• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved windows defender turned off

Status
Not open for further replies.
#21
rogue killer:

Code: 
RogueKiller V12.11.29.0 (x64) [Dec 18 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Max [Administrator]
Started from : C:\Users\USER\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 12/19/2017 13:38:51 (Duration : 00:55:37)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-900945925-988278395-3478122750-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-900945925-988278395-3478122750-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{550aa576-2f3f-4c5f-92a0-b05da9b2b432} | DhcpNameServer : 172.18.12.1 ([])  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-1DG142 +++++
--- User ---
[MBR] 5d43a0b57305f7e812c5c5626882d2d7
[BSP] a7f419dda298f4e53c24e5d515cc1d5d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 119163 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 244049920 | Size: 836 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 245764033 | Size: 356935 MB
User = LL1 ... OK
User = LL2 ... OK
 
#22
mbar log, there were no detections:

Code: 
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.12.19.02
  rootkit: v2017.10.14.01

Windows 10 x64 NTFS
Internet Explorer 11.786.15063.0
Max :: ADMIN [administrator]

12/19/2017 3:26:18 PM
mbar-log-2017-12-19 (15-26-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 301215
Time elapsed: 42 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
#24
Hello maxim123,

maxim123 said:
Another question, should I uninstall the sandboxie?
Click to expand...

Not really a question I can answer, but if you don't use it on a regular basis, and don't run dodgy software then I would. Also did you get it from a reputable site?

Please left click on the attached Fixlist.txt file at the bottom of this post. On the dialogue box that opens click "Save File" and then "OK"

vzol8OV.jpg


Select a location then save the file. IMPORTANT the fixlist.txt file must be in the same location as the FRST program otherwise the fix will not work.

pjsQ8XB.jpg


To run the fix right click the FRST icon and choose "Run as Administrator" then click on "Fix"

cp0349X.jpg


Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the "Fixlist.txt" file you created will be renamed "Fixlog.txt"

Please COPY and PASTE the contents of this new file in your next post:)

Please COPY AND POST, not place in a quote box PLEASE.
 

Attachments

  • fixlist.txt
    5.5 KB · Views: 11
  • Like
Reactions: maxim123
#25
fixlog:

Code: 
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Max (20-12-2017 11:06:04) Run:1
Running from C:\Users\USER\Desktop
Loaded Profiles: Max (Available Profiles: Max)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\MountPoints2: {0fd87a4d-a848-11e7-854a-68f728506e46} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\MountPoints2: {857f8e51-c5bd-11e7-8555-7629af2c9055} - "F:\Setup.exe" /s
Tcpip\..\Interfaces\{550aa576-2f3f-4c5f-92a0-b05da9b2b432}: [DhcpNameServer] 172.18.12.1
Tcpip\..\Interfaces\{F6C362E6-31CF-4394-9851-E5D33DF654FC}: [DhcpNameServer] 192.168.30.1
HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
URLSearchHook: [S-1-5-21-900945925-988278395-3478122750-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-900945925-988278395-3478122750-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S3 catchme; \??\C:\Users\USER\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID\{0112bcab-ec40-8cbd-e8e0-18acfa7731940}\InprocServer32 -> 0x6C41493845567338387553786F394142486741734146567A5A584A4F5957316C5055347651534E4462323177595735355055347651534E46545746706244314F4C30456A5648687553575139546939425150694B4563797A4D355763592F7044516932 (the data entry has 114 more characters). => No File
CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID\{ef79fc18-df28-de4f-628c-b2e02c0815a76}\InprocServer32 -> 0x9B8193826C8AD201D0E395826C8AD201010000000300000000000000 => No File
ContextMenuHandlers1-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers1-x32: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers4-x32: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4-x32-x32: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
Task: {0CFFAC74-2B0F-48F1-BAB2-7BD1A9E75C5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {175EEFC8-16F5-4072-9093-46A1E622F59D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4641179A-BBA6-4BA3-9BF2-A13AB04B2C27} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6A0F36AE-7DF3-413C-BA95-E51BD7EE99AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6CFFC74A-9478-4A80-A16C-61BCC681BAB1} - \WPD\SqmUpload_S-1-5-21-900945925-988278395-3478122750-1001 -> No File <==== ATTENTION
Task: {A2F71EA0-2D51-4117-9233-DF4CA5CD6A9D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {ADE1B79E-902D-48F4-B104-0EAE57D965F2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BF728E4A-B1B4-406C-A6B2-1A4888A56396} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C07B4EB8-2EF6-4E54-832F-41346E84FE16} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C3366BA4-5CE0-4910-AB6B-A7BAF87DB671} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C640FB47-29FB-4AC6-AFA5-C82226025C5A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D1D516C0-190A-447A-B181-6D3ADBE8AA1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F7ECD4CC-F7F6-409A-890E-5F836A87DBEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5ED747B8 [274]
AlternateDataStreams: C:\ProgramData\Temp:9857FAE3 [248]
IE restricted site: HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\kmpmedia.net -> hxxp://player.kmpmedia.net
HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\StartupApproved\Run: => "uTorrent"
FirewallRules: [{502B8641-BC35-4116-9C7E-18F6F156319E}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{61D1F560-FA78-4193-B943-7E28153C3B77}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe
2017-12-02 22:11 - 2017-12-02 22:11 - 000040448 ____N () C:\Users\USER\AppData\Local\Temp\proxy_vole585277975860488209.dll
2017-12-02 22:11 - 2017-12-02 22:11 - 000040448 ____N () C:\Users\USER\AppData\Local\Temp\proxy_vole5885040924349865855.dll
2017-12-02 22:11 - 2017-12-02 22:11 - 000040448 ____N () C:\Users\USER\AppData\Local\Temp\proxy_vole7166972014569587069.dll
C:\Users\USER\Desktop\mb-clean-results.txt
RemoveProxy:
Hosts:
EmptyTemp:
Reboot:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fd87a4d-a848-11e7-854a-68f728506e46}" => removed successfully
HKLM\Software\Classes\CLSID\{0fd87a4d-a848-11e7-854a-68f728506e46} => key not found
"HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{857f8e51-c5bd-11e7-8555-7629af2c9055}" => removed successfully
HKLM\Software\Classes\CLSID\{857f8e51-c5bd-11e7-8555-7629af2c9055} => key not found
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{550aa576-2f3f-4c5f-92a0-b05da9b2b432}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F6C362E6-31CF-4394-9851-E5D33DF654FC}\\DhcpNameServer => value removed successfully
"HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
Could not restore Default URLSearchHook.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => removed successfully
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => removed successfully
"HKLM\System\CurrentControlSet\Services\Browser" => removed successfully
Browser => service removed successfully
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
"HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID\{0112bcab-ec40-8cbd-e8e0-18acfa7731940}" => removed successfully
"HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID\{ef79fc18-df28-de4f-628c-b2e02c0815a76}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AIMP" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => key not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Atheros" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B8952421-0E55-400B-94A6-FA858FC0A39F} => key not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx" => removed successfully
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => key not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\AIMP" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => key not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\EncryptionMenu" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A470F8CF-A1E8-4f65-8335-227475AA5C46} => key not found
ContextMenuHandlers4-x32-x32: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File => Error: No automatic fix found for this entry.
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx" => removed successfully
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\WorkFolders" => removed successfully
HKLM\Software\Classes\CLSID\{E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => key not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu" => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CFFAC74-2B0F-48F1-BAB2-7BD1A9E75C5C} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CFFAC74-2B0F-48F1-BAB2-7BD1A9E75C5C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{175EEFC8-16F5-4072-9093-46A1E622F59D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{175EEFC8-16F5-4072-9093-46A1E622F59D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4641179A-BBA6-4BA3-9BF2-A13AB04B2C27}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4641179A-BBA6-4BA3-9BF2-A13AB04B2C27}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A0F36AE-7DF3-413C-BA95-E51BD7EE99AD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A0F36AE-7DF3-413C-BA95-E51BD7EE99AD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CFFC74A-9478-4A80-A16C-61BCC681BAB1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CFFC74A-9478-4A80-A16C-61BCC681BAB1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-900945925-988278395-3478122750-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2F71EA0-2D51-4117-9233-DF4CA5CD6A9D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2F71EA0-2D51-4117-9233-DF4CA5CD6A9D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADE1B79E-902D-48F4-B104-0EAE57D965F2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADE1B79E-902D-48F4-B104-0EAE57D965F2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF728E4A-B1B4-406C-A6B2-1A4888A56396}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF728E4A-B1B4-406C-A6B2-1A4888A56396}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C07B4EB8-2EF6-4E54-832F-41346E84FE16}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C07B4EB8-2EF6-4E54-832F-41346E84FE16}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3366BA4-5CE0-4910-AB6B-A7BAF87DB671}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3366BA4-5CE0-4910-AB6B-A7BAF87DB671}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C640FB47-29FB-4AC6-AFA5-C82226025C5A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C640FB47-29FB-4AC6-AFA5-C82226025C5A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1D516C0-190A-447A-B181-6D3ADBE8AA1A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1D516C0-190A-447A-B181-6D3ADBE8AA1A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7ECD4CC-F7F6-409A-890E-5F836A87DBEF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7ECD4CC-F7F6-409A-890E-5F836A87DBEF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
C:\ProgramData\Temp => ":5ED747B8" ADS removed successfully
C:\ProgramData\Temp => ":9857FAE3" ADS removed successfully
"HKU\S-1-5-21-900945925-988278395-3478122750-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kmpmedia.net" => removed successfully
HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\uTorrent => value removed successfully
HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{502B8641-BC35-4116-9C7E-18F6F156319E} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61D1F560-FA78-4193-B943-7E28153C3B77} => value not found.
C:\Users\USER\AppData\Local\Temp\proxy_vole585277975860488209.dll => moved successfully
C:\Users\USER\AppData\Local\Temp\proxy_vole5885040924349865855.dll => moved successfully
C:\Users\USER\AppData\Local\Temp\proxy_vole7166972014569587069.dll => moved successfully
C:\Users\USER\Desktop\mb-clean-results.txt => moved successfully

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 108264479 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 275389791 B
Edge => 0 B
Chrome => 294829677 B
Firefox => 388091880 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 6978 B
NetworkService => 15460896 B
USER => 240041729 B
.NET v4.5 => 0 B
DefaultAppPool => 0 B
.NET v4.5 Classic => 0 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:10:11 ====

gus said:
Not really a question I can answer, but if you don't use it on a regular basis, and don't run dodgy software then I would. Also did you get it from a reputable site?
Click to expand...

I downloaded it from its main site. it was supposed to isolate the application, but seems to have malfunctioned or something. I use it when I visit some site which I have not visited before, like clicking links from facebook or any other sites which gives out forced popup ads.
 
#27
gus said:
How is your computer now, any more Defender popups?
Click to expand...
the defender popups only occured when I was running the sandboxie. They haven't shown up now. What security measures do you recommend for me to be safe when visiting unknown sites if even the isolation program doesn't work/ Is there a way to stop the forced popups.
 
#28
I would remove Sanboxie using either Revo uninstaller or Geek uninstaller.

The best way to stay safe is to be careful what sites you visit, try installing Web of Trust as a browser add-on, it will give you ratings on the safety of the web pages on the browser search page.

You can also use Ublock origin to prevent ads and popups.

I would also recommend you reset Firefox, yes you will lose some history and such but worth it. Have a look here
https://pchelpforum.net/resources/reset-firefox-to-default-settings.90/

Even though Defender has come a long way and improved from what was an ordinary security app, there are many free Apps like
Avast
Bitdefender
360 total
that offer top quality protection.

Please go HERE and download Delfix Save it to your desktop.
Right click the new Delfix desktop icon
3gArQoZ.jpg
and then click "run as administrator"
Place a tick in the following checkboxes
  1. Remove disinfection tools
  2. Create registry backup
  3. Purge system restore
  4. Then select "Run"
tdR6h0N.jpg


Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop. A copy of this file will be also located as C:\Delfix.txt.

Please post a copy of this file in your next post:)
 
  • Like
Reactions: maxim123
#29
delfix
Code: 
# DelFix v1.013 - Logfile created 22/12/2017 at 11:55:06
# Updated 17/04/2016 by Xplode
# Username : Max - ADMIN
# Operating System : Windows 10 Pro  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\USER\Desktop\mbar
Deleted : C:\RstHosts.txt
Deleted : C:\Users\USER\Desktop\Addition.txt
Deleted : C:\Users\USER\Desktop\adwcleaner_7.0.5.0.exe
Deleted : C:\Users\USER\Desktop\Fixlog.txt
Deleted : C:\Users\USER\Desktop\FRST.txt
Deleted : C:\Users\USER\Desktop\FRST64.exe
Deleted : C:\Users\USER\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\USER\Desktop\SecurityCheck.exe
Deleted : C:\Users\USER\Desktop\ZHPDiag.lnk
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########
 
#30
Hi, i got a defender popup today, not sure why I got it, I was just browsing through pchelpforum at the time I think. there is no mention of it in quarantined section of the windows defender.
Also another problem, this with networking. I usually use wifi in my laptop and don't use the direct Ethernet cord during day, but when I put in the Ethernet cord it still shows connected to wifi and not the lan connection. If i disable the wifi in the windows setting, the lan symbol shows a yellow triangle sign (no internet access). I have to restart my laptop to get it connected to the lan again. It happened before and it happens now too, even after i changed the router from adsl to dsl (changed the isp).
 
#31
Did you reset Firefox?

Did you install the recommended browser extensions?

Did you take the advice and replace Defender with a superior security suite, perhaps Avast?

Are the network issues similar to those you previously sought help on?

I know you have had Malwarebytes installed previously but can you scan again with it please.

Please go HERE and download Malwarebytes, save the installer to the desktop.
Double click the new Malwarebytes Desktop installer icon and install the program.
Once installed double click the new Malwarebytes program icon.
Malwarebytes will open, click on Scan on the left hand tree, and on the new application page click Threat Scan, and then Start Scan on the bottom.
The scan wiil begin, and depending on the amount of data on you machine may take some time.
At the conclusion of the scan if any threats are detected click Quarantine Selected.
On the next screen, click Export Summary, then Text File. Name the file to something you can recognize, and save it again to the desktop.

Please Copy and Paste the contents of this file in your next post.:)
 
Last edited:
  • Like
Reactions: maxim123
#32
gus said:
Did you reset Firefox?

Did you install the recommended browser extensions?

Did you take the advice and replace Defender with a superior security suite, perhaps Avast?

Are the network issues similar to those you previously sought help on?
Click to expand...

- Yes, I reset firefox.

- I have installed the recommended extensions. I have installed voodoo shield too, but not sure if it will work for browsing.

- I have yet to do that. Will avast free version be okay?

- I don't think I have made a thread on the network issues, since it was usually solved if I just restarted the laptop, but thinking about it now, that might not have been a good idea.
 
#33
malwarebytes:

Code: 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/23/17
Scan Time: 11:17 AM
Log File: a91c2fa6-e7a2-11e7-9a7c-68f728506e46.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3545
License: Trial

-System Information-
OS: Windows 10 (Build 15063.786)
CPU: x64
File System: NTFS
User: ADMIN\Max

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382406
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 1 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

do I uninstall the malwarebytes now or let it run?
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu