Sangrail
Honorary Members-
Posts
26 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Sangrail
-
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
Many thanks for your kind and patient help! Sangrail -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
So: Security Check log Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2014 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 60 Adobe Reader XI Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
Oops - I meant not -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
You're right - it's the little switch in the top left. C and P was fine everywhere else, just not here. Anyhow, have you led me to the end of my cleanup adventure? ) -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
Here's the JavaRa log: www.pastebin.com/aMQab2Vs I seem to have lost the ability to cut-and-paste onto this forum! Sangrail -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
Thanks! Here's yesterday's fixlog: http://www78.zippyshare.com/v/948694/file.html -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
Thanks again - I'll need to sort out Java tomorrow evening. Will the FRST also get rid of the three Kryptik.ARH Trojans mentioned near the bottom of the list in post #28? The FRST log is enormous - too large for Pastebin - any tips? Good night, for now. ) -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
Finally, Security Check: Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2014 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 60 Adobe Reader 9 Adobe Reader XI Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 7% ````````````````````End of Log`````````````````````` -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
ESET file: C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\hk64tbVuz2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\hktbVuz2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\ldrtbVuz0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\ldrtbVuz2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\tbVuz0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\tbVuz1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\tbVuz2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\tbVuze.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Kristof\AppData\LocalLow\Vuze_Remote\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application C:\FRST\Quarantine\C\Users\Kristof\AppData\Local\Temp\ApnStub.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application C:\FRST\Quarantine\C\Users\Kristof\AppData\Local\Temp\nsmF4FC.tmp.tbFLV_.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\FRST\Quarantine\C\Users\Kristof\AppData\Local\Temp\tbedrs.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\FRST\Quarantine\C\Users\Kristof\AppData\Local\Temp\tbFLV_.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\FRST\Quarantine\C\Users\Kristof\AppData\Local\Temp\FreeTorrentViewer\SearchResultsToolbar.exe.xBAD a variant of Win32/Toolbar.Visicom.A potentially unwanted application C:\FRST\Quarantine\C\Users\Kristof\AppData\Local\Temp\nss1FA3\SpSetup.exe.xBAD a variant of Win32/Conduit.SearchProtect.H potentially unwanted application C:\Users\Kristof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q491BF33\h0s5c6gcj3[1].htm JS/Kryptik.ARH trojan C:\Users\Kristof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q491BF33\ppbme9d68g[1].htm JS/Kryptik.ARH trojan C:\Users\Kristof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQNK3YDD\tx17nhjdoz[1].htm JS/Kryptik.ARH trojan C:\Users\Kristof\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4163e28e-77c4c83d multiple threats C:\Users\Kristof\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\55e7adb1-66012493 multiple threats C:\Users\Kristof\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3956c009-75ef54d7 multiple threats -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
HitmanPro: HitmanPro 3.7.9.216www.hitmanpro.com Computer name . . . . : KRISTOF-TOSH Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : Kristof-Tosh\Kristof UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2014-06-16 23:16:09 Scan mode . . . . . . : Normal Scan duration . . . . : 7m 20s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 60 Objects scanned . . . : 1,596,909 Files scanned . . . . : 49,111 Remnants scanned . . : 468,728 files / 1,079,070 keysPotential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar)Cookies _____________________________________________________________________ C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\0SY5CPN0.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\0VS2JFYM.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\1HCY2PLS.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\1W4QS8XY.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\20KT58LF.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\2I2B5DWP.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\2KZEGKNE.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\2V7X7JUA.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\3YCJVDWG.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\5H83VVI2.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\6GRMTSRL.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\70TQT9AF.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\7SENHPAW.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\96P7ZK5P.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\A6Y1J8W5.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\B01V1AXD.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\B897O8NC.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\BHWUTXAY.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\CV0K230H.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\D757V3YV.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\DR9DLD32.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\F8VIRVBK.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\FIBJ6KX2.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\FPBNWUI4.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\FSQZIVXV.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\G0QQX243.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\GE5X710O.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\H8NB6OUG.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\HEMCB4KH.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\IB01F4C5.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\IB35D1PH.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\J3V304WR.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\JGIC41FR.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\JTQ4N0Z4.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\LR40ISS2.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\LVW248UZ.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\M35QFPKB.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\NP55ZFO6.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\PCTBZ6WH.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\PYV5WPU6.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\Q32P3WTB.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\QFOKUKNE.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\QPTI3FLE.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\SCFCRB0A.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\SX17707U.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\T4GVOBT6.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\TJ20MTB0.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\UWS9B5XA.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\UZR9LOLF.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\WUMACZRQ.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\Z1XWE7XK.txt C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Cookies\ZHCKV0D3.txt -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
Thanks! TDS now - http://pastebin.com/ESWVm2gW -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
Should I delete all the items identified in the Roguekiller report? -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
RogueKiller: http://pastebin.com/wYB8rNYa -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
RKill: Rkill 2.6.6 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/16/2014 10:35:28 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 06/16/2014 10:37:54 PM Execution time: 0 hours(s), 2 minute(s), and 25 seconds(s) -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
OK - Malware again: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 16/06/2014 Scan Time: 21:59:49 Logfile: 16Jun2014.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.16.07 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Kristof Scan Type: Threat Scan Result: Completed Objects Scanned: 275158 Time Elapsed: 24 min, 57 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 3 PUP.Optional.SearchResults.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fa63398e-322b-4833-9af3-15837ad12138}, Quarantined, [b8fa10631566e65020231c229e64e31d], PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, Quarantined, [49691b580279ee488bb764da31d1b64a], PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, Quarantined, [832fef84631875c19dbb1b5d13ef629e], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
...and from JRT Ran by Kristof on 16/06/2014 at 17:52:31.88 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}" ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\coupons" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16/06/2014 at 18:03:41.33 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
...and the ADw report # AdwCleaner v3.212 - Report created 16/06/2014 at 17:40:01 # Updated 05/06/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Kristof - KRISTOF-TOSH # Running from : C:\Users\Kristof\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\FileCure Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} Folder Deleted : C:\Users\Kristof\AppData\Local\Conduit Folder Deleted : C:\Users\Kristof\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Kristof\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Kristof\AppData\LocalLow\Inbox Toolbar Folder Deleted : C:\Users\Kristof\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Kristof\AppData\LocalLow\Vuze_Remote Folder Deleted : C:\Users\Kristof\AppData\Roaming\DriverCure ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Key Deleted : HKLM\SOFTWARE\Classes\inbox.appserver Key Deleted : HKLM\SOFTWARE\Classes\inbox.ibx404 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\APN DTX Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ParetoLogic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AVG SafeGuard toolbar Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\ParetoLogic ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16555 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\Kristof\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [4904 octets] - [16/06/2014 17:38:20] AdwCleaner[s0].txt - [4594 octets] - [16/06/2014 17:40:01] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4654 octets] ########## -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
Good afternoon! Here's the Malwarebytes log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 15/06/2014 Scan Time: 21:42:32 Logfile: 15JunLog.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.15.05 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Kristof Scan Type: Threat Scan Result: Completed Objects Scanned: 274323 Time Elapsed: 34 min, 15 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 4 PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [377b83f0136842f4e97edb9cad5548b8], PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [377b83f0136842f4e97edb9cad5548b8], PUP.Optional.SearchResults.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fa63398e-322b-4833-9af3-15837ad12138}, No Action By User, [e6cc6f0424578caa89c992ab38cad729], PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, No Action By User, [6a48363d04773ff78cc54cf1c73b13ed], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
Thanks, here's the log: Farbar Service Scanner Version: 10-06-2014 Ran by Kristof (administrator) on 15-06-2014 at 20:15:37 Running from "C:\Users\Kristof\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log **** -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
I have backed up using the 'fallback method', since the program could not use the volume shadow copy service - is this OK? -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
Thanks. Result of scan: Farbar Service Scanner Version: 10-06-2014 Ran by Kristof (administrator) on 15-06-2014 at 12:45:19 Running from "C:\Users\Kristof\Desktop" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Firewall Disabled Policy: ================== "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist. System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. winmgmt Service is not running. Checking service configuration: The start type of winmgmt service is OK. The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs". The ServiceDll of winmgmt: "C:\PROGRA~3\54B3A3B70419D8318008E045557603FC\0lmq237.dot". Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Other Services: ============== Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist. Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist. Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist. Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist. Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist. File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log **** -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
Good morning, and many thanks - Vuze is now uninstalled. Attached is the fixlog, as requested. Fixlog.txt -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
OK - the only one left now is Vuze, which I can't get REVO to recognise and uninstall. -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
When I try to uninstall Vuze, I get this message: No JVM could be found on your system. Please define EXE4J_JAVA_HOME to point to an installed 64-bit JDK or JRE download a JRE from www.java.com When I try to uninstall ASK toolbar and the Paretologic pc health advisor it says it says wait while the current program is being uninstalled. Filecure, flv and search results have uninstalled. -
Blocked by system administrator...
Sangrail replied to Sangrail's topic in Resolved Malware Removal Logs
Hello! I would welcome your help to clean the computer as far as possible. Sangrail