Page 2 of 5 FirstFirst 12345 LastLast
Results 11 to 20 of 49

Thread: A log for inspection

  1. #11
    Member
    Join Date
    Sep 2013
    Posts
    50

    Default

    Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
    Ran by Fraser Ross (11-11-2016 12:39:26) Run:1
    Running from C:\Users\Fraser Ross\Desktop
    Loaded Profiles: Fraser Ross (Available Profiles: Fraser Ross)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO)
    C:\WINDOWS\System32\DRIVERS\kl1.sys
    S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-11-03] (Kaspersky Lab)
    C:\WINDOWS\System32\DRIVERS\klelam.sys
    R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab)
    C:\WINDOWS\system32\DRIVERS\klflt.sys
    R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [413008 2016-08-01] (AO Kaspersky Lab)
    R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab)
    ProxyServer: [S-1-5-21-3240783315-1213011343-4006949943-1000] => localhost:21320
    Toolbar: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    GroupPolicy: Restriction <======= ATTENTION
    GroupPolicyScripts: Restriction <======= ATTENTION
    GroupPolicyScripts\User: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
    U3 aspnet_state; no ImagePath
    U3 idsvc; no ImagePath
    Task: {0446197A-0B7A-4D11-BFEC-89B876792820} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {377C4ED5-B272-4657-939B-CBA97F5887EF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {47E9A61D-A100-4FCC-A76F-61C5AAAC12BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-3xd -> No File <==== ATTENTION
    Task: {7CB35667-A61D-40E7-BDF4-0DB532A18327} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {9C013B01-5D9E-4C9B-A0ED-6EFEEF07F9DD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {9F46620C-3403-44C7-8E1C-E09133BD2476} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {B0C1C488-F8B6-4260-B522-36FDB60D97A9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {B6FE9F2A-ACA5-4ECC-B625-9DBB32EDD93C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {D88F3FB4-A089-422A-B189-5C10B64AC68D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {E8EC5650-8483-4716-9C6B-BE1F14AC5371} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {ECAF5FA7-1443-4275-BD1E-A1401949D6B1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {F40D6D82-F477-4957-AB54-77FC67BACCD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:3C57BFC0 [121]
    AlternateDataStreams: C:\ProgramData\TEMP:6EEE61F0 [121]
    AlternateDataStreams: C:\ProgramData\TEMP:753C01E7 [143]
    AlternateDataStreams: C:\ProgramData\TEMP:9E00596C [264]
    HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
    EmptyTemp:
    End
    *****************

    Error: (0) Failed to create a restore point.
    Processes closed successfully.
    KL1 => Unable to stop service.
    KL1 => service removed successfully
    C:\WINDOWS\System32\DRIVERS\kl1.sys => moved successfully
    klelam => service removed successfully
    C:\WINDOWS\System32\DRIVERS\klelam.sys => moved successfully
    klflt => Unable to stop service.
    klflt => service removed successfully
    C:\WINDOWS\system32\DRIVERS\klflt.sys => moved successfully
    klhk => Unable to stop service.
    klhk => service removed successfully
    KLIF => Unable to stop service.
    KLIF => service could not remove
    HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
    HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value removed successfully
    HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => key not found.
    C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    "C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
    C:\WINDOWS\system32\GroupPolicy\User => moved successfully
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} => value removed successfully
    aspnet_state => service removed successfully
    idsvc => service removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0446197A-0B7A-4D11-BFEC-89B876792820}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0446197A-0B7A-4D11-BFEC-89B876792820}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{377C4ED5-B272-4657-939B-CBA97F5887EF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{377C4ED5-B272-4657-939B-CBA97F5887EF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47E9A61D-A100-4FCC-A76F-61C5AAAC12BC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E9A61D-A100-4FCC-A76F-61C5AAAC12BC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-3xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CB35667-A61D-40E7-BDF4-0DB532A18327}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CB35667-A61D-40E7-BDF4-0DB532A18327}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C013B01-5D9E-4C9B-A0ED-6EFEEF07F9DD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C013B01-5D9E-4C9B-A0ED-6EFEEF07F9DD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F46620C-3403-44C7-8E1C-E09133BD2476}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F46620C-3403-44C7-8E1C-E09133BD2476}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0C1C488-F8B6-4260-B522-36FDB60D97A9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0C1C488-F8B6-4260-B522-36FDB60D97A9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6FE9F2A-ACA5-4ECC-B625-9DBB32EDD93C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6FE9F2A-ACA5-4ECC-B625-9DBB32EDD93C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D88F3FB4-A089-422A-B189-5C10B64AC68D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D88F3FB4-A089-422A-B189-5C10B64AC68D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8EC5650-8483-4716-9C6B-BE1F14AC5371}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8EC5650-8483-4716-9C6B-BE1F14AC5371}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECAF5FA7-1443-4275-BD1E-A1401949D6B1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECAF5FA7-1443-4275-BD1E-A1401949D6B1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F40D6D82-F477-4957-AB54-77FC67BACCD1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F40D6D82-F477-4957-AB54-77FC67BACCD1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    C:\ProgramData\TEMP => ":3C57BFC0" ADS removed successfully.
    C:\ProgramData\TEMP => ":6EEE61F0" ADS removed successfully.
    C:\ProgramData\TEMP => ":753C01E7" ADS removed successfully.
    C:\ProgramData\TEMP => ":9E00596C" ADS removed successfully.
    "HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\exefile" => key removed successfully
    "HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\.exe" => key removed successfully

    =========== EmptyTemp: ==========

    BITS transfer queue => 0 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 63000482 B
    Java, Flash, Steam htmlcache => 506 B
    Windows/system/drivers => 2313 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 8732335 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 24791225 B
    NetworkService => 792 B
    Fraser Ross => 18922741 B

    RecycleBin => 0 B
    EmptyTemp: => 110.1 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 12:39:58 ====

  2. #12
    Member
    Join Date
    Sep 2013
    Posts
    50

    Default

    # AdwCleaner v6.030 - Logfile created 11/11/2016 at 13:22:17
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-10-18.1 [Local]
    # Operating System : Windows 10 Pro (X64)
    # Username : Fraser Ross - FROSSDESKTOP
    # Running from : C:\Users\Fraser Ross\Downloads\adwcleaner_6.030.exe
    # Mode: Clean
    # Support : hxxps://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\Fraser Ross\AppData\Local\PackageAware
    [-] Folder deleted: C:\Users\Fraser Ross\AppData\LocalLow\Check Point Software Technologies LTD
    [-] Folder deleted: C:\Users\Fraser Ross\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
    [!] Folder not deleted: C:\Users\Fraser Ross\Favorites\Birds


    ***** [ Files ] *****

    [-] File deleted: C:\END


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****

    [!] Shortcut not disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Mount Image.lnk


    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
    [-] Key deleted: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\APN PIP
    [-] Key deleted: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\eSupport.com
    [-] Key deleted: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Headlight
    [#] Key deleted on reboot: HKCU\Software\APN PIP
    [#] Key deleted on reboot: HKCU\Software\eSupport.com
    [#] Key deleted on reboot: HKCU\Software\Headlight
    [-] Key deleted: HKLM\SOFTWARE\PIP
    [-] Key deleted: HKLM\SOFTWARE\SupDp
    [#] Key deleted on reboot: HKLM\SOFTWARE\SUPDP
    [#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
    [#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Headlight
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
    [-] Key deleted: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F2872BFE-A208-4FD9-B4AC-B57C0068ABC9}
    [-] Data restored: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F2872BFE-A208-4FD9-B4AC-B57C0068ABC9}
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F2872BFE-A208-4FD9-B4AC-B57C0068ABC9}
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Value deleted: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtection]
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    [-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
    [-] Key deleted: HKLM\SOFTWARE\Classes\c


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [5234 Bytes] - [11/11/2016 13:22:17]
    C:\AdwCleaner\AdwCleaner[S0].txt - [5074 Bytes] - [08/11/2016 10:43:54]
    C:\AdwCleaner\AdwCleaner[S1].txt - [5147 Bytes] - [11/11/2016 13:16:13]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5453 Bytes] ##########



    I am now getting pages that were previously blocked. I have not tested much yet.

  3. #13
    Member
    Join Date
    Sep 2013
    Posts
    50

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.9 (09.30.2016)
    Operating System: Windows 10 Pro x64
    Ran by Fraser Ross (Administrator) on 11/11/2016 at 14:06:44.67
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 20

    Successfully deleted: C:\ProgramData\1386185953.bdinstall.bin (File)
    Successfully deleted: C:\ProgramData\1387387460.bdinstall.bin (File)
    Successfully deleted: C:\ProgramData\1387387463.bdinstall.bin (File)
    Successfully deleted: C:\ProgramData\1389869065.1444.bin (File)
    Successfully deleted: C:\ProgramData\1389869065.2208.bin (File)
    Successfully deleted: C:\ProgramData\1389869065.2940.bin (File)
    Successfully deleted: C:\ProgramData\1389869065.4112.bin (File)
    Successfully deleted: C:\ProgramData\1389869065.5048.bin (File)
    Successfully deleted: C:\ProgramData\1389869065.5176.bin (File)
    Successfully deleted: C:\ProgramData\1389869065.5388.bin (File)
    Successfully deleted: C:\ProgramData\1389869065.5684.bin (File)
    Successfully deleted: C:\ProgramData\1389869410.bdinstall.bin (File)
    Successfully deleted: C:\ProgramData\1389869441.bdinstall.bin (File)
    Successfully deleted: C:\Users\Fraser Ross\AppData\Roaming\Mozilla\Firefox\Profiles\k0ntdoc1.default\searchplugins\zonealarm.xml (File)
    Successfully deleted: C:\WINDOWS\wininit.ini (File)
    Successfully deleted: C:\WINDOWS\prefetch\DRIVERCTRL.EXE-247CF562.pf (File)
    Successfully deleted: C:\WINDOWS\SysWOW64\RENB33C.tmp (File)
    Successfully deleted: C:\WINDOWS\SysWOW64\RENB33D.tmp (File)
    Successfully deleted: C:\WINDOWS\SysWOW64\RENC411.tmp (File)
    Successfully deleted: C:\WINDOWS\SysWOW64\RENC412.tmp (File)

    Deleted the following from C:\Users\Fraser Ross\AppData\Roaming\Mozilla\Firefox\Profiles\k0ntdoc1.default\prefs.js
    user_pref(extensions.zonealarm.kw_url, hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=13794224973f475f8661ba115960bb71&tu=10G9z00H02D33N0&sku=&tstsId=&ver=&&
    user_pref(extensions.zonealarm.tlbrSrchUrl, hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=13794224973f475f8661ba115960bb71&tu=10G9z00H02D33N0&sku=&ts



    Registry: 1

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F2872BFE-A208-4FD9-B4AC-B57C0068ABC9} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 11/11/2016 at 15:07:15.38
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    I will reboot now. Do you have any more suggestions?

  4. #14
    Member
    Join Date
    Sep 2013
    Posts
    50

    Default

    After rebooting I can't access the same sites again.

  5. #15
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    let's try another scan with MalwareBytes.
    Last edited by Juliet; 2016-11-11 at 21:58.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #16
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Can you temporarily disable ZoneAlarm firewall to see if it's the firewall?

    Check if your Internet security software (including firewalls, antivirus programs, anti-spyware programs, and more) is blocking the connection to the Internet.
    http://download.zonealarm.com/bin/in...nter/91591.htm

    Turning the Antivirus and Anti-Spyware ON or OFF

    After you install the ZoneAlarm Free Antivirus + Firewall, the Antivirus & Anti-spyware engine is ON by default.

    To turn Antivirus and Anti-Spyware OFF or ON:

    Open the ZoneAlarm Free Antivirus + Firewall security software client.
    Click inside the ANTIVIRUS panel.

    The ANTIVIRUS tab opens.
    Move the ON/OFF slider to either ON or OFF position.

    If the Antivirus & Anti-Spyware engine is ON, the Real-time Protection field in the ANTIVIRUS tab shows Enabled, and the main status bar shows that YOUR COMPUTER IS SECURE.

    If the Antivirus & Anti-spyware engine is OFF, the Real-time Protection field in the ANTIVIRUS tab shows Disabled. The main status bar gives the warning that YOUR COMPUTER IS AT RISK and shows the Fix Now! button. If you click the Fix Now! button, the Antivirus engine turns back ON.

    http://www.ehow.com/how_5089600_disable-zone-alarm.html

    Now try to open a browser and go to a site of choice?

    ~~~

    Let's see if we can get Malwarebytes Anti-Malware to update and run a fresh scan

    • Open Malwarebytes Anti-Malware
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
    • Upon completion of the scan (or after the reboot), click the History tab.
    • Click Application Logs, followed by the first Scan Log.
    • Click Export,followed by Copy to Clipboard. Paste the log in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #17
    Member
    Join Date
    Sep 2013
    Posts
    50

    Default

    Malwarebytes has found nothing. I haven't tried the other suggestions yet.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/11/2016
    Scan Time: 20:02
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.11.11.08
    Rootkit Database: v2016.10.31.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Fraser Ross

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 344920
    Time Elapsed: 13 min, 12 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  8. #18
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    temporarily try to disable ZoneAlarm firewall
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #19
    Member
    Join Date
    Sep 2013
    Posts
    50

    Default

    I have disabled everything and it makes no difference.

  10. #20
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    OK

    Let's see what policies are remaining.

    Please run a new Farbar Recovery Scan
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •