dell\SARemediation\Profile\, targetDellSupport:data\, Exception:utilities.FailedToMountException: mk_dellsupport_lnk can't find DSP! errno=0
   at utilities.SymlnkBroker.mk_dellsupport_lnk(String mountpoint, String targetFileRelativePath, Boolean isDirectory, List`1 targetKeyFiles)
   at utilities.Utils.CreateDSPFolderSymbollink(String symbollinkPath, String DSOFolder) #StackInfo#
 
Error: (05/15/2017 04:24:07 PM) (Source: DellSupportAssistRemedationService.exe)(User: )
Description: [10] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#
 
Error: (05/15/2017 04:23:20 PM) (Source: DellSupportAssistRemedationService.exe)(User: )
Description: [9] ERROR- Failed to change SOS status: False #StackInfo#
 
Error: (05/15/2017 04:23:20 PM) (Source: DellSupportAssistRemedationService.exe)(User: )
Description: [9] ERROR- PartitionHelper.mount_dellsupport() for OS profile Failed! symbollinkPath:C:\ProgramData\Dell\SARemediation\SOSControl, targetDellSupport:logs, Exception:utilities.FailedToMountException: mk_dellsupport_lnk can't find DSP! errno=0
   at utilities.SymlnkBroker.mk_dellsupport_lnk(String mountpoint, String targetFileRelativePath, Boolean isDirectory, List`1 targetKeyFiles)
   at utilities.Utils.CreateDSPFolderSymbollink(String symbollinkPath, String DSOFolder) #StackInfo#
 
Error: (05/15/2017 04:23:20 PM) (Source: DellSupportAssistRemedationService.exe)(User: )
Description: [9] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#
 
Error: (05/15/2017 04:21:14 PM) (Source: DellSupportAssistRemedationService.exe)(User: )
Description: [9] ERROR- Failed to change SOS status: False #StackInfo#
 
Error: (05/15/2017 04:21:14 PM) (Source: DellSupportAssistRemedationService.exe)(User: )
Description: [9] ERROR- PartitionHelper.mount_dellsupport() for OS profile Failed! symbollinkPath:C:\ProgramData\Dell\SARemediation\SOSControl, targetDellSupport:logs, Exception:utilities.FailedToMountException: mk_dellsupport_lnk can't find DSP! errno=0
   at utilities.SymlnkBroker.mk_dellsupport_lnk(String mountpoint, String targetFileRelativePath, Boolean isDirectory, List`1 targetKeyFiles)
   at utilities.Utils.CreateDSPFolderSymbollink(String symbollinkPath, String DSOFolder) #StackInfo#
 
Error: (05/15/2017 04:21:14 PM) (Source: DellSupportAssistRemedationService.exe)(User: )
Description: [9] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#
 
 
CodeIntegrity Errors:
===================================
  Date: 2017-05-15 16:19:31.307
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-15 16:19:31.303
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-15 16:16:52.130
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-15 16:16:52.127
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-15 16:16:51.677
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-15 09:03:38.877
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-15 09:03:38.872
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-15 08:59:06.945
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-15 08:59:06.937
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-15 08:59:05.836
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell SupportAssist Remediation (HKLM\...\{FB6DA0AC-167A-4BBC-93B8-5D3E5E5A1070}) (Version: 2.0.2.1840 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{8377b324-9a83-44c5-adde-87358607ddec}) (Version: 2.0.2.1840 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{5F641343-FA40-4084-855A-7FA3251783DC}) (Version: 2.0.2.1840 - Dell Inc.)
Dell Update (HKLM-x32\...\{2BE9948C-FD9C-40B0-AC04-EE2AAB4C19D4}) (Version: 1.8.1114.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 1.2.6745.47 - PC-Doctor, Inc.) Hidden
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 5.06 - NCH Software)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{AD2313B9-714F-496E-AD7F-20532E833EB2}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{C60E2D8F-0FC0-497D-A149-90F3B361937C}) (Version: 12.3.6.9 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.311 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1178 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4590 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® WiDi (HKLM\...\{E8A2DA8A-CA1A-4F5A-B113-6C34FCC4B6D4}) (Version: 6.0.62.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{AC8973AF-7F4C-40F4-BFE1-C02FE95ED2C2}) (Version: 3.2.1184 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{755abcd0-2942-482b-a27d-22921a5849f0}) (Version: 3.0.14.3056 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{cf83f42d-16f2-4158-9670-e446c18f758d}) (Version: 19.1.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}) (Version: 1.0.0.534 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{D6CE0772-080E-45D4-8CB0-AB2AB9710DFE}) (Version: 1.1.28151.80 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{7E28859E-AD3D-4FC2-8D70-E345F8C87722}) (Version: 3.0.14.3056 - Intel Corporation) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7369.2127 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7369.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7369.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7369.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7369.2127 - Microsoft Corporation) Hidden
Product Registration (HKLM\...\{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.) Hidden
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.35 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7751 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10240.11160 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1222 - SUPERAntiSpyware.com)
Viscom Store DICOM Viewer (HKLM-x32\...\Viscom Store DICOM Viewer_is1) (Version:  - Viscom Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 25%
Total physical RAM: 12147.63 MB
Available physical RAM: 9052.95 MB
Total Virtual: 12915.63 MB
Available Virtual: 9775.63 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:466.06 GB) (Free:358.11 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DESKTOP-S6KB38J
 
Administrator            David                    DefaultAccount           
Guest                    
 
========================= Restore Points ==================================
 
26-04-2017 18:20:39 Scheduled Checkpoint
02-05-2017 15:19:16 Windows Update
10-05-2017 18:58:21 Windows Update
10-05-2017 18:59:06 Windows Update
11-05-2017 17:17:55 JRT Pre-Junkware Removal
11-05-2017 17:22:57 JRT Pre-Junkware Removal
13-05-2017 01:43:37 JRT Pre-Junkware Removal
13-05-2017 13:28:23 JRT Pre-Junkware Removal
15-05-2017 00:23:10 Checkpoint by HitmanPro
15-05-2017 00:36:16 JRT Pre-Junkware Removal
 
**** End of log ****
 

 
 
 
 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Zemana AntiMalware    
 Google Chrome (58.0.3029.110) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Spybot Teatimer.exe is disabled! 
 Zemana AntiMalware ZAM.exe   
 Malwarebytes Anti-Malware mbamtray.exe  
 Zemana AntiMalware ZAM.exe   
 Windows Defender MSASCuiL.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
NOTE: THE ESET SCANNER did not find anything thus it didn't create a file
 

 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/15/2017 10:05:11 PM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 
 * agp440 [Missing ImagePath]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
NOTE: The Chrome Cleaner just reset the Chrome settings. I did not see where it produced a txt file?
Thanks
 
 


#4 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:52 PM

Posted 16 May 2017 - 08:30 AM

Download Junkware Removal Tool and save it to your desktop.

  1. Double-click on the JRT.exe file on your desktop.

  2. Let JRT scan your computer and remove any infections.

  3. On your desktop, there will be a logfile called JRT.txt. Paste its contents into a post.

 

 

Download AdwCleaner and save it to your desktop.

  1. Click on the file you downloaded.

  2. Click Scan to start AdwCleaner's scanning process.

  3. Once done, make sure to delete all found threats.

  4. Open the “Logfile” and paste its contents into a post.

 

 

 

 

 

 

 

 

 

Download Hitman Pro and save it to your desktop.(32 bit)(64 bit)

  1. Double-click on the Hitman Pro EXE file on your desktop.

  2. Once it's open, click Settings, then uncheck Scan for Tracking Cookies. 

  3. Click OK, then click Next.

  4. Select No, I only want to perform a one time scan the click Next.

  5. HitmanPro will start scanning your system. Once done scanning, HitmanPro will display a screen with any threats found. Important: Click on the drop-down tab next to the infection name and then click Apply to All > Ignore. If not, you could cause damage to your operating system! Make sure you choose to Ignore the files and then click next. You will be at the results window. Click "Save Log" and save it to your desktop. Paste its contents into a post.

 

 

Download Malwarebytes Anti-Rootkit and save it to your desktop.

  1. Double-click on the file and click OK to the self-extracting popup prompt.

  2. Click Next, then click Update to upgrade MBAR to the newest version of malware definitions.

  3. Once the update has been completed click Next, then Scan.

  4. If rootkits were detected, click all the check boxes for each item and select Cleanup. Restart the PC

  5. Open the MBAR folder on your desktop and paste both these logs into a post:

    mbar-log-{date} (xx-xx-xx).txt system-log.txt
     

     

 

 

 

Download Temp File Cleaner and save it to your desktop.

 

  1. Double-click on TFC.exe to launch the program.

  2. Click on Scan to start the cleaning process.

  3. TFC may ask you to restart the computer.

 

Download Kaspersky TDSSKiller and save it to your desktop.

  1. Open TDSSKiller and click Change Parameters.

  2. Select Detect TDLFS File System and then click OK.

  3. Click Start Scan to begin scanning your PC.

  4. If anything is found, make sure any Unsigned Files or Suspicious Objects are set to Skip. Click COntinue, then wait for TDSSKiller to remove the malwares from your computer.

  5. Click Report once done and paste the logfile into a post. Restart the PC if needed.


Edited by iMacg3, 16 May 2017 - 08:36 AM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#5 bwoodwth

bwoodwth
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 16 May 2017 - 01:16 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by David (Administrator) on Tue 05/16/2017 at 12:08:58.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
File System: 0 
 
Registry: 0 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/16/2017 at 12:15:07.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v6.046 - Logfile created 16/05/2017 at 12:58:45
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-15.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : David - DESKTOP-S6KB38J
# Running from : C:\Users\David\Desktop\adwcleaner_6.046.exe
# Mode: Scan
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop
 
 
***** [ Files ] *****
 
File Found:  C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iicapmagmhahddefgokbabbgieiogjop_0.localstorage
File Found:  C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iicapmagmhahddefgokbabbgieiogjop_0.localstorage-journal
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
 
 
HitmanPro 3.7.20.286
www.hitmanpro.com
 
   Computer name . . . . : DESKTOP-S6KB38J
   Windows . . . . . . . : 10.0.0.14393.X64/4
   User name . . . . . . : DESKTOP-S6KB38J\David
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)
 
   Scan date . . . . . . : 2017-05-16 13:05:31
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 35s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 1
 
   Objects scanned . . . : 1,937,959
   Files scanned . . . . : 53,335
   Remnants scanned  . . : 377,869 files / 1,506,755 keys
 
Malware _____________________________________________________________________
 
   C:\Users\David\Desktop\PCHunter64.exe
      Size . . . . . . . : 9,534,160 bytes
      Age  . . . . . . . : 1.0 days (2017-05-15 13:53:17)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : C4ADA17AE2D030C65AA7C52AA2A68AA6FA07C7052B8BD275FCC188FB189DE5A8
      Product  . . . . . : PC Hunter
      Publisher  . . . . : 一普明为(北京)信息技术有限公司
      Description  . . . : Epoolsoft Windows Information View Tools
      Version  . . . . . : 1.0.0.5
      Copyright  . . . . : (C) 2013-2017 Epoolsoft Corporation. All Rights Reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:RiskTool.Win32.PCH.gen
      Fuzzy  . . . . . . : 96.0
 
 
 NOTE - I didn't  add PC Hunter until after I had this issue, trying to get rid of the issue. DE
 
 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.05.16.09
  rootkit: v2017.04.02.01
 
Windows 10 x64 NTFS
Internet Explorer 11.1198.14393.0
David :: DESKTOP-S6KB38J [administrator]
 
5/16/2017 1:20:25 PM
mbar-log-2017-05-16 (13-20-25).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 270462
Time elapsed: 13 minute(s), 15 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.1198.14393.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.592000 GHz
Memory total: 12737716224, free: 9235935232
 
Downloaded database version: v2017.05.16.09
Downloaded database version: v2017.04.02.01
Downloaded database version: v2017.05.15.01
Initializing...
======================
------------ Kernel report ------------
     05/16/2017 13:20:08
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\WINDOWS\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\igdkmd64.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\ISH.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\Netwtw04.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\msgpiowin32.sys
\SystemRoot\System32\drivers\VirtualButtons.sys
\SystemRoot\System32\drivers\dptf_acpi.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\IntcAudioBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\HidEventFilter.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\buttonconverter.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\hidi2c.sys
\SystemRoot\System32\drivers\IntcOED.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\System32\drivers\ISH_BusDriver.sys
\SystemRoot\System32\drivers\HID_PCI.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\rtsuvc.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\??\C:\WINDOWS\system32\drivers\farflt.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E1017A4-6F6A-4078-883C-72FE0F117777}\MpKsl28c3a473.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.05.16.09
  rootkit: v2017.04.02.01
 
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 5A0DE35
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 91302552
    GPT Header CurrentLba = 1 BackupLba 1000215215
    GPT Header FirstUsableLba 34  LastUsableLba 1000215182
    GPT Header Guid c3e17a61-aec6-4d6f-9d25-98d3c7367049
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 91302552
    Backup GPT header CurrentLba = 1000215215 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1000215182
    Backup GPT header Guid c3e17a61-aec6-4d6f-9d25-98d3c7367049
    Backup GPT header Contains 128 partition entries starting at LBA 1000215183
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 64d354a5-4e6c-4101-8037-8ab9751c79ef
    FirstLBA 2048  Last LBA 1026047
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 0 is bootable
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 7d0045af-1265-496d-afb-8dbdbae46e6c
    FirstLBA 1026048  Last LBA 1288191
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 830c9bc3-d62d-4c7f-a72-c8e689e99ca5
    FirstLBA 1288192  Last LBA 978679807
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID a64f256c-92a9-4744-8264-8fd1fb67c63b
    FirstLBA 978679808  Last LBA 979601407
    Attributes 1
    Partition Name                                     
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3f38a95f-fdf1-4938-a1f3-118889935b58
    FirstLBA 979601408  Last LBA 1000214527
    Attributes 1
    Partition Name                                     
 
Disk Size: 512110190592 bytes
Sector size: 512 bytes
 
Done!
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A5B6B955326A353E091772B718BE69330D21198.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A5B6B955326A353E091772B718BE69330D21198.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A5B6B955326A353E091772B718BE69330D21198.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A5B6B955326A353E091772B718BE69330D21198.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A5B6B955326A353E091772B718BE69330D21198.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A5B6B955326A353E091772B718BE69330D21198.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A5B6B955326A353E091772B718BE69330D21198.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A5B6B955326A353E091772B718BE69330D21198.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A5B6B955326A353E091772B718BE69330D21198.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A5B6B955326A353E091772B718BE69330D21198.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A5B6B955326A353E091772B718BE69330D21198.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A5B6B955326A353E091772B718BE69330D21198.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A5B6B955326A353E091772B718BE69330D21198.bin.83" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
 
TDSSKiller  said "No Threats Found" thus no report was made.
 
 
Thanks


#6 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:52 PM

Posted 16 May 2017 - 02:57 PM

Please take a screenshot of the blocked traffic and paste it into Pasteboard. Post the link to the image into a post.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#7 bwoodwth

bwoodwth
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 16 May 2017 - 09:55 PM

I am still trying to get a screenshot, had to leave for a while. Looks like it blocked 30 sites today, actually many are the same ones over and over. 

Looks like it has had about 30 outgoing websites blocked today, while I was online. They only pop up a few seconds so I thought I would send these until I am able to “catch” it and do a screen shot.

This is a site that popped up that it didn’t block,  http://xgames-04.com/?rzi=1209980&rsz=1209980

Also here are some of the sites that were bocked:

 

 

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Protection Event Date: 5/16/17

Protection Event Time: 4:17 PM

Log File: 1.txt

Administrator: Yes

-Software Information-

Version: 3.1.2.1733

Components Version: 1.0.122

Update Package Version: 1.0.1954

License: Premium

-System Information-

OS: Windows 10

CPU: x64

File System: NTFS

User: System

-Blocked Website Details-

Malicious Website: 1

, , Blocked, [-1], [-1],0.0.0

-Website Data-

Domain: ext.searchencrypt.com

IP Address: 54.235.119.45

Port: [55978]

Type: Outbound

File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

Malwarebytes

www.malwarebytes.com

-Log Details-

Protection Event Date: 5/16/17

Protection Event Time: 1:14 PM

Log File:

Administrator: Yes

-Software Information-

Version: 3.1.2.1733

Components Version: 1.0.122

Update Package Version: 1.0.1953

License: Premium

-System Information-

OS: Windows 10

CPU: x64

File System: NTFS

User: System

-Blocked Website Details-

Malicious Website: 1

, , Blocked, [-1], [-1],0.0.0

-Website Data-

Domain: indextrck.com

IP Address: 5.189.171.71

Port: [50979]

Type: Outbound

File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

 

Malwarebytes

www.malwarebytes.com

-Log Details-

Protection Event Date: 5/16/17

Protection Event Time: 9:53 AM

Log File:

Administrator: Yes

-Software Information-

Version: 3.1.2.1733

Components Version: 1.0.122

Update Package Version: 1.0.1952

License: Premium

-System Information-

OS: Windows 10

CPU: x64

File System: NTFS

User: System

-Blocked Website Details-

Malicious Website: 1

, , Blocked, [-1], [-1],0.0.0

-Website Data-

Domain: www.digitalprivacyalert.org

IP Address: 104.18.42.169

Port: [61112]

Type: Outbound

File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

(end)



#8 bwoodwth

bwoodwth
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 17 May 2017 - 08:20 AM

I posted several other sites above, that were blocked.  

Here is the link to the latest blocked site.

https://pasteboard.co/7n4yNQHXo.png

Thanks



#9 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:52 PM

Posted 17 May 2017 - 09:20 AM

Disable all add-ons for Chrome and see if you get another malicious website blocked.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#10 bwoodwth

bwoodwth
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 17 May 2017 - 10:27 AM

All the Extensions are disabled except 1 and I disabled it a couple of days ago but it didn't make a difference, so I turned it back on. I will turn it off again to make sure.

Thanks



#11 bwoodwth

bwoodwth
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 17 May 2017 - 11:35 PM

That seems to have stopped it while I was on here this afternoon! Odd that when I removed all the Chrome extensions a few days ago, it didn't help. Now it seems to have helped when I deleted one that I had added back in. Perhaps some other things were fixed when we ran all the software? 



#12 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:52 PM

Posted 18 May 2017 - 09:41 AM

Running the tools may have helped. Remove all the extensions from Chrome.

If any more blocked websites come up, please let me know by posting in this forum topic.

 

Your computer is clean. :) 

Re-download AdwCleaner and Malwarebytes and scan your PC often with them. Use Temporary File Cleaner once every month to clear out any temporary files on your computer.

 

Good luck and happy computing!


Regards, iMacg3

"Do, or do not. There is no try." - Yoda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users