Straza

ADW Cleaner Logs AdwCleaner-1st.txt AdwCleaner-2nd.txt AdwCleaner-3rd.txt

I also ran Zoek log file attached zoek-results.txt

Windows Defender was being blocked by a reg edit and now I am getting this error when trying to run it. "This service couldn't be started. The service did not respond to the start or control request in a timely fashion. Error code: 0x8007041d" FRST.txt Addition.txt

Multiple scans complete, 0 threats Everything seems to be back in order Thank you very much and Merry Christmas!

It installed just fine now, and I am currently running a second scan First scan attached Fixlog.txt First Scan.txt

This is my PC, home computer just built

mbam installer is still being blocked, Will not complete install. Log files attached FRST.txt Addition.txt

ZOEK Log: Zoek.exe v5.0.0.1 Updated 22-December-2015Tool run by Phil on Thu 12/24/2015 at 10:12:58.55.Microsoft Windows 10 Pro 10.0.10240 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Phil\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 12/24/2015 10:13:31 AM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~3\Comms deleted successfullyC:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfullyC:\PROGRA~3\SoftwareDistribution deleted successfullyC:\Users\Phil\AppData\Local\85860456 deleted successfullyC:\Users\Phil\AppData\Local\PeerDistRepub deleted successfullyC:\Users\Phil\AppData\Local\VirtualStore deleted successfullyC:\Users\Phil\AppData\Local\yuntnani deleted successfullyC:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfullyC:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\jid1-xNAj4KGyf5wyhg@jetpack deleted successfully ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not foundC:\PROGRA~3\1450964104 deletedC:\PROGRA~3\Package Cache deletedC:\Users\Phil\AppData\Local\installer.exe deletedC:\Users\Phil\AppData\Local\installer4.exe deletedC:\Users\Phil\AppData\Local\uid.exe deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deletedC:\windows\SysNative\GroupPolicy\Machine deletedC:\windows\SysNative\GroupPolicy\User deletedC:\windows\SysNative\GroupPolicy\gpt.ini deleted ==== Chromium Look ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensionsjlcgehabolcakkjhgmgpkagpolbjlhfa - No path found[] IM+ - Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdplllgoohfmnpnbplklnkegbffnheoCrackle - Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinicmySchoolNotebook.com - Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pamfapbnciponedgddhhlaodehbfhaai ==== Chromium Fix ====================== C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfullyC:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfullyC:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfullyC:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfullyC:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage deleted successfullyC:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]No DefaultScope Set For HKCU New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCHKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCHKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Reset IE Proxy ====================== Value(s) before fix:"ProxyServer"="http=127.0.0.1:8877;https=127.0.0.1:8877""ProxyOverride"="<-loopback>""ProxyEnable"=dword:00000001 Value(s) after fix:"ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Phil\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\Phil\AppData\Local\Microsoft\Windows\INetCache\IE\T2BW30XO will be deleted at rebootC:\Users\Phil\AppData\Local\Microsoft\Windows\INetCache\IE\WOLQ7YC9 will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=32 folders=25 21491465 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptiedC:\Users\Phil\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Phil\AppData\Local\Microsoft\Windows\INetCache\IE\T2BW30XO" not found"C:\Users\Phil\AppData\Local\Microsoft\Windows\INetCache\IE\WOLQ7YC9" not found ==== EOF on Thu 12/24/2015 at 10:20:28.41 ======================

Got Adw Cleaner to run, here is the Log: # AdwCleaner v5.026 - Logfile created 24/12/2015 at 09:52:15# Updated 21/12/2015 by Xplode# Database : 2015-12-23.1 [server]# Operating system : Windows 10 Pro (x64)# Username : Phil - DESKTOP-KH1NA9E# Running from : C:\Users\Phil\Downloads\adwcleaner_5.026.exe# Option : Cleaning# Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Users\Phil\AppData\Local\BrowserAir ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** [-] Shortcut Disinfected : C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}][-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page][-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{36854A36-8D26-4502-9A16-20E9FE63463D} ***** [ Web browsers ] ***** [-] [C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jlcgehabolcakkjhgmgpkagpolbjlhfa[-] [C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=FCOzamobl3687,2ba4acf8-5f4b-48af-8c5f-38476a6c249b,&vp=ch&prd=set_ch ************************* :: "Tracing" keys removed:: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1529 bytes] ########## Still trying to find a downloadable source for ZOEK.

This is a nasty one, it is blocking me downloading those files, When trying to access bleepingcomputer.com I get the following: "The page cannot be displayed because an internal server error has occurred." This also happens when I try to download it from different sites. Thoughts?

I have my logs attached, thx in advance FRST.txt Addition.txt CheckResults.txt