windows defender turned off

Collapse
X
Collapse
 
  • Page of 3
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • maxim123
    PCHF Member
    • Aug 2017
    • 463
    #16
    adwcleaner log:

    Code:
    # AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 18 07:21:38 2017
[HEADING=1]Updated on 2017/29/11 by Malwarebytes[/HEADING]
[HEADING=1]Running on Windows 10 Pro (X64)[/HEADING]
[HEADING=1]Mode: clean[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Deleted: C:\ProgramData\ytd video downloader
Deleted: C:\ProgramData\Application Data\ytd video downloader
Deleted: C:\Users\All Users\ytd video downloader

***** [ Files ] *****

Deleted: C:\Users\All Users\Desktop\YTD Video Downloader.lnk
Deleted: C:\Users\Public\Desktop\YTD Video Downloader.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.
[HR][/HR]
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
[HR][/HR]
C:/AdwCleaner/AdwCleaner[C0].txt - [5637 B] - [2017/2/18 15:57:30]
C:/AdwCleaner/AdwCleaner[C1].txt - [1924 B] - [2017/8/3 12:16:42]
C:/AdwCleaner/AdwCleaner[C2].txt - [1468 B] - [2017/8/8 12:18:2]
C:/AdwCleaner/AdwCleaner[S0].txt - [5054 B] - [2017/2/18 10:49:52]
C:/AdwCleaner/AdwCleaner[S1].txt - [5126 B] - [2017/2/18 15:39:49]
C:/AdwCleaner/AdwCleaner[S2].txt - [1866 B] - [2017/8/3 11:58:50]
C:/AdwCleaner/AdwCleaner[S3].txt - [1282 B] - [2017/8/8 12:16:14]
C:/AdwCleaner/AdwCleaner[S4].txt - [1889 B] - [2017/12/18 6:22:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt ##########

      Comment

      • system
        PCHF Owner
        • Jan 2015
        • 7635
        #17
        Hello maxim123 and welcome to PCHF
        My Name is Gus and I’ll be helping you. Before we start can I ask you to read these instructions carefully and if possible print them out for use as we go through the cleaning process. Depending on what tools are in use you may not have access to these instructions.
        [ul]
        [li]If you are unsure of any request as we progress PLEASE ASK, and remember as we proceed that there is no such thing as a silly question.[/li][li]Please let me know if you are receiving help at another forum on this issue so I can close this thread?[/li][li]At the right hand top of your first post please click on the"Watch thread" marker so you will receive an immediate alert when I reply.[/li][li]Please do not run any tools other than the ones we ask you to, some can be very dangerous and actually make things worse.[/li][li]Should any tools we ask you to use give you a security warning you can safely allow them to run, they have all been proven safe.[/li][li]Download any requested tools and make sure to run them from the desktop, unless specifically instructed otherwise.[/li][li]Please do not install any other software whilst we cleanup, this can complicate the process, making cleaning impossible.[/li][li]With malware it can be impossible to determine the outcome, and whilst we will work to a positive result we strongly recommend you backup all your personal files and folders before we begin.[/li][li]As we proceed with disinfecting it may appear as if your computer is back to normal, but please stay with me till I give you the all clear. In return I will do the same for you.[/li][li]Do remember the fixes used to clean your machine are meant for your computer only, and the use on another computer may cause serious damage to that machine.[/li][li]When your machine has been cleaned we will remove all the tools used, and also give you some tips to keep your computer clean and safe in the future.[/li][li]Finally, please allow me a little time to analyse any logs I request from you, I know you want your computer cleaned yesterday but please remember we are all volunteers here and we do have a life that sometimes takes us away from computers. If your thread gets closed due to no response from you you can PM me or a staff member and have it reopened. Should you not hear from me within 48 hours please PM me.[/li][li]That’s the last of the fine print so lets get under way:thumbsup:[/li][/ul]

        I see you have P2P software installed on your computer, which may well be the cause of initial infection. We strongly recommend you uninstall these programs from your computer. Should you need assistance to remove them then please ask, otherwise please DO NOT use them whilst cleaning is taking place.

        It is also noted System Restore is turned off, which is not good. This guide may help

        Forums - PC Help Forum
        https://pchelpforum.net/resources/turn-system-restore-on-or-off.131/
        PCHF Forums


        Please go here and download RogueKiller, click HERE to download a 32bit version, or HERE for a 64bit one. If you are unsure if your PC is a 32 or 64bit version look HERE.

        Save the download to your desktop.

        [ul]
        [li]Close all running programs, Including any Antivirus or Security programs. If you are unsure how to do this please ask.[/li][li]Right click the new RogueKiller desktop shortcut, and then click on “Run as Administrator”[/li][li]If you get a dialogue box explaining that there is a new version, go to the website and download it. Click the go to website button at the bottom of the box.[/li][li]Once the application is open, or you have updated it, click on the Scan button located on the top menu bar.[/li][li]The scan may take some time to complete depending on the amount of data on your PC. Allow it to complete.[/li][li]Once the scan is complete check every item for deletion.[/li][li]Then check “Remove Selected”[/li][/ul]
        [MEDIA=imgur]C4i7v64[/MEDIA]

        Again it may take a little time to remove the detections.
        Then click “Open Report” on the bottom left of the main program interface.
        A new dialogue box will open, click “Open TXT”

        [MEDIA=imgur]u32ik5U[/MEDIA]

        Please Copy and Paste the contents of that text file in your next post.

        If by chance you have closed the TXT file before copying it you can retrieve it by clicking on the History button on the programs main interface.

        [ul]
        [li]Please go HERE and download Malwarebytes Anti-Rootkit, save it to your desktop.[/li][li]Right click the new desktop icon and then click “Run as Administrator” from the menu.[/li][li]A dialogue box will ask where to extract the program, again select the desktop. After the files are extracted a new folder will be created on the desktop, called Mbar, and the program will open.[/li][li]To re-open the program once it has been closed, right click the MBAR icon again and let it extract and overwrite the new folder again and the app will open, or open the folder Mbar created originally and right click mbar.exe or mbar.cmd and select “Run as Administrator”[/li][li]Once the program is open at the Introduction page, click Next.[/li][li]On the next screen click the update button on the right, and allow it to update. Once updated click Next.[/li]
        [li]On the next screen click Scan. It will take some time to scan your system.[/li][li]When the scan is finished and if malware has been found, check all items and click cleanup. Should the program request a reboot please do so. (If the scan resulted in no malware found simply exit the app.[/li]
        [li]Once the computer has rebooted open the desktop folder (mbar) and locate the log file with a similar format to that below excepting make sure it is the date of your latest scan.[/li][/ul]
        [MEDIA=imgur]K57Mh25[/MEDIA]
        [ul]
        [li]Open the notepad file by double clicking it, copy and paste the contents of it in your next post please[/li][/ul]
        Please COPY and PASTE the two logs, not in a quote box please.

          Comment

          • maxim123
            PCHF Member
            • Aug 2017
            • 463
            #18
            Originally posted by gus
            I see you have P2P software installed on your computer, which may well be the cause of initial infection. We strongly recommend you uninstall these programs from your computer. Should you need assistance to remove them then please ask, otherwise please DO NOT use them whilst cleaning is taking place.
            I have uninstalled YTD.
            Originally posted by gus
            It is also noted System Restore is turned off, which is not good. This guide may help
            turned on the system restore
            Originally posted by gus
            Close all running programs, Including any Antivirus or Security programs. If you are unsure how to do this please ask.
            does closing mean disabling too? I only have windows defender as a security program.

              Comment

              • system
                PCHF Owner
                • Jan 2015
                • 7635
                #19
                Originally posted by maxim123
                does closing mean disabling too? I only have windows defender as a security program.
                It does mean disable it, but only temporarily. And only for running Rogue Killer. Once you have downloaded the scan tools turn it off in Settings, Update and security, defender.
                Originally posted by maxim123
                I have uninstalled YTD.
                The P2P software on your PC is Qbittorrent, very risky software and a good chance of where your infection came from, either from the app itself or something downloaded with it?

                  Comment

                  • maxim123
                    PCHF Member
                    • Aug 2017
                    • 463
                    #20
                    Originally posted by gus
                    It does mean disable it, but only temporarily. And only for running Rogue Killer. Once you have downloaded the scan tools turn it off in Settings, Update and security, defender. You really should update to the latest version of Windows 10 which has improved Defender protection.
                    thank you the updates are automatic and I have never disabled them.
                    Originally posted by gus
                    The P2P software on your PC is Qbittorrent, very risky software and a good chance of where your infection came from, either from the app itself or something downloaded with it?
                    Ohh, I have uninstalled it now. I only downloaded a comic with it. should I remove the comic, it is jpg format I think.

                      Comment

                      • maxim123
                        PCHF Member
                        • Aug 2017
                        • 463
                        #21
                        rogue killer:

                        Code:
                        RogueKiller V12.11.29.0 (x64) [Dec 18 2017] (Free) by Adlice Software
mail : Support Form | Contact • Adlice Software
Feedback : https://forum.adlice.com
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Max [Administrator]
Started from : C:\Users\USER\Desktop\RogueKiller_portable64.exe
Mode : Delete – Date : 12/19/2017 13:38:51 (Duration : 00:55:37)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-900945925-988278395-3478122750-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 → Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-900945925-988278395-3478122750-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 → Replaced (0)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces{550aa576-2f3f-4c5f-92a0-b05da9b2b432} | DhcpNameServer : 172.18.12.1 () → Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-1DG142 +++++
— User —
[MBR] 5d43a0b57305f7e812c5c5626882d2d7
[BSP] a7f419dda298f4e53c24e5d515cc1d5d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 119163 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 244049920 | Size: 836 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 245764033 | Size: 356935 MB
User = LL1 … OK
User = LL2 … OK

                          Comment

                          • maxim123
                            PCHF Member
                            • Aug 2017
                            • 463
                            #22
                            mbar log, there were no detections:

                            Code:
                            Malwarebytes Anti-Rootkit BETA 1.10.3.1001

https://www.malwarebytes.com/

Database version:
main: v2017.12.19.02
rootkit: v2017.10.14.01

Windows 10 x64 NTFS
Internet Explorer 11.786.15063.0
Max :: ADMIN [administrator]

12/19/2017 3:26:18 PM
mbar-log-2017-12-19 (15-26-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 301215
Time elapsed: 42 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

                              Comment

                              • maxim123
                                PCHF Member
                                • Aug 2017
                                • 463
                                #23
                                Another question, should I uninstall the sandboxie?

                                  Comment

                                  • system
                                    PCHF Owner
                                    • Jan 2015
                                    • 7635
                                    #24
                                    Hello maxim123,
                                    Originally posted by maxim123
                                    Another question, should I uninstall the sandboxie?
                                    Not really a question I can answer, but if you don’t use it on a regular basis, and don’t run dodgy software then I would. Also did you get it from a reputable site?

                                    Please left click on the attached Fixlist.txt file at the bottom of this post. On the dialogue box that opens click “Save File” and then “OK”

                                    [MEDIA=imgur]vzol8OV[/MEDIA]

                                    Select a location then save the file. IMPORTANT the fixlist.txt file must be in the same location as the FRST program otherwise the fix will not work.

                                    [MEDIA=imgur]pjsQ8XB[/MEDIA]

                                    To run the fix right click the FRST icon and choose “Run as Administrator” then click on “Fix”

                                    [MEDIA=imgur]cp0349X[/MEDIA]

                                    Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the “Fixlist.txt” file you created will be renamed “Fixlog.txt”

                                    Please COPY and PASTE the contents of this new file in your next post:slight_smile:

                                    Please COPY AND POST, not place in a quote box PLEASE.

                                      Comment

                                      • maxim123
                                        PCHF Member
                                        • Aug 2017
                                        • 463
                                        #25
                                        fixlog:
                                        [HEADING=1]
                                        Code:
                                        Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Max (20-12-2017 11:06:04) Run:1
Running from C:\Users\USER\Desktop
Loaded Profiles: Max (Available Profiles: Max)
Boot Mode: Normal[/HEADING]
fixlist content:
[HR][/HR]
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\MountPoints2: {0fd87a4d-a848-11e7-854a-68f728506e46} - “F:\HiSuiteDownLoader.exe”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\MountPoints2: {857f8e51-c5bd-11e7-8555-7629af2c9055} - “F:\Setup.exe” /s
Tcpip..\Interfaces{550aa576-2f3f-4c5f-92a0-b05da9b2b432}: [DhcpNameServer] 172.18.12.1
Tcpip..\Interfaces{F6C362E6-31CF-4394-9851-E5D33DF654FC}: [DhcpNameServer] 192.168.30.1
HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
URLSearchHook: [S-1-5-21-900945925-988278395-3478122750-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU.DEFAULT → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-900945925-988278395-3478122750-1001 → {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Plugin: @videolan.org/vlc,version=2.1.3 → C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 → C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [No File]
CHR HKLM-x32...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
S3 Browser; %SystemRoot%\System32\browser.dll 
S3 catchme; ??\C:\Users\USER\AppData\Local\Temp\catchme.sys <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID{0112bcab-ec40-8cbd-e8e0-18acfa7731940}\InprocServer32 → 0x6C41493845567338387553786F394142486741734146567A5A584A4F5957316C5055347651534E4462323177595735355055347651534E46545746706244314F4C30456A5648687553575139546939425150694B4563797A4D355763592F7044516932 (the data entry has 114 more characters). => No File
CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID{ef79fc18-df28-de4f-628c-b2e02c0815a76}\InprocServer32 → 0x9B8193826C8AD201D0E395826C8AD201010000000300000000000000 => No File
ContextMenuHandlers1-x32: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => → No File
ContextMenuHandlers1-x32: [Atheros] → {B8952421-0E55-400B-94A6-FA858FC0A39F} => → No File
ContextMenuHandlers4: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => → No File
ContextMenuHandlers4-x32: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => → No File
ContextMenuHandlers4-x32: [EncryptionMenu] → {A470F8CF-A1E8-4f65-8335-227475AA5C46} => → No File
ContextMenuHandlers4-x32-x32: [WorkFolders] → {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => → No File
ContextMenuHandlers5: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => → No File
ContextMenuHandlers5: [igfxcui] → {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => → No File
ContextMenuHandlers5: [WorkFolders] → {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => → No File
ContextMenuHandlers6: [BriefcaseMenu] → {85BBD920-42A0-1069-A2E4-08002B30309D} => → No File
Task: {0CFFAC74-2B0F-48F1-BAB2-7BD1A9E75C5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess → No File <==== ATTENTION
Task: {175EEFC8-16F5-4072-9093-46A1E622F59D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B → No File <==== ATTENTION
Task: {4641179A-BBA6-4BA3-9BF2-A13AB04B2C27} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d → No File <==== ATTENTION
Task: {6A0F36AE-7DF3-413C-BA95-E51BD7EE99AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d → No File <==== ATTENTION
Task: {6CFFC74A-9478-4A80-A16C-61BCC681BAB1} - \WPD\SqmUpload_S-1-5-21-900945925-988278395-3478122750-1001 → No File <==== ATTENTION
Task: {A2F71EA0-2D51-4117-9233-DF4CA5CD6A9D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd → No File <==== ATTENTION
Task: {ADE1B79E-902D-48F4-B104-0EAE57D965F2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d → No File <==== ATTENTION
Task: {BF728E4A-B1B4-406C-A6B2-1A4888A56396} - \OfficeSoftwareProtectionPlatform\SvcRestartTask → No File <==== ATTENTION
Task: {C07B4EB8-2EF6-4E54-832F-41346E84FE16} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent → No File <==== ATTENTION
Task: {C3366BA4-5CE0-4910-AB6B-A7BAF87DB671} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent → No File <==== ATTENTION
Task: {C640FB47-29FB-4AC6-AFA5-C82226025C5A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d → No File <==== ATTENTION
Task: {D1D516C0-190A-447A-B181-6D3ADBE8AA1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig → No File <==== ATTENTION
Task: {F7ECD4CC-F7F6-409A-890E-5F836A87DBEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d → No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5ED747B8 [274]
AlternateDataStreams: C:\ProgramData\Temp:9857FAE3 [248]
IE restricted site: HKU\S-1-5-21-900945925-988278395-3478122750-1001...\kmpmedia.net → hxxp://player.kmpmedia.net
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\Run: => “uTorrent”
FirewallRules: [{502B8641-BC35-4116-9C7E-18F6F156319E}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{61D1F560-FA78-4193-B943-7E28153C3B77}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe
2017-12-02 22:11 - 2017-12-02 22:11 - 000040448 ____N () C:\Users\USER\AppData\Local\Temp\proxy_vole585277975860488209.dll
2017-12-02 22:11 - 2017-12-02 22:11 - 000040448 ____N () C:\Users\USER\AppData\Local\Temp\proxy_vole5885040924349865855.dll
2017-12-02 22:11 - 2017-12-02 22:11 - 000040448 ____N () C:\Users\USER\AppData\Local\Temp\proxy_vole7166972014569587069.dll
C:\Users\USER\Desktop\mb-clean-results.txt
RemoveProxy:
Hosts:
EmptyTemp:
Reboot:
End
[HR][/HR]
Restore point was successfully created.
Processes closed successfully.
“HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{0fd87a4d-a848-11e7-854a-68f728506e46}” => removed successfully
HKLM\Software\Classes\CLSID{0fd87a4d-a848-11e7-854a-68f728506e46} => key not found
“HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{857f8e51-c5bd-11e7-8555-7629af2c9055}” => removed successfully
HKLM\Software\Classes\CLSID{857f8e51-c5bd-11e7-8555-7629af2c9055} => key not found
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{550aa576-2f3f-4c5f-92a0-b05da9b2b432}\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{F6C362E6-31CF-4394-9851-E5D33DF654FC}\DhcpNameServer => value removed successfully
“HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Policies\Microsoft\Internet Explorer” => removed successfully
Could not restore Default URLSearchHook.
HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value removed successfully
“HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66}” => removed successfully
HKLM\Software\Classes\CLSID{012E1000-F331-11DB-8314-0800200C9A66} => key not found
“HKLM\Software\MozillaPlugins@videolan.org/vlc,version=2.1.3” => removed successfully
“HKLM\Software\Wow6432Node\MozillaPlugins@google.com/npPicasa3,version=3.0.0” => removed successfully
“HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl” => removed successfully
“HKLM\System\CurrentControlSet\Services\Browser” => removed successfully
Browser => service removed successfully
“HKLM\System\CurrentControlSet\Services\catchme” => removed successfully
catchme => service removed successfully
“HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID{0112bcab-ec40-8cbd-e8e0-18acfa7731940}” => removed successfully
“HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID{ef79fc18-df28-de4f-628c-b2e02c0815a76}” => removed successfully
“HKLM\Software\Classes*\ShellEx\ContextMenuHandlers\AIMP” => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => key not found
“HKLM\Software\Classes*\ShellEx\ContextMenuHandlers\Atheros” => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{B8952421-0E55-400B-94A6-FA858FC0A39F} => key not found
“HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx” => removed successfully
HKLM\Software\Classes\CLSID{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => key not found
“HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\AIMP” => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => key not found
“HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\EncryptionMenu” => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{A470F8CF-A1E8-4f65-8335-227475AA5C46} => key not found
