vectorious
-
Posts
12 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by vectorious
-
-
The same - check.chrome-request.com - a scan does not show any malware, this is the only google hit I can find.
-
All seems to be clear now - it has stopped blocking anything and none of the scanners report anything.
thanks very much for your help
-
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-09-2017
Ran by Matthew (10-09-2017 14:25:13) Run:2
Running from C:\Users\Matthew\Downloads
Loaded Profiles: Matthew & (Available Profiles: Matthew & Liz & Abby & admin)
Boot Mode: Normal
==============================================fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Task: {047F6219-46F5-4F1E-9E19-53CFBBA77D1E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {388257D1-DCE3-415A-B605-B9693A132FB3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {79790675-1F76-4E09-9B48-CDB69EFC9611} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CFCA7AF1-15E3-4D54-960F-EF2D59BBE39F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRdgAMBAtGRxgReFoITA0QEQAOeQhZVRQSRAAWeQoBBwlCRQQFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEmSFtHL04="
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRdgAMBAtGRxgReFoITA0QEQAOeQhZVRQSRAAWeQoBBwlCRQQFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEmSFtHL04="
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
End
*****************Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{047F6219-46F5-4F1E-9E19-53CFBBA77D1E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{047F6219-46F5-4F1E-9E19-53CFBBA77D1E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{388257D1-DCE3-415A-B605-B9693A132FB3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{388257D1-DCE3-415A-B605-B9693A132FB3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79790675-1F76-4E09-9B48-CDB69EFC9611} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79790675-1F76-4E09-9B48-CDB69EFC9611} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFCA7AF1-15E3-4D54-960F-EF2D59BBE39F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFCA7AF1-15E3-4D54-960F-EF2D59BBE39F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
Chrome RestoreOnStartup => removed successfully
Chrome StartupUrls => removed successfully========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.0 out of 0 jobs canceled.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========= End of CMD: =========
=========== EmptyTemp: ==========BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12715705 B
Java, Flash, Steam htmlcache => 72214843 B
Windows/system/drivers => 319189337 B
Edge => 0 B
Chrome => 776088535 B
Firefox => 59240430 B
Opera => 401294535 BTemp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 838090 B
LocalService => 11428 B
NetworkService => 9660 B
Matthew => 369715973 B
Liz => 28833182 B
Abby => 0 B
admin => 0 BRecycleBin => 0 B
EmptyTemp: => 1.9 GB temporary data Removed.================================
The system needed a reboot.==== End of Fixlog 14:25:37 ====
-
Note: In the interim Windows defender (mysteriously active at the same time as Bit defender) found something and after a couple of attempts appears to have removed it.
Accordingly when I ran MBAR I got a message saying no clean up was required and it did not generate a mbar-log-scan-date.txt as far as I can tell
I have copied the system_log.txt below
I seem to have no more issues, so thank you for your help here
Matt
--------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.540.15063.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 17063329792, free: 11737341952Downloaded database version: v2017.09.03.06
Downloaded database version: v2017.08.02.01
Downloaded database version: v2017.09.01.01
=======================================
Initializing...
------------ Kernel report ------------
09/03/2017 20:58:38
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\IntelPcc.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files\Bitdefender Antivirus Free\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\CAD.sys
\SystemRoot\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Netwbw02.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPer.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\AsusTP.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\system32\drivers\gzflt.sys
\SystemRoot\system32\DRIVERS\atc.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\system32\drivers\trufos.sys
\SystemRoot\system32\DRIVERS\edrsensor.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
\SystemRoot\System32\cdd.dll
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
----------- End -----------
Done!Scan started
Database versions:
main: v2017.09.03.06
rootkit: v2017.08.02.01<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffac0154325060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffac01543269f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffac0154325060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffac0154043060, DeviceName: \Device\00000037\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6EB18BAPartition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 716800
Partition is bootable
Partition file system is NTFSPartition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 718848 Numsec = 998464737
Partition is not bootable
Partition file system is NTFSPartition 2 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 999184384 Numsec = 1028096
Partition is not bootable
Partition file system is NTFSPartition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootableDisk Size: 512110190592 bytes
Sector size: 512 bytesDone!
File "C:\Users\Matthew\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Users\Matthew\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Users\Matthew\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
-
A scan has just found Trojan.downloader:win32/pockershecv.A - removing it, but still getting pings
-
Bitdefender is now blocking something (rather than malware bytes)
Generic.powecod.A.F1442318
Scans attached
-
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=728ce915e41b6a46ae3acbe797b2ee76
# end=init
# utc_time=2017-08-27 12:15:19
# local_time=2017-08-27 01:15:19 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 34540
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=728ce915e41b6a46ae3acbe797b2ee76
# end=updated
# utc_time=2017-08-27 12:17:49
# local_time=2017-08-27 01:17:49 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=728ce915e41b6a46ae3acbe797b2ee76
# engine=34540
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2017-08-27 12:54:29
# local_time=2017-08-27 01:54:29 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='Bitdefender Antivirus Free Antimalware'
# compatibility_mode=2078 16777213 83 97 2398 126750773 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3087950 55421529 0 0
# scanned=317998
# found=4
# cleaned=4
# scan_time=2199
sh=91352F7C0C03DBAFE73A9D7B2539C7B346EF9582 ft=1 fh=50f3aee05957228d vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Matthew\Downloads\ccsetup514.exe"
sh=679554350D98943A57969161DF445FE0BEEE41BA ft=1 fh=f8e5907db567682a vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Matthew\Downloads\ccsetup514pro.exe"
sh=68B0376FB80EC5DBF7B47DCC7B5335383E9B063A ft=1 fh=893d1fa1996eca88 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Matthew\Downloads\ccsetup520.exe"
sh=F1EEBA9E906322A37AA1EFB1D2FAAAD78E217587 ft=1 fh=0c2952aae1428178 vn="a variant of MSIL/HackKMS.H potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Windows\AutoKMS\AutoKMS.exe"
Note: I ran it again afterwards and it was clean - I don't know if that makes a difference
-
Note: I realise I posted the wrong file - I left the clean to run overnight and it seemed to hang at about 95% done. On a restart the scan now says clear and does not report anything
No CX file was created as part of the incomplete clean
# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 20 21:01:03 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-17-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [985 B] - [2017/8/20 8:9:29]
C:/AdwCleaner/AdwCleaner[S1].txt - [1010 B] - [2017/8/20 20:58:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ########## -
OK:
To note: This is a second hand machine, but seemed to be clean on start up - the only things it has installed are windows 10 (I upgraded), Steam + games, GoG+games and malwarebytes plus bitdefender free plus some free to download stuff like chrome, opera - it does not even have my ancient copy of Office installed. If there is pirated software, how can I detect it?
# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 20 08:09:29 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-17-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Trojan.Bayrob, C:\Users\Matthew\Downloads\Transfer
***** [ Files ] *****No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\WebBar
***** [ Firefox (and derivatives) ] *****No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
-
The logs from a scan
The PUPs reappear each time after removing them - not sure if they are they same.
thanks
-
I keep getting blocks by Malwarebytes for unitdata.info
Looking at other answers I downloaded Farbar scanner and I attach Addition and FRST.txt below
Is there anything I can do to stop this?
thanks
check.chrome-request.com block
in Resolved Malware Removal Logs
Posted
The IP address belongs to cloudflare inc, who look legitimate per wikipedia, cannot work out if any of my extensions might be using them or why Chrome might be linking to them.