Auto typing virus on pc

February 4, 2017 at 14:19:28
Specs: Windows 10
My friend gave me a link to a website, which I foolishly clicked on without looking at. It brought me to this website for a hack for some sort of game that I had never seen. I closed out of it without clicking anything on the actual website and didn't download anything on it. Now whenever I hit "8" on my keyboard, it crudely types this: "8 ball poo,l hackk" I've tried scanning for viruses and removing them, and that seems to not have an effect on the issue.

See More: Auto typing virus on pc

Report •

#1
February 4, 2017 at 14:52:56
These three small freebies often find what anti-virus programs miss. Run them in the order given:

AdwCleaner:
https://toolslib.net/downloads/view...
(blue "Download Now" button on right).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Clean" button.

Junkware Removal Tool (JRT)
https://www.malwarebytes.org/junkwa...
(blue Download button).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

MalwareBytes:
https://www.malwarebytes.org/
(use the "Free Download" button rather than the "Buy Now" button).
Install and Run the Threat Scan - quarantine anything it finds.

Please copy/paste all the logs on here. The ADW log is a text file in the ADWCleaner folder directly off the system drive root (usually C).

Always pop back and let us know the outcome - thanks


Report •

#2
February 4, 2017 at 15:32:09
AdwCleaner:


# AdwCleaner v6.043 - Logfile created 04/02/2017 at 18:10:49
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-03.2 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Jack - JACKSPC
# Running from : E:\Users\Jack\Desktop\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File deleted: C:\END
[-] File deleted: C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File deleted: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\mvprdl61.default\invalidprefs.js


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

[-] Task deleted: amiupdaterExd
[-] Task deleted: amiupdaterExi


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\9ECA058F-09E5-4762-9227-86A2DD0FB969
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\Object Browser
[-] Key deleted: HKU\S-1-5-21-770858931-4114872054-2756797524-1001\Software\Appscion
[-] Key deleted: HKU\S-1-5-21-770858931-4114872054-2756797524-1001\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-770858931-4114872054-2756797524-1001\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-770858931-4114872054-2756797524-1001\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-770858931-4114872054-2756797524-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider
[-] Key deleted: HKU\S-1-5-21-770858931-4114872054-2756797524-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Key deleted: HKU\S-1-5-21-770858931-4114872054-2756797524-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
[-] Key deleted: HKU\S-1-5-21-770858931-4114872054-2756797524-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\Object Browser
[#] Key deleted on reboot: HKCU\Software\Appscion
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key deleted: HKLM\SOFTWARE\SPPDCOM
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Appscion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[#] Data restored on reboot: HKU\S-1-5-21-770858931-4114872054-2756797524-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[#] Data restored on reboot: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[#] Data restored on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5405 Bytes] - [04/02/2017 18:10:49]
C:\AdwCleaner\AdwCleaner[R0].txt - [15503 Bytes] - [16/12/2014 17:05:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [14295 Bytes] - [16/12/2014 17:06:51]
C:\AdwCleaner\AdwCleaner[S1].txt - [5803 Bytes] - [04/02/2017 18:10:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5699 Bytes] ##########

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Jack (Administrator) on Sat 02/04/2017 at 18:16:04.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 12

Successfully deleted: C:\ai_recyclebin (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Jack\AppData\Local\78da16d46b3f96b8315f80c2c259b812 (File)
Successfully deleted: C:\Users\Jack\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\mvprdl61.default\user.js (File)
Successfully deleted: C:\Users\Jack\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\Jack\AppData\Roaming\QOEX.exe (File)
Successfully deleted: C:\Users\Jack\AppData\Roaming\speedrunnerslog.txt (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Jack) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SmartDefrag_Startup (Task)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/04/2017 at 18:17:19.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/4/17
Scan Time: 6:19 PM
Logfile: Malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1182
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: JACKSPC\Jack

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 414766
Time Elapsed: 3 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 14
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [17884], [252393],1.0.1182
PUP.Optional.iWebar, HKU\S-1-5-18\SOFTWARE\iWebar-nv, Quarantined, [1865], [239643],1.0.1182
PUP.Optional.ObjectBrowser, HKU\S-1-5-18\SOFTWARE\Object Browser-nv, Quarantined, [4114], [241274],1.0.1182
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, Quarantined, [16763], [235414],1.0.1182
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, Quarantined, [16763], [235414],1.0.1182
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr\u0004\u0002, Quarantined, [6428], [244209],1.0.1182
PUP.Optional.CrossRider, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1309BA48-7386-47E5-8151-9C76D23085C6}, Quarantined, [307], [237488],1.0.1182
PUP.Optional.CrossRider, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8393E966-5319-4A5C-A6DC-E39F5912F5B1}, Quarantined, [307], [237488],1.0.1182
PUP.Optional.CrossRider, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF3FF0D5-B2DE-4063-9574-4A1BFDC79E2D}, Quarantined, [307], [237487],1.0.1182
PUP.Optional.CrossRider, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F8CCB90A-4A73-4039-994F-7C42F891E7C8}, Quarantined, [307], [237487],1.0.1182
PUP.Optional.CrossRider, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FFECA1E4-C6D7-4240-BA51-8C8DEDC8D0D1}, Quarantined, [307], [237487],1.0.1182
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [17884], [252393],1.0.1182
PUP.Optional.W3i, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7B882686-F4FD-4294-85E0-2BF549AEBE57}, Quarantined, [2563], [362630],1.0.1182
PUP.Optional.OnlineAnalytics, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\OAS OK, Quarantined, [17171], [241394],1.0.1182

Registry Value: 16
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Quarantined, [17884], [252393],1.0.1182
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, Quarantined, [6428], [244208],1.0.1182
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, Quarantined, [6428], [244208],1.0.1182
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, Quarantined, [6428], [244208],1.0.1182
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, Quarantined, [6428], [244208],1.0.1182
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, Quarantined, [6428], [244208],1.0.1182
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, Quarantined, [6428], [244208],1.0.1182
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr\u0004\u0002|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, Quarantined, [6428], [244209],1.0.1182
PUP.Optional.CrossRider, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1309BA48-7386-47E5-8151-9C76D23085C6}|APPNAME, Quarantined, [307], [237488],1.0.1182
PUP.Optional.CrossRider, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8393E966-5319-4A5C-A6DC-E39F5912F5B1}|APPNAME, Quarantined, [307], [237488],1.0.1182
PUP.Optional.CrossRider, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF3FF0D5-B2DE-4063-9574-4A1BFDC79E2D}|APPNAME, Quarantined, [307], [237487],1.0.1182
PUP.Optional.CrossRider, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F8CCB90A-4A73-4039-994F-7C42F891E7C8}|APPNAME, Quarantined, [307], [237487],1.0.1182
PUP.Optional.CrossRider, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FFECA1E4-C6D7-4240-BA51-8C8DEDC8D0D1}|APPNAME, Quarantined, [307], [237487],1.0.1182
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Quarantined, [17884], [252393],1.0.1182
PUP.Optional.W3i, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7B882686-F4FD-4294-85E0-2BF549AEBE57}|URL, Quarantined, [2563], [362630],1.0.1182
PUP.Optional.OnlineAnalytics, HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\OAS OK|SUCCESS, Quarantined, [17171], [241394],1.0.1182

Registry Data: 0
(No malicious items detected)

All this seemed to have no effect on the issue.


Report •

#3
February 4, 2017 at 15:58:01
OK Thanks - they've removed a lot of unwanted stuff.

I am going to alert another helper who specialises in cleaning out viruses and malware. Assuming he is available he will probably run your computer through a number of processes. The name is "Johnw".

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
February 4, 2017 at 15:58:54
Derek is on the right track.
"All this seemed to have no effect on the issue"
I can go through these logs to look for other problems.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt)
The logs are large, upload them using one of these. No account/registration needed. Give us the links please.
http://www.fileconvoy.com/index.php
http://www.filedropper.com/
https://go4up.com/

message edited by Johnw


Report •

#5
Report •

#6
February 4, 2017 at 16:40:23
Thanks, getting the 404 message, try this site please & test.

http://www.fileconvoy.com/index.php

message edited by Johnw


Report •

#7
February 4, 2017 at 16:48:26
Tried different browsers & now have them, sorry.

Back in about an hour.


Report •

#8
February 4, 2017 at 17:09:19
I am still going through your logs, I can see we need to run this.

Run Hitman Pro, then Copy and Paste the contents of the log, into your reply please.
http://www.softpedia.com/get/Intern...
http://www.surfright.nl/en/HitmanPro
http://www.surfright.nl/en/hitmanpro/
How to scan and obtain a log
http://forums.majorgeeks.com/showth...
Unlimited free scanning and free 30-day version to remove detected malware.
Download now (64-bit)
http://dl.surfright.nl/HitmanPro35_...


Report •

#9
February 4, 2017 at 17:30:29
[code]
HitmanPro 3.7.15.281
www.hitmanpro.com

Computer name . . . . : JACKSPC
Windows . . . . . . . : 10.0.0.14393.X64/8
User name . . . . . . : JACKSPC\Jack
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (31 days left)

Scan date . . . . . . : 2017-02-04 20:24:24
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 33s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 340

Objects scanned . . . : 2,164,848
Files scanned . . . . : 75,996
Remnants scanned . . : 597,269 files / 1,491,583 keys

Suspicious files ____________________________________________________________

C:\Users\Jack\AppData\Local\PunkBuster\BF4\pb\pbcl.dll
Size . . . . . . . : 1,018,768 bytes
Age . . . . . . . : 584.1 days (2015-07-01 18:06:43)
Entropy . . . . . : 7.6
SHA-256 . . . . . : F3A472110B8B760ECCCFFFB1821382D9E65583C5CEF460C8C92FBBCD3E8196E6
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.

C:\Users\Jack\AppData\Local\PunkBuster\BF4\pb\pbcls.dll
Size . . . . . . . : 1,018,768 bytes
Age . . . . . . . : 584.1 days (2015-07-01 18:06:43)
Entropy . . . . . : 7.6
SHA-256 . . . . . : F3A472110B8B760ECCCFFFB1821382D9E65583C5CEF460C8C92FBBCD3E8196E6
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.

C:\Users\Jack\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
Size . . . . . . . : 138,648 bytes
Age . . . . . . . : 761.0 days (2015-01-05 20:30:00)
Entropy . . . . . : 7.7
SHA-256 . . . . . : DE86A451D282866613EE18CF668C2E962ABCB09FA51F7FF0C98405418A19EA81
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Users\Jack\AppData\Local\PunkBuster\WAW\pb\pbcl.dll
Size . . . . . . . : 733,004 bytes
Age . . . . . . . : 328.1 days (2016-03-13 17:31:08)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7
Fuzzy . . . . . . : 25.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}\ (FinanceAlert) -> DeleteFailed
HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player) -> DeleteFailed
HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player) -> DeleteFailed
HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (ShopperPro) -> DeleteFailed

Cookies _____________________________________________________________________

C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:129701606.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:2007700279.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:2018900586.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:2333541344.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:291827881.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:3459571470.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:37441550.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:3788090404.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:50136351.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:526710254.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:554924358.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:58011369.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:6132571714.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:7550209.log.optimizely.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:adobe.tt.omtrdc.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.linkedin.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechjp.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:adzerk.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:atlanticmedia.122.2o7.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:comcastathena.demdex.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:condenast.demdex.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:dsp.linksynergy.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:dynamicyield.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:eo.demdex.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:flashtalking.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:foxnews.demdex.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:nbcent.demdex.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:nfl.demdex.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:nflenterprises.tt.omtrdc.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:nvda.d2.sc.omtrdc.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:nvidia.tt.omtrdc.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:pagefair.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:paypal.d1.sc.omtrdc.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.d2.sc.omtrdc.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:po.st
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:porndig.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:pswec.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.rtb-media.me
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:univide.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:visualdna.com
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\046O2EIL.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\0G6L0A0S.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\0QVPEJSJ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\0TXX9JAE.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\0V4A45LN.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\0WG369A0.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\11N0TKF4.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\131E9FZM.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\156VMXF5.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\18MRY1JK.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\1LOEVAE0.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\1MTUBOGR.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\1NQM6BBH.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\1PN2IF22.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\1SQ1HAOY.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\1T5T7V5F.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\1Y38C2OY.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\22MFOJ0W.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\2BPQD22C.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\2O91WHJM.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\2W9IJLLS.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\2ZG4Q4W1.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\35J4XJBM.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\3AWDCZ0W.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\3EURN7Z9.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\3HR1Y5Q0.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\3IGWOA6H.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\40ST7FSU.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\4BOE31LS.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\4BT7OIRO.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\57EAD5S7.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\5IZ8J9GL.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\629QDVL2.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\643HR4FU.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\64L5MM9Y.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\68EVC2HB.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\69NB2PLB.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\69ZSZT7D.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\6TLBENL9.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\75FAQ99A.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\773CTB2K.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\7AEP3FVP.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\7AWCCWGJ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\7CCWG6RD.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\7F7OQ9PK.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\7KF3011G.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\7NDH6YUF.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\7R654LHG.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\7TZMNGU1.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\7VEAPVIP.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\84SQD4S1.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\856KE9GM.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\88GV0UCO.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\922EH9KD.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\94POIZW3.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\9QH8OFCR.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\9QQJDIMZ.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\9S4A8OY5.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\9SBT0735.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\9VIOV0HQ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\9WBDPO8J.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\A2OH148X.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\A4DDM3LT.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\A8O2FCI7.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\AXYLV21Y.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\AYHVLL6W.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\AZ5FA609.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\B7A1LENA.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\B8FWGX3G.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\BC2HGB2R.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\BCW2Q77G.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\BM0ZEE1V.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\CCFEE2YA.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\CEE12G2J.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\COVLVK27.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\CVDW5TAB.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\CYZ20TJZ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\D3UUWTQ5.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\DBEG3AD2.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\DFF3D8YI.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\E2ERDSNI.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\E4S17BEO.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\EQ50JJ94.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\F0VIBZZ9.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\F87DYWDI.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\FA70HKBC.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\FAURAJ1M.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\FAXQBSEP.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\FI30O5OR.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\FOF4EDYR.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\FOI2X5T2.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\FSF7TLZ8.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\FST0NXBZ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\FW819WPH.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\GDPOTVGN.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\GGWNZLK1.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\GYE98181.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\H17AIQVP.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\H2LPPF1Z.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\HB0D14DS.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\HNB7M0MS.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\I2BFBSJ7.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\J0IHQ21K.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\J1W9AO1U.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\J9Q2N73R.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\JCL05SD5.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\JPDWIFMH.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\JQ8II8IH.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\JS91W0PF.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\JYUJX5B2.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\K44YADK5.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\KIFR8LPP.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\KMFZ1QLH.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\KNHMHHKL.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\KOJ42P2I.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\L24MEJDR.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\02FHN5HB.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\042NJ6OJ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\23FXFKNL.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\2UVETL70.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\4HH37R74.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\4N8M5H5G.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\6BAIWD9C.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\B05MOBZ1.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\C1OZ6XF3.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\CITES16E.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\EF8XG3B2.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\HQT1ZCPQ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\IMZEP4ZV.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\J1YL4ZON.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\JAX2PZII.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\K6LFDY9W.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\L864BSNU.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\MHPG0NFJ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\O3719OUW.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\O6SA89JV.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\P1BQU1C9.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\QPO7GPZX.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\QSEHGOE9.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\QSSNUPXM.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\SV1NCUQ2.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\XICB1LDP.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\YR9H9QMD.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\ZE7G0VN1.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\ZHAYDAQ1.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\ZI0G801M.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Low\ZQEMRE55.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\LPZ7DR1J.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\LXMIWPYO.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\M1G6M73P.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\MHFGY179.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\MZCT9C1G.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\N1REUIH6.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\N8848BKP.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\NGKZ5A04.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\NHQDZ8TW.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\NKVQ5B2Z.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\O62DWOMQ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\OALKL17N.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\OE7JE2Y2.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\OR72UMU7.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\P1TS6H8B.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\P769GCZ2.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\PB2PY3P4.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\POBV6JCY.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Q49QZMUY.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\QAZ8CM26.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\QHHH3PYZ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\QMUHBK07.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\QQBH1RFY.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\R9NUKKSA.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\RDFSC9LR.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\RFYROQRP.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\RSRL4DPO.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\RVRGWUDG.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\RY0A82LA.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\RYPPV809.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\S46HNRKS.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\S4QJ93KL.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\SKY38UEZ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\SXORJ8CS.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\SY301OUW.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\T22N2M9I.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\T2QSRQFE.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\TEGTYM12.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\U1HNMUGD.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\U9IHN40E.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\U9KAWSGW.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\UIKUHSHP.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\UKHZU4CN.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\UXEGEGUR.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\VIV29QV4.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\VNQIUTAY.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\VT1BYKM4.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\VVYAU81J.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\VXXDZ11G.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\VZYVYEVW.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\W2F6MR96.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\W9VW0ZJJ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\WAPHETSK.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\WFIWJ13G.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\WIU9KGFZ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\WOYTPBXZ.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\WQU53RCB.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\X921QL6U.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\XDZ2EBML.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\XGCKWOT3.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\XKDQRHPX.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\XLM2R1ZT.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\XNFWAEL6.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\XOXYPQHS.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\XS28WLNK.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\YG483772.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\YZCFX1W2.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Z0R3REXW.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\Z1Y0AR6O.cookie
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\ZH5WR2ZH.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\ZPZ4LWP0.txt
C:\Users\Jack\AppData\Local\Microsoft\Windows\INetCookies\ZWKITWDG.txt
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\13CACT5I.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1XM3Q2V9.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5J0TJAH7.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\67SUKR5Q.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8H8O088J.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8L60BIQA.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AKWPEADC.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\B82O099G.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\DPRDGIZG.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\E2RDO353.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\G6YIMX0C.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\K3UVDJ0P.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\M6EA4RZX.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\N6Q2G7E8.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SIUT1SIV.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Y7MKZTOC.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\2FM706RG.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\HOTDQ090.cookie
C:\Users\Jack\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KP327Q9E.cookie


[/code]


Report •

#10
February 4, 2017 at 17:39:47
Lets just see if you have ransomware on the comp.

ID Ransomware - Identify What Ransomware Encrypted Your Files
http://www.bleepingcomputer.com/for...
https://id-ransomware.malwarehunter...


Report •

#11
February 4, 2017 at 18:27:53
I'm confused as to what file you want me to see is encrypted since it is asking me to upload a single file to it, sorry I'm fairly new to a process like this.

Report •

#12
February 4, 2017 at 18:40:31
Sorry, your log shows suspicious encryption in PunkBuster. I just googled PunkBuster & that is probably normal., if you are happy with that, if not uninstall PunkBuster.

Next step. Test after doing this.

Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
CustomCLSID: HKU\S-1-5-21-770858931-4114872054-2756797524-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-74406EA27C56}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {2E4D3AD4-467A-4521-BE70-01B4EAF78ECC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4C3F4E0E-D294-4754-B29A-87088426C0A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6BD162DD-1FD7-4216-979F-0EB5C21E6416} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {7E6B0C50-4D35-4BA2-B135-673892424BBA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7EFAF60A-2478-40FD-AF78-B99C5EAB9719} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {EA0B249D-A31B-48D4-AD76-306B0AE2D7BC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EDC78CCC-CAFF-475E-ACB2-48CD11C03CD4} - \WPD\SqmUpload_S-1-5-21-770858931-4114872054-2756797524-1001 -> No File <==== ATTENTION
2017-02-04 18:24 - 2017-02-04 18:24 - 00148992 _____ () \\?\C:\Users\Jack\AppData\Local\Temp\1C4D.tmp.node
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

Open FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...


Report •

#13
February 5, 2017 at 05:25:14
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Jack (05-02-2017 08:20:15) Run:1
Running from E:\Users\Jack\Desktop
Loaded Profiles: Jack (Available Profiles: Jack)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
CustomCLSID: HKU\S-1-5-21-770858931-4114872054-2756797524-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-74406EA27C56}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {2E4D3AD4-467A-4521-BE70-01B4EAF78ECC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4C3F4E0E-D294-4754-B29A-87088426C0A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6BD162DD-1FD7-4216-979F-0EB5C21E6416} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {7E6B0C50-4D35-4BA2-B135-673892424BBA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7EFAF60A-2478-40FD-AF78-B99C5EAB9719} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {EA0B249D-A31B-48D4-AD76-306B0AE2D7BC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EDC78CCC-CAFF-475E-ACB2-48CD11C03CD4} - \WPD\SqmUpload_S-1-5-21-770858931-4114872054-2756797524-1001 -> No File <==== ATTENTION
2017-02-04 18:24 - 2017-02-04 18:24 - 00148992 _____ () \\?\C:\Users\Jack\AppData\Local\Temp\1C4D.tmp.node
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-770858931-4114872054-2756797524-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-74406EA27C56} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E4D3AD4-467A-4521-BE70-01B4EAF78ECC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E4D3AD4-467A-4521-BE70-01B4EAF78ECC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C3F4E0E-D294-4754-B29A-87088426C0A2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C3F4E0E-D294-4754-B29A-87088426C0A2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6BD162DD-1FD7-4216-979F-0EB5C21E6416} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BD162DD-1FD7-4216-979F-0EB5C21E6416} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOONotify => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E6B0C50-4D35-4BA2-B135-673892424BBA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E6B0C50-4D35-4BA2-B135-673892424BBA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EFAF60A-2478-40FD-AF78-B99C5EAB9719} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EFAF60A-2478-40FD-AF78-B99C5EAB9719} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA0B249D-A31B-48D4-AD76-306B0AE2D7BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA0B249D-A31B-48D4-AD76-306B0AE2D7BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDC78CCC-CAFF-475E-ACB2-48CD11C03CD4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDC78CCC-CAFF-475E-ACB2-48CD11C03CD4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-770858931-4114872054-2756797524-1001 => key removed successfully
C:\Users\Jack\AppData\Local\Temp\1C4D.tmp.node => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-770858931-4114872054-2756797524-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key removed successfully
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.
HKLM\System\CurrentControlSet\Services\InstallerService => key removed successfully
InstallerService => service removed successfully
HKLM\System\CurrentControlSet\Services\NVIDIA Wireless Controller Service => key removed successfully
NVIDIA Wireless Controller Service => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30357902 B
Java, Flash, Steam htmlcache => 265283245 B
Windows/system/drivers => 224025360 B
Edge => 2683935 B
Chrome => 63756140 B
Firefox => 5587922 B
Opera => 1275904 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1329664 B
NetworkService => 303764 B
Jack => 5394719803 B

RecycleBin => 13776 B
EmptyTemp: => 5.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:21:09 ====


Sorry for the long time between responses, I was asleep this time. I appreciate your continued support!


Report •

#14
February 5, 2017 at 07:14:50
"Sorry for the long time between responses, I was asleep this time. I appreciate your continued support!"

No problem, I have just got home, if you are still online, I will stay here, otherwise I'm off to bed soon.
I'm here.
https://www.timeanddate.com/worldcl...

Run malwarebytes again & enable rootkits. Log please. Test when finished.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif


Report •

#15
February 5, 2017 at 07:32:44
I made sure to scan for rootkits this time.

Log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/5/17
Scan Time: 10:29 AM
Logfile: Log.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1185
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: JACKSPC\Jack

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 402565
Time Elapsed: 1 min, 54 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)


Report •

#16
February 5, 2017 at 07:37:45
"I made sure to scan for rootkits this time"
Nope, still Disabled.
Extract from the log.
"Rootkits: Disabled"

Report •

#17
February 5, 2017 at 07:42:05
Whoops, forgot to save the settings, sorry about that. I think it's enabled now.

Log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/5/17
Scan Time: 10:38 AM
Logfile: log2.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1185
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: JACKSPC\Jack

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 123834
Time Elapsed: 2 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)


Report •

#18
February 5, 2017 at 07:46:25
"I think it's enabled now"
Yep.

You have installed Malwarebtes Premium version, which is very good & can be run in conjunction with your current Anti-Virus ( AV ) It would have prevented the adware installs. If you don't want to buy it, do this to avoid the purchase nag screens.
Open Malwarebytes, on the Dashboard, click on ‘End Free Trial’ link which, then will be instantly converted to the free version.

Run MiniToolBox.
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
Close any browsers that you have open.
Check > Select All & then Click > GO.
http://i.imgur.com/PyFYGNY.gif
Log please.

message edited by Johnw


Report •

#19
February 5, 2017 at 08:19:28

Report •

#20
February 5, 2017 at 08:30:40
Thanks.

Extract from the fixlog.
EmptyTemp: => 5.6 GB temporary data Removed.
Way, way too big, even if you are a gamer.
Here are temp file settings for a normal user, adjust to suit your requirements.
Set Java to 100mb
https://steveshank.com/cgi-bin/arti...
All browsers, limit the cache to 50mb ( that's MB, not GB )
IE & Edge share the same setting.
Control Panel > Internet Options > General > Browsing history > Settings. Refer SS below.
http://fs5.directupload.net/images/...
Example for Firefox.
https://www.sitepoint.com/3-tweaks-...
Chrome is not so straight forward.
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.


After running Zoek, let me know what issues you are having, I'm off to bed now, will be back in the morning.

Please download Zoek.exe to your DesktopIf your default download location is not the Desktop, drag it out of it's location onto the Desktop
http://hijackthis.nl/smeenk/
On Windows Vista, 7, and 8, right-click Zoek.exe and select > Run as Administrator.
Give it a few seconds to appear.
If your AntiVirus warns you about the program, either allow Zoek to run, or temporarily disable your AV program.
Info on how to disable your security applications > http://www.bleepingcomputer.com/for...
Next, copy/paste the entire script in the code box below to the input field of Zoek:
Sample screenshot ( SS )
http://i.imgur.com/7qTPP3N.gif

createsrpoint;
autoclean;
emptyalltemp;
emptyfolderscheck;delete
emptyclsid;
hijackthis;
ipconfig /flushdns;b
systemspecs;

Close any open Browsers.
Click the Run script button, and wait, be patient.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed log is opened after the reboot.
Copy & Paste the contents of the log in your reply.


Report •

#21
February 5, 2017 at 10:16:36
I did all of what you said up to the Zoek part. the link "http://hijackthis.nl/smeenk/" gives me a 404 error and I can't find a website that has the download for it.

Report •

#22
February 5, 2017 at 16:04:40
Your right, it has gone.

Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
127.0.0.1 d3oxij66pru1i3.cloudfront.net

Open FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...

message edited by Johnw


Report •

#23
February 6, 2017 at 13:04:43
Sorry for the late reply again, I've been busy with other things lately.

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Jack (06-02-2017 16:02:21) Run:2
Running from E:\Users\Jack\Desktop
Loaded Profiles: Jack (Available Profiles: Jack)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
127.0.0.1 d3oxij66pru1i3.cloudfront.net
*****************

Restore point was successfully created.
Processes closed successfully.
127.0.0.1 d3oxij66pru1i3.cloudfront.net => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8819928 B
Java, Flash, Steam htmlcache => 13720744 B
Windows/system/drivers => 3675238 B
Edge => 15653911 B
Chrome => 197799363 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => -658 B
Jack => 185653698 B

RecycleBin => 0 B
EmptyTemp: => 405.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:02:28 ====


Report •

#24
February 6, 2017 at 14:48:41
Extract from your FRST log.
"Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)"
Make sure ALL your Regional and Language Options settings are Ok. They will be something similar to this, the main point being, you should have at least 3 places to make sure you have your country displayed.
Windows 10: Change or Add Another Language or Region.
http://www.tech-recipes.com/rx/5633...
http://i.imgur.com/gkPnT4j.gif
http://i.imgur.com/8J4WO6U.gif
http://i.imgur.com/gtwlzJo.gif
http://i.imgur.com/vSWwH00.gif

After running ESET, let me know what issues you are having.

Run ESET Online Scanner. Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
Make sure these options are checked/ticked in Advanced settings.

Remove found threats, Scan archives, Scan for potentially unsafe applications, Enable Anti-Stealth technology.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://www.eset.com/int/support/sys...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://support.eset.com/kb3509/?loc...
Configure ESET this way & disable your AV.
http://i.imgur.com/wZF1Ppi.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
3: Which web browsers are compatible with ESET Online Scanner?
http://support.eset.com/kb405/?loca...
Online Scanner not working
http://support.eset.com/kb403/?loca...
My ESET product detected a threat—what should I do?
http://support.eset.com/kb117/
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
http://support.eset.com/kb405/?view...
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://support.eset.com/kb405/?view...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#25
February 6, 2017 at 15:42:22
I'll be sure to run this when I go to bed in a few hours. Just to make sure, I'm downloading the "NOD32 Anti-virus" opposed to the "Internet security" correct?

Report •

#26
February 6, 2017 at 15:49:42
Refer this SS.
http://fs5.directupload.net/images/...

Taken from here.
https://www.eset.com/int/home/onlin...


Report •

#27
February 7, 2017 at 05:29:28
I just woke up and the scan finished. Here is the log:

19:09:44 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=
# end=init
# utc_time=2017-02-07 00:09:44
# local_time=2017-02-06 19:09:44 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
19:09:49 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=332ea1dec2066d4da6dcfc5767d9fb70
# end=init
# utc_time=2017-02-07 00:09:48
# local_time=2017-02-06 19:09:48 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
23:44:14 Updating
23:44:14 Update Init
23:44:15 Update Download
23:49:53 esets_scanner_reload returned 0
23:49:53 g_uiModuleBuild: 32322
23:49:53 Update Finalize
23:49:53 Call m_esets_charon_send
23:49:53 Call m_esets_charon_destroy
23:49:53 Updated modules version: 32322
23:50:01 Call m_esets_charon_setup_create
23:50:01 Call m_esets_charon_create
23:50:01 m_esets_charon_create OK
23:50:01 Call m_esets_charon_start_send_thread
23:50:01 Call m_esets_charon_setup_set
23:50:01 m_esets_charon_setup_set OK
23:50:01 Scanner engine: 32322
02:36:29 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=332ea1dec2066d4da6dcfc5767d9fb70
# engine=32322
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-02-07 07:36:28
# local_time=2017-02-07 02:36:28 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 16862004 0 0
# scanned=2
# found=38
# cleaned=0
# scan_time=9994
sh=878544929C980C898A0A844B3FDE9EE787E30FD5 ft=1 fh=0000000000000000 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir"
sh=708C194C46862DEB02B1D0CE967D8F207A30671B ft=1 fh=0000000000000000 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir"
sh=C79B8EBA62D34863C9904151FAFB63469868A4A9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\registry\reg_delhikqhphiqlpdaqercjukkpirqgwfi.reg"
sh=A46760A4184E246EA0782C2C7B94AC0165BA3B61 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.T potentially unwanted application" ac=I fn="C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\mvprdl61.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}\content\overlay.js"
sh=0FD586DE4FA694CF718FFA5B181E62B7E3EA27EF ft=1 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.BJ potentially unwanted application" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=D6A5DC7A4B717224CC176094F60D61086E4733DC ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\CltMngSvc.exe"
sh=0235B5E13704F2A1B3BC3D137D79ADDA89FE1B86 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPTool.dll"
sh=D03D626914970BCCD7E9D6D0AF04D8DDDD102D35 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1387229413664"
sh=D03D626914970BCCD7E9D6D0AF04D8DDDD102D35 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1387229413672"
sh=126B22D7B2FE0FC571E6D6D0098B0E0D053C0BCC ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1389809799084"
sh=126B22D7B2FE0FC571E6D6D0098B0E0D053C0BCC ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1389809799115"
sh=DF96804C0D2D07D7543728DF582C86ACD3BEF3CF ft=1 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1390858789018"
sh=DF96804C0D2D07D7543728DF582C86ACD3BEF3CF ft=1 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1390858789049"
sh=C8F8049916B0E5C1953670DB20F04E87791681F2 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391045497633"
sh=C8F8049916B0E5C1953670DB20F04E87791681F2 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391045497643"
sh=05C0A99ACE45CEFB680DF0D3D87C138A307D346A ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391396751387"
sh=05C0A99ACE45CEFB680DF0D3D87C138A307D346A ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391396751418"
sh=84926F876E19F3B43293BFFDF7CF00D227D62A60 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391461564737"
sh=84926F876E19F3B43293BFFDF7CF00D227D62A60 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391461564738"
sh=BB3752D2131C964718E918AEB456F2A20F9C3D56 ft=1 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AR potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\uninstall.exe"
sh=D493FF871C74B06FB61AE00D09ADDC28B5422F80 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\cltmng.exe"
sh=4C5B9BDB2083C372DFF084BAEFE4A34E773C3335 ft=1 fh=0000000000000000 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPTool64.exe"
sh=8C20259C7435390185EA2E2CA9E0B8F06ADE36AB ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC32.dll"
sh=12B7DD7ED27BA706CC32A3EA2BDD2E4E16A22E11 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC32Loader.dll"
sh=A8FD5CC079776D4EF9EE4D5AE676F78BCFC1F296 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC32Loader.dll_1391396757223"
sh=E9B2A861C0FF46B15343AF49D2F6FD519E830527 ft=1 fh=0000000000000000 vn="a variant of Win64/Conduit.SearchProtect.D potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC64.dll"
sh=BEAF3026FE73CCDF7E3981D93E5207A0E5057BD2 ft=1 fh=0000000000000000 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC64Loader.dll"
sh=9319DC5016609291BFF613A6280F1EF0E46CE340 ft=1 fh=0000000000000000 vn="Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC64Loader.dll_1391396757232"
sh=7DC19763FCFB8BE9846DD4405485A92AA3E50163 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\UI\bin\cltmngui.exe"
sh=790F9CCCF29480AE479152F5D16DAAA941CDF7B2 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AQ potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\settings.html"
sh=A2CF2D9375DE8386AB060334942A5A7BA2F468DD ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AW potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\bubble\bubble.html"
sh=FB4F640F4EE18BC321DA48BC6616638B3BA314B9 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AV potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\libs\main.js"
sh=FF2612163B7D9EA6341AF8B2A51A090FFC018313 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AX potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\protection\protection.html"
sh=B2F934F3AC058A33B715C55728C65805575BC048 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AS potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\protection\protection.js"
sh=AB8154EFC1D646D6DF6BFD09E5F2E2F7BEEF4535 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AO potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\settings\settings.html"
sh=E6551AC5EB4B8B4CCD0082FEB6A9106537E5DBAF ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AV potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\settings\settings.js"
sh=9F6299A3D85C02281B8B4186FCDB7CD132870712 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AN potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\uninstall\uninstall.html"
sh=5D8656212C8EADB7F140677C44EC3B9F9BCC74B5 ft=1 fh=0000000000000000 vn="a variant of Win32/Adware.Vitruvian.F application" ac=I fn="E:\SearchSnacks\Uninstall.exe"
08:23:06 Call m_esets_charon_send
08:23:06 Call m_esets_charon_destroy
08:23:08 Cleaning up
08:23:08 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner\Modules\
08:23:08 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner\OldModules\
08:23:08 DeleteEstsApi: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner
08:23:08 DeleteApiStgFile: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner
08:23:08 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner\Char_Cache\

The autotyping still seems to be going on.


Report •

#28
February 7, 2017 at 05:34:02
Your log shows you haven't cleaned out the problems.

# found=38
# cleaned=0

New log when the cleaning is done please.

message edited by Johnw


Report •

#29
February 7, 2017 at 09:11:53
I searched my PC to make sure there wasn't another log saying that I had cleaned the threats because I remember doing so. To make sure, I decided to scan again and it didn't find any threats. Here's the new log:

19:09:44 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=
# end=init
# utc_time=2017-02-07 00:09:44
# local_time=2017-02-06 19:09:44 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
19:09:49 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=332ea1dec2066d4da6dcfc5767d9fb70
# end=init
# utc_time=2017-02-07 00:09:48
# local_time=2017-02-06 19:09:48 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
23:44:14 Updating
23:44:14 Update Init
23:44:15 Update Download
23:49:53 esets_scanner_reload returned 0
23:49:53 g_uiModuleBuild: 32322
23:49:53 Update Finalize
23:49:53 Call m_esets_charon_send
23:49:53 Call m_esets_charon_destroy
23:49:53 Updated modules version: 32322
23:50:01 Call m_esets_charon_setup_create
23:50:01 Call m_esets_charon_create
23:50:01 m_esets_charon_create OK
23:50:01 Call m_esets_charon_start_send_thread
23:50:01 Call m_esets_charon_setup_set
23:50:01 m_esets_charon_setup_set OK
23:50:01 Scanner engine: 32322
02:36:29 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=332ea1dec2066d4da6dcfc5767d9fb70
# engine=32322
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-02-07 07:36:28
# local_time=2017-02-07 02:36:28 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 16862004 0 0
# scanned=2
# found=38
# cleaned=0
# scan_time=9994
sh=878544929C980C898A0A844B3FDE9EE787E30FD5 ft=1 fh=0000000000000000 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir"
sh=708C194C46862DEB02B1D0CE967D8F207A30671B ft=1 fh=0000000000000000 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir"
sh=C79B8EBA62D34863C9904151FAFB63469868A4A9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\registry\reg_delhikqhphiqlpdaqercjukkpirqgwfi.reg"
sh=A46760A4184E246EA0782C2C7B94AC0165BA3B61 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.T potentially unwanted application" ac=I fn="C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\mvprdl61.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}\content\overlay.js"
sh=0FD586DE4FA694CF718FFA5B181E62B7E3EA27EF ft=1 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.BJ potentially unwanted application" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=D6A5DC7A4B717224CC176094F60D61086E4733DC ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\CltMngSvc.exe"
sh=0235B5E13704F2A1B3BC3D137D79ADDA89FE1B86 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPTool.dll"
sh=D03D626914970BCCD7E9D6D0AF04D8DDDD102D35 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1387229413664"
sh=D03D626914970BCCD7E9D6D0AF04D8DDDD102D35 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1387229413672"
sh=126B22D7B2FE0FC571E6D6D0098B0E0D053C0BCC ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1389809799084"
sh=126B22D7B2FE0FC571E6D6D0098B0E0D053C0BCC ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1389809799115"
sh=DF96804C0D2D07D7543728DF582C86ACD3BEF3CF ft=1 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1390858789018"
sh=DF96804C0D2D07D7543728DF582C86ACD3BEF3CF ft=1 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1390858789049"
sh=C8F8049916B0E5C1953670DB20F04E87791681F2 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391045497633"
sh=C8F8049916B0E5C1953670DB20F04E87791681F2 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391045497643"
sh=05C0A99ACE45CEFB680DF0D3D87C138A307D346A ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391396751387"
sh=05C0A99ACE45CEFB680DF0D3D87C138A307D346A ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391396751418"
sh=84926F876E19F3B43293BFFDF7CF00D227D62A60 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391461564737"
sh=84926F876E19F3B43293BFFDF7CF00D227D62A60 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391461564738"
sh=BB3752D2131C964718E918AEB456F2A20F9C3D56 ft=1 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AR potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\uninstall.exe"
sh=D493FF871C74B06FB61AE00D09ADDC28B5422F80 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\cltmng.exe"
sh=4C5B9BDB2083C372DFF084BAEFE4A34E773C3335 ft=1 fh=0000000000000000 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPTool64.exe"
sh=8C20259C7435390185EA2E2CA9E0B8F06ADE36AB ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC32.dll"
sh=12B7DD7ED27BA706CC32A3EA2BDD2E4E16A22E11 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC32Loader.dll"
sh=A8FD5CC079776D4EF9EE4D5AE676F78BCFC1F296 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC32Loader.dll_1391396757223"
sh=E9B2A861C0FF46B15343AF49D2F6FD519E830527 ft=1 fh=0000000000000000 vn="a variant of Win64/Conduit.SearchProtect.D potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC64.dll"
sh=BEAF3026FE73CCDF7E3981D93E5207A0E5057BD2 ft=1 fh=0000000000000000 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC64Loader.dll"
sh=9319DC5016609291BFF613A6280F1EF0E46CE340 ft=1 fh=0000000000000000 vn="Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC64Loader.dll_1391396757232"
sh=7DC19763FCFB8BE9846DD4405485A92AA3E50163 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\UI\bin\cltmngui.exe"
sh=790F9CCCF29480AE479152F5D16DAAA941CDF7B2 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AQ potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\settings.html"
sh=A2CF2D9375DE8386AB060334942A5A7BA2F468DD ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AW potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\bubble\bubble.html"
sh=FB4F640F4EE18BC321DA48BC6616638B3BA314B9 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AV potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\libs\main.js"
sh=FF2612163B7D9EA6341AF8B2A51A090FFC018313 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AX potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\protection\protection.html"
sh=B2F934F3AC058A33B715C55728C65805575BC048 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AS potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\protection\protection.js"
sh=AB8154EFC1D646D6DF6BFD09E5F2E2F7BEEF4535 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AO potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\settings\settings.html"
sh=E6551AC5EB4B8B4CCD0082FEB6A9106537E5DBAF ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AV potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\settings\settings.js"
sh=9F6299A3D85C02281B8B4186FCDB7CD132870712 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AN potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\uninstall\uninstall.html"
sh=5D8656212C8EADB7F140677C44EC3B9F9BCC74B5 ft=1 fh=0000000000000000 vn="a variant of Win32/Adware.Vitruvian.F application" ac=I fn="E:\SearchSnacks\Uninstall.exe"
08:23:06 Call m_esets_charon_send
08:23:06 Call m_esets_charon_destroy
08:23:08 Cleaning up
08:23:08 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner\Modules\
08:23:08 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner\OldModules\
08:23:08 DeleteEstsApi: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner
08:23:08 DeleteApiStgFile: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner
08:23:08 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner\Char_Cache\
08:37:03 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=332ea1dec2066d4da6dcfc5767d9fb70
# end=init
# utc_time=2017-02-07 13:37:02
# local_time=2017-02-07 08:37:02 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
08:37:05 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=332ea1dec2066d4da6dcfc5767d9fb70
# end=init
# utc_time=2017-02-07 13:37:05
# local_time=2017-02-07 08:37:05 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
08:37:37 Updating
08:37:37 Update Init
08:37:39 Update Download
08:41:10 esets_scanner_reload returned 0
08:41:10 g_uiModuleBuild: 32326
08:41:10 Update Finalize
08:41:10 Call m_esets_charon_send
08:41:10 Call m_esets_charon_destroy
08:41:10 Updated modules version: 32326
08:41:19 Call m_esets_charon_setup_create
08:41:19 Call m_esets_charon_create
08:41:19 m_esets_charon_create OK
08:41:19 Call m_esets_charon_start_send_thread
08:41:19 Call m_esets_charon_setup_set
08:41:19 m_esets_charon_setup_set OK
08:41:19 Scanner engine: 32326
12:07:17 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=332ea1dec2066d4da6dcfc5767d9fb70
# engine=32326
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-02-07 17:07:16
# local_time=2017-02-07 12:07:16 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 16896252 0 0
# scanned=2
# found=2
# cleaned=2
# scan_time=12364
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/GameHack.AMU potentially unsafe application (deleted)" ac=C fn="E:\Users\Jack\Downloads\Pentesting @MPGH_mpgh.net.rar"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="E:\Users\Jack\Downloads\spsetup128.exe"
12:07:33 Call m_esets_charon_send
12:07:33 Call m_esets_charon_destroy
19:09:44 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=
# end=init
# utc_time=2017-02-07 00:09:44
# local_time=2017-02-06 19:09:44 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
19:09:49 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=332ea1dec2066d4da6dcfc5767d9fb70
# end=init
# utc_time=2017-02-07 00:09:48
# local_time=2017-02-06 19:09:48 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
23:44:14 Updating
23:44:14 Update Init
23:44:15 Update Download
23:49:53 esets_scanner_reload returned 0
23:49:53 g_uiModuleBuild: 32322
23:49:53 Update Finalize
23:49:53 Call m_esets_charon_send
23:49:53 Call m_esets_charon_destroy
23:49:53 Updated modules version: 32322
23:50:01 Call m_esets_charon_setup_create
23:50:01 Call m_esets_charon_create
23:50:01 m_esets_charon_create OK
23:50:01 Call m_esets_charon_start_send_thread
23:50:01 Call m_esets_charon_setup_set
23:50:01 m_esets_charon_setup_set OK
23:50:01 Scanner engine: 32322
02:36:29 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=332ea1dec2066d4da6dcfc5767d9fb70
# engine=32322
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-02-07 07:36:28
# local_time=2017-02-07 02:36:28 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 16862004 0 0
# scanned=2
# found=38
# cleaned=0
# scan_time=9994
sh=878544929C980C898A0A844B3FDE9EE787E30FD5 ft=1 fh=0000000000000000 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir"
sh=708C194C46862DEB02B1D0CE967D8F207A30671B ft=1 fh=0000000000000000 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir"
sh=C79B8EBA62D34863C9904151FAFB63469868A4A9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\registry\reg_delhikqhphiqlpdaqercjukkpirqgwfi.reg"
sh=A46760A4184E246EA0782C2C7B94AC0165BA3B61 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.T potentially unwanted application" ac=I fn="C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\mvprdl61.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}\content\overlay.js"
sh=0FD586DE4FA694CF718FFA5B181E62B7E3EA27EF ft=1 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.BJ potentially unwanted application" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=D6A5DC7A4B717224CC176094F60D61086E4733DC ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\CltMngSvc.exe"
sh=0235B5E13704F2A1B3BC3D137D79ADDA89FE1B86 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPTool.dll"
sh=D03D626914970BCCD7E9D6D0AF04D8DDDD102D35 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1387229413664"
sh=D03D626914970BCCD7E9D6D0AF04D8DDDD102D35 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1387229413672"
sh=126B22D7B2FE0FC571E6D6D0098B0E0D053C0BCC ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1389809799084"
sh=126B22D7B2FE0FC571E6D6D0098B0E0D053C0BCC ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1389809799115"
sh=DF96804C0D2D07D7543728DF582C86ACD3BEF3CF ft=1 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1390858789018"
sh=DF96804C0D2D07D7543728DF582C86ACD3BEF3CF ft=1 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1390858789049"
sh=C8F8049916B0E5C1953670DB20F04E87791681F2 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391045497633"
sh=C8F8049916B0E5C1953670DB20F04E87791681F2 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391045497643"
sh=05C0A99ACE45CEFB680DF0D3D87C138A307D346A ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391396751387"
sh=05C0A99ACE45CEFB680DF0D3D87C138A307D346A ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391396751418"
sh=84926F876E19F3B43293BFFDF7CF00D227D62A60 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391461564737"
sh=84926F876E19F3B43293BFFDF7CF00D227D62A60 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\SPtool.dll_1391461564738"
sh=BB3752D2131C964718E918AEB456F2A20F9C3D56 ft=1 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AR potentially unwanted application" ac=I fn="E:\SearchProtect\Main\bin\uninstall.exe"
sh=D493FF871C74B06FB61AE00D09ADDC28B5422F80 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\cltmng.exe"
sh=4C5B9BDB2083C372DFF084BAEFE4A34E773C3335 ft=1 fh=0000000000000000 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPTool64.exe"
sh=8C20259C7435390185EA2E2CA9E0B8F06ADE36AB ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC32.dll"
sh=12B7DD7ED27BA706CC32A3EA2BDD2E4E16A22E11 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC32Loader.dll"
sh=A8FD5CC079776D4EF9EE4D5AE676F78BCFC1F296 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC32Loader.dll_1391396757223"
sh=E9B2A861C0FF46B15343AF49D2F6FD519E830527 ft=1 fh=0000000000000000 vn="a variant of Win64/Conduit.SearchProtect.D potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC64.dll"
sh=BEAF3026FE73CCDF7E3981D93E5207A0E5057BD2 ft=1 fh=0000000000000000 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC64Loader.dll"
sh=9319DC5016609291BFF613A6280F1EF0E46CE340 ft=1 fh=0000000000000000 vn="Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="E:\SearchProtect\SearchProtect\bin\SPVC64Loader.dll_1391396757232"
sh=7DC19763FCFB8BE9846DD4405485A92AA3E50163 ft=1 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="E:\SearchProtect\UI\bin\cltmngui.exe"
sh=790F9CCCF29480AE479152F5D16DAAA941CDF7B2 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AQ potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\settings.html"
sh=A2CF2D9375DE8386AB060334942A5A7BA2F468DD ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AW potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\bubble\bubble.html"
sh=FB4F640F4EE18BC321DA48BC6616638B3BA314B9 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AV potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\libs\main.js"
sh=FF2612163B7D9EA6341AF8B2A51A090FFC018313 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AX potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\protection\protection.html"
sh=B2F934F3AC058A33B715C55728C65805575BC048 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AS potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\protection\protection.js"
sh=AB8154EFC1D646D6DF6BFD09E5F2E2F7BEEF4535 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AO potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\settings\settings.html"
sh=E6551AC5EB4B8B4CCD0082FEB6A9106537E5DBAF ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AV potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\settings\settings.js"
sh=9F6299A3D85C02281B8B4186FCDB7CD132870712 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.AN potentially unwanted application" ac=I fn="E:\SearchProtect\UI\dialogs\uninstall\uninstall.html"
sh=5D8656212C8EADB7F140677C44EC3B9F9BCC74B5 ft=1 fh=0000000000000000 vn="a variant of Win32/Adware.Vitruvian.F application" ac=I fn="E:\SearchSnacks\Uninstall.exe"
08:23:06 Call m_esets_charon_send
08:23:06 Call m_esets_charon_destroy
08:23:08 Cleaning up
08:23:08 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner\Modules\
08:23:08 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner\OldModules\
08:23:08 DeleteEstsApi: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner
08:23:08 DeleteApiStgFile: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner
08:23:08 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Jack\AppData\Local\ESET\ESETOnlineScanner\Char_Cache\
08:37:03 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=332ea1dec2066d4da6dcfc5767d9fb70
# end=init
# utc_time=2017-02-07 13:37:02
# local_time=2017-02-07 08:37:02 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
08:37:05 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=332ea1dec2066d4da6dcfc5767d9fb70
# end=init
# utc_time=2017-02-07 13:37:05
# local_time=2017-02-07 08:37:05 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
08:37:37 Updating
08:37:37 Update Init
08:37:39 Update Download
08:41:10 esets_scanner_reload returned 0
08:41:10 g_uiModuleBuild: 32326
08:41:10 Update Finalize
08:41:10 Call m_esets_charon_send
08:41:10 Call m_esets_charon_destroy
08:41:10 Updated modules version: 32326
08:41:19 Call m_esets_charon_setup_create
08:41:19 Call m_esets_charon_create
08:41:19 m_esets_charon_create OK
08:41:19 Call m_esets_charon_start_send_thread
08:41:19 Call m_esets_charon_setup_set
08:41:19 m_esets_charon_setup_set OK
08:41:19 Scanner engine: 32326
12:07:17 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.14.0
# EOSSerial=332ea1dec2066d4da6dcfc5767d9fb70
# engine=32326
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-02-07 17:07:16
# local_time=2017-02-07 12:07:16 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 16896252 0 0
# scanned=2
# found=2
# cleaned=2
# scan_time=12364
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/GameHack.AMU potentially unsafe application (deleted)" ac=C fn="E:\Users\Jack\Downloads\Pentesting @MPGH_mpgh.net.rar"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="E:\Users\Jack\Downloads\spsetup128.exe"
12:07:33 Call m_esets_charon_send
12:07:33 Call m_esets_charon_destroy


Report •

#30
February 7, 2017 at 14:55:00
"The autotyping still seems to be going on"
Until I am really sure you are clean, I cannot address that problem

What is "E" drive please?
Is it a partition, thumb drive, spare backup drive or other?


Report •

#31
February 7, 2017 at 17:56:00
The E drive is my hard drive, while my C drive is my Local Disk. My E drive holds most of everything, if that helps.

Report •

#32
February 7, 2017 at 20:18:20
Thanks, I need to keep a picture of what is what in my head.

Next step.

Download Dr.Web CureIt and save it to your desktop.
http://www.softpedia.com/get/Antivi...
http://filehippo.com/download_dr_we...
http://www.freedrweb.com/cureit//?l...
DO NOT perform a scan yet.
Alternate download link
http://download.cnet.com/Dr-Web-Cur...
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer into "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:

Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version.
Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).
If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)

After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
Please be patient as this scan could take a long time to complete.
When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
Click Select All, then choose Cure > Move incurable.
In the top menu, click file and choose save report list.
Save the DrWeb.csv report to your desktop.
Exit Dr.Web Cureit when done.
Important! Reboot your computer into normal mode, because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

message edited by Johnw


Report •

#33
February 7, 2017 at 21:30:15
When I went in safe mode and attempted to use the program, I was prompted to update it because it was outdated. I used their link and downloaded the newest version. This may be why some of the steps weren't familiar.

"After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
Please be patient as this scan could take a long time to complete.
When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
Click Select All, then choose Cure > Move incurable.
In the top menu, click file and choose save report list.
Save the DrWeb.csv report to your desktop."

While navigating the program the above steps didn't make sense and didn't align with what the options on it were. I did end up with a log if it helps though:

http://www.filedropper.com/cureit


For now I'm going to bed, I'll continue tomorrow.


Report •

#34
February 8, 2017 at 01:31:08
"This may be why some of the steps weren't familiar"
I'd say so, authors are always changing their programs.

Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
Tool will create an report for you (C:\DelFix.txt)


Report •

#35
February 8, 2017 at 05:58:36
# DelFix v1.013 - Logfile created 08/02/2017 at 08:57:44
# Updated 17/04/2016 by Xplode
# Username : Jack - JACKSPC
# Operating System : Windows 10 Home (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


Report •

#36
February 8, 2017 at 07:21:32
Extract from your Addition log, showing out of date Java. Most people do not need Java, remove it altogther. If you run a program, it will soon let you know it needs Java. I always then look for another program that does the same job, that doesn't need Java.
"Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)"

I use this uninstaller.

Geek Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/GeekUn...
http://www.freewarefiles.com/screen...
http://www.geekuninstaller.com/
Just Double click on the program you want to uninstall. Wait for it to present the 2nd step.


Report •

#37
February 8, 2017 at 07:32:53
Okay, all updates of java are uninstalled now.

Report •

#38
February 8, 2017 at 15:27:38
"Now whenever I hit "8" on my keyboard, it crudely types this: "8 ball poo,l hackk"
Are you still getting this?

Report •

#39
February 8, 2017 at 15:32:48
Yes, it still continues to happen.

Report •

#40
February 8, 2017 at 15:59:11
I know it doesn't make sense, have you tried/borrowed another keyboard?

Report •

#41
February 8, 2017 at 16:15:30
Also you could try discharging the motherboard components. The procedure sounds a bit like trickery but at odd times data has got stuck there and it has done the trick:

Turn off the computer and disconnect the power cord. On a laptop you would also remove the main battery but I assume this is a PC. Next hold the Power Off/On button down for at least 20 seconds. At least it's quick to try.

Always pop back and let us know the outcome - thanks


Report •

#42
February 8, 2017 at 17:31:30
Okay so I tried using a different keyboard and when I press 8 it doesn't auto type anything. I can't believe I didn't try this before, so there must be something wrong with my keyboard. At least all the virus removal wasn't in vein because it seemed like I had a lot of them in the first place. Do you think I should reinstall the software for the keyboard, or any other suggestions?

Report •

#43
February 8, 2017 at 17:34:12
Update: I just found that the software for the keyboard was tampered with and the 8 key was modified to type the aforementioned message out. It's all fixed now, all I had to do was use the keyboard software to set it back to its standard key function. Thanks so much for your continued help with clearing a lot of viruses out!

message edited by Potatocouch


Report •

#44
February 8, 2017 at 17:46:35
Beautiful, I figured it was down to the keyboard. That alteration was probably caused by the infections.

Here is how a USER got the problems, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

Or, Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample/Example pages.
http://www.softpedia.com/get/Multim...
http://fs5.directupload.net/images/...
Users are advised to pay attention while installing this ad-supported application:
· Offers to download or install software or components (Facemoods toolbar) that the program does not require to fully function
· Offers to change the homepage for web browsers installed in the system.
SS of above.
http://fs5.directupload.net/images/...

message edited by Johnw


Report •

#45
February 8, 2017 at 17:46:41
You did well to unearth the reason - thanks for letting us know.

Always pop back and let us know the outcome - thanks


Report •

Ask Question