ContextMenuHandlers4-x32-x32: [WorkFolders] → {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => → No File => Error: No automatic fix found for this entry.
“HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx” => removed successfully
HKLM\Software\Classes\CLSID{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => key not found
“HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui” => removed successfully
HKLM\Software\Classes\CLSID{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
“HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\WorkFolders” => removed successfully
HKLM\Software\Classes\CLSID{E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => key not found
“HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu” => removed successfully
HKLM\Software\Classes\CLSID{85BBD920-42A0-1069-A2E4-08002B30309D} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{0CFFAC74-2B0F-48F1-BAB2-7BD1A9E75C5C} => could not remove key. ErrorCode1: 0x00000002
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{0CFFAC74-2B0F-48F1-BAB2-7BD1A9E75C5C}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{175EEFC8-16F5-4072-9093-46A1E622F59D}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{175EEFC8-16F5-4072-9093-46A1E622F59D}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{4641179A-BBA6-4BA3-9BF2-A13AB04B2C27}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{4641179A-BBA6-4BA3-9BF2-A13AB04B2C27}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{6A0F36AE-7DF3-413C-BA95-E51BD7EE99AD}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6A0F36AE-7DF3-413C-BA95-E51BD7EE99AD}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{6CFFC74A-9478-4A80-A16C-61BCC681BAB1}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6CFFC74A-9478-4A80-A16C-61BCC681BAB1}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-900945925-988278395-3478122750-1001” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{A2F71EA0-2D51-4117-9233-DF4CA5CD6A9D}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A2F71EA0-2D51-4117-9233-DF4CA5CD6A9D}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{ADE1B79E-902D-48F4-B104-0EAE57D965F2}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{ADE1B79E-902D-48F4-B104-0EAE57D965F2}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{BF728E4A-B1B4-406C-A6B2-1A4888A56396}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{BF728E4A-B1B4-406C-A6B2-1A4888A56396}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{C07B4EB8-2EF6-4E54-832F-41346E84FE16}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C07B4EB8-2EF6-4E54-832F-41346E84FE16}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{C3366BA4-5CE0-4910-AB6B-A7BAF87DB671}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C3366BA4-5CE0-4910-AB6B-A7BAF87DB671}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{C640FB47-29FB-4AC6-AFA5-C82226025C5A}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C640FB47-29FB-4AC6-AFA5-C82226025C5A}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{D1D516C0-190A-447A-B181-6D3ADBE8AA1A}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D1D516C0-190A-447A-B181-6D3ADBE8AA1A}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{F7ECD4CC-F7F6-409A-890E-5F836A87DBEF}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F7ECD4CC-F7F6-409A-890E-5F836A87DBEF}” => removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d” => removed successfully
C:\ProgramData\Temp => “:5ED747B8” ADS removed successfully
C:\ProgramData\Temp => “:9857FAE3” ADS removed successfully
“HKU\S-1-5-21-900945925-988278395-3478122750-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kmpmedia.net” => removed successfully
HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\uTorrent => value removed successfully
HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uTorrent => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{502B8641-BC35-4116-9C7E-18F6F156319E} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{61D1F560-FA78-4193-B943-7E28153C3B77} => value not found.
C:\Users\USER\AppData\Local\Temp\proxy_vole585277975860488209.dll => moved successfully
C:\Users\USER\AppData\Local\Temp\proxy_vole5885040924349865855.dll => moved successfully
C:\Users\USER\AppData\Local\Temp\proxy_vole7166972014569587069.dll => moved successfully
C:\Users\USER\Desktop\mb-clean-results.txt => moved successfully

========= RemoveProxy: =========

“HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer” => removed successfully
“HKU.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer” => removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 108264479 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 275389791 B
Edge => 0 B
Chrome => 294829677 B
Firefox => 388091880 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 6978 B
NetworkService => 15460896 B
USER => 240041729 B
.NET v4.5 => 0 B
DefaultAppPool => 0 B
.NET v4.5 Classic => 0 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 11:10:11 ====
                                        Originally posted by gus
                                        Not really a question I can answer, but if you don’t use it on a regular basis, and don’t run dodgy software then I would. Also did you get it from a reputable site?
                                        I downloaded it from its main site. it was supposed to isolate the application, but seems to have malfunctioned or something. I use it when I visit some site which I have not visited before, like clicking links from facebook or any other sites which gives out forced popup ads.[/HEADING]

                                          Comment

                                          • system
                                            PCHF Owner
                                            • Jan 2015
                                            • 7635
                                            #26
                                            How is your computer now, any more Defender popups?

                                              Comment

                                              • maxim123
                                                PCHF Member
                                                • Aug 2017
                                                • 463
                                                #27
                                                Originally posted by gus
                                                How is your computer now, any more Defender popups?
                                                the defender popups only occured when I was running the sandboxie. They haven’t shown up now. What security measures do you recommend for me to be safe when visiting unknown sites if even the isolation program doesn’t work/ Is there a way to stop the forced popups.

                                                  Comment

                                                  • system
                                                    PCHF Owner
                                                    • Jan 2015
                                                    • 7635
                                                    #28
                                                    I would remove Sanboxie using either Revo uninstaller or Geek uninstaller.

                                                    The best way to stay safe is to be careful what sites you visit, try installing Web of Trust as a browser add-on, it will give you ratings on the safety of the web pages on the browser search page.

                                                    You can also use Ublock origin to prevent ads and popups.

                                                    I would also recommend you reset Firefox, yes you will lose some history and such but worth it. Have a look here
                                                    Forums - PC Help Forum
                                                    https://pchelpforum.net/resources/reset-firefox-to-default-settings.90/
                                                    PCHF Forums


                                                    Even though Defender has come a long way and improved from what was an ordinary security app, there are many free Apps like
                                                    Avast
                                                    Bitdefender
                                                    360 total
                                                    that offer top quality protection.

                                                    Please go HERE and download Delfix Save it to your desktop.
                                                    Right click the new Delfix desktop icon [MEDIA=imgur]3gArQoZ[/MEDIA] and then click “run as administrator”
                                                    Place a tick in the following checkboxes
                                                    [ol]
                                                    [li]Remove disinfection tools[/li][li]Create registry backup[/li][li]Purge system restore[/li][li]Then select “Run”[/li][/ol]
                                                    [MEDIA=imgur]tdR6h0N[/MEDIA]

                                                    Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop. A copy of this file will be also located as C:\Delfix.txt.

                                                    Please post a copy of this file in your next post:slight_smile:

                                                      Comment

                                                      • maxim123
                                                        PCHF Member
                                                        • Aug 2017
                                                        • 463
                                                        #29
                                                        delfix

                                                        Code:
                                                        # DelFix v1.013 - Logfile created 22/12/2017 at 11:55:06
[HEADING=1]Updated 17/04/2016 by Xplode[/HEADING]
[HEADING=1]Username : Max - ADMIN[/HEADING]
[HEADING=1]Operating System : Windows 10 Pro (64 bits)[/HEADING]
~ Removing disinfection tools …

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\USER\Desktop\mbar
Deleted : C:\RstHosts.txt
Deleted : C:\Users\USER\Desktop\Addition.txt
Deleted : C:\Users\USER\Desktop\adwcleaner_7.0.5.0.exe
Deleted : C:\Users\USER\Desktop\Fixlog.txt
Deleted : C:\Users\USER\Desktop\FRST.txt
Deleted : C:\Users\USER\Desktop\FRST64.exe
Deleted : C:\Users\USER\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\USER\Desktop\SecurityCheck.exe
Deleted : C:\Users\USER\Desktop\ZHPDiag.lnk
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Creating registry backup … OK

~ Cleaning system restore …

New restore point created !

########## - EOF - ##########

                                                          Comment

                                                          • maxim123
                                                            PCHF Member
                                                            • Aug 2017
                                                            • 463
                                                            #30
                                                            Hi, i got a defender popup today, not sure why I got it, I was just browsing through pchelpforum at the time I think. there is no mention of it in quarantined section of the windows defender.
                                                            Also another problem, this with networking. I usually use wifi in my laptop and don’t use the direct Ethernet cord during day, but when I put in the Ethernet cord it still shows connected to wifi and not the lan connection. If i disable the wifi in the windows setting, the lan symbol shows a yellow triangle sign (no internet access). I have to restart my laptop to get it connected to the lan again. It happened before and it happens now too, even after i changed the router from adsl to dsl (changed the isp).

                                                              Comment

                                                              Previous 1 2 3 template Next
                                                              Working...

                                                                We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                                By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                                I Agree