Solved 2017-03-11 - Back for more
- Thread starter Fla_Panther
- Start date
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More. -
Hello everyone We want to personally apologize to everyone for the downtime that we've experienced. We are working to get everything back up as quickly as possible. Due to the issues we've had, your password will need to be reset. Please click the button that says "Forgot Your Password" and change it. We are working to have things back to normal. Emails are fixed and should now send properly. Thank you all for your patience. Thanks, PCHF Management
- Status
Hello @Fla_Panther how are you moving along with the instructions? Have you got an update for us?
Please update this thread within 48 hours, or it will be closed. You can however have it re-opened at any time, by sending a private message to a staff member.
Please update this thread within 48 hours, or it will be closed. You can however have it re-opened at any time, by sending a private message to a staff member.
Ha. Whoops. I can rerun it with that if I need to. As for being solved ... I don't know. I hope so. The browser hijacks only happened maybe once a week or once every two weeks and that was the only symptom so it's hard to say. But if your review of the logs indicate stuff got cleaned up I can trust that, and if something more happens I can create another thread. Or, if you want we can keep this one open for a while longer and then close it? Up to you.
May be due to what website you are looking at, I'd suggest looking at the info below, install Ublock Origin along with adding the adblocking Dns servers...
Glad to have helped!! Please tell a friend ...... or two about us.
Optimize your internet connection.
Click here for instructions.
suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.
Also, keep your browsing private with these tools:
Self Destructing Cookies.
Self Destructing Cookies Chrome.
Some items to keep you safe on the internet.
VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.
Now Lets Clean up the tools we used and remove old restore points.
Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:
Remove disinfection tools
Create registry backup
Purge System Restore
Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
Reset your router to factory settings.
Also make sure and add the Ublock origin to your browser... Also, it depends on what type of website you visit as well, if you are trying to use sites such as solar movie to stream movies, you will get these types of popups...
- Download ResetBrowser To your desktop.
- Now close all open browsers.
- Right click and run as administrator.
- Click on Reset for each of your browsers one at a time. -- Allow completion.
Also make sure and add the Ublock origin to your browser... Also, it depends on what type of website you visit as well, if you are trying to use sites such as solar movie to stream movies, you will get these types of popups...
Loaris Trojan Remover Scan
Run a full scan with Loaris Trojan Remover The program will update on its own, it will then attempt a standard scan. Please stop the standard scan and then go to the update tab, just make sure it is updated. Then go back to the computer scan and select full scan.
Once complete, go to the logfiles tab and double click on the scan log.
After you double click on the log a notepad will open, copy and paste that report into your next reply.
You will not be able to use Loaris unless you pay for it, at this point the program has served its purpose and you may uninstall it. Having the logfile is all that is needed, if anything was detected by the program.
Malwarebytes Scan.
Download MalwareBytes Anti-Malware : https://www.malwarebytes.com/mwb-download/ take the free version ( on the left )
Perform the installation
Uncheck "Enable Free Trial of Malwarebytes Anti-Malware Premium" if it's asked
Malwarebytes will update, let this update,
Click on the "Settings" tab and then on the "Detection and Protection" tab, Check the box "Search for Rootkits"
Click on the "Analysis" tab and then on "Start analysis"
Once the review is complete, check that all detections are checked and then click [Delete Selection]
If Malwarebytes asks you to restart your PC, click "Yes",
When restarting your PC, restarts Malwarebytes
Opens the "History" tab and then "Application logs"
Double click on the last Scan Log in date (the one above)
At the bottom click [Export] -> select "Text file (* .txt)"
In the explorer selects the desktop, name it mbam.txt, click [Save]
copy/paste the content of the report in your next reply
Run a full scan with Loaris Trojan Remover The program will update on its own, it will then attempt a standard scan. Please stop the standard scan and then go to the update tab, just make sure it is updated. Then go back to the computer scan and select full scan.
Once complete, go to the logfiles tab and double click on the scan log.
After you double click on the log a notepad will open, copy and paste that report into your next reply.
You will not be able to use Loaris unless you pay for it, at this point the program has served its purpose and you may uninstall it. Having the logfile is all that is needed, if anything was detected by the program.
Malwarebytes Scan.
Download MalwareBytes Anti-Malware : https://www.malwarebytes.com/mwb-download/ take the free version ( on the left )
Perform the installation
Uncheck "Enable Free Trial of Malwarebytes Anti-Malware Premium" if it's asked
Malwarebytes will update, let this update,
Click on the "Settings" tab and then on the "Detection and Protection" tab, Check the box "Search for Rootkits"
Click on the "Analysis" tab and then on "Start analysis"
Once the review is complete, check that all detections are checked and then click [Delete Selection]
If Malwarebytes asks you to restart your PC, click "Yes",
When restarting your PC, restarts Malwarebytes
Opens the "History" tab and then "Application logs"
Double click on the last Scan Log in date (the one above)
At the bottom click [Export] -> select "Text file (* .txt)"
In the explorer selects the desktop, name it mbam.txt, click [Save]
copy/paste the content of the report in your next reply
ResetBrowser done. Strangely, I don't see Chrome anymore. Not sure it reinstalled it correctly.
Ublock origin added to FF.
Trojan Remover v.2.0.44
Report file date: 4/4/2017 6:07:31 PM
Last update: 4/4/2017 6:07:24 PM
Scanning for 897687 virus strains and unwanted programs.
Licensed: UNREGISTERED
Windows version: Windows 7 Home Premium x64 (version 6.1)
Username: ******
Computer name: ******-PC
PC Brand: MSI
Starting the file scan:
Full Scan started
Scanning process...
----- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe ---- Service Threat
Service: [zamsvc] Adware.Win32.Downloader.vb
RegPath: HKLM\SYSTEM\ControlSet001\services\ZAMSvc
ProdVer: 2.72.0.324
FileVer: 2.72.0.324
Name: ZAM
Company: Copyright 2017.
Signature verification: True
Certificates: Zemana Ltd.
NAC: BE177CE55C007FF3F1B01FF0EB917A08:18
MD5: 106082C43A5B048604D023B845624378:14509296
RIC: EBC64BDC9C90016EED17D1B57A09C42E:9640
SUBS: Win32 GUI
PE: x86
EP: EB1066623A432B2B484F4F4B90E9AC50B300A19F50B300C1E002A3A350B300526A00E8C30773008BD08915A750B300E8B4DD71005AE896D97100E809DF71006A00
EPSEC: 0
EPRVA: 00002F4C
IBASE: 00400000
SEC:
.text:60000020:68B97BA35AA9850C50ADF86D7E857559:7553024
.data:C0000040:78437D94C3AC2E8CBDED20668280A01E:2179072
.tls:C0000040:C99A74C555371A433D121F551D6C6398:2048
.rdata:50000040:B79E3980A01F8C3616B470021EBE3120:512
.idata:40000040:AEA7EF86B09C45563834CED90CDC5242:25088
.didata:C0000040:4CBEC6B2A094A6641E51BAEA699EC3CB:4096
.edata:40000040:B9F15C3AAB41E407FDEC1CD003FDDE59:36352
.rsrc:40000040:CF467840654AC9B73426C6860974EB2C:4046848
.reloc:50000040:C209366B9CDBF0FC59C43F17AE0E40D8:647680
----- C:\ProgramData\Line 6\L6TWXY\L6TWXY.dll ---- General Threat
Adware.Heur.Downloader.22A3.vl
ProdVer: 5.31
FileVer: 5.31
Name: TWXY Core
Company: Line 6
Signature verification: False
NAC: 7CD6FE593CC1045B8A00AC5A71288BC1:15
MD5: FA7475C2F8141C92E765E60A76035C99:2535936
SUBS: Win32 GUI
PE: x86
EP: 8BFF558BEC837D0C017505E873140100FF75088B4D108B550CE8ECFEFFFF595DC20C003B0D549C24107502F3C3E9E71401008BFF558BEC83EC145657FF75088D4D
EPSEC: 0
EPRVA: 0019CF05
IBASE: 10000000
SEC:
.text:60000020:B3E8145AE3EADABF48B305F62E94D744:1872384
.rdata:40000040:2F9E7654D15B98747AC07855537DB261:323072
.data:C0000040:C2AA7AFD710D2C3B59CED72320E54256:217600
.rsrc:40000040:980ABA381F9FAB99F47F050159CD25C0:1536
.reloc:42000040:869BDAA9859B8783397AFA481D9C425F:120320
----- C:\ProgramData\Line 6\L6TWXY\L6TWXY64.dll ---- General Threat
Adware.Heur.Downloader.22A3.vl
ProdVer: 5.31
FileVer: 5.31
Name: TWXY Core
Company: Line 6
Signature verification: False
NAC: 7CD6FE593CC1045B8A00AC5A71288BC1:15
MD5: 47FF541362070F6F0F6747F008EF973A:3347968
SUBS: Win32 GUI
PE: x64
EP: 48895C24084889742410574883EC20498BF88BDA488BF183FA017505E8F71701004C8BC78BD3488BCE488B5C2430488B7424384883C4205FE9ABFEFFFFCCCCCC40
EPSEC: 0
EPRVA: 00204334
IBASE: 0000000180000000
SEC:
.text:60000020:7895E083BD9B7DD26467F367B458763D:2289664
.rdata:40000040:E02962E05D614E6636C1CE0B80D074B2:583680
.data:C0000040:C2CD4A7B3D18796F675BBAF35D860A90:256000
.pdata:40000040:67D479B0CEF42273A6BDF469DED86AE4:155648
text:20000040:F8D1877DD82D91675E19C6590571CA68:9216
data:40000040:7D2279048E02E79CE3F7BA929769A21C:16384
.rsrc:40000040:F95CE903709678A630E526A4D9669618:1536
.reloc:42000040:258FFD0E9A329598562F5C1F968722F7:34816
----- C:\ProgramData\Line 6\L6TWXY\data\res\BassPack.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: D8C5ABD880365E48D82325299ABC0DEA:1817560
----- C:\ProgramData\Line 6\L6TWXY\data\res\ClassicAmpsPack.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: BFDF1FA33E3653E2D2D9129F9084D783:423384
----- C:\ProgramData\Line 6\L6TWXY\data\res\FXExpansion.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 335732D1C0E76C185D32580C7F4B816D:518782
----- C:\ProgramData\Line 6\L6TWXY\data\res\GP2.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: F182C516475058D3A3421736A5849900:2005750
----- C:\ProgramData\Line 6\L6TWXY\data\res\GP2Ext.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: C85BA3E0FF860E73D90503DCB5390A81:815098
----- C:\ProgramData\Line 6\L6TWXY\data\res\GP3Std.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 0899C255BE8D3D1F843DEDD2AD4DF1E3:717942
----- C:\ProgramData\Line 6\L6TWXY\data\res\HiGainPack.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 544CA13D7D6F1948CB2E584096DC6CC1:489812
----- C:\ProgramData\Line 6\L6TWXY\data\res\ilxplt.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: F158DF8C2D75A960CBD24A345E013AE6:4064124
----- C:\ProgramData\Line 6\L6TWXY\data\res\ilxstd.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 38EEC22827DA8296E1609B725A2F4CC1:2716680
----- C:\ProgramData\Line 6\L6TWXY\data\res\TWXY.lang ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 2FA28D932AAA998231F3743F73ECFF6C:68400
----- C:\ProgramData\Line 6\L6TWXY\data\res\Z1Std.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 8ABDA2ACF312888CFCDA3DBA01E39E24:398702
----- C:\ProgramData\Line 6\L6TWXY\data\res\Z5Std.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 85D8C4E81B8A527077DFA966DFBD1008:480602
----- C:\ProgramData\Line 6\L6TWXY\data\tones\british_basic.l6t ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: E4FF53094DB66B39B9744B77B6F9C683:3092
----- C:\ProgramData\Line 6\L6TWXY\data\tones\clean_guitar_tone.l6t ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 964DA86CD2F23277D877E1D27D7184FF:2190
----- C:\ProgramData\Line 6\L6TWXY\data\tones\virtually_clean.l6t ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: CFC16B28C5D1603B01F6CC92598FAEC8:2112
----- C:\ProgramData\Line 6\L6TWXY\data\twx\L6TWX.dll ---- General Threat
Adware.Heur.Downloader.22A3.vl
ProdVer: 5.24
FileVer: 5.24
Name: L6TWX Dynamic Link Library
Company: Line 6
Signature verification: False
NAC: 1F7937292628A6EFB72654346B3AB53F:33
MD5: 7847261BB13070516A8594D04B23ADD4:529920
SUBS: Win32 GUI
PE: x86
EP: 8BFF558BEC837D0C017505E8E1910000FF75088B4D108B550CE8ECFEFFFF595DC20C008BFF558BEC83EC10FF750C8D4DF0E868EFFFFF8B45F083B8AC000000017E
EPSEC: 0
EPRVA: 00050DDE
IBASE: 10000000
SEC:
.text:60000020:F91CFED461079E81959B2DBBA27212CB:416256
.rdata:40000040:7B883AF7E35FF4F153414FC895D6071F:71168
.data:C0000040:10FF633A27A107658A013F4C17FDC397:11264
.rsrc:40000040:F715BF9031D2FA3F2035DAFE00E6F4C1:1536
.reloc:42000040:C6111B13730F33DA02B074EBFF4DCDDE:28672
----- C:\ProgramData\Line 6\L6TWXY\data\twx\L6TWX64_tr.dll ---- General Threat
Adware.Heur.Downloader.22A3.vl
ProdVer: 5.24
FileVer: 5.24
Name: L6TWX Dynamic Link Library
Company: Line 6
Signature verification: False
NAC: 1F7937292628A6EFB72654346B3AB53F:33
MD5: 80291E0BA7736B7D1C3744919D2E51EA:683520
SUBS: Win32 GUI
PE: x64
EP: 48895C24084889742410574883EC20498BF88BDA488BF183FA017505E8078D00004C8BC78BD3488BCE488B5C2430488B7424384883C4205FE9ABFEFFFFCCCCCC40
EPSEC: 0
EPRVA: 00063950
IBASE: 0000000180000000
SEC:
.text:60000020:9B993F09DE8F4A1038C19FABED135496:505856
.rdata:40000040:568FF2ADCEE2DCEAFB2F981F4CD84AAC:121856
.data:C0000040:C59AC0F582B20595EC8C6A15A3FC3676:13824
.pdata:40000040:7AA216E06675761D6ED3AA26353A9F9B:33280
.rsrc:40000040:7EBD0DC1248516A9F64E9D9B069EC785:1536
.reloc:42000040:82DC7A415835C46C52054B9B1CBF4196:6144
----- C:\ProgramData\Line 6\L6TWXY\ ---- General Threat
Adware.Heur.Downloader.22A3.vl
----- C:\Users\******\Desktop\Virus Stuff\2016-09-24\zoek.zip ---- General Threat
Malware.Win32.Gen.cc
MD5: 4DBB21E5A883B50C408239E05D927BCB:4186040
----- C:\Users\******\Desktop\Virus Stuff\2016-09-24\zoek.zip\zoek.exe ---- General Threat
Malware.Win32.Gen.cc
ProdVer: 5,0,0,1
FileVer: 5,0,0,1
Name: Zoek
Company: http:\/\/www.hijackthis.nl\/smeenk
Signature verification: False
NAC: 99299E80F7DAFE4C9D43DB5F58B173DC:35
MD5: 7EA0260488F304D68067A50B33A23AC2:1309184
RIC: FF6424C8D4F0AFF46A767882C86EC867:10032
RFH: 192:LE888JDcbZ4888KYPyr3ll/X1LA9ZdZSFv2IgTwoq+V:xiZxyr1l/FOgE1qo
SUBS: Win32 GUI
PE: x86
EP: 60BE157057008DBEEB9FE8FF5789E58D9C2480C1FFFF31C05039DC75FB4646536888092B005783C30453683CB813005683C3045350C70303000200909090909055
EPSEC: 1
EPRVA: 002B2860
IBASE: 00400000
SEC:
UPX0:E0000080:00000000000000000000000000000000:0
UPX1:E0000040:9839E904B19A2AF8BAAA28DD22AFB553:1295360
.rsrc:C0000040:18D0905753B2A68E2D13659DC807AF14:13312
Scan completed
Scan result: 23 detected items
Scan completed in: Scan completed in 26 minute(s) 16 sec.
Files were scanned: 52795
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/4/17
Scan Time: 6:38 PM
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.0
Update Package Version: 1.0.1660
License: Free
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ******-PC\******
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368565
Time Elapsed: 12 min, 33 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 1
PUP.Optional.AshampooRegistryCleaner, C:\PROGRAMDATA\ASHAMPOO\ICO_ASHAMPOO_MARKETPLACE.ICO, Delete-on-Reboot, [2977], [355157],1.0.1660
Physical Sector: 0
(No malicious items detected)
(end)
Ublock origin added to FF.
Trojan Remover v.2.0.44
Report file date: 4/4/2017 6:07:31 PM
Last update: 4/4/2017 6:07:24 PM
Scanning for 897687 virus strains and unwanted programs.
Licensed: UNREGISTERED
Windows version: Windows 7 Home Premium x64 (version 6.1)
Username: ******
Computer name: ******-PC
PC Brand: MSI
Starting the file scan:
Full Scan started
Scanning process...
----- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe ---- Service Threat
Service: [zamsvc] Adware.Win32.Downloader.vb
RegPath: HKLM\SYSTEM\ControlSet001\services\ZAMSvc
ProdVer: 2.72.0.324
FileVer: 2.72.0.324
Name: ZAM
Company: Copyright 2017.
Signature verification: True
Certificates: Zemana Ltd.
NAC: BE177CE55C007FF3F1B01FF0EB917A08:18
MD5: 106082C43A5B048604D023B845624378:14509296
RIC: EBC64BDC9C90016EED17D1B57A09C42E:9640
SUBS: Win32 GUI
PE: x86
EP: EB1066623A432B2B484F4F4B90E9AC50B300A19F50B300C1E002A3A350B300526A00E8C30773008BD08915A750B300E8B4DD71005AE896D97100E809DF71006A00
EPSEC: 0
EPRVA: 00002F4C
IBASE: 00400000
SEC:
.text:60000020:68B97BA35AA9850C50ADF86D7E857559:7553024
.data:C0000040:78437D94C3AC2E8CBDED20668280A01E:2179072
.tls:C0000040:C99A74C555371A433D121F551D6C6398:2048
.rdata:50000040:B79E3980A01F8C3616B470021EBE3120:512
.idata:40000040:AEA7EF86B09C45563834CED90CDC5242:25088
.didata:C0000040:4CBEC6B2A094A6641E51BAEA699EC3CB:4096
.edata:40000040:B9F15C3AAB41E407FDEC1CD003FDDE59:36352
.rsrc:40000040:CF467840654AC9B73426C6860974EB2C:4046848
.reloc:50000040:C209366B9CDBF0FC59C43F17AE0E40D8:647680
----- C:\ProgramData\Line 6\L6TWXY\L6TWXY.dll ---- General Threat
Adware.Heur.Downloader.22A3.vl
ProdVer: 5.31
FileVer: 5.31
Name: TWXY Core
Company: Line 6
Signature verification: False
NAC: 7CD6FE593CC1045B8A00AC5A71288BC1:15
MD5: FA7475C2F8141C92E765E60A76035C99:2535936
SUBS: Win32 GUI
PE: x86
EP: 8BFF558BEC837D0C017505E873140100FF75088B4D108B550CE8ECFEFFFF595DC20C003B0D549C24107502F3C3E9E71401008BFF558BEC83EC145657FF75088D4D
EPSEC: 0
EPRVA: 0019CF05
IBASE: 10000000
SEC:
.text:60000020:B3E8145AE3EADABF48B305F62E94D744:1872384
.rdata:40000040:2F9E7654D15B98747AC07855537DB261:323072
.data:C0000040:C2AA7AFD710D2C3B59CED72320E54256:217600
.rsrc:40000040:980ABA381F9FAB99F47F050159CD25C0:1536
.reloc:42000040:869BDAA9859B8783397AFA481D9C425F:120320
----- C:\ProgramData\Line 6\L6TWXY\L6TWXY64.dll ---- General Threat
Adware.Heur.Downloader.22A3.vl
ProdVer: 5.31
FileVer: 5.31
Name: TWXY Core
Company: Line 6
Signature verification: False
NAC: 7CD6FE593CC1045B8A00AC5A71288BC1:15
MD5: 47FF541362070F6F0F6747F008EF973A:3347968
SUBS: Win32 GUI
PE: x64
EP: 48895C24084889742410574883EC20498BF88BDA488BF183FA017505E8F71701004C8BC78BD3488BCE488B5C2430488B7424384883C4205FE9ABFEFFFFCCCCCC40
EPSEC: 0
EPRVA: 00204334
IBASE: 0000000180000000
SEC:
.text:60000020:7895E083BD9B7DD26467F367B458763D:2289664
.rdata:40000040:E02962E05D614E6636C1CE0B80D074B2:583680
.data:C0000040:C2CD4A7B3D18796F675BBAF35D860A90:256000
.pdata:40000040:67D479B0CEF42273A6BDF469DED86AE4:155648
text:20000040:F8D1877DD82D91675E19C6590571CA68:9216
data:40000040:7D2279048E02E79CE3F7BA929769A21C:16384
.rsrc:40000040:F95CE903709678A630E526A4D9669618:1536
.reloc:42000040:258FFD0E9A329598562F5C1F968722F7:34816
----- C:\ProgramData\Line 6\L6TWXY\data\res\BassPack.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: D8C5ABD880365E48D82325299ABC0DEA:1817560
----- C:\ProgramData\Line 6\L6TWXY\data\res\ClassicAmpsPack.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: BFDF1FA33E3653E2D2D9129F9084D783:423384
----- C:\ProgramData\Line 6\L6TWXY\data\res\FXExpansion.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 335732D1C0E76C185D32580C7F4B816D:518782
----- C:\ProgramData\Line 6\L6TWXY\data\res\GP2.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: F182C516475058D3A3421736A5849900:2005750
----- C:\ProgramData\Line 6\L6TWXY\data\res\GP2Ext.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: C85BA3E0FF860E73D90503DCB5390A81:815098
----- C:\ProgramData\Line 6\L6TWXY\data\res\GP3Std.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 0899C255BE8D3D1F843DEDD2AD4DF1E3:717942
----- C:\ProgramData\Line 6\L6TWXY\data\res\HiGainPack.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 544CA13D7D6F1948CB2E584096DC6CC1:489812
----- C:\ProgramData\Line 6\L6TWXY\data\res\ilxplt.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: F158DF8C2D75A960CBD24A345E013AE6:4064124
----- C:\ProgramData\Line 6\L6TWXY\data\res\ilxstd.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 38EEC22827DA8296E1609B725A2F4CC1:2716680
----- C:\ProgramData\Line 6\L6TWXY\data\res\TWXY.lang ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 2FA28D932AAA998231F3743F73ECFF6C:68400
----- C:\ProgramData\Line 6\L6TWXY\data\res\Z1Std.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 8ABDA2ACF312888CFCDA3DBA01E39E24:398702
----- C:\ProgramData\Line 6\L6TWXY\data\res\Z5Std.astwx ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 85D8C4E81B8A527077DFA966DFBD1008:480602
----- C:\ProgramData\Line 6\L6TWXY\data\tones\british_basic.l6t ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: E4FF53094DB66B39B9744B77B6F9C683:3092
----- C:\ProgramData\Line 6\L6TWXY\data\tones\clean_guitar_tone.l6t ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: 964DA86CD2F23277D877E1D27D7184FF:2190
----- C:\ProgramData\Line 6\L6TWXY\data\tones\virtually_clean.l6t ---- General Threat
Adware.Heur.Downloader.22A3.vl
MD5: CFC16B28C5D1603B01F6CC92598FAEC8:2112
----- C:\ProgramData\Line 6\L6TWXY\data\twx\L6TWX.dll ---- General Threat
Adware.Heur.Downloader.22A3.vl
ProdVer: 5.24
FileVer: 5.24
Name: L6TWX Dynamic Link Library
Company: Line 6
Signature verification: False
NAC: 1F7937292628A6EFB72654346B3AB53F:33
MD5: 7847261BB13070516A8594D04B23ADD4:529920
SUBS: Win32 GUI
PE: x86
EP: 8BFF558BEC837D0C017505E8E1910000FF75088B4D108B550CE8ECFEFFFF595DC20C008BFF558BEC83EC10FF750C8D4DF0E868EFFFFF8B45F083B8AC000000017E
EPSEC: 0
EPRVA: 00050DDE
IBASE: 10000000
SEC:
.text:60000020:F91CFED461079E81959B2DBBA27212CB:416256
.rdata:40000040:7B883AF7E35FF4F153414FC895D6071F:71168
.data:C0000040:10FF633A27A107658A013F4C17FDC397:11264
.rsrc:40000040:F715BF9031D2FA3F2035DAFE00E6F4C1:1536
.reloc:42000040:C6111B13730F33DA02B074EBFF4DCDDE:28672
----- C:\ProgramData\Line 6\L6TWXY\data\twx\L6TWX64_tr.dll ---- General Threat
Adware.Heur.Downloader.22A3.vl
ProdVer: 5.24
FileVer: 5.24
Name: L6TWX Dynamic Link Library
Company: Line 6
Signature verification: False
NAC: 1F7937292628A6EFB72654346B3AB53F:33
MD5: 80291E0BA7736B7D1C3744919D2E51EA:683520
SUBS: Win32 GUI
PE: x64
EP: 48895C24084889742410574883EC20498BF88BDA488BF183FA017505E8078D00004C8BC78BD3488BCE488B5C2430488B7424384883C4205FE9ABFEFFFFCCCCCC40
EPSEC: 0
EPRVA: 00063950
IBASE: 0000000180000000
SEC:
.text:60000020:9B993F09DE8F4A1038C19FABED135496:505856
.rdata:40000040:568FF2ADCEE2DCEAFB2F981F4CD84AAC:121856
.data:C0000040:C59AC0F582B20595EC8C6A15A3FC3676:13824
.pdata:40000040:7AA216E06675761D6ED3AA26353A9F9B:33280
.rsrc:40000040:7EBD0DC1248516A9F64E9D9B069EC785:1536
.reloc:42000040:82DC7A415835C46C52054B9B1CBF4196:6144
----- C:\ProgramData\Line 6\L6TWXY\ ---- General Threat
Adware.Heur.Downloader.22A3.vl
----- C:\Users\******\Desktop\Virus Stuff\2016-09-24\zoek.zip ---- General Threat
Malware.Win32.Gen.cc
MD5: 4DBB21E5A883B50C408239E05D927BCB:4186040
----- C:\Users\******\Desktop\Virus Stuff\2016-09-24\zoek.zip\zoek.exe ---- General Threat
Malware.Win32.Gen.cc
ProdVer: 5,0,0,1
FileVer: 5,0,0,1
Name: Zoek
Company: http:\/\/www.hijackthis.nl\/smeenk
Signature verification: False
NAC: 99299E80F7DAFE4C9D43DB5F58B173DC:35
MD5: 7EA0260488F304D68067A50B33A23AC2:1309184
RIC: FF6424C8D4F0AFF46A767882C86EC867:10032
RFH: 192:LE888JDcbZ4888KYPyr3ll/X1LA9ZdZSFv2IgTwoq+V:xiZxyr1l/FOgE1qo
SUBS: Win32 GUI
PE: x86
EP: 60BE157057008DBEEB9FE8FF5789E58D9C2480C1FFFF31C05039DC75FB4646536888092B005783C30453683CB813005683C3045350C70303000200909090909055
EPSEC: 1
EPRVA: 002B2860
IBASE: 00400000
SEC:
UPX0:E0000080:00000000000000000000000000000000:0
UPX1:E0000040:9839E904B19A2AF8BAAA28DD22AFB553:1295360
.rsrc:C0000040:18D0905753B2A68E2D13659DC807AF14:13312
Scan completed
Scan result: 23 detected items
Scan completed in: Scan completed in 26 minute(s) 16 sec.
Files were scanned: 52795
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/4/17
Scan Time: 6:38 PM
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.0
Update Package Version: 1.0.1660
License: Free
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ******-PC\******
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368565
Time Elapsed: 12 min, 33 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 1
PUP.Optional.AshampooRegistryCleaner, C:\PROGRAMDATA\ASHAMPOO\ICO_ASHAMPOO_MARKETPLACE.ICO, Delete-on-Reboot, [2977], [355157],1.0.1660
Physical Sector: 0
(No malicious items detected)
(end)
Use Patch My PC to restore Chrome.
Ads Fix Scan
Upload Files to VirusTotal
Ads Fix Scan
- Disable Windows Defender, Firewall & Antivirus prior to running this tool!!
- Save AdsFix to your desktop.
- Right Click & Run As Administrator.
- With an infected machine, it could take several seconds to be charged.
- You will then be prompted to install Certificates.
- Install then click OK.
- Right Click & Run As Administrator Again.
- Click Options then select Unlock the deletion.
- Then click on clean.
- Enter your country
- Don’t use the machine while scanning and be patient
- Once the scan has completed, please copy and paste the report in your next reply.
- The report will be C:\AdsFix_date_hour.txt or on your dektop with the same name.
Upload Files to VirusTotal
- Please go to VirusTotal.
- Click the Choose File button.
- Navigate to >>>>>>>> C:\ProgramData\Line 6\L6TWXY\L6TWXY64.dll
- or simply copy and paste it.
- Click the Scan it! button.
- You might see a message saying File already analysed, if you do click Reanalyse.
- Wait for all the scans to finish then copy and paste the web address from your broswer's address bar.
Example of web address :
- Include the link in your next reply.
Fix scan never prompted me to install certificates, so I proceeded with the rest of the instructions.
---------- | AdsFix | g3n-h@ckm@n | V4_03.04.17.4
----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 22:12:37 - 04/04/2017
update on : 03/04/2017 | 14.20 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\******\Desktop\AdsFix.exe
Boot: Normal boot
[****** (Administrator)] - [******-PC] - (USA [0409])
SID = S-1-5-21-3113485377-2953679804-1031508582-1000 || [5374657665205e5e]
PC : MSI - B75MA-E33 (MS-7808) - To be filled by O.E.M.
Processor : X64 - 3192 - Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Bios : American Megatrends Inc. - 01/21/2013 - V.V1.4
CoreTemp : 29.8 C
CPU #1 value:0 %
CPU #2 value:18 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:4 %
System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 8318 | Free (MB) : 6493
Pagefile = Total (MB) : 16634 | Free (MB) : 14643
Virtual = Total (MB) : 4194 | Free (MB) : 3971
C:\ -> [Fixed] | [] | Total : 465.66 Go | Free : 215.43 Go -> NTFS [SATA]
Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [04.04.2017 @ 22_12_34]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"
---------- | Windows Updates
Last detection : 2017-04-04 16:45:01
Last downloaded : 2017-03-11 19:50:15
Last installation : 2017-03-11 19:52:47
Next search : 2017-04-05 12:20:02
Windows Is Activated
---------- | Browsers
IE : 11.0.9600.18538 (© Microsoft Corporation. All rights reserved.)
FF : 52.0.2.6291 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
---------- | Security (atcav : 0)
AV :
AS : Windows Defender Disabled
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Started
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started
---------- | FlashPlayer
ActiveX : 25.0.0.127
Plugin : 25.0.0.127
---------- | Killed processes
828 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 341.44.) - (8.17.13.4144) = C:\Windows\System32\nvvsvc.exe
852 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.4144) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1348 | [Owner : SYSTEM |Parent : 828()] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.4144) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1356 | [Owner : SYSTEM |Parent : 828()] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 341.44.) - (8.17.13.4144) = C:\Windows\System32\nvvsvc.exe
1484 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1640 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Apple Inc. - MobileDeviceService.) - (17.374.70.8) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1696 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe
1800 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Foxit Software Inc. - Foxit Reader ConnectedPDF Windows Service..) - (8.2.0.1206) = C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
1912 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Aladdin Knowledge Systems Ltd. - Aladdin HASP License Manager Service.) - (12.47.1.11911) = C:\Windows\System32\hasplms.exe
1988 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Microsoft Corporation - Machine Debug Manager.) - (7.10.3077.0) = C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1188 | [Owner : ****** |Parent : 592(services.exe)] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
2228 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.BUFFALO INC. - NAS Power Management Service.) - (1.0.9.1121) = C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
2300 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.NVIDIA Corporation - NVIDIA Network Service.) - (1.0.8.24) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
2332 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (3.1.100.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
2476 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.PACE Anti-Piracy, Inc. - PACE License Service.) - (2.4.7.852) = C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
2580 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Paramount Software UK Ltd - Reflect Service - Enables mounting of images.) - (6.1.865.0) = C:\Program Files\Macrium\Reflect\ReflectService.exe
2724 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Copyright 2017. - ZAM.) - (2.72.0.324) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
3364 | [Owner : ****** |Parent : 1348()] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.4144) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3392 | [Owner : ****** |Parent : 3364()] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) - (15.3.33.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
3492 | [Owner : LOCAL SERVICE |Parent : 592(services.exe)] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2192 | [Owner : SYSTEM |Parent : 2332()] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (3.1.100.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
4152 | [Owner : ****** |Parent : 2424(explorer.exe)] - (.Microsoft Corporation - Notepad.) - (6.1.7601.18917) = C:\Windows\System32\notepad.exe
4324 | [Owner : NETWORK SERVICE |Parent : 592(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
4744 | [Owner : ****** |Parent : 2424(explorer.exe)] - (.Mozilla Corporation - Firefox.) - (52.0.2.6291) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1164 | [Owner : ****** |Parent : 4744(firefox.exe)] - (.Mozilla Corporation - Firefox.) - (52.0.2.6291) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1812 | [Owner : NETWORK SERVICE |Parent : 592(services.exe)] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe
4132 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Microsoft Corporation - Windows Modules Installer.) - (6.1.7601.17514) = C:\Windows\servicing\TrustedInstaller.exe
---------- | Tasks
Deleted successfully : Trojan Remover
---------- | Services
Deleted service : rpcapd : "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini"
---------- | AppCertDlls | AppInit_DLLs
---------- | DNSapi.dll
C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts
---------- | Hosts
---------- | SafeBoot
---------- | Winsock
---------- | DNS
---------- | Register
https://www.virustotal.com/en/file/...d68668a9edb038b80b39125b/analysis/1491364611/
---------- | AdsFix | g3n-h@ckm@n | V4_03.04.17.4
----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 22:12:37 - 04/04/2017
update on : 03/04/2017 | 14.20 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\******\Desktop\AdsFix.exe
Boot: Normal boot
[****** (Administrator)] - [******-PC] - (USA [0409])
SID = S-1-5-21-3113485377-2953679804-1031508582-1000 || [5374657665205e5e]
PC : MSI - B75MA-E33 (MS-7808) - To be filled by O.E.M.
Processor : X64 - 3192 - Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Bios : American Megatrends Inc. - 01/21/2013 - V.V1.4
CoreTemp : 29.8 C
CPU #1 value:0 %
CPU #2 value:18 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:4 %
System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 8318 | Free (MB) : 6493
Pagefile = Total (MB) : 16634 | Free (MB) : 14643
Virtual = Total (MB) : 4194 | Free (MB) : 3971
C:\ -> [Fixed] | [] | Total : 465.66 Go | Free : 215.43 Go -> NTFS [SATA]
Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [04.04.2017 @ 22_12_34]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"
---------- | Windows Updates
Last detection : 2017-04-04 16:45:01
Last downloaded : 2017-03-11 19:50:15
Last installation : 2017-03-11 19:52:47
Next search : 2017-04-05 12:20:02
Windows Is Activated
---------- | Browsers
IE : 11.0.9600.18538 (© Microsoft Corporation. All rights reserved.)
FF : 52.0.2.6291 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
---------- | Security (atcav : 0)
AV :
AS : Windows Defender Disabled
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Started
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started
---------- | FlashPlayer
ActiveX : 25.0.0.127
Plugin : 25.0.0.127
---------- | Killed processes
828 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 341.44.) - (8.17.13.4144) = C:\Windows\System32\nvvsvc.exe
852 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.4144) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1348 | [Owner : SYSTEM |Parent : 828()] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.4144) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1356 | [Owner : SYSTEM |Parent : 828()] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 341.44.) - (8.17.13.4144) = C:\Windows\System32\nvvsvc.exe
1484 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1640 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Apple Inc. - MobileDeviceService.) - (17.374.70.8) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1696 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe
1800 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Foxit Software Inc. - Foxit Reader ConnectedPDF Windows Service..) - (8.2.0.1206) = C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
1912 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Aladdin Knowledge Systems Ltd. - Aladdin HASP License Manager Service.) - (12.47.1.11911) = C:\Windows\System32\hasplms.exe
1988 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Microsoft Corporation - Machine Debug Manager.) - (7.10.3077.0) = C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1188 | [Owner : ****** |Parent : 592(services.exe)] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
2228 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.BUFFALO INC. - NAS Power Management Service.) - (1.0.9.1121) = C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
2300 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.NVIDIA Corporation - NVIDIA Network Service.) - (1.0.8.24) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
2332 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (3.1.100.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
2476 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.PACE Anti-Piracy, Inc. - PACE License Service.) - (2.4.7.852) = C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
2580 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Paramount Software UK Ltd - Reflect Service - Enables mounting of images.) - (6.1.865.0) = C:\Program Files\Macrium\Reflect\ReflectService.exe
2724 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Copyright 2017. - ZAM.) - (2.72.0.324) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
3364 | [Owner : ****** |Parent : 1348()] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.4144) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3392 | [Owner : ****** |Parent : 3364()] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) - (15.3.33.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
3492 | [Owner : LOCAL SERVICE |Parent : 592(services.exe)] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2192 | [Owner : SYSTEM |Parent : 2332()] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (3.1.100.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
4152 | [Owner : ****** |Parent : 2424(explorer.exe)] - (.Microsoft Corporation - Notepad.) - (6.1.7601.18917) = C:\Windows\System32\notepad.exe
4324 | [Owner : NETWORK SERVICE |Parent : 592(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
4744 | [Owner : ****** |Parent : 2424(explorer.exe)] - (.Mozilla Corporation - Firefox.) - (52.0.2.6291) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1164 | [Owner : ****** |Parent : 4744(firefox.exe)] - (.Mozilla Corporation - Firefox.) - (52.0.2.6291) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1812 | [Owner : NETWORK SERVICE |Parent : 592(services.exe)] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe
4132 | [Owner : SYSTEM |Parent : 592(services.exe)] - (.Microsoft Corporation - Windows Modules Installer.) - (6.1.7601.17514) = C:\Windows\servicing\TrustedInstaller.exe
---------- | Tasks
Deleted successfully : Trojan Remover
---------- | Services
Deleted service : rpcapd : "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini"
---------- | AppCertDlls | AppInit_DLLs
---------- | DNSapi.dll
C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts
---------- | Hosts
---------- | SafeBoot
---------- | Winsock
---------- | DNS
---------- | Register
https://www.virustotal.com/en/file/...d68668a9edb038b80b39125b/analysis/1491364611/
- Status