help cleaning pc

Collapse
X
Collapse
 
  • Page of 2
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • confidential
    PCHF Member
    • Aug 2016
    • 22
    #1

    help cleaning pc

    think i may have gotten infected, here are the logs i was asked to post. thanks.
    Tags: None
    • Malnutrition
      PCHF Moderator
      • Jul 2016
      • 7045
      #2
      Zemana Scan

      Run a full scan with Zemana AntiMalware!

      Install and select deep scan.

      [MEDIA=imgur]jdmyscF[/MEDIA]

      Remove any infections found.

      Then click on the icon in the pic below.

      [MEDIA=imgur]DOLGyto[/MEDIA]

      Double click on the scan log, copy and paste here in your reply

      Zoek Scan

      Disable your antivirus prior to this scan.
      Download Zoek
      Save the file to your desktop.
      Right click Zoek.exe and run as administrator. (Xp Users double click)
      Copy and paste the items in red below and paste them into Zoek.

      createsrpoint;
      emptyfolderscheck;delete
      emptyclsid;
      emptyalltemp;
      ipconfig /flushdns;b
      ResetHosts;
      autoclean;


      Now hit the run script button.
      The log will appear after a reboot, also you can find it on the C: drive.
      Post the log in your next reply.

        Comment

        • Malnutrition
          PCHF Moderator
          • Jul 2016
          • 7045
          #3
          Welcome to PCHF.

          Also, after running the two scans above, please tell me what issues remain if any.

            Comment

            • confidential
              PCHF Member
              • Aug 2016
              • 22
              #4
              Code:
              Zemana AntiMalware 2.21.2.465 (Installed)
[HR][/HR]
Scan Result : Completed
Scan Date : 2016/8/24
Operating System : Windows 8.1 64-bit
Processor : 8X AMD FX™-8350 Eight-Core Processor
BIOS Mode : UEFI
CUID : 12FA14534E9853CEE417F7
Scan Type : Deep Scan
Duration : 5m 28s
Scanned Objects : 250395
Detected Objects : 0
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
No threats detected
              Code:
              Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by brad on Wed 08/24/2016 at  1:51:22.51.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\brad\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-09-26-023614.log    7585 bytes
C:\zoek-results2016-08-24-083233.log    9053 bytes
C:\zoek-results2016-08-24-083522.log    2167 bytes

==== System Restore Info ======================

8/24/2016 1:51:55 AM Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
127.0.0.1       localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565

prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\brad\AppData\Local\Wondershare deleted
C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565\jetpack deleted
C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565\Yahoo Inc deleted

==== Orphaned Tasks deleted from Registry ======================

ASUS\ASUS WiFi GO Server Execute deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"webrootsecure@webroot.com"="C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer" [02/26/2015 08:34 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Reddit Enhancement Suite - %ProfilePath%\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
- NewScrollbars aka NoiaScrollbars - %ProfilePath%\extensions\NoiaScrollbars@ArisT2_Noia4dev.xpi
- Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565
8CE35D76726DFC8C3848BB26B3C79A54    - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll -    Shockwave for Director / Shockwave for Director
62D98B286C805E193568037B70D936D2    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll -    Shockwave Flash
DB4E3BE3319897DF63975BD95F1169B0    - C:\Users\brad\AppData\Roaming\ACEStream\player\npace_plugin.dll -    Ace Stream P2P Multimedia Plug-in


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
kjeghcllfecehndceplomkocgfbklffd - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.1.0.57.crx[02/26/2015 08:34 AM]
okfhiodnpcnnnpgbjbhfebjnbagmfhab - C:\ProgramData\WRData\pkg\lpchrome.crx[10/24/2014 12:48 AM]

Web of Trust - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
Stylish - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe
EditThisCookie - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
Disconnect - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo
Reddit Enhancement Suite - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb
Cookie Manager - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck
Webroot Filtering Extension - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd
Facebook AdBlock - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa
Tom's Hardware - My Threads - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddbmgcnelmmhlfibkmfnhnfeccaliip
Hover Zoom - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl
Incognito Tab Switch - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofeampmlffjabmpdebckhpmcjkcjkahi
Webroot Password Manager - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab
Chrome Media Router - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Reditr - The Best Reddit Client - brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmfcbbijgnhoebddbjpmlikabnbnddgb

==== Chromium Fix ======================

C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\brad\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\brad\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\brad\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\brad\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\brad\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=197 folders=106 71481065 bytes)

==== Empty Temp Folders ======================

C:\Users\brad\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\brad\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 08/24/2016 at  2:02:54.11 ======================

                Comment

                • jmarket
                  PCHF Owner
                  • Jan 2015
                  • 7633
                  #5
                  Hi there confidential

                  Before we ran the scans, what were you experiencing that you thought you might be infected?

                    Comment

                    • confidential
                      PCHF Member
                      • Aug 2016
                      • 22
                      #6
                      slowdown in chrome/ firefox. they were always freezing. Also i would type stuff and it would lag on showing up. sometimes im not able to select anything on my start bar

                        Comment

                        • Malnutrition
                          PCHF Moderator
                          • Jul 2016
                          • 7045
                          #7


                          HijackThis.

                          1- Please click HERE to download HijackThis.
                          2- Run the program.
                          3- Click on the Main Menu button if not already there.
                          4- Select Do a system scan and save a logfile.
                          5- Copy paste the log here.

                          Security Check Scan.

                          Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.

                          FRST Fix

                          Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

                            Comment

                            • confidential
                              PCHF Member
                              • Aug 2016
                              • 22
                              #8
                              Code:
                              Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:28:38 PM, on 8/24/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\brad\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search - Microsoft Bing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Microsoft Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Search - Microsoft Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Search - Microsoft Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Microsoft Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
O4 - HKLM..\Run: [WRSVC] “C:\Program Files\Webroot\WRSA.exe” -ul
O4 - HKLM..\Run: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU..\Run: [AceUpdater] C:\Users\brad\AppData\Roaming\ACEStream\updater\ace_update.exe
O4 - HKCU..\Run: [Spotify Web Helper] “C:\Users\brad\AppData\Roaming\Spotify\SpotifyWebHelper.exe”
O4 - HKCU..\Run: [Skype] “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKCU..\Run: [CCleaner Monitoring] “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR
O4 - Global Startup: Install Webroot FF RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - Global Startup: Install Webroot IE RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra ‘Tools’ menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Amazon 1Button App Service - Amazon Inc. - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Disc Soft Pro Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Pro Advanced\DiscSoftBusService.exe
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
O23 - Service: ZAM Controller Service (ZAMSvc) - Zemana Ltd. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

–
End of file - 9646 bytes
                              Code:
                              Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:28:38 PM, on 8/24/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\brad\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search - Microsoft Bing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Microsoft Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Search - Microsoft Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Search - Microsoft Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Microsoft Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
O4 - HKLM..\Run: [WRSVC] “C:\Program Files\Webroot\WRSA.exe” -ul
O4 - HKLM..\Run: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU..\Run: [AceUpdater] C:\Users\brad\AppData\Roaming\ACEStream\updater\ace_update.exe
O4 - HKCU..\Run: [Spotify Web Helper] “C:\Users\brad\AppData\Roaming\Spotify\SpotifyWebHelper.exe”
O4 - HKCU..\Run: [Skype] “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKCU..\Run: [CCleaner Monitoring] “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR
O4 - Global Startup: Install Webroot FF RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - Global Startup: Install Webroot IE RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra ‘Tools’ menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Amazon 1Button App Service - Amazon Inc. - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Disc Soft Pro Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Pro Advanced\DiscSoftBusService.exe
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
O23 - Service: ZAM Controller Service (ZAMSvc) - Zemana Ltd. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

–
End of file - 9646 bytes
                              Code:
                              SecurityCheck by glax24 & Severnyj v.1.4.0.44 [17.08.16]
WebSite: www.safezone.cc
DateLog: 24.08.2016 13:34:12
Path starting: C:\Users\brad\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: brad
VersionXML: 3.36is-19.08.2016
[HR][/HR]
Windows 8.1(6.3.9600) (x64) Professional Lang: English(0409)
Installation date OS: 24.10.2014 06:49:33
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [237.5 Gb] Used: [215.1 Gb] Free: [22.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18427
User Account Control enabled
Automatic download and scheduled installation
Date install updates: 2016-08-17 10:52:30
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Webroot SecureAnywhere (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Webroot SecureAnywhere (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Webroot SecureAnywhere v.9.0.11.70
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.21.465
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.11 (64-bit) v.5.11.0 Warning! Download Update
7-Zip 9.22 (x64 edition) v.9.22.00.0 Warning! Download Update
Uninstall old version and install new one.
Microsoft Silverlight v.5.1.41212.0 Warning! Download Update
Oracle VM VirtualBox 4.3.28 v.4.3.28 Warning! Download Update
VLC media player v.2.2.1 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.22 v.7.22.109 Warning! Download Update
[b]^Optional update.[1]
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 77 v.8.0.770.3 Warning! Download Update
Uninstall old version and install new one (jre-8u102-windows-i586.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 22 NPAPI v.22.0.0.209
Adobe Shockwave Player 12.2 v.12.2.4.194
------------------------------- [ Browser ] -------------------------------
Google Chrome v.52.0.2743.116
Mozilla Firefox 47.0 (x86 en-US) v.47.0 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.52.0.2743.116
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.47.0.0.5999
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
Amazon 1Button App v.2.3.4 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and AdwCleaner (by ToolsLib). Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------
                              [HEADING=1]
                              Code:
                              Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by brad (24-08-2016 13:29:28) Run:1
Running from C:\Users\brad\Desktop
Loaded Profiles: brad (Available Profiles: brad)
Boot Mode: Normal[/HEADING]
fixlist content:
[HR][/HR]
start
CreateRestorePoint:
CloseProcesses:
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip..\Interfaces{69F22CDD-0AB7-4037-A5E0-3BED5CE7A549}: [DhcpNameServer] 209.18.47.62 209.18.47.61
FF Plugin: @esn/npbattlelog,version=2.5.1 → C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.6.2 → C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 → C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 → C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-15] (Google Inc.)
FF Extension: Adblock Plus - C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565\Extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys 
CMD: ipconfig /flushdns
hosts:
Emptytemp:
reboot:
end
[HR][/HR]
Restore point was successfully created.
Processes closed successfully.
Amazon 1Button App Service => Unable to stop service.
Amazon 1Button App Service => service removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{69F22CDD-0AB7-4037-A5E0-3BED5CE7A549}\DhcpNameServer => value removed successfully
“HKLM\Software\MozillaPlugins@esn/npbattlelog,version=2.5.1” => key removed successfully
“HKLM\Software\MozillaPlugins@esn/npbattlelog,version=2.6.2” => key removed successfully
“HKLM\Software\Wow6432Node\MozillaPlugins@esn/npbattlelog,version=2.5.1” => key removed successfully
“HKLM\Software\Wow6432Node\MozillaPlugins@esn/npbattlelog,version=2.6.2” => key removed successfully
“HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=3” => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
“HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=9” => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
C:\Users\brad\AppData\Roaming\Mozilla\Firefox\Profiles\wq9tnder.default-1442539032565\Extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => moved successfully
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => not found.
lmimirr => service removed successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37201856 B
Java, Flash, Steam htmlcache => 144403408 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 400466176 B
Firefox => 28293056 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 1646 B
NetworkService => 0 B
brad => 5403938 B

RecycleBin => 0 B
EmptyTemp: => 599.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 13:29:49 ====
                              1. /b ↩︎
                              [/HEADING]

                                Comment

                                • confidential
                                  PCHF Member
                                  • Aug 2016
                                  • 22
                                  #9
                                  sorry it took me a minute to respond, i had to use firefox to respond which kept freezing on me. after doing all those tests and restarting my PC chrome wont load any sites.
                                  Edit: Chrome works after restart

                                    Comment

                                    • confidential
                                      PCHF Member
                                      • Aug 2016
                                      • 22
                                      #10
                                      also got an error when running hijack this

                                      SecurityCheck by glax24 & Severnyj v.1.4.0.44 [17.08.16]
                                      WebSite: www.safezone.cc
                                      DateLog: 24.08.2016 13:34:12
                                      Path starting: C:\Users\brad\AppData\Local\Temp\SecurityCheck\Sec urityCheck.exe
                                      Log directory: C:\SecurityCheck
                                      IsAdmin: True
                                      User: brad
                                      VersionXML: 3.36is-19.08.2016

                                      Windows 8.1(6.3.9600) (x64) Professional Lang: English(0409)
                                      Installation date OS: 24.10.2014 06:49:33
                                      LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
                                      Boot Mode: Normal
                                      Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                                      SystemDrive: C: FS: [NTFS] Capacity: [237.5 Gb] Used: [215.1 Gb] Free: [22.4 Gb]
                                      ------------------------------- [ Windows ] -------------------------------
                                      Internet Explorer 11.0.9600.18427
                                      User Account Control enabled
                                      Automatic download and scheduled installation
                                      Date install updates: 2016-08-17 10:52:30
                                      Windows Update (wuauserv) - The service is running
                                      Security Center (wscsvc) - The service is running
                                      Remote Registry (RemoteRegistry) - The service has stopped
                                      SSDP Discovery (SSDPSRV) - The service is running
                                      Remote Desktop Services (TermService) - The service has stopped
                                      Windows Remote Management (WS-Management) (WinRM) - The service has stopped
                                      ---------------------------- [ Antivirus_WMI ] ----------------------------
                                      Webroot SecureAnywhere (enabled and up to date)
                                      Windows Defender (disabled and up to date)
                                      --------------------------- [ FirewallWindows ] ---------------------------
                                      Windows Firewall (MpsSvc) - The service is running
                                      --------------------------- [ AntiSpyware_WMI ] ---------------------------
                                      Webroot SecureAnywhere (enabled and up to date)
                                      Windows Defender (disabled and up to date)
                                      ---------------------- [ AntiVirusFirewallInstall ] -----------------------
                                      Webroot SecureAnywhere v.9.0.11.70
                                      -------------------------- [ SecurityUtilities ] --------------------------
                                      Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
                                      Zemana AntiMalware v.2.21.465
                                      --------------------------- [ OtherUtilities ] ----------------------------
                                      WinRAR 5.11 (64-bit) v.5.11.0 Warning! Download Update
                                      7-Zip 9.22 (x64 edition) v.9.22.00.0 Warning! Download Update
                                      Uninstall old version and install new one.
                                      Microsoft Silverlight v.5.1.41212.0 Warning! Download Update
                                      Oracle VM VirtualBox 4.3.28 v.4.3.28 Warning! Download Update
                                      VLC media player v.2.2.1 Warning! Download Update
                                      --------------------------------- [ IM ] ----------------------------------
                                      Skype™ 7.22 v.7.22.109 Warning! Download Update
                                      ^Optional update.[1]
                                      -------------------------------- [ Java ] ---------------------------------
                                      Java 8 Update 77 v.8.0.770.3 Warning! Download Update
                                      Uninstall old version and install new one (jre-8u102-windows-i586.exe).
                                      --------------------------- [ AdobeProduction ] ---------------------------
                                      Adobe Flash Player 22 NPAPI v.22.0.0.209
                                      Adobe Shockwave Player 12.2 v.12.2.4.194
                                      ------------------------------- [ Browser ] -------------------------------
                                      Google Chrome v.52.0.2743.116
                                      Mozilla Firefox 47.0 (x86 en-US) v.47.0 Warning! Download Update
                                      --------------------------- [ RunningProcess ] ----------------------------
                                      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.52.0.2743.116
                                      C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.47.0.0.5999
                                      ------------------ [ AntivirusFirewallProcessServices ] -------------------
                                      Windows Defender Service (WinDefend) - The service has stopped
                                      Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
                                      ZAM Controller Service (ZAMSvc) - The service is running
                                      C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
                                      ---------------------------- [ UnwantedApps ] -----------------------------
                                      Amazon 1Button App v.2.3.4 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and AdwCleaner (by ToolsLib). Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
                                      ----------------------------- [ End of Log ] ------------------------------
                                      1. /b ↩︎

                                        Comment

                                        • Malnutrition
                                          PCHF Moderator
                                          • Jul 2016
                                          • 7045
                                          #11
                                          Please update all items suggested by Security Check tool.

                                          JRT Scan.

                                          Please download Junkware Removal Tool and save it on your desktop.

                                          [ul]
                                          [li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][li] [/li][/ul]
                                          Adware Removal Tool Scan.

                                          Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

                                          [MEDIA=imgur]LOr0Gd7[/MEDIA]

                                          Hit Ok.

                                          [MEDIA=imgur]sYFsqHx[/MEDIA]

                                          Hit next make sure to leave all items checked, for removal.

                                          [MEDIA=imgur]8NcZjGc[/MEDIA]

                                          The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

                                          ZHP Scan.

                                          Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
                                          1. Once you have started the program, you will need to click the scanner button.

                                          [IMG alt="EgsT69u" width="602px" height="129px"]https://windowsinstructed.com/wp-content/uploads/2015/06/EgsT69u.png[/IMG]

                                          The program will close all open browsers!
                                          3. Once the scan is completed, the you will want to click the Repair button.
                                          [URL unfurl="true"]http://windowsinstructed.com/wp-content/uploads/2015/06/6QJjV50.png[/URL]

                                          At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

                                          Copy and paste the report here in your next reply.

                                          Download ResetBrowser To your desktop.

                                          Right click and run as administrator.

                                          [MEDIA=imgur]vwUeyaZ[/MEDIA]

                                          Click on Reset Chrome– Allow completion.

                                          Now reboot your machine.

                                            Comment

                                            • confidential
                                              PCHF Member
                                              • Aug 2016
                                              • 22
                                              #12
                                              did you edit my one post? should i update the things you mention?

                                                Comment

                                                • Malnutrition
                                                  PCHF Moderator
                                                  • Jul 2016
                                                  • 7045
                                                  #13
                                                  Yes I edited it, so that you can see what needs updated, you would not have been able to spot it easily since it was in code tags. You can update all the programs easily with this tool.

                                                    Comment

                                                    • Malnutrition
                                                      PCHF Moderator
                                                      • Jul 2016
                                                      • 7045
                                                      #14
                                                      Fix with HijackThis!

                                                      Close all other programs!

                                                      Right Click Hijack this, run as administrator.
                                                      Click do a system scan only.
                                                      Place a tick next to the items below.


                                                      O4 - HKLM..\Run: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
                                                      O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
                                                      O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
                                                      O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
                                                      O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
                                                      O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
                                                      O4 - HKCU..\Run: [AceUpdater] C:\Users\brad\AppData\Roaming\ACEStream\updater\ac e_update.exe
                                                      O4 - HKCU..\Run: [Spotify Web Helper] “C:\Users\brad\AppData\Roaming\Spotify\SpotifyWebH elper.exe”
                                                      O4 - HKCU..\Run: [Skype] “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
                                                      O4 - HKCU..\Run: [CCleaner Monitoring] “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR

                                                      Click fix checked.
                                                      Accept the prompt.
                                                      Reboot the machine after.

                                                        Comment

                                                        • confidential
                                                          PCHF Member
                                                          • Aug 2016
                                                          • 22
                                                          #15
                                                          Code:
                                                          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 Pro x64
Ran by brad (Administrator) on Wed 08/24/2016 at 14:00:05.16
[CODE]



File System: 0




Registry: 0
                                                          Scan was completed on Wed 08/24/2016 at 14:01:16.17
                                                          End of JRT log

                                                          Code:
                                                          [-] Deleted ->> Folder ->> C:\Users\brad\Appdata\Roaming\RPEng
                                                          Code:
                                                          ~ ZHPCleaner v2016.8.24.113 by Nicolas Coolman (2016/08/24)
~ Run by brad (Administrator)  (24/08/2016 14:17:43)
~ Site : https://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\brad\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\brad\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1 Pro, 64-bit  (Build 9600)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (1)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (27)
MOVED file: C:\Program Files (x86)\Common Files\wruninstall.exe [Webroot Software, Inc. - Webroot Installer]  =>Adware.Suspect
MOVED folder: C:\WINDOWS\Installer\MSI1957.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2601.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI3595.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI468E.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4D84.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5296.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5779.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5B72.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI63B1.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6817.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI7008.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI76A0.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI78E7.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8084.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI84EA.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI86A4.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9186.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIA01D.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIA464.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIA8CA.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIAC84.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIB1C5.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIB36E.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIBEF.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC12B.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIFEA9.tmp-  =>Empty


---\\  Registry ( Key, Value, Data) (6)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69F22CDD-0AB7-4037-A5E0-3BED5CE7A549}\\DhcpNameServer [Bad : 209.18.47.62 209.18.47.61]  =>Hijacker.Browser
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 209.18.47.62 209.18.47.61]  =>Hijacker.Browser
DELETED key*: HKEY_USERS\S-1-5-21-2731936480-3349034690-3766636756-1001\SOFTWARE\Distromatic []  =>PUP.Optional.AlexaTB
DELETED key: HKCU\Software\Distromatic []  =>PUP.Optional.AlexaTB
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 244930 [Poppermost Productions]  =>Trojan.Vonteera
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect


---\\  Summary of the elements found (5)
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/  =>Adware.Suspect
https://www.nicolascoolman.com/fr/hijacker-browser/  =>Hijacker.Browser
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.AlexaTB
https://www.nicolascoolman.com/fr/trojan-vonteera/  =>Trojan.Vonteera
https://www.anti-malware.top/2016/04/22/heuristic-suspect/  =>Heuristic.Suspect


---\\  Other deletions. (34)
~ Registry Keys Tracing deleted (34)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 615
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 33


~ End of clean in 00h00mn16s
~====================
ZHPCleaner-[R]-24082016-14_17_59.txt
ZHPCleaner-[S]-24082016-14_14_54.txt
                                                          [/CODE]

                                                            Comment

                                                            Previous 1 2 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree