-
November 25th, 2017, 09:03 PM
#16
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
- Close all the running programs
- Double click on downloaded setup.exe file to install the program.
- Click on Start Scan button.
- Click on another Start Scan button.
- Wait until the Status box shows Scan Finished
- Click on Remove Selected.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator - The tool will start to update the database if one is required.
- Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Logfile button.
- A window will open which lists the logs of your scans.
- Click on the Scan tab.
- Double-click the most recent scan which will be at the top of the list....the log will appear.
- Review the results...see note below
- After reviewing the log, click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
- To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
- Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
- A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
-
November 26th, 2017, 09:08 AM
#17
RKreport.txt
RogueKiller V12.11.25.0 (x64) [Nov 20 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mark [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 11/25/2017 23:33:57 (Duration : 02:25:56)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 12 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Search Settings -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\APN PIP -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Link64 -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\YahooPartnerToolbar -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\APN PIP -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Link64 -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\YahooPartnerToolbar -> Not selected
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> Not selected
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {03EB0E9C-7A91-4381-A220-9B52B641CDB1} : IObit Apps Toolbar -> Not selected
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {03EB0E9C-7A91-4381-A220-9B52B641CDB1} : IObit Apps Toolbar -> Not selected
[PUP.Gen0|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WCAssistantService (C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe) -> Not selected
[PUP.Gen0|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WCAssistantService (C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe) -> Not selected
¤¤¤ Tasks : 3 ¤¤¤
[Hj.Shortcut] \{06A042C1-A4E6-4FE1-BA83-017A2F664DFD} -- "c:\program files (x86)\internet explorer\iexplore.exe" (http://ui.skype.com/ui/0/5.5.0.124/e...fered;disabled) -> Deleted
[Hj.Shortcut] \{662EF20E-8AFE-49E9-85A6-C784C8930670} -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (http://ui.skype.com/ui/0/4.2.0.155/e...toolbaroffered) -> Deleted
[Hj.Shortcut] \{A95C2512-1A1D-4CE4-99C9-7F71C22FCF7E} -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (http://ui.skype.com/ui/0/4.2.0.155/e...alreadyoffered) -> Deleted
¤¤¤ Files : 11 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Definitions\MaliciousUrlDaily.zip -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Definitions\MaliciousUrlWeekly.zip -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Definitions -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Icons\bing.ico -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Icons -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Logs\WindowsService\WCAssistantServiceLog.log -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Logs\WindowsService -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Logs -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\ActiveFeatures.zip -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\CurrentReleaseNotes.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\install.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\LatestReleaseNotes.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\partner.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\Statistics.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\UpdateServer.txt -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Options -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\VideoDownloaderUltimate -> Deleted
[PUP.Gen1][File] C:\ProgramData\VideoDownloaderUltimate\ffmpeg.exe -> Deleted
[PUP.Gen1][File] C:\ProgramData\VideoDownloaderUltimate\Firefox\global.ini -> Deleted
[PUP.Gen1][File] C:\ProgramData\VideoDownloaderUltimate\Firefox\rtmp.exe -> Deleted
[PUP.Gen1][File] C:\ProgramData\VideoDownloaderUltimate\Firefox\Uninstall.exe -> Deleted
[PUP.Gen1][File] C:\ProgramData\VideoDownloaderUltimate\Firefox\vdultimate.exe -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\VideoDownloaderUltimate\Firefox -> Deleted
[PUP.Gen1][File] C:\ProgramData\VideoDownloaderUltimate\Firefox_old\global.ini -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\VideoDownloaderUltimate\Firefox_old -> Deleted
[PUP.Gen1][Folder] C:\Users\Mark\AppData\Roaming\Lavasoft\Web Companion -> Deleted
[PUP.Gen1][File] C:\Users\Mark\AppData\Roaming\Lavasoft\Web Companion\Options\Language.txt -> Deleted
[PUP.Gen1][Folder] C:\Users\Mark\AppData\Roaming\Lavasoft\Web Companion\Options -> Deleted
[PUP.Tific][Folder] C:\Users\Mark\AppData\Roaming\Tific -> Deleted
[PUP.Tific][File] C:\Users\Mark\AppData\Roaming\Tific\Environment.tfc -> Deleted
[PUP.Tific][File] C:\Users\Mark\AppData\Roaming\Tific\tificocs.symantec.com.tfc -> Deleted
[PUP.Gen1][Folder] C:\Users\Mark\AppData\Local\SlimWare Utilities Inc -> Deleted
[PUP.Gen1][Folder] C:\Users\Mark\AppData\Local\YSearchUtil -> Deleted
[PUP.Gen1][Folder] C:\Users\Mark\AppData\Local\YSearchUtil\CrashLogs -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion -> ERROR [3]
[PUP.Gen1][Folder] C:\ProgramData\VideoDownloaderUltimate -> ERROR [3]
[PUP.Gen1][Folder] C:\Program Files\Uninstaller -> Deleted
[PUP.Gen1][File] C:\Program Files\Uninstaller\Uninstall.xml -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Ad-Aware Web Companion.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\BCUEngineS.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\BCUSDK.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\BrowserManager.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\BrowserParameters.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\de-DE\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\de-DE\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\de-DE -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\en-US\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\en-US\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\en-US -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\es-ES\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\es-ES\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\es-ES -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Esent.Interop.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Extension\@wcextensionff.xpi -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Extension -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\fr-CA\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\fr-CA\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\fr-CA -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.IWshRuntimeLibrary.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.SHDocVw.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.Shell32.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\it-IT\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\it-IT\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\it-IT -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ja-JP\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ja-JP\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ja-JP -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Automation.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.IEController.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SmartAssemblyUI.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe.config -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\log4net.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\LogicNP.EZShellExtensions.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\LZ4.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Microsoft.mshtml.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\pt-BR\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\pt-BR\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\pt-BR -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ru-RU\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ru-RU\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ru-RU -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\SmartAssembly.ReportException.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\SmartExceptionsCore.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\System.Data.SQLite.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\tr-TR\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\tr-TR\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\tr-TR -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebcompaionReimageIcon.ico -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe.config -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionExtensionIE.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon.ico -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon_Pro.ico -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe.config -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.pdb -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\x64\SQLite.Interop.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\x64 -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\x86 -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-CHS\WebCompanionInstaller.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-CHS -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-Hans\WebCompanion.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-Hans -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application -> Deleted
[PUP.Gen3][File] C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo_ff.xml -> Deleted
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 7 ¤¤¤
[PUP.Gen2][Firefox:Addon] cro82bul.default-1405778775589 : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Not selected
[PUP.Gen2][Firefox:Addon] px2us03v.default-1438862973166-1505776534346 : Video Downloader professional [ffext_basicvideoext@startpage24] -> Not selected
[PUP.Gen2][Firefox:Addon] xja4n96y.Mark : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Not selected
[PUP.Gen0][Chrome:Addon] Default : Video Downloader professional [elicpjhcidhpjomhibiffojpinpmmpil] -> Not selected
[PUM.HomePage][Firefox:Config] px2us03v.default-1438862973166-1505776534346 : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/"); -> Not selected
[PUM.SearchEngine][Firefox:Config] cro82bul.default-1405778775589 : user_pref("browser.search.selectedEngine", "Astromenda"); -> Not selected
[PUM.SearchEngine][Firefox:Config] px2us03v.default-1438862973166-1505776534346 : user_pref("browser.search.defaultenginename", "Bing®"); -> Not selected
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] e43f5ce005e8915020c7e23b8a8aadfd
[BSP] ce58651762c921c45f80955eb1e9033b : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 292890 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 600248320 | Size: 12154 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
-
November 26th, 2017, 10:02 AM
#18
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 11/26/17
Scan Time: 8:11 AM
Log File: 541c2c10-d2ab-11e7-8350-001f16ed4bf8.json
Administrator: Yes
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3349
License: Trial
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mark-PC\Mark
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 418935
Threats Detected: 8
Threats Quarantined: 8
Time Elapsed: 21 min, 4 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 1
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [1218], [380352],1.0.3349
Module: 1
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [1218], [380352],1.0.3349
Registry Key: 1
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService11, Quarantined, [1218], [380352],1.0.3349
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 5
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_PerformanceMonitor, Quarantined, [1218], [380341],1.0.3349
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_SkipUac_Mark, Quarantined, [1218], [380341],1.0.3349
PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 11.lnk, Quarantined, [1218], [380338],1.0.3349
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [1218], [380352],1.0.3349
PUP.Optional.AdvancedSystemCare, C:\USERS\MARK\DOWNLOADS\ADVANCED-SYSTEMCARE-SETUP.EXE, Quarantined, [1218], [396386],1.0.3349
Physical Sector: 0
(No malicious items detected)
(end)
-
November 26th, 2017, 10:30 AM
#19
# AdwCleaner 7.0.4.0 - Logfile created on Sun Nov 26 14:37:57 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
Deleted: WCAssistantService
***** [ Folders ] *****
Deleted: C:\IObit\Advanced SystemCare
Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\Mark\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\Mark\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\HPAppData
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HPAppData
Deleted: C:\Users\Mark\AppData\LocalLow\HPAppData
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
***** [ Files ] *****
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Deleted: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346\searchplugins\bing-lavasoft.xml
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare
Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\IObit\Advanced SystemCare
Deleted: [Key] - HKCU\Software\IObit\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\IObit\RealTimeProtector
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted: [Key] - HKLM\SOFTWARE\IObit Apps
Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\IObit Apps
Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\AppDataLow\Software\IObit Apps
Deleted: [Key] - HKCU\Software\IObit Apps
Deleted: [Key] - HKCU\Software\AppDataLow\Software\IObit Apps
Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\APN PIP
Deleted: [Key] - HKCU\Software\APN PIP
Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\YahooPartnerToolbar
Deleted: [Key] - HKCU\Software\YahooPartnerToolbar
Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Link64
Deleted: [Key] - HKCU\Software\Link64
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Key] - HKLM\SOFTWARE\Search Settings
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B}
Deleted: [Key] - HKLM\SOFTWARE\Auslogics
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [7971 B] - [2017/11/24 4:33:21]
C:/AdwCleaner/AdwCleaner[S1].txt - [7469 B] - [2017/11/26 14:32:7]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
Last edited by COPO; November 26th, 2017 at 11:19 AM.
Reason: prior txt was too old
-
November 26th, 2017, 05:46 PM
#20
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix. - Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
-
November 26th, 2017, 11:31 PM
#21
https://www.flickr.com/gp/15757759@N02/27y8o2
https://www.flickr.com/gp/15757759@N02/be5nr4
From my phone browser.
I’ve done 1 continue and seem to get the same 2 warnings.
What can I do now?
-
November 26th, 2017, 11:49 PM
#22
-
November 27th, 2017, 12:06 AM
#23
Seems to be going through different named files. Will this eventually end?
Last edited by COPO; November 27th, 2017 at 12:15 AM.
-
November 27th, 2017, 12:22 AM
#24
OK, wait.
Answer NO to the first warning.
-
November 27th, 2017, 12:33 AM
#25
Finally ended and shutdown and Win 7 is booting up. Hopefully it created a txt file. This program started about 7pm.
Now the Administration Combofix screen came up.
Preparing log report.
Got my Windows 7 desktop back. I'll check for the txt file.
Last edited by COPO; November 27th, 2017 at 12:37 AM.
-
November 27th, 2017, 01:11 AM
#26
Doesn't look good. All my exe programs come up as this one shown for chrome.
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Illegal operation attempted on a registry key that has been marked for deletion.
I tried all the browsers I have and get the same msg even when I go directly to the C:\Program Files directory.
The same msg came up for the ComboFix.txt file
C:\ComboFix\ComboFix.txt
Illegal operation attempted on a registry key that has been marked for deletion.
How do we get out of this? Restore? Which always fails on my laptop. I do have my PC backed up using Windows 7
Backup/Restore function but if no .exe files work then that won't work.
Last edited by COPO; November 27th, 2017 at 01:15 AM.
-
November 27th, 2017, 08:25 AM
#27
I do have a backup of my registry both on my PC and USB HD but regedit doesn't work due to having the same registry msg as above.
I also have a Win backup using AOMEI Backupper, but the exe file gets the same error of course. And Windows backup and restore won't
work either.
I do have my Windows 7 Recovery discs I created when I first powered up my laptop when it was new.
Last edited by COPO; November 27th, 2017 at 09:25 AM.
Reason: Ad more
-
November 27th, 2017, 10:07 AM
#28
Am I down to 2 options?
Restore in Safe Mode since Windows mode will not execute
and the other option probably is to reinstall Win7 using my Recovery Discs.
-
November 27th, 2017, 12:02 PM
#29
I can view photos and videos from my HD's.
I also have the cd I created in 2016 labeled
Win-7 64 bit Repair Disc which was created using Windows Backup and Restore
with options to:
- boot your computer
- Windows System Recovery Tools
- Restore computer from a system image
Last edited by COPO; November 27th, 2017 at 12:15 PM.
-
November 27th, 2017, 09:56 PM
#30
Restart computer one more time.
Thread Information
Users Browsing this Thread
There are currently 4 users browsing this thread. (0 members and 4 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|