Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC acting Srange, Virus software stopped wokring

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PC acting Srange, Virus software stopped wokring

Unread postby paulkerlin » March 18th, 2017, 12:48 am

Hi Guys

Last week or so McAfee virus wont work and malware bytes has stopped working, suspect i have a nasty. I have installed fresh Norton virus protection which seems to be working but still suspect i have a nasty hiding in there somewhere.

Appreciate any help you can provide

Logs as requested are attached.
You do not have the required permissions to view the files attached to this post.
paulkerlin
Active Member
 
Posts: 12
Joined: March 16th, 2017, 3:45 am
Advertisement
Register to Remove

Re: PC acting Srange, Virus software stopped wokring

Unread postby mAL_rEm018 » March 24th, 2017, 12:08 pm

Hello paulkerlin,

My apologies for the delay in getting to your topic. Please follow the instructions below to post a fresh set of FRST logs..

  • Right-click on FRST64.exe and select Run as administrator.
  • The tool might update, please allow it to do so.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.

If you don't require help anymore, I would be very grateful if you could let me know.
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2222
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: PC acting Srange, Virus software stopped wokring

Unread postby paulkerlin » March 24th, 2017, 6:55 pm

Hi Mal

Thanks for you help.

I have managed to get Norton running again but it keeps telling me that there is a large amount of outgoing data, Norton also wouldn't allow me to run Frst, so I disabled it and ran the scan.

The whole computer is running super slow.

Logs are attached as too pig to post in the text screen.

Paul
You do not have the required permissions to view the files attached to this post.
paulkerlin
Active Member
 
Posts: 12
Joined: March 16th, 2017, 3:45 am

Re: PC acting Srange, Virus software stopped wokring

Unread postby mAL_rEm018 » March 25th, 2017, 7:10 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hi Paul,

Welcome to Malware Removal! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

Thank you for providing the requested logs. While I review them please read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2222
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: PC acting Srange, Virus software stopped wokring

Unread postby mAL_rEm018 » March 25th, 2017, 8:28 am

Hi Paul,

I don't see any obvious signs of malware on your computer. Some of your issues might be related to the following:
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)

Malwarebytes recently released Malwarebytes 3.0 and they are still working out some issues with the software. Since you are running an outdated version of the program (the current version is 3.0.6.1469), it might be worth it to install the latest version and see if that resolves some issues you are experiencing. For now I would like you to run a few more scans and we will deal with this later.

paulkerlin wrote:Norton also wouldn't allow me to run Frst, so I disabled it and ran the scan

Don't forget to re-enable Norton.


Now, let's get to work! :)


Backup your registry using TCRB
  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Next..

Adwcleaner
  • Please download AdwCleaner to your Desktop.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open. Please copy/paste the contents in your next reply.
    Note: do not select Clean at this point

I would like you to run a search using FRST..
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... SearchReg.txt
    • Please post it in your next reply.



-----------------------------------------
In your next reply, I would like to see..
  • Did you have trouble with any of the steps?
  • Adwcleaner report
  • SearchReg.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2222
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: PC acting Srange, Virus software stopped wokring

Unread postby paulkerlin » March 25th, 2017, 4:49 pm

Hi mAL

No problems with any of the steps, one minor thing is the auto download of those requested programs did not work on any occasion, i had to click the link on the page to force the download ? May be nothing.

Adwcleaner report

# AdwCleaner v6.044 - Logfile created 26/03/2017 at 07:27:55
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-23.2 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Paul - LAPTOP-7T4HQVTJ
# Running from : C:\Users\Paul\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\Users\Paul\AppData\Roaming\RPEng
Folder Found: C:\Program Files (x86)\Common Files\freemake shared


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found: YCMServiceAgent


***** [ Registry ] *****

Value Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Application Restart #1]
Value Found: [x64] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Application Restart #1]
Key Found: HKCU\Software\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe
Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe
Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hegneaniplmfjcmohoclabblbahcbjoe

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1585 Bytes] - [26/03/2017 07:27:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1658 Bytes] ##########
paulkerlin
Active Member
 
Posts: 12
Joined: March 16th, 2017, 3:45 am

Re: PC acting Srange, Virus software stopped wokring

Unread postby paulkerlin » March 25th, 2017, 4:50 pm

Search Reg report

Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Paul (26-03-2017 07:46:00)
Running from C:\Users\Paul\Downloads
Boot Mode: Normal

================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer" ===========


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
""="ISearchQueryHelperPriv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
""="ISearchQueryHelperPriv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{615fc327-6c24-3903-8924-56da8afac6c4}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{115a3a97-e966-3afe-afea-22cab2a44770}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{97579f51-e639-3023-a9d7-b73803c0c6f7}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Trolltech]

[HKEY_USERS\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

====== End of Search ======
paulkerlin
Active Member
 
Posts: 12
Joined: March 16th, 2017, 3:45 am

Re: PC acting Srange, Virus software stopped wokring

Unread postby mAL_rEm018 » March 26th, 2017, 4:40 pm

Hi Paul,

paulkerlin wrote:one minor thing is the auto download of those requested programs did not work on any occasion, i had to click the link on the page to force the download ? May be nothing.

I'm not sure why you don't get an automatic prompt to download the programs. Which browser are you using to access the links?

CHR StartupUrls: Default -> "hxxp://www.nine.com.au/","hxxp://www.firstshowing.net/","hxxp://www.firstshowing.net/category/starwars/","hxxp://screenrant.com/","hxxp://movieweb.com/","hxxp://www.latino-review.com/","hxxp://makingstarwars.net/","hxxp://www.supercars.com/","hxxps://extratorrent.cc/","hxxps://www.iptorrents.com/indexipt.php"

Please remove the two sites (in red) from your Chrome Startups. By accessing torrent websites and using Peer-to-peer software you are inviting malware onto your computer. If you don't know how to remove them, let me know and I will provide you with instructions for doing so.


PUP (Potentially Unwanted Programs)
Freemake Video Converter version 4.1.9

Potentially Unwanted Programs (PUP) are software that have unpredictable behaviour and/or might have been installed on your computer without your direct consent. You might have installed them willingly, in which case feel free to keep them. However, if you did not I advise you to remove them by following the instructions below.


  • Please open the Start menu.
  • Click on Settings and then System.
  • Select Apps & Features.
  • Locate and click on the following programs:
      Freemake Video Converter version 4.1.9
  • Select uninstall.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
    Note: you can only remove one program at a time.

FF DefaultSearchEngine: Mozilla\Firefox\Profiles\57as3prd.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\57as3prd.default -> Yahoo!
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=994519&fr=yo-yhp-ch

Yahoo! is also considered a PUP. If you didn't intentionally add it to your Search Engine and Homepage, please let me know and I will remove it in my next fix.


Please run the following fix..

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
CreateRestorePoint:

HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-03-02] (The NWJS Community)
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-03-02] (The NWJS Community)
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\RunOnce: [Uninstall 17.3.6743.1212\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64"
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\RunOnce: [Uninstall 17.3.6743.1212] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6743.1212"
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\MountPoints2: {dfa99326-ea9b-11e6-b938-681401707138} - "F:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
CHR HKU\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
S3 aswHdsKe; \??\C:\windows\system32\drivers\aswHdsKe.sys [X]
2017-03-16 20:11 - 2016-07-01 07:50 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-16 19:39 - 2016-06-16 12:33 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Azureus
2017-03-11 08:51 - 2016-09-29 06:23 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1467322114
2016-10-16 10:50 - 2017-03-14 18:03 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel1.exe
2016-12-18 19:49 - 2017-03-14 18:03 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel2.exe
2017-02-19 17:14 - 2017-03-14 18:03 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel3.exe
2017-03-05 18:57 - 2017-03-05 18:57 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel4.exe
2017-03-05 18:57 - 2017-03-05 18:57 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel5.exe
Task: {5B38D836-A0CB-463F-B991-B50A83765F0A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe 
Task: {5FAD51CE-A687-4BA5-B8A0-2D54CFB43938} - System32\Tasks\SafeZone scheduled Autoupdate 1467322114 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
AlternateDataStreams: C:\Users\Paul\Documents\Calvery Refund.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Paul\Documents\Calvery Refund.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [UDP Query User{C9A1486A-AAF3-4FA4-AE63-8C0311224E26}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{B8024B75-92A4-48BD-8920-05CE0277072C}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{B358048D-C531-4EBA-A00B-EBC1FA2982C8}C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe] => (Allow) C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe
FirewallRules: [TCP Query User{388EC3DF-39D5-489A-AE8D-5F278FE8713E}C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe] => (Allow) C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe
FirewallRules: [{CB4A51BB-098D-470E-BC4C-B68B8D344C02}] => (Allow) C:\Users\Paul\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{2C44403D-1157-4B2A-88E8-D91D2BB1DE59}] => (Allow) C:\Users\Paul\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{9F37AE45-1C13-43C0-8A8B-96E86112B21D}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{DCD3950B-5024-4301-BC82-78A080FB3E18}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{C033B4F5-6C63-4371-9690-A72F5D14AA40}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
C:\Users\Paul\AppData\Roaming\RPEng

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Trolltech]

EmptyTemp:
Hosts:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


Let's do an online scan to make sure we didn't miss anything..

Please disable your Antivirus as shown in the following topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Close all opened programs, open your browser and go to the following link: ESET Online Scanner.
  • Click on the SCAN NOW button under ESET Online Scanner.
    • Depending on which browser you are using, you might be prompted to download an executable file.
    • Please save it to your desktop.
    • Right-click on esetonlinescanner_enu.exe and select Run as administrator.
    • If you agree to the Terms of use, select Accept to continue.
  • Please check the following option:
    • Enable detection of potentially unwanted applications
  • Select Advanced settings and ensure that the following options are checked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Make sure that the following option is NOT checked: => Very important!
    • Clean threats automatically
  • Click Scan and the process will now begin. Please do not use your computer while the scan is running.
  • Once the scan is completed, click Copy to clipboard.
  • Open the Start menu and type notepad.exe in the search programs and files box.
  • Press Enter. A blank Notepad page should open, paste the contents inside the window.
  • Save the file as ESETScan.txt.
  • Please copy/paste the contents of ESETScan.txt in your next reply.
  • You can now safely close the program.
    Do not forget to re-activate your Antivirus at this point.

How is your computer behaving?


-----------------------------------------
In your next reply, I would like to see..
  • Did you have trouble with any of the steps?
  • fixlog.txt
  • ESETScan.txt
  • Update on your computer's behaviour
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2222
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: PC acting Srange, Virus software stopped wokring

Unread postby paulkerlin » March 27th, 2017, 4:27 pm

Hi mAl

I'm not sure why you don't get an automatic prompt to download the programs. Which browser are you using to access the links?

I am using chrome

Please remove the two sites (in red) from your Chrome Startups. By accessing torrent websites and using Peer-to-peer software you are inviting malware onto your computer. If you don't know how to remove them, let me know and I will provide you with instructions for doing so.

I believe I have completed this - if you would like to double check.

PUP (Potentially Unwanted Programs)

Freemake Video Converter version 4.1.9 has been removed.

I don't recall installing nor do i use Yahoo, so happy to remove this also.

Here is the fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Paul (27-03-2017 19:38:13) Run:1
Running from C:\Users\Paul\Downloads
Loaded Profiles: Paul (Available Profiles: Paul)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Code: Select all
CreateRestorePoint:

HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-03-02] (The NWJS Community)
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-03-02] (The NWJS Community)
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\RunOnce: [Uninstall 17.3.6743.1212\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64"
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\RunOnce: [Uninstall 17.3.6743.1212] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6743.1212"
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\MountPoints2: {dfa99326-ea9b-11e6-b938-681401707138} - "F:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
CHR HKU\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
S3 aswHdsKe; \??\C:\windows\system32\drivers\aswHdsKe.sys [X]
2017-03-16 20:11 - 2016-07-01 07:50 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-16 19:39 - 2016-06-16 12:33 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Azureus
2017-03-11 08:51 - 2016-09-29 06:23 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1467322114
2016-10-16 10:50 - 2017-03-14 18:03 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel1.exe
2016-12-18 19:49 - 2017-03-14 18:03 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel2.exe
2017-02-19 17:14 - 2017-03-14 18:03 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel3.exe
2017-03-05 18:57 - 2017-03-05 18:57 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel4.exe
2017-03-05 18:57 - 2017-03-05 18:57 - 0079904 _____ () C:\Users\Paul\AppData\Local\Temp\i4jdel5.exe
Task: {5B38D836-A0CB-463F-B991-B50A83765F0A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5FAD51CE-A687-4BA5-B8A0-2D54CFB43938} - System32\Tasks\SafeZone scheduled Autoupdate 1467322114 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
AlternateDataStreams: C:\Users\Paul\Documents\Calvery Refund.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Paul\Documents\Calvery Refund.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [UDP Query User{C9A1486A-AAF3-4FA4-AE63-8C0311224E26}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{B8024B75-92A4-48BD-8920-05CE0277072C}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{B358048D-C531-4EBA-A00B-EBC1FA2982C8}C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe] => (Allow) C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe
FirewallRules: [TCP Query User{388EC3DF-39D5-489A-AE8D-5F278FE8713E}C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe] => (Allow) C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe
FirewallRules: [{CB4A51BB-098D-470E-BC4C-B68B8D344C02}] => (Allow) C:\Users\Paul\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{2C44403D-1157-4B2A-88E8-D91D2BB1DE59}] => (Allow) C:\Users\Paul\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{9F37AE45-1C13-43C0-8A8B-96E86112B21D}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{DCD3950B-5024-4301-BC82-78A080FB3E18}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{C033B4F5-6C63-4371-9690-A72F5D14AA40}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
C:\Users\Paul\AppData\Roaming\RPEng

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Trolltech]

EmptyTemp:
Hosts:
*****************

Code: Select all => Error: No automatic fix found for this entry.
Restore point was successfully created.
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2 => value removed successfully
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => value removed successfully
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 17.3.6743.1212\amd64 => value not found.
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 17.3.6743.1212 => value not found.
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfa99326-ea9b-11e6-b938-681401707138} => key removed successfully
HKCR\CLSID\{dfa99326-ea9b-11e6-b938-681401707138} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe => key removed successfully
HKLM\System\CurrentControlSet\Services\aswHdsKe => key removed successfully
aswHdsKe => service removed successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Users\Paul\AppData\Roaming\Azureus => moved successfully
C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1467322114 => moved successfully
C:\Users\Paul\AppData\Local\Temp\i4jdel1.exe => moved successfully
C:\Users\Paul\AppData\Local\Temp\i4jdel2.exe => moved successfully
C:\Users\Paul\AppData\Local\Temp\i4jdel3.exe => moved successfully
C:\Users\Paul\AppData\Local\Temp\i4jdel4.exe => moved successfully
C:\Users\Paul\AppData\Local\Temp\i4jdel5.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5B38D836-A0CB-463F-B991-B50A83765F0A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B38D836-A0CB-463F-B991-B50A83765F0A} => key removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5FAD51CE-A687-4BA5-B8A0-2D54CFB43938} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FAD51CE-A687-4BA5-B8A0-2D54CFB43938} => key removed successfully
C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1467322114 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SafeZone scheduled Autoupdate 1467322114 => key removed successfully
C:\Users\Paul\Documents\Calvery Refund.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Paul\Documents\Calvery Refund.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C9A1486A-AAF3-4FA4-AE63-8C0311224E26}C:\program files\vuze\azureus.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B8024B75-92A4-48BD-8920-05CE0277072C}C:\program files\vuze\azureus.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B358048D-C531-4EBA-A00B-EBC1FA2982C8}C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{388EC3DF-39D5-489A-AE8D-5F278FE8713E}C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB4A51BB-098D-470E-BC4C-B68B8D344C02} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C44403D-1157-4B2A-88E8-D91D2BB1DE59} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9F37AE45-1C13-43C0-8A8B-96E86112B21D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DCD3950B-5024-4301-BC82-78A080FB3E18} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C033B4F5-6C63-4371-9690-A72F5D14AA40} => value removed successfully
C:\Users\Paul\AppData\Roaming\RPEng => moved successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_USERS\S-1-5-21-853519024-3654194281-2201712828-1001\SOFTWARE\Trolltech => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 1946775 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 416328392 B
Java, Flash, Steam htmlcache => 610 B
Windows/system/drivers => 60995909 B
Edge => 482309 B
Chrome => 992797100 B
Firefox => 374002251 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 60272 B
NetworkService => 11122 B
Paul => 928944568 B

RecycleBin => 0 B
EmptyTemp: => 2.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:45:44 ====

With the ESET Scan - I have completed it - however it did not give me a copy to clipboard option. I have attached a screenshot of the competed scan.

The rest of the computer seems to be operating normally again - I have not had any issues with the software.
You do not have the required permissions to view the files attached to this post.
paulkerlin
Active Member
 
Posts: 12
Joined: March 16th, 2017, 3:45 am

Re: PC acting Srange, Virus software stopped wokring

Unread postby mAL_rEm018 » March 28th, 2017, 5:00 am

Hi Paul,

paulkerlin wrote:The rest of the computer seems to be operating normally again - I have not had any issues with the software.

That's good! We still have a little more work to do, so please stick with this topic until I give you the "all clear".

I would like to see a fresh FRST log..

  • Right-click on FRST64.exe and select Run as administrator.
  • The tool might update, please allow it to do so.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2222
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: PC acting Srange, Virus software stopped wokring

Unread postby paulkerlin » March 28th, 2017, 5:07 am

Here are the logs
You do not have the required permissions to view the files attached to this post.
paulkerlin
Active Member
 
Posts: 12
Joined: March 16th, 2017, 3:45 am

Re: PC acting Srange, Virus software stopped wokring

Unread postby mAL_rEm018 » March 28th, 2017, 5:10 pm

Hi Paul,

FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

...

Windows Firewall is enabled.

You have two firewalls enabled. Please follow the instruction outlined in the following link to disable the Windows Firewall : Turn Windows Firewall on or off

fixlist content:
*****************
Code: Select all

Before I ask you to run another fix, I would just like to mention that you should not copy/paste Code: Select all into the fix. Instead you should click on Select all to select the text and then copy/paste into Notepad.

Next..

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\57as3prd.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\57as3prd.default -> Yahoo!
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=994519&fr=yo-yhp-ch
2017-03-27 19:39 - 2017-01-28 07:19 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-03-27 17:12 - 2016-12-28 15:11 - 00000000 ____D C:\ProgramData\Freemake

CreateRestorePoint:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


Please let me know how your computer is behaving. If all is well, then I will provide you with my all clean speech.



-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problem while following the instructions?
  • fixlog.txt
  • Update on your computer's performance.
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2222
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: PC acting Srange, Virus software stopped wokring

Unread postby paulkerlin » March 29th, 2017, 3:48 am

Hi mAL

OK - followed the instructions for stopping one firewall - but it wont let me, says its being controlled by Norton ? See screen shot attached.

Here is fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Paul (29-03-2017 18:00:20) Run:2
Running from C:\Users\Paul\Downloads
Loaded Profiles: Paul (Available Profiles: Paul)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\57as3prd.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\57as3prd.default -> Yahoo!
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=994519&fr=yo-yhp-ch
2017-03-27 19:39 - 2017-01-28 07:19 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-03-27 17:12 - 2016-12-28 15:11 - 00000000 ____D C:\ProgramData\Freemake

CreateRestorePoint:
*****************

Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
Chrome HomePage => removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software => moved successfully
C:\ProgramData\Freemake => moved successfully
Restore point was successfully created.

==== End of Fixlog 18:01:53 ====

Computer seems to be running just fine again
paulkerlin
Active Member
 
Posts: 12
Joined: March 16th, 2017, 3:45 am

Re: PC acting Srange, Virus software stopped wokring

Unread postby paulkerlin » March 29th, 2017, 3:49 am

Hi mAL

OK - followed the instructions for stopping one firewall - but it wont let me, says its being controlled by Norton ? See screen shot attached.

Here is fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Paul (29-03-2017 18:00:20) Run:2
Running from C:\Users\Paul\Downloads
Loaded Profiles: Paul (Available Profiles: Paul)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\57as3prd.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\57as3prd.default -> Yahoo!
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=994519&fr=yo-yhp-ch
2017-03-27 19:39 - 2017-01-28 07:19 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-03-27 17:12 - 2016-12-28 15:11 - 00000000 ____D C:\ProgramData\Freemake

CreateRestorePoint:
*****************

Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
Chrome HomePage => removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software => moved successfully
C:\ProgramData\Freemake => moved successfully
Restore point was successfully created.

==== End of Fixlog 18:01:53 ====

Computer seems to be running just fine again
You do not have the required permissions to view the files attached to this post.
paulkerlin
Active Member
 
Posts: 12
Joined: March 16th, 2017, 3:45 am

Re: PC acting Srange, Virus software stopped wokring

Unread postby mAL_rEm018 » March 29th, 2017, 8:50 am

Hi Paul,

paulkerlin wrote:followed the instructions for stopping one firewall - but it wont let me, says its being controlled by Norton ? See screen shot attached.

Let's try the following fix..

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
cmd: netsh advfirewall set domainprofile state off

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log



-----------------------------------------
In your next reply, I would like to see..
  • fixlog.txt
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2222
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 85 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware