Jump to content

Creator

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Malwarebytes Anti-Malware www.malwarebytes.org Protection, 11/12/2016 7:37 PM, SYSTEM, LENOVO-T430, Protection, Malware Protection, Starting, Protection, 11/12/2016 7:37 PM, SYSTEM, LENOVO-T430, Protection, Malware Protection, Started, Protection, 11/12/2016 7:37 PM, SYSTEM, LENOVO-T430, Protection, Malicious Website Protection, Starting, Protection, 11/12/2016 7:37 PM, SYSTEM, LENOVO-T430, Protection, Malicious Website Protection, Started, Update, 11/12/2016 7:39 PM, SYSTEM, LENOVO-T430, Manual, Remediation Database, 2016.2.12.1, 2016.9.21.1, Update, 11/12/2016 7:39 PM, SYSTEM, LENOVO-T430, Manual, Rootkit Database, 2016.2.8.1, 2016.10.31.1, Update, 11/12/2016 7:39 PM, SYSTEM, LENOVO-T430, Manual, IP Database, 2016.2.8.1, 2016.11.11.1, Update, 11/12/2016 7:39 PM, SYSTEM, LENOVO-T430, Manual, Domain Database, 2016.2.16.8, 2016.11.12.1, Update, 11/12/2016 7:39 PM, SYSTEM, LENOVO-T430, Manual, Malware Database, 2016.2.16.6, 2016.11.12.10, Protection, 11/12/2016 7:39 PM, SYSTEM, LENOVO-T430, Protection, Refresh, Starting, Protection, 11/12/2016 7:39 PM, SYSTEM, LENOVO-T430, Protection, Malicious Website Protection, Stopping, Protection, 11/12/2016 7:39 PM, SYSTEM, LENOVO-T430, Protection, Malicious Website Protection, Stopped, Protection, 11/12/2016 7:39 PM, SYSTEM, LENOVO-T430, Protection, Refresh, Success, Protection, 11/12/2016 7:39 PM, SYSTEM, LENOVO-T430, Protection, Malicious Website Protection, Starting, Protection, 11/12/2016 7:39 PM, SYSTEM, LENOVO-T430, Protection, Malicious Website Protection, Started, Scan, 11/12/2016 7:55 PM, SYSTEM, LENOVO-T430, Manual, Start:11/12/2016 7:39 PM, Duration:16 min 6 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, (end)
  2. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/12/2016 Scan Time: 7:39 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.11.12.10 Rootkit Database: v2016.10.31.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: ThinkPad Scan Type: Threat Scan Result: Completed Objects Scanned: 343816 Time Elapsed: 16 min, 6 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Disabled Rootkits: Enabled Heuristics: Disabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  3. Hi, no issues after Sophos Free Virus Removal Tool scan, '0' issues. thank you,
  4. # AdwCleaner v6.030 - Logfile created 06/11/2016 at 19:33:09 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-11-05.1 [Server] # Operating System : Windows 10 Pro (X64) # Username : ThinkPad - LENOVO-T430 # Running from : C:\Users\ThinkPad\Desktop\Fix-Problem-1\AdwCleaner.exe # Mode: Clean # Support : hxxps://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key deleted: HKU\S-1-5-21-905513304-4021332499-1620459414-1001\Software\UCBrowserPID [#] Key deleted on reboot: HKCU\Software\UCBrowserPID [-] Key deleted: HKLM\SOFTWARE\UCBrowserPID [#] Key deleted on reboot: [x64] HKCU\Software\UCBrowserPID [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\coupontime.co [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\seargoo.com [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.cmptch.com [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.coupontime00.coupontime.co [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\coupontime.co [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\seargoo.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.coupontime00.coupontime.co [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt] [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Secured Net] ***** [ Web browsers ] ***** [-] [C:\Users\ThinkPad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\ThinkPad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [3449 Bytes] - [06/11/2016 19:33:09] C:\AdwCleaner\AdwCleaner[S0].txt - [3537 Bytes] - [06/11/2016 19:31:09] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3595 Bytes] ##########
  5. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/6/2016 Scan Time: 6:50 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.11.06.09 Rootkit Database: v2016.10.31.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: ThinkPad Scan Type: Threat Scan Result: Completed Objects Scanned: 371574 Time Elapsed: 16 min, 37 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\netsafe.exe, 7180, Delete-on-Reboot, [59b88b32cbcf8bab0c17ceda778d6d93] Modules: 2 PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\Trackerbird.Tracker.dll, Delete-on-Reboot, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\Trackerbird.x86.dll, Delete-on-Reboot, [1cf5dce15f3b94a2dc5c00a80ff526da], Registry Keys: 6 Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, Quarantined, [2ae72d900f8b2412c9e1abec3ec4e020], Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, Quarantined, [2ae72d900f8b2412c9e1abec3ec4e020], PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2A31-48E1-B4BB-3B42174BEA0F, Delete-on-Reboot, [d43dc1fca2f814223b3223f7dd28827e], PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\E24B7131-D039-43CB-9E6F-AD4BE601EC1F, Delete-on-Reboot, [59b819a4e7b3023490dd3ae0ef16768a], PUP.Optional.OneSystemCare, HKU\S-1-5-21-905513304-4021332499-1620459414-1001\SOFTWARE\One System Care, Quarantined, [8f824479ff9bf73fe3c65f5b679d32ce], PUP.Optional.Tuto4PC, HKU\S-1-5-21-905513304-4021332499-1620459414-1001\SOFTWARE\MICROSOFT\wewewe, Quarantined, [cc453588ff9b80b65e1f39ebee1703fd], Registry Values: 4 PUP.Optional.Privoxy, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Secured Net, "C:\WINDOWS\lenovo-t430_020716\netsafe.exe", Quarantined, [59b88b32cbcf8bab0c17ceda778d6d93] PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f|Description, One System Care battery save scheme., Delete-on-Reboot, [d43dc1fca2f814223b3223f7dd28827e] PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f|Description, One System Care game scheme., Delete-on-Reboot, [59b819a4e7b3023490dd3ae0ef16768a] PUM.Optional.ProxyHijacker, HKU\S-1-5-21-905513304-4021332499-1620459414-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [a26f86370c8e1d194c308a47f90a758b] Registry Data: 11 Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5352792e-b90e-4c0c-aae4-c459418d1085}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[31e02895aaf0c07608d66d0c33d120e0] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5ad6e872-1510-484c-912e-29a25c50754e}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[63ae5469009a94a208d676036e96a759] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5b4d088a-99ec-4200-b321-15aa7392a6c1}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[cd44c6f7bcde8caab826ff7a8b7912ee] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{63638716-8c6d-4abf-ad27-77fb5f626627}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[40d1f2cb3d5de94d8a542950699bc739] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[ca47dde0f4a638fe3ea0e8917b894ab6] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9bb6469f-910f-432e-b1a5-1477afc985f7}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[1cf5e4d9108a3105538bff7a6a9a619f] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9f4d07ae-c108-4352-861c-cdb987f4a658}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[98795f5e4d4d2313b22c4237ff05a858] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{b55fce56-2295-44d9-b431-013b6b5e7aee}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[de33ab12b8e22f07a23caccdf50fcb35] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{c64b87b4-5008-46e9-b32d-b3bb9d6672f8}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[52bfd5e80298ea4cfce278010afa3dc3] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{c8475f79-ef4d-4e0e-bf59-982449c15212}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[6fa27e3f5545d2643f9f2e4b08fcb749] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ccb4cd41-8f6c-4daf-8568-74622a732dac}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[d140c5f8b4e6989e5f7ff485cb39c13f] Folders: 2 PUP.Optional.Browsers, C:\Users\ThinkPad\AppData\Roaming\Browsers, Quarantined, [af628d30089291a5944d3d8eaa58ed13], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716, Delete-on-Reboot, [1cf5dce15f3b94a2dc5c00a80ff526da], Files: 22 PUP.Optional.Browsers, C:\Users\ThinkPad\AppData\Roaming\Browsers\exe.erolpxei.bat, Quarantined, [af628d30089291a5944d3d8eaa58ed13], PUP.Optional.Browsers, C:\Users\ThinkPad\AppData\Roaming\Browsers\chrome.bat.exe, Quarantined, [af628d30089291a5944d3d8eaa58ed13], PUP.Optional.Browsers, C:\Users\ThinkPad\AppData\Roaming\Browsers\iexplore.bat.exe, Quarantined, [af628d30089291a5944d3d8eaa58ed13], PUP.Optional.Yontoo, C:\Users\ThinkPad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage, Quarantined, [3ad7615cf2a8c571b1965c4714f0f30d], PUP.Optional.Yontoo, C:\Users\ThinkPad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage-journal, Quarantined, [739e615c564482b467e0228114f037c9], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\netsafe.exe, Delete-on-Reboot, [59b88b32cbcf8bab0c17ceda778d6d93], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\config.txt, Quarantined, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\default.action, Quarantined, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\default.filter, Quarantined, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\Interop.SHDocVw.dll, Quarantined, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\mgwz.dll, Quarantined, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\netsafe.exe.config, Quarantined, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\oxy.log, Quarantined, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\tbconfig.xml, Quarantined, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\tbinfo.xml, Quarantined, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\tblog.log, Quarantined, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\Trackerbird.Tracker.dll, Delete-on-Reboot, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\Trackerbird.Tracker.xml, Quarantined, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\Trackerbird.x64.dll, Quarantined, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.Privoxy, C:\Windows\lenovo-t430_020716\Trackerbird.x86.dll, Delete-on-Reboot, [1cf5dce15f3b94a2dc5c00a80ff526da], PUP.Optional.AdServer, C:\Windows\ie.vbs, Quarantined, [55bc3f7e1b7f5cda35046f39ff059868], PUP.Optional.HijackHosts.Gen, C:\Windows\System32\aud\cipp\kusr.dat, Quarantined, [927f873649511f179dc3bcdd43c15ea2], Physical Sectors: 0 (No malicious items detected) (end) Fixlog.txt
  6. Hi Friends, I'm purchased seconds laptop which working good, recently some malware got installed and always changing the proxy to 127.0.0.1:8118, couple of time removed the malware files from registry, but no change, kindly help to resolve this issue. when I scan FRST64 the attached files got generated. thank you in advance. Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.