Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Folders/Images/Etc. shown as applications


  • Please log in to reply
18 replies to this topic

#1 DauDruH

DauDruH

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 22 December 2017 - 06:56 AM

Hello everyone,
 
Recently my mother complained, that folders of her BookReader were unaccessible, when I looked at it, I noticed, that the folders are shown as "Application" type all of them with .exe file extention.
 
Interesting to note is that, on her laptop there are no such symptoms visible, but once you plug in an external drive( whether it be a USB flash drive, or an external HDD ) the content becomes infected.
 
I do suspect, that the laptop is the main perpetrator, but I would really appreciate your assitance on this.
 
 
Regards,
 
Dimitry

Edited by Platypus, 22 December 2017 - 07:12 AM.
Moved from Windows 7 forum as possibly symptoms of exe virus/worm


BC AdBot (Login to Remove)

 


#2 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:20 PM

Posted 22 December 2017 - 07:53 AM

G'day and Welcome.

 

 

First, may I ask which Operating System you're using on the Infected computer?

 

 

Thanks.


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#3 DauDruH

DauDruH
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 22 December 2017 - 08:02 AM

Hello,

 

Thank you for the fast response!

 

The operating system is Windows 7 64bit OST

 

BR,

 

Dimitry



#4 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:20 PM

Posted 22 December 2017 - 08:23 AM

Thanks Dimitry,

 

I need to advise you that I am a Standard Member, like you. I am NOT a Trained Malware Removal Expert. If anything I suggest concerns you, please contact me or a Moderator before actioning it. I have been working on and with computers since the 1970s.

 

 

If you're happy to continue:

 

 

We'll take a quick look at your P.C.

 

 

 

Do Not Enclose Reports In Quotes or Delete or Insert Any Characters - No Redaction!

Please Post All Reports in Plain Text. Ensure You Include All Report Headers.

Please Press the Return Key 3 Times Between Reports.

Don't Attach them either.....Pleeeez!

 

 

Please make sure you have Backed Up your Files and Save any Work you have Open before proceeding!

You can find Free Back Up Software available on the Web.

(It's unlikely that anything I ask you to do will wipe your data, but better to be safe than sorry.)

 

 

Some Tools May Close Down Any Open Windows or Programs, Please Be Aware of This!

 

 

 

Remember that there is no such thing as a "Stupid Question." If you encounter ANY problems or difficulties along the way, STOP and Message Me!!

 

 

 

**Read All Notes Under Individual Instructions BEFORE Running the Tools.**

 

You might find it useful to print these instructions for reference.

 

 

 

 

 

Let's start relatively simply.....

 

 

 

Please download and install Panda USB Vaccine: HERE

Follow the instructions and insert and vaccinate the

affected USB Drives.

 

 

(1)

Download a copy of a program called RKill (Courtesy of Grinler at Bleeping Computer) which is available at the links below:

(This program attempts to stop any running malware processes so other tools may function efficiently, plus a few other things.)

 

Save it to your Desktop so you can easily locate it.

 

(If one won't run, download the other. Malware sometimes recognises RKill.exe and tries to interfere with it.)

 

 

RKill.exe                              <<== Try this first.

 

RKill as iExplore.exe         <<== Try this one if option one doesn't work.

 

  • Right Click RKill and Select "Run As Administrator."
  • Soon after a Black Box will appear while RKill Runs. (This is normal. RKill may appear to hang. It's just working.)
  • When RKill has finished it will Open a Report in Notepad.
  • RKill will also save a copy of its log to your Desktop called "RKill.log"
  • After RKill has run successfully Don't Restart your computer until the other tool(s) have run.
  • Please Copy and Paste the contents of the Report into your Next Reply.
  • If the RKill will not run in Normal Windows Mode, Restart in Safe Mode and Repeat the above Steps.

 

NOTES:

 

Please Ignore any warnings from about RKill containing Viruses or Trojans etc. If necessary, shut down or temporarily disable your Antivirus while RKill runs. Don't forget to Re-enable your Anti-Virus once RKill completes, unless I ask otherwise.

 

If RKill still won't run, please Post back here and advise me.(After trying both versions and Safe Mode.) Please note any Error messages or other useful information and Include it in your Reply.

 

 

Then.......

 

(2)

Please download Security Check (by screen317) from HERE & save it to your Desktop.

 

 

  • Right Click SecurityCheck and Select "Run As Administrator."
  • Follow the Prompts in the Black Box which opens on your screen.
  • When the program is complete a Notepad Document called Checkup.txt should open Automatically in Notepad.
  • Please Copy & Paste the Contents of Checkup.txt into your Next Reply.

 

Please Note the Following:

 

If you receive an "UNSUPPORTED OPERATING SYSTEM! ABORTED!," please Restart Windows and Security Check should Run Fine.

Should a problem persist, please Post Back Here and include any Error Messages & Other Useful Information.

 

Security Check may require you to permit "Dig.exe" to access the internet. Please allow access through your Firewall if necessary.

It is not uncommon for Security Check to generate "false positives" from  some Anti-Virus/Anti-Malware Programs. Please Ignore These if They Occur.

 

Then....

 

(3)

Now I'd like you to download the JRT (Junkware Removal Tool)HERE

Save it to your Desktop so it's handy.

 

  • Right click on the JRT.exe Icon and select "Run as Administrator."
  • A black box will open and ask you if you want to continue. Do so. (Hit Enter I believe.)
  • The tool will do some work. Just be patient please.
  • When it's finished, a report should pop up in Notepad.
  • Please copy and paste the contents of the report into your Reply.

 

Ignore any warnings about the tool containing viruses etc.

 

 

Then.......

 

 

(4)

Download and run the ESET Free Online Virus Scanner from:  HERE

​(If you had to restart for any reason between running RKill and this step,

​Please re-run Rkill.1)

 

  • Turn off your antivirus program. See here how to do this.
  • Accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating Memory, Autostart Locations and drive(s) C:\ D:\ etc., to be scanned
    • Click Start to begin the Scan.
  • The ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
  • Push the SAVE to TEXT FILE button and save the file to your desktop using a unique name, such as ESETScan+Date.txt. Include the contents of this report in your next reply.
  • CLEAN any THREATS found.
  • Click Back, then Finish to exit ESET Online Scanner.
  • ​Do NOT delete the ESET scanner at this stage please.
  • ​KEEP THIS TOOL FOR NOW YOU WILL NEED TO SCAN ALL USB DRIVES!!

Please re-enable your antivirus when the scan is complete.

 

Let me know if you encounter any problems.

 

 

After you've finished the ESET Online scan:

  • Please ensure you've saved the Log File to your desktop.
  • Post the Log File contents in your Reply, assuming there was one.
  • Close down any other open programs.
  • Reboot.

 

 

Then.......

 

(5)

 

 

Download AdwCleaner(from Xplode.

(If you had to Reboot after Running ESET

re-run RKill - That was Step 1

 

From here: AdwCleaner.exe

 

 

Save to your Desktop so you can easily locate it.

 

  • Before Starting Ensure You've Saved Anything You Have Open that you Wish to Keep!!
  • Right Click AdwCleaner.exe & Select "Run As Administrator"
  • Please Click on the Tools Menu. There should be 2 Tabs: Options & Advanced.
  • In Options under DeleteSelect Tracing Keys(Usually pre-selected,) and, under RESET select all Options on the Right Hand Side.
  • Do Not select any other Options with Square Boxes.
  • There should be Options for Mode and Debug. You can leave these at their Defaults. Press OK.
  • Next, you should see Two main Buttons, Scan and Logfiles. Please Press Scan.
  • AdwCleaner will Start to Update the Database if required. This may take a little while.
  • The Progress Bar will gradually move to the right as the scan progresses. It can take a while.
  • Next you should receive a Popup Notification advising of the Scan Result.
  • Select any Items AdwCleaner may have found for DeletionorDeselect anything you may wish to keep.
  • Under the Popup there will be a Log. Please Copy and Paste the Contents into your next Reply.
  • NextClick Clean. Even if nothing was detected. This will require you to reboot the machine. Please do so.
  • Once the computer has rebooted,second Log should appear. Please Paste into your Reply as well.

 

  • If you need to access Logs again, Open the Tool and Click the LogFiles Button. They are stored there.

 

The Logs can be a tad confusing at first. They all contain a number such as [S0] which is Log One. They are also accompanied by a date to the left side column. The lower the number in the square brackets, the earlier the Log. For example, I may have Logs; AdwCleaner[S0].txt (Earliest) to AdwCleaner[S27].txt (Most Recent.) Double Click a Log to Open it.

 

 

 

​I'll look over your log file(s.)

 

Log back in to your thread for further instructions please.

 

We're in different time zones, so there may be a delay.

If I don't respond in 48 hours Please Personally Message Me.

If you don't hear back after 3 days, please post: HERE

 

I am a Volunteer and do my best to be here. This is sometimes interrupted by sleep, eating, outages.......

 

 

 

Cheers,

 

 

 

Kilt :thumbup2: 

 

 

 

:santa: I'd like to wish all Bleeping Computer Members a Very Merry Christmas and a Happy New Year! :santa:


Edited by Unworn_Kilt, 22 December 2017 - 08:26 AM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#5 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:20 PM

Posted 22 December 2017 - 08:27 AM

I'm having a little trouble with the Panda link. Please give me a moment......


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#6 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:20 PM

Posted 22 December 2017 - 08:29 AM

All Fixed.

 

Please advise me if you have any problems along the way.

 

Thanks.


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#7 DauDruH

DauDruH
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 22 December 2017 - 02:24 PM

C:\Program Files\KMSpico\AutoPico.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application
C:\Program Files\KMSpico\KMSELDI.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application
C:\Program Files\KMSpico\Service_KMS.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe Win32/Autoit.FL worm
C:\Users\Home\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe Win32/FusionCore.L potentially unwanted application,a variant of Win32/FusionCore.P potentially unwanted application
C:\Users\Home\Downloads\Microsoft Office 2013 Professional Plus SP1 VL (x86 & x64) EN\Activators\KMSAuto Net 2014 v1.2.3 Portable\KMSAuto Net.exe a variant of MSIL/HackKMS.I potentially unsafe application
C:\Users\Home\Downloads\Microsoft Office 2013 Professional Plus SP1 VL (x86 & x64) EN\Activators\KMSpico 9.2.3 Final\KMSpico_setup.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application
C:\Users\Home\Downloads\Microsoft Office 2013 Professional Plus SP1 VL (x86 & x64) EN\Activators\Microsoft Toolkit 2.5 Stable\Microsoft Toolkit.exe a variant of MSIL/HackKMS.G potentially unsafe application
C:\Users\Home\Downloads\PowerISO v6.8 (32bit-64bit)\PowerISO6-x64.exe Win32/FusionCore.L potentially unwanted application,a variant of Win32/FusionCore.K potentially unwanted application
C:\Users\Home\Downloads\PowerISO v6.8 (32bit-64bit)\PowerISO6.exe Win32/FusionCore.L potentially unwanted application,a variant of Win32/FusionCore.K potentially unwanted application
C:\Users\Home\Downloads\Windows Loader v2.2.2 by Daz\Windows Loader.exe Win32/HackTool.WinActivator.I potentially unsafe application
C:\Win\desktop.exe Win32/Autoit.FL worm
C:\Win\lsass.exe Win32/Autoit.GP worm
Autostart locations Win32/Autoit.FL worm
 
 
 
=================================================================================================================
 
 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 28.0.0.126  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome (63.0.3239.84) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 7% 
````````````````````End of Log`````````````````````` 
 
 
 
=================================================================================================================
 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/22/2017 09:01:05 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 12/22/2017 09:01:58 PM
Execution time: 0 hours(s), 0 minute(s), and 52 seconds(s)
 
 
 
=================================================================================================================

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64 
Ran by Home (Administrator) on Fri 12/22/2017 at 16:12:24.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 24 
 
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VN607NM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21CXZRWD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CIVBV93 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\976L2QL4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6VM6D5H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S87XEOZ9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1YDM3D3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2072UR4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VN607NM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21CXZRWD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CIVBV93 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\976L2QL4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6VM6D5H (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S87XEOZ9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1YDM3D3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2072UR4 (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/22/2017 at 16:15:59.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
=================================================================================================================
 

# AdwCleaner 7.0.6.0 - Logfile created on Fri Dec 22 19:08:19 2017
# Updated on 2017/21/12 by Malwarebytes 
# Database: 12-21-2017.1
# Running on Windows 7 Professional (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\ProgramData\Yahoo! Companion
PUP.Optional.Legacy, C:\ProgramData\Application Data\Yahoo! Companion
PUP.Optional.Legacy, C:\Users\All Users\Yahoo! Companion
PUP.Optional.Legacy, C:\Program Files (x86)\Yahoo!\Companion
PUP.Optional.Legacy, C:\Users\Home\AppData\Roaming\Yahoo!\Companion
 
 
***** [ Files ] *****
 
PUP.Optional.Legacy, C:\Program Files (x86)\Yahoo!\Common\unyt.exe
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mail.ru
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tv.mail.ru
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1191513540-2548861544-2957286175-1001\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1191513540-2548861544-2957286175-1001\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1191513540-2548861544-2957286175-1001\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks | {EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\yt.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
 
 
 
=================================================================================================================
 
# AdwCleaner 7.0.6.0 - Logfile created on Fri Dec 22 19:11:09 2017
# Updated on 2017/21/12 by Malwarebytes 
# Running on Windows 7 Professional (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\Yahoo! Companion
Deleted: C:\ProgramData\Application Data\Yahoo! Companion
Deleted: C:\Users\All Users\Yahoo! Companion
Deleted: C:\Program Files (x86)\Yahoo!\Companion
Deleted: C:\Users\Home\AppData\Roaming\Yahoo!\Companion
 
 
***** [ Files ] *****
 
Deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mail.ru
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tv.mail.ru
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1191513540-2548861544-2957286175-1001\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1191513540-2548861544-2957286175-1001\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1191513540-2548861544-2957286175-1001\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\yt.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Proxy settings cleared
::TCP/IP settings cleared
::Firewall rules cleared
::IPSec settings cleared
::BITS queue cleared
::IE policies deleted
::Chrome policies deleted
::Hosts file cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [11603 B] - [2017/12/22 19:8:19]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
 
 
Kind Regards,
 
Dimitry


#8 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:20 PM

Posted 22 December 2017 - 07:18 PM

Hello Dimitry,

 

 

Good job!

 

How are those folders looking now?

 

I'm about to have a good look through your logs and see what else we may need to do.

 

I would not be using that computer for any banking, purchase or related activity for now.

 

Some of the items tend to indicate that someone may have had Remote Access to you device or was trying to get it.

 

Please read this article for now:  How to remove a Trojan, Virus, Worm, or other Malware

It will give you a little more information about what has happened to your computer.

 

I would also strongly suggest that your Mom read this article when the computer is clean:  Simple and easy ways to keep your computer safe and secure on the Internet

 

After you get back to me and advise if the folders are fixed we will need to run some more checks.

 

 

Thank you.

 

 

Kilt   :thumbup2:

 

 

 

:santa: I'd like to wish all Bleeping Computer Members a Very Merry Christmas and a Happy New Year! :santa:


Edited by Unworn_Kilt, 22 December 2017 - 07:45 PM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#9 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:20 PM

Posted 22 December 2017 - 07:46 PM

EDITED ABOVE.^^


Edited by Unworn_Kilt, 22 December 2017 - 07:47 PM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#10 DauDruH

DauDruH
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 23 December 2017 - 06:30 AM

Hello there, Kilt,

 

Thanks for all your help.

 

I uploaded several e-books on the reader, unplugged/plugged it again and the files( and folders ) correspond to their respective filetype :) !

 

I should note, that this laptop, in general, doesn't have any anti-virus software - It used to be my workbook back in university, but eversince I handed it to my mother, It appears things have gotten out of hand.

 

I've uploaded documents/images/folders on another external flash drive and the file-types appear to be okay.

 

 

Kind Regards,

 

Dimitry



#11 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:20 PM

Posted 23 December 2017 - 10:49 AM

G'day again Dimity,

 

 

I'm glad things are looking better.

 

When I have some more time I'll comb right through all your logs again.

I've been extremely busy the last couple of days. :crazy:

 

I'd very strongly recommend that you get at least a free antivirus and antimalware program

for your mother. It will save her a lot of trouble in the long run.

 

Please monitor the situation over the next little while and please get back in touch (on this thread)

if you need any further assistance.

 

Keep an eye on your emails in case I find something we need to address.

 

It's been a pleasure working with you. Thanks!

 

I wish you and your family a Very Merry Christmas and a Happy and prosperous New Year!

 

Don't forget to scan the USBs!!

 

 

Best,

 

 

 

 

Kilt   :thumbup2:

 

 

 

:santa: I'd like to wish all Bleeping Computer Members a Very Merry Christmas and a Happy New Year! :santa:


Edited by Unworn_Kilt, 23 December 2017 - 10:49 AM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#12 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:20 PM

Posted 23 December 2017 - 11:39 AM

Dimitry,

 

 

I'd like you to run a couple more tools for me please. It's a case of wanting to be thorough.

 

The details are below:

 

 

 

Download MiniToolBox(By FARBAR) to your Desktop:  HERE

 

 

Right Click the Blue\Black MiniToolBox Icon and Select "Run as Administrator."

(The Tool will show Version: 17-06-2016 in the title bar.)

 

 

Select the following Check-boxes:

 

 

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings (Make sure IE is closed first please.)
  • Report FF Proxy Settings
  • Reset FF Proxy Settings (Make sure Firefox is closed first please.)
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (DO NOT change any settings for this - Only "Problems" should be set by Default.)
  • List Users, Partitions and Memory size
  • List Minidump Files
  • List Restore Points

 

Click the "Go" Button.

 

  • Report should Pop-Up on your Screen in Notepad after a short wait.
  • Please Copy an Paste the Report Contents into your Next Reply.

(If you accidentally "kill" the Notepad Report, all is not lost, it should be saved on your Desktop as MTB.txt)

 

 

Next....

 

 

Download Malwarebytes Anti-Rootkit (MBAR) on to your desktop.

 

From Here: Malwarebytes Anti-Rootkit

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"



NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

 

 (My Thanks to Broni, Bleeping Computer Advisor for the use of the above, mostly pilfered without notice, MBAR Notes.

 

 

Please post back your results when you are done.

 

 

 

Finally, grab a copy of Malwarebytes(V. 3.3.1.2183.) Your mother can keep it and use it to scan her computer each day.

I'll include the instructions I use. (I'd be interested to see the results of the first scan if you have time.)

 

If you have Malwarebytes installed on your Machine, please do the following:

(Otherwise download Malwarebytes: HERE  and install it.)
 
*Note: It is not necessary to activate the trial unless you want to activate auto-scanning and extra features.
  • Start the Malwarebytes Application.
  • Open the Malwarebytes Dashboard.
  • Ensure that Malwarebytes is Updated to the Most Recent Definitions and Version.(Version Update may require license or Trial.)
 
 
Click Settings, then Application:
 
Enable the Following Options If Not Enabled:
(If you do not have a license or trial activated some options will not be able to be set.)
 
  • Automatically download and install application updates
  • Notify me when full version updates are available
  • Show Malwarebytes notifications in the Windows System Tray
  • Show Notifications when Real Time Protection settings are turned off
  • Set Manual Scans have high priority
  • Configure Proxy Server if you use one. (If you don't know what this means you likely don't. If in doubt, CHECK!)
 
 
Now switch to the Protection Tab and where possible Enable:
(The same license note as above applies here too.)
  • Web Protection
  • Exploit Protection
  • Malware Protection
  • Ransomware Protection
  • Scan for Rootkits.
  • Scan within Archives.
  • Use Signature-Less anomaly detection for increased protection
  • Always detect PUPs
  • Always detect PUMs
  • Automatically check for updates (Select Check every 15 Mins.)
  • Notify if time since last update exceeds 24 hours
  • Start Malwarebytes at Windows Startup
  • Enable Self Protection Module
  • Enable Self Protection Early Start
  • Automatically Quarantine detected Malware
 
I suggest, when in this situation, using Threat Scan. Select Scans Tab. Select all Drives(C: D: etc.,) and ensure scanning for Rootkits is enabled. (The Rootkit option MAY not be available to you if you haven't activated Trial, or, don't have a license.)
 
  • If you'd rather not Use Threat Scan, Return to Dashboard and Click Scan Now.
  • Once Scan is complete, please Ensure any Threats found are Selected and Removed.
  • Please obtain a copy of your Scan Report from the Reports section and Paste in to your Next Reply.
 

 

I reckon, given a few of the items that were on your mother's computer, we should run these.

 

When you're done I'll post a link to a program that will get rid of most of my mess too.

 

Keep ESET for now. Encourage mother to use it once a week at least.

 

I run Malwarebytes Full version, plus a paid Anti-Virus. Private Message me if you'd like advice on this.

 

 

I look forward to the results.

 

 

 

 

Kilt    :thumbup2: 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#13 DauDruH

DauDruH
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 23 December 2017 - 05:58 PM

Hello Kilt,

 

I can't thank you enough for your thoughtful support!

 

Here are the logs from the latest scans:

 

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Home (administrator) on 23-12-2017 at 18:50:15
Running from "C:\Users\Home\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: K52De Manufacturer: ASUSTeK Computer Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
JMicron PCI Express Gigabit Ethernet Adapter = Local Area Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Home-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : 48-5D-60-01-EA-AA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bd80:679b:be63:ea2e%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.103(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, December 23, 2017 12:57:44 PM
   Lease Expires . . . . . . . . . . : Sunday, December 24, 2017 6:45:23 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 289955168
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-13-70-F8-48-5D-60-01-EA-AA
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : JMicron PCI Express Gigabit Ethernet Adapter #2
   Physical Address. . . . . . . . . : 20-CF-30-4A-5C-97
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{670D96DC-B4CD-4408-8F89-C4B3B86CA37C}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dir-300
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2a00:1450:4017:801::200e
  172.217.17.206
 
 
Pinging google.com [172.217.17.206] with 32 bytes of data:
Reply from 172.217.17.206: bytes=32 time=2ms TTL=58
Reply from 172.217.17.206: bytes=32 time=2ms TTL=58
 
Ping statistics for 172.217.17.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 2ms, Average = 2ms
Server:  dir-300
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:e33::53
  2001:4998:44:204::100d
  2001:4998:58:2201::73
  206.190.39.42
  98.139.180.180
  98.138.252.38
 
 
Pinging yahoo.com [98.138.252.38] with 32 bytes of data:
Reply from 98.138.252.38: bytes=32 time=141ms TTL=52
Reply from 98.138.252.38: bytes=32 time=141ms TTL=52
 
Ping statistics for 98.138.252.38:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 141ms, Maximum = 141ms, Average = 141ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...48 5d 60 01 ea aa ......Atheros AR9285 Wireless Network Adapter
 13...20 cf 30 4a 5c 97 ......JMicron PCI Express Gigabit Ethernet Adapter #2
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.103     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.103    281
    192.168.0.103  255.255.255.255         On-link     192.168.0.103    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.103    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.103    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.103    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 14    281 fe80::/64                On-link
 14    281 fe80::bd80:679b:be63:ea2e/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/23/2017 12:58:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2017 09:12:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2017 08:57:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2017 01:22:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007ff00160378
Faulting process id: 0x7ec
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
 
Error: (12/22/2017 01:22:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2017 12:07:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007ff00160378
Faulting process id: 0x7d8
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
 
Error: (12/22/2017 12:07:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/21/2017 09:02:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007ff00150378
Faulting process id: 0x7e4
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
 
Error: (12/21/2017 09:01:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/20/2017 10:51:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007ff00140378
Faulting process id: 0x7e0
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
 
 
System errors:
=============
Error: (12/23/2017 06:48:37 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/23/2017 06:48:37 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/23/2017 06:48:18 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/23/2017 06:48:18 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/23/2017 06:48:06 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/23/2017 06:48:06 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/23/2017 06:47:04 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/23/2017 06:47:04 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/23/2017 06:46:33 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/23/2017 06:46:33 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
Microsoft Office Sessions:
=========================
Error: (12/23/2017 12:58:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2017 09:12:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2017 08:57:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2017 01:22:41 PM) (Source: Application Error)(User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.00000000000000000000007ff001603787ec01d37b171fe8e18fC:\Program Files\KMSpico\Service_KMS.exeunknown6c0836c6-e70a-11e7-8a7c-20cf304a5c97
 
Error: (12/22/2017 01:22:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2017 12:07:32 AM) (Source: Application Error)(User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.00000000000000000000007ff001603787d801d37aa802d5fb35C:\Program Files\KMSpico\Service_KMS.exeunknown5728df9d-e69b-11e7-a44e-20cf304a5c97
 
Error: (12/22/2017 12:07:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/21/2017 09:02:12 PM) (Source: Application Error)(User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.00000000000000000000007ff001503787e401d37a8e22c27dedC:\Program Files\KMSpico\Service_KMS.exeunknown7303e101-e681-11e7-aeb8-20cf304a5c97
 
Error: (12/21/2017 09:01:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/20/2017 10:51:01 PM) (Source: Application Error)(User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.00000000000000000000007ff001403787e001d379d42e48f198C:\Program Files\KMSpico\Service_KMS.exeunknown7c269124-e5c7-11e7-b9bd-20cf304a5c97
 
 
=========================== Installed Programs ============================
 
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Reader 9.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90100000001}) (Version: 9.0.1 - Adobe Systems Incorporated)
AMD USB Filter Driver (HKLM-x32\...\{987B04C4-B5AC-4AD6-A7E9-8D681085B850}) (Version: 1.0.15.94 - Advanced Micro Devices, Inc.)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ATI Catalyst Install Manager (HKLM\...\{401D3422-5349-F819-D294-01CA297CB9E0}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0005 - ASUS)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (HKLM-x32\...\{F7E4CA44-6117-E28D-A93D-7CE7CEB7E54F}) (Version: 2010.0406.2133.36843 - ATI) Hidden
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.4.1.23 - COMODO)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.8 - ASUS)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (HKLM-x32\...\{363CEA5C-C9D0-45DD-9511-A461DBDEE94B}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
ETDWare PS/2-x64 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
F4200 (HKLM-x32\...\{C2524280-A5CF-4458-B809-167F13FAB56D}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.6 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LaserJet M101-M106 Basic Device Software (HKLM\...\{99276B86-B04D-4420-9AD5-D258C886FA83}) (Version: 40.1.1046.62670 - HP Inc.)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.)
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
LM101 (HKLM-x32\...\{C1D550A6-7C72-4286-970D-5CBF7C828A38}) (Version: 0.00.0005 - HP)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
Nero 2015 (HKLM-x32\...\{407A3427-28FA-4383-8472-972AE71E3262}) (Version: 16.0.03000 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda USB Vaccine 1.0.1.16 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Prerequisite installer (HKLM-x32\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0000 - Nero AG) Hidden
Product Improvement Study for HP LaserJet M101-M106 (HKLM\...\{8C8428D1-A3F4-4E03-BBF0-6CACD250641C}) (Version: 40.1.1046.62670 - HP Inc.)
qBittorrent 3.3.11 (HKLM-x32\...\qBittorrent) (Version: 3.3.11 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6110 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.5900 - SRS Labs, Inc.)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
 
========================= Devices: ================================
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_1A071043&REV_80\4&9BEEDA3&1&0428
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_1A071043&REV_80\4&9BEEDA3&1&0028
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_1A071043&REV_80\4&9BEEDA3&1&0328
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 26%
Total physical RAM: 6141.82 MB
Available physical RAM: 4486.43 MB
Total Virtual: 12281.83 MB
Available Virtual: 10322.31 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:117.19 GB) (Free:78.77 GB) NTFS
2 Drive d: () (Fixed) (Total:180.8 GB) (Free:179.4 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\HOME-PC
 
Administrator            Guest                    Home                     
 
========================= Minidump Files ==================================
 
C:\Windows\Minidump\122217-24242-01.dmp
========================= Restore Points ==================================
 
14-03-2017 18:54:32 Scheduled Checkpoint
22-03-2017 14:15:14 Scheduled Checkpoint
22-12-2017 13:41:15 Device Driver Package Install: Comodo Security Solutions System devices
22-12-2017 14:12:25 JRT Pre-Junkware Removal
 
**** End of log ****
 

 

 

================================================================================================

 

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/24/17
Scan Time: 12:32 AM
Log File: 24694214-e831-11e7-8c9c-20cf304a5c97.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3552
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Home-PC\Home
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 244654
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 8 min, 44 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 3
MachineLearning/Anomalous.100%, C:\USERS\HOME\APPDATA\ROAMING\THINSTALL\MICROSOFT OFFICE ENTERPRISE 2007\11400002H\SPLWOW64.EXE, Quarantined, [0], [392687],1.0.3552
Generic.Malware/Suspicious, C:\USERS\HOME\APPDATA\ROAMING\THINSTALL\MICROSOFT OFFICE ENTERPRISE 2007\300000004500002H\OIS.EXE, Quarantined, [0], [392686],1.0.3552
Generic.Malware/Suspicious, C:\USERS\HOME\APPDATA\ROAMING\THINSTALL\MICROSOFT OFFICE ENTERPRISE 2007\30000000CF00002H\MSTORDB.EXE, Quarantined, [0], [392686],1.0.3552
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
 
============================================================================================
 
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.12.23.09
  rootkit: v2017.10.14.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Home :: HOME-PC [administrator]
 
12/23/2017 6:56:19 PM
mbar-log-2017-12-23 (18-56-19).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 197764
Time elapsed: 25 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Win\names.txt (Worm.Agent.AutoIt) -> Delete on reboot. [669f5fce3179cb6bf742e3b261a1b848]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
=========================================================================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17843
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 6440169472, free: 4643700736
 
Downloaded database version: v2017.12.23.09
Downloaded database version: v2017.11.28.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     12/23/2017 18:56:06
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\CBReparse.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cbvd.sys
\SystemRoot\system32\DRIVERS\CBUFS.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\bdisk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\JME.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\vdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\264394B7.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\lpk.dll
\Windows\System32\imagehlp.dll
\Windows\System32\normaliz.dll
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\ws2_32.dll
\Windows\System32\iertutil.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\user32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\usp10.dll
\Windows\System32\wininet.dll
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\userenv.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.12.23.09
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006451060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006452040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006451a40, DeviceName: \Device\bdisk_device0\, DriverName: \Driver\bdisk\
DevicePointer: 0xfffffa8006451060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80062f9060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\bdisk_device0\, DriverName: \Driver\bdisk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 54EDE024
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 245760000
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 245966848  Numsec = 379172864
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\Win\names.txt --> [Worm.Agent.AutoIt]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-245966848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
 
================================================================================================
 
 
 
I hope you and your family enjoy Christmas eve and the rest of the holidays well :) !
 
BR,
 
Dimitry
 

 



#14 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:20 PM

Posted 23 December 2017 - 06:29 PM

Hi Dimitry,

 

I hate to have to tell you this but we're not yet done.

 

First, you need to uninstall this:  qBittorrent 3.3.11 (HKLM-x32\...\qBittorrent) (Version: 3.3.11 - The qBittorrent project)

 

​Programs like that one are one of the largest sources of Malware of all. A very high percentage of software distributed via this method is "infected."

​That aside, it can cause a "security hole" in your computer making it easier for the "Bad Guys" to exploit.

 

​Bleeping Computer doesn't condone any type of Cracks, Keygens, Piracy or the like.

 

​There also appears to be a problem with your network and possibly some remaining files.

 

​You need to re-open Malwarebytes(MWB) and if there are files left in Quarantine, Select them all and Delete them.

 

​Then, if MWB doesn't ask you to reboot to complete deletion/disinfection, I want you to manually reboot.

 

 

Then you need to run this:

 

 

Please download this tool and Run it if you accept the disclaimer below. Make sure you read the points below so you're ready.

 

No disclaimer, you're running Win 7.

 

Download TFCHERE

 

 

  1. Download TFC from the download link above and save the file on your desktop.
  2. Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  3. Double-click on the TFC icon.
  4. When the program starts, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  5. When done, press OK to reboot your computer and finish the cleanup. The reboot may or may not be required.

Note 1: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

Note 2: This program will not delete your Cookies or Browser History.

 

I'm going to have to take a break. Please post back the logs from the previous scans.

There won't be a log from TFC as far as I can recall.

 

I'll check back as soon as I can. Please minimize your use of the Internet until we get you clean(er.)

 

 

Once that's done, please message me again. After you've removed qBittorrent 3.3.11 (HKLM-x32\...\qBittorrent) (Version: 3.3.11 - The qBittorrent project)

 

 

It was my bad for not picking up on it earlier. We're going to have to repeat a few steps.

 

I must take a break now. I'll review the logs again when I'm rested a little.

 

You and your family have a Great Christmas too, in case I don't get the chance to communicate before then. My Christmas starts in about 13.5 hours!

 

 

Cheers,

 

 

 

 

Kilt   :thumbup2:


Edited by Unworn_Kilt, 23 December 2017 - 06:31 PM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#15 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:20 PM

Posted 23 December 2017 - 07:16 PM

In  the meantime, please read the article below:

 

 

How Malware Spreads - How your system gets infected

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users