Closed/Inactive Need help, laptop cannot connect to certain websites.

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

Joshua Bobbitt

PCHF Member
PCHF Member
Oct 26, 2016
26
3
22
RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Josh [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 10/26/2016 12:31:54 (Duration : 00:12:42)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUP] (X64) HKEY_USERS\S-1-5-21-2025992066-4083076924-3298436488-1000\Software\IM -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-2025992066-4083076924-3298436488-1000\Software\IM -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8C5DBC21-DD28-4314-A6BF-511C0A22D8E2} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Josh\AppData\Local\Temp\90DC360E-5FBE-456B-9F7A-602B8188C6F3\installer.exe|Name=C59310272|Desc=Allow|[email protected]:\Users\Josh\AppData\Local\Temp\90DC360E-5FBE-456B-9F7A-602B8188C6F3\installer.exe,-10000| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {00152E5A-0A9A-4511-A951-04E0BBD46098} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Josh\AppData\Local\59310272.exe|Name=A59310272|Desc=Allow|[email protected]:\Users\Josh\AppData\Local\59310272.exe,-10000| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8C5DBC21-DD28-4314-A6BF-511C0A22D8E2} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Josh\AppData\Local\Temp\90DC360E-5FBE-456B-9F7A-602B8188C6F3\installer.exe|Name=C59310272|Desc=Allow|[email protected]:\Users\Josh\AppData\Local\Temp\90DC360E-5FBE-456B-9F7A-602B8188C6F3\installer.exe,-10000| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {00152E5A-0A9A-4511-A951-04E0BBD46098} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Josh\AppData\Local\59310272.exe|Name=A59310272|Desc=Allow|[email protected]:\Users\Josh\AppData\Local\59310272.exe,-10000| [x] -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Volume 1 +++++
--- User ---
[MBR] e04b4fce3fe80846c1ca1a6926f129be
[BSP] e4afce6e524ea9bc0fea3c8b524c7694 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953851 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )

+++++ PhysicalDrive1: SAMSUNG SSD PM830 mSATA +++++
--- User ---
[MBR] 0d090174b7aad47bdce2e8107b669cc9
[BSP] 6cbb86a5bc87f699163d8df4e4d068f5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attachments

Joshua Bobbitt

PCHF Member
PCHF Member
Oct 26, 2016
26
3
22
Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Josh (2016-10-26 12:50:59) Run:1
Running from D:\Downloads
Loaded Profiles: Josh (Available Profiles: Josh)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
C:\Program Files (x86)\gowen
C:\Program Files (x86)\gowen\segel.exe
C:\Program Files (x86)\polygamy\cares.exe
C:\Program Files (x86)\polygamy
HKLM\...\Run: [materialized] => "C:\Program Files (x86)\gowen\segel.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [eastman] => "C:\Program Files (x86)\gowen\segel.exe"
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\...\Run: [reconvenes] => "C:\Program Files (x86)\gowen\segel.exe"
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\...\Run: [gambrell] => "C:\Program Files (x86)\gowen\segel.exe"
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\...\Run: [cares] => "C:\Program Files (x86)\polygamy\cares.exe"
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\...\Run: [militants] => "C:\Program Files (x86)\gowen\segel.exe"
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\...\MountPoints2: G - G:\OriginSetup.exe
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\...\MountPoints2: {e7c743ff-75e0-11e5-a21d-2016d891c3a4} - G:\LaunchU3.exe -a
ShortcutTarget: remembrances.lnk -> C:\Program Files (x86)\gowen\segel.exe (No File)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{498BA7C9-35C6-484B-A5DD-DAA56319F437}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2025992066-4083076924-3298436488-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-25] (Google Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Josh\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll No File
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Josh\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll No File
CHR Extension: (Adblock Plus) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-04]
C:\Windows\64467D47FFE44FBCABBAA0DB829A17EB.TMP
2016-10-15 10:56 - 2016-10-15 10:56 - 00000000 ____D C:\Windows\64467D47FFE44FBCABBAA0DB829A17EB.TMP
2016-10-26 11:33 - 2015-12-01 12:00 - 00000000 ____D C:\Users\Josh\AppData\Roaming\uTorrent
2015-09-21 10:32 - 2015-09-21 10:33 - 0003584 _____ () C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-25 17:03 - 2016-10-25 17:04 - 0000003 _____ () C:\Users\Josh\AppData\Local\run1.txt
Task: {03DBD415-22DB-4CD7-B213-C2DE248009A2} - \{A464AA88-BA75-4DE2-A262-CE6BB1F59402} -> No File <==== ATTENTION
Task: {10C27108-6476-4977-BF29-B7BB966551E7} - \GyazoUpdateTaskMachineDaily -> No File <==== ATTENTION
Task: {14ADB510-0347-41DF-9597-5CD9A1B423E4} - \Overwolf Updater Task -> No File <==== ATTENTION
Task: {1629EFAA-CA68-42C2-A9FA-D0D92418A29D} - \{854949CE-D0DC-4386-9CA9-A7B04A9D1FF5} -> No File <==== ATTENTION
Task: {2906F17B-C3E3-4B03-8DAA-DA1671275D6C} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {805EA7FF-D61C-4884-95AE-D7DA7CC556FA} - \AMD Updater -> No File <==== ATTENTION
Task: {8F27F744-EF4A-43F0-B915-1D8D44201FC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {918AFD42-81CE-459B-AAF6-DB8B86B6C42A} - \GyazoUpdateTaskMachine -> No File <==== ATTENTION
Task: {ACB2F35F-F054-411A-9A34-0B7D1B81BC54} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-09-12] (Microsoft Corporation)
Task: {C3F15C6B-9041-4C25-A34F-87E59F672D61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {DCA8A377-3907-4C9A-A4B6-92AB56591E01} - \{4ADFB7BF-6FCD-4D30-8CE8-A3A0DA0029E5} -> No File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers




*****************

Error: Restore point can only be created in normal mode.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"C:\Program Files (x86)\gowen" => File/Folder not found.
"C:\Program Files (x86)\gowen\segel.exe" => File/Folder not found.
"C:\Program Files (x86)\polygamy\cares.exe" => File/Folder not found.
"C:\Program Files (x86)\polygamy" => File/Folder not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\materialized => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\eastman => value removed successfully
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\Software\Microsoft\Windows\CurrentVersion\Run\\reconvenes => value removed successfully
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\Software\Microsoft\Windows\CurrentVersion\Run\\gambrell => value removed successfully
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cares => value removed successfully
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\Software\Microsoft\Windows\CurrentVersion\Run\\militants => value removed successfully
"HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
"HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => key removed successfully
"HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7c743ff-75e0-11e5-a21d-2016d891c3a4}" => key removed successfully
HKCR\CLSID\{e7c743ff-75e0-11e5-a21d-2016d891c3a4} => key not found.
C:\Program Files (x86)\gowen\segel.exe => not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{498BA7C9-35C6-484B-A5DD-DAA56319F437}\\DhcpNameServer => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{6C269571-C6D7-4818-BCA4-32A035E8C884}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6C269571-C6D7-4818-BCA4-32A035E8C884}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{D4B68B83-8710-488B-A692-D74B50BA558E}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{D4B68B83-8710-488B-A692-D74B50BA558E}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{F6ACF75C-C32C-447B-9BEF-46B766368D29}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/FlashPlayer" => key removed successfully
C:\Users\Josh\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll => not found.
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/vlc" => key removed successfully
C:\Users\Josh\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll => not found.
C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb => moved successfully
C:\Windows\64467D47FFE44FBCABBAA0DB829A17EB.TMP => moved successfully
"C:\Windows\64467D47FFE44FBCABBAA0DB829A17EB.TMP" => File/Folder not found.
C:\Users\Josh\AppData\Roaming\uTorrent => moved successfully
C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Josh\AppData\Local\run1.txt => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03DBD415-22DB-4CD7-B213-C2DE248009A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03DBD415-22DB-4CD7-B213-C2DE248009A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A464AA88-BA75-4DE2-A262-CE6BB1F59402}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10C27108-6476-4977-BF29-B7BB966551E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10C27108-6476-4977-BF29-B7BB966551E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachineDaily" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14ADB510-0347-41DF-9597-5CD9A1B423E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14ADB510-0347-41DF-9597-5CD9A1B423E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Overwolf Updater Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1629EFAA-CA68-42C2-A9FA-D0D92418A29D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1629EFAA-CA68-42C2-A9FA-D0D92418A29D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{854949CE-D0DC-4386-9CA9-A7B04A9D1FF5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2906F17B-C3E3-4B03-8DAA-DA1671275D6C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2906F17B-C3E3-4B03-8DAA-DA1671275D6C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{805EA7FF-D61C-4884-95AE-D7DA7CC556FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{805EA7FF-D61C-4884-95AE-D7DA7CC556FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AMD Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F27F744-EF4A-43F0-B915-1D8D44201FC1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F27F744-EF4A-43F0-B915-1D8D44201FC1}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{918AFD42-81CE-459B-AAF6-DB8B86B6C42A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{918AFD42-81CE-459B-AAF6-DB8B86B6C42A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachine" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACB2F35F-F054-411A-9A34-0B7D1B81BC54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACB2F35F-F054-411A-9A34-0B7D1B81BC54}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\ProgramDataUpdater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C3F15C6B-9041-4C25-A34F-87E59F672D61}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3F15C6B-9041-4C25-A34F-87E59F672D61}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCA8A377-3907-4C9A-A4B6-92AB56591E01}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCA8A377-3907-4C9A-A4B6-92AB56591E01}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4ADFB7BF-6FCD-4D30-8CE8-A3A0DA0029E5}" => key removed successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration


Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.0.12
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.



========= End of CMD: =========

EmptyTemp: => 276.2 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 12:51:05 ====
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
Ok, lets just run one last scan to do a mop up operation, then I will give you some instructions on how to avoid this sort of thing again and keep your machine running smooth. :)

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the
    button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
Ok, go ahead with the Eset scan, then scan with AdsFix for me, this one seems to be hiding... We will get it. :)

Scan & Clean With Ads Fix



  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.
  • Post the log created.
 

Joshua Bobbitt

PCHF Member
PCHF Member
Oct 26, 2016
26
3
22
Wouldn't let me copy and paste it

---------- | AdsFix | [email protected]@n | 3_25.10.2016.2

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 14:41:10 - 26/10/2016

update on : 25/10/2016 | 23.40 by [email protected]@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Josh\Desktop\adsfix_3_25.10.2016.1.exe
Boot: Normal boot
[Josh (Administrator)] - [JOSH-PC] - (USA [0409])
SID = S-1-5-21-2025992066-4083076924-3298436488-1000 || [4a6f7368205e5e]
PC : Alienware - M17xR4 - M17xR4
Processor : X64 - 2693 - Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz
Bios : Alienware - 05/17/2013 - V.A12
CoreTemp : 29.8 C

CPU #1 value:0 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
CPU #5 value:0 %
CPU #6 value:0 %
CPU #7 value:0 %
CPU #8 value:0 %
Total Overall CPU Usage value:0 %

System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 16726 | Free (MB) : 14008
Pagefile = Total (MB) : 33451 | Free (MB) : 30464
Virtual = Total (MB) : 4194 | Free (MB) : 3993

C:\ -> [Fixed] | [] | Total : 119.14 Go | Free : 34.51 Go -> NTFS (SSD) [RAID]
D:\ -> [Fixed] | [] | Total : 931.5 Go | Free : 174.37 Go -> NTFS [RAID]
F:\ -> [Removable] | [] | Total : 1.83 Go | Free : 1.75 Go -> FAT [USB]

Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [26.10.2016 @ 14_41_09]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2016-10-26 12:48:38
Last downloaded : 2016-10-25 13:54:06
Last installation : 2016-10-25 13:54:16
Next search : 2016-10-27 10:13:07

---------- | Browsers

IE : 11.0.9600.18500 (© Microsoft Corporation. All rights reserved.)
GC : 54.0.2840.71 (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

AV :
AS : Windows Defender Disabled
AM : Malwarebytes' Anti-Malware (2.3.173.0) [Update : 04/06/2015 23:19:54]
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Manual(3)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 23.0.0.185
Plugin : 23.0.0.185

---------- | Killed processes

544 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.AMD - AMD External Events Service Module.) - (21.19.151.3) = C:\Windows\System32\atiesrxx.exe
1272 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Creative Technology Ltd - Creative Audio Service.) - (3.80.5.0) = C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
1496 | [Owner : SYSTEM |Parent : 544()] - (.AMD - AMD External Events Client Module.) - (21.19.151.3) = C:\Windows\System32\atieclxx.exe
1592 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1804 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Intel Corporation - Bluetooth Device Monitor.) - (2.0.0.130) = C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
1812 | [Owner : Josh |Parent : 824(services.exe)] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
2040 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Broadcom Corporation. - Bluetooth Support Server.) - (6.5.1.2410) = C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1984 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Hi-Rez Studios - HiPatchService.) - (5.0.5.9) = C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
2248 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.23.219.2) = C:\Program Files\Intel\iCLS Client\HeciServer.exe
2284 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (8.0.0.1399) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
2572 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.-.) - (0.0.0.0) = C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
2648 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.- GameScannerService.) - (1.0.6.2673) = C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2784 | [Owner : Josh |Parent : 2160(explorer.exe)] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) - (16.0.2.0) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2796 | [Owner : Josh |Parent : 2160(explorer.exe)] - (.Intel Corporation - Bluetooth LE Services Control Program.) - (2.1.1.137) = C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
2808 | [Owner : Josh |Parent : 2160(explorer.exe)] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe
2816 | [Owner : Josh |Parent : 2160(explorer.exe)] - (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) - (10.1.1.1648) = C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
2944 | [Owner : Josh |Parent : 2160(explorer.exe)] - (.Nota Inc. - Gyazo Station.) - (2.2.0.0) = C:\Program Files (x86)\Gyazo\GyStation.exe
2984 | [Owner : Josh |Parent : 2160(explorer.exe)] - (.Spotify Ltd - SpotifyWebHelper.) - (1.0.33.106) = C:\Users\Josh\AppData\Roaming\Spotify\SpotifyWebHelper.exe
3000 | [Owner : Josh |Parent : 2160(explorer.exe)] - (.Skype Technologies S.A. - Skype.) - (7.28.85.101) = C:\Program Files (x86)\Skype\Phone\Skype.exe
3024 | [Owner : Josh |Parent : 2160(explorer.exe)] - (.Valve Corporation - Steam Client Bootstrapper.) - (3.65.13.80) = C:\Program Files (x86)\Steam\Steam.exe
2516 | [Owner : Josh |Parent : 2160(explorer.exe)] - (.Broadcom Corporation. - Bluetooth Tray Application.) - (6.5.1.2410) = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3104 | [Owner : Josh |Parent : 2460()] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) - (1.0.0.120) = C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
3156 | [Owner : Josh |Parent : 2460()] - (.Intel Corporation - IAStorIcon.) - (11.0.0.1032) = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
3352 | [Owner : Josh |Parent : 2160(explorer.exe)] - (.WellWeWeb - CheVolume.) - (0.4.1.2) = D:\CheVolume\CheVolume.exe
3368 | [Owner : Josh |Parent : 2160(explorer.exe)] - (.-.) - (0.0.0.0) = C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
3404 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Zemana Ltd. - ZAM.) - (0.0.0.0) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
3468 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Intel Corporation - Bluetooth OBEX Service.) - (2.0.0.128) = C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
4120 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Intel Corporation - Bluetooth Media Service.) - (2.1.0.138) = C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
4368 | [Owner : Josh |Parent : 2880()] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (16.0.2.0) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4392 | [Owner : Josh |Parent : 992(svchost.exe)] - (.Intel Corporation - Bluetooth Media Player Controller.) - (2.0.0.128) = C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
4408 | [Owner : Josh |Parent : 3352()] - (.- CheVolumeHelper_x86.) - (1.0.0.0) = D:\CheVolume\CheVolumeHelper_x86.exe
4476 | [Owner : Josh |Parent : 2460()] - (.- Alienware On-Screen Display.) - (0.32.0.8) = C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
4492 | [Owner : Josh |Parent : 2460()] - (.Creative Technology Ltd - Sound Blaster Control Panel.) - (1.2.10.0) = C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
4612 | [Owner : Josh |Parent : 4492()] - (.Creative Technology Ltd - Creative Jack Configuration.) - (1.0.11.2) = C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
4840 | [Owner : LOCAL SERVICE |Parent : 1132(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe
2468 | [Owner : Josh |Parent : 2160(explorer.exe)] - (.Microsoft Corporation - Microsoft Help and Support.) - (6.1.7600.16385) = C:\Windows\HelpPane.exe
5684 | [Owner : Josh |Parent : 3024()] - (.Valve Corporation - Steam Client WebHelper.) - (3.65.13.80) = C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
5728 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Valve Corporation - Steam Client Service.) - (3.65.13.80) = C:\Program Files (x86)\Common Files\Steam\SteamService.exe
6552 | [Owner : Josh |Parent : 2516()] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\SysWOW64\rundll32.exe
6708 | [Owner : NETWORK SERVICE |Parent : 824(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
3976 | [Owner : SYSTEM |Parent : 3752()] - (.Google Inc. - Google Crash Handler.) - (1.3.31.5) = C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
4928 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Intel Corporation - IAStorDataSvc.) - (11.0.0.1032) = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
6060 | [Owner : SYSTEM |Parent : 3752()] - (.Google Inc. - Google Crash Handler.) - (1.3.31.5) = C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
3736 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Realsil Microelectronics Inc. - Realtek Card Reader Icon Tool..) - (1.4.5.1) = C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
8016 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Intel Corporation - Local Manageability Service.) - (8.0.1.1399) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
7328 | [Owner : SYSTEM |Parent : 824(services.exe)] - (.Intel Corporation - User Notification Service.) - (8.0.1.1399) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
6380 | [Owner : Josh |Parent : 2160(explorer.exe)] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2768 | [Owner : Josh |Parent : 6380(chrome.exe)] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
6192 | [Owner : Josh |Parent : 6380(chrome.exe)] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

---------- | Tasks



---------- | Services


---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot


---------- | Winsock

Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 : BfLLR

---------- | DNS


---------- | Register

Deleted successfully : HKLM\SOFTWARE\Classes\.CETRAINER : CheatEngine
Deleted successfully : HKLM\SOFTWARE\Classes\.CT : CheatEngine
Deleted successfully : HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\bigfootnetworks.speedtest.net
Deleted successfully : HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\speedtest.net
Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SystemUsageReportSvc
Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\wyUpdate_RASAPI32
Deleted successfully : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]~[C:\Windows\TEMP\_ir_sf_temp_0\irsetup.exe]
Deleted successfully : HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Chromium
Deleted successfully : HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\EasiSlides
Deleted successfully : [HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} : C:\Users\Josh\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06850FD9E8167C14691CCE29BF27312A : C:\Program Files (x86)\EasiSlides\Interop.JRO.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47FCD4D276791DA4798B6A83FD0B30BA : C:\Program Files (x86)\EasiSlides\Easislides.exe
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60838B991E0754E4D9AEE55158460630 : C:\Program Files (x86)\EasiSlides\Interop.VBIDE.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DB61B846F1BA974BAED585C7CEEACD6 : C:\Program Files (x86)\EasiSlides\DirectShowLib.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\824FF458FD6D95541894B5A439DBE972 : C:\Program Files (x86)\EasiSlides\Backgrounds\
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9079E619A352D1F4C86C1E16AFA4DFFC : C:\Program Files (x86)\EasiSlides\Interop.stdole.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C5A7ED97FF079345B618BAABFF6A574 : C:\Program Files (x86)\EasiSlides\Interop.Word.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D37C7BE93CAB3704EADE653E5CE6CCC9 : C:\Program Files (x86)\EasiSlides\GetOffice.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC24964B9B81FC345B811111FA6564A4 : C:\Program Files (x86)\EasiSlides\Interop.Office.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B1612738C301ACB4891AF43C035BA394 : [C:\Windows\Installer\11547.msi]
Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\Program Files (x86)\EasiSlides\Backgrounds\]
Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\Program Files (x86)\EasiSlides\Backgrounds\Scenery\]
Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\Program Files (x86)\EasiSlides\Sys\]
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8372161B-103C-4BCA-98A1-4FC330B53A49} : (EasiSlides) MsiExec.exe /I{8372161B-103C-4BCA-98A1-4FC330B53A49} -> C:\Program Files (x86)\EasiSlides\

---------- | Folders | Files

Deleted successfully : C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stаrt Тоr Вrоwsеr.lnk (.-.) C:\Users\Josh\Desktop\Tor Browser\Browser\firefox.bat
Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasiSlides\Start Easislides.lnk (.-.)
Deleted successfully : C:\Users\Josh\AppData\Local\238010
Deleted successfully : C:\Users\Josh\AppData\Local\Chromium
Deleted successfully : C:\Users\Josh\AppData\Local\Kholat
Deleted successfully : C:\Users\Josh\Desktop\Zemana.AntiMalware.Setup.exe (© Copyright 2015 .-.Advanced Malware Protection )
Deleted successfully : C:\ProgramData\Bigfoot Networks\SpeedTest.ini (.-.)
Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasiSlides
Deleted successfully : C:\Users\Josh\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico (.-.)
Deleted successfully : C:\Windows\Installer\11547.msi (.-.) [Package Install]
Deleted successfully : C:\ProgramData\boost_interprocess
Deleted successfully : C:\ProgramData\.mono

---------- | .LNK


---------- | opening unknown extension


---------- | Proxy


---------- | Internet Explorer

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm
Repaired : [HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2
Repaired : [HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1
Repaired : [HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1
Repaired : [HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1
Repaired : [HKU\S-1-5-21-2025992066-4083076924-3298436488-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0

---------- | Yandex



---------- | Google Chrome

Deleted successfully : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL
Deleted successfully : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\extensions\cmeakgjggjdlcpncigglobpjbkabhmjl = permissions: [ notifications alarms storage background webRequest webRequestBlocking *://steamcommunity.com/* *://*.steampowered.com/* http://*.steamstatic.com/* *://steamrep.com/* *://steamcdn-a.akamaihd.net/* ]
Deleted successfully : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\extensions\gfenjblodoldnbiddmggcbkcapiolbig = key: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyKV+GkA2d6vVlnqBHUZkZ8iA0A5hItqFtNLmTQZW87Bb/GOrRmP+5RetP9er7sDYaCutKHCN1d5Bd4fMMK4dfe4EnWhtaVMuYaQauCfAK/Csg3zoU9PCfFgEzHTnKom668IYnUYqbpOvxMbBIXFMZCYOS6DqMhut1Zpw513PbkPDhgRlyWUTRb50Z6ecA+6UFhg4W4WTSeS6l2YKuEHYZZ15GadbuYPuzL87dC1bqGOjU6kck9rpbpRTFujRxMjGHVB7RuXn3LT5O51wJXt+Yoqk+k4BUYhinYyA7GuegtOIM660tkWlcsne0Ccva0zf9yCmXVxwDAyhUABwN6vxwIDAQAB
Deleted successfully : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb = description: A suite of modules that enhance your Reddit browsing experience
Deleted successfully : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = permissions: [ alarms cast cast.streaming declarativeWebRequest desktopCapture dial gcm http://*/* identity identity.email management mdns mediaRouterPrivate metricsPrivate networkingPrivate processes storage system.cpu settingsPrivate tabCapture tabs webview https://hangouts.google.com/* https://*.google.com/cast/chromecast/home/gsse ]

C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm = : __MSG_extShortDesc__ - name: uBlock Origin - short_name: uBlock₀ - https://clients2.google.com/service/update2/crx
C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\extensions\mgamelhnfokapndfdodnmfiningckjia = : Turns unclickable urls & email addresses into clickable ones. - Clickable Links - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf = : Highlight copy edit and translate text from any image on the web. - short_name: Naptha - permissions:[clipboardWriteclipboardReadstoragecontextMenustts\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\extensions\oglcbfocdkemachifmnimbblndgmlhbi = : Easy way to edit images on Lunapic.com. Right click an image and open edit session on Lunapic.com. - Lunapic Right Click Edit - http://clients2.google.com/service/update2/crx

---------- | Comodo Dragon



---------- | Firefox



---------- | SeaMonkey



---------- | Pale moon



---------- | Opera



---------- | Spark



---------- | StartMenuInternet


---------- | Javascript


---------- | Firewall


---------- | ADS


Other(s) report(s)


Analyzed : 399801 | Modified : 6 | Deleted : 49

---------- |EOF| ---------- | 16:15:17 | [22 Ko]
 

Attachments

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
Ok, how is the issue now?
Also, have you reset the router to factory settings?
 
Status
Not open for further replies.