elu5ive

Members

View Profile See their activity

Posts
4
Joined
August 17, 2016
Last visited
August 19, 2016

Reputation

0 Neutral

Malware Bytes Runetime Error (at 110:137): Could not call proc.

elu5ive replied to elu5ive's topic in Resolved Malware Removal Logs

Hi Kevin, All done, the only thing that remained of shopperz was a registry entry which was removed. Thanks for the help, will be recommending Malware Bytes and this forum to anyone with virus problems! Cheers, Pete
Malware Bytes Runetime Error (at 110:137): Could not call proc.

elu5ive replied to elu5ive's topic in Resolved Malware Removal Logs

Wow, even more steps! Thanks again Kevin. Zemana AntiMalware 2.21.2.465 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016-8-18 Operating System : Windows 10 64-bit Processor : 4X Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz BIOS Mode : Legacy CUID : 1282DD1548A5FBDC5B8FC7 Scan Type : Smart Scan Duration : 5m 24s Scanned Objects : 13598 Detected Objects : 2 Excluded Objects : 0 Read Level : SCSI Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Edge Homepage Status : Scanned Object : search.mpc.am MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Edge Homepage Internet Explorer Shortcut Status : Scanned Object : " MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Internet Explorer Shortcut Cleaning Result ------------------------------------------------------- Cleaned : 2 Reported as safe : 0 Failed : 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 10 Pro x64 Ran by User (Administrator) on 18-Aug-16 at 10:03:25.16 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 2 Successfully deleted: C:\Users\User\Appdata\LocalLow\company (Folder) Successfully deleted: C:\WINDOWS\prefetch\AVAST_FREE_ANTIVIRUS_SETUP_ON-0D4917C9.pf (File) Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 18-Aug-16 at 10:05:52.67 End of JRT log I think everything seems to be working normally now! You're a life saver. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Addition.txt FRST.txt
Malware Bytes Runetime Error (at 110:137): Could not call proc.

elu5ive replied to elu5ive's topic in Resolved Malware Removal Logs

Hi Kevin, Thank you so much for your amazingly comprehensive and useful reply! I've followed all the steps and have included all log files/results below. The computer seems to be behaving a lot more normally now! Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 17-Aug-16 Scan Time: 11:59 AM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.08.17.07 Rootkit Database: v2016.08.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: User Scan Type: Threat Scan Result: Completed Objects Scanned: 350655 Time Elapsed: 35 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 50 PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [b17add6f336756e09045eea9f2102cd4], PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [9893b19b3b5fd3637b5a4354f50d7b85], PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [d358a7a5fb9fce683e975c3b2cd6a35d], Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, Quarantined, [002b83c96e2cb680a540b6e1b151867a], Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [002b83c96e2cb680a540b6e1b151867a], Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [002b83c96e2cb680a540b6e1b151867a], Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [002b83c96e2cb680a540b6e1b151867a], Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [002b83c96e2cb680a540b6e1b151867a], Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [002b83c96e2cb680a540b6e1b151867a], Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [002b83c96e2cb680a540b6e1b151867a], Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [002b83c96e2cb680a540b6e1b151867a], Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [002b83c96e2cb680a540b6e1b151867a], Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [002b83c96e2cb680a540b6e1b151867a], Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, Quarantined, [002b83c96e2cb680a540b6e1b151867a], PUP.Optional.ConvertAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPackage, Quarantined, [a289e468a1f988ae8e37d2d08180be42], PUP.Optional.ConvertAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PopupProduct, Quarantined, [4fdc05471882df5712e2a9f3c43fcf31], PUP.Optional.Social2Search, HKLM\SOFTWARE\Social2Se Browser Enhancer, Quarantined, [5ccf321aa7f340f602ff6b61e71d7d83], PUP.Optional.VBates, HKLM\SOFTWARE\YHID, Quarantined, [66c52b21594151e53c4667954bb8a45c], PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASAPI32, Quarantined, [1219a3a99ffbf4428bb24cb260a31ae6], PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASMANCS, Quarantined, [95969cb0a6f431058db043bb4db6eb15], PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{25A1AEAF-5E18-4DBC-B183-82D4D6490AF0}, Quarantined, [25066ae2a9f1d0662bbd619027dcf60a], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C974F20C-C659-42DB-8DC3-20410989FFF9}, Quarantined, [dc4f27251c7eca6c1af244b280838878], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Dentoit, Quarantined, [45e6ff4d0e8c90a6000f1cda71929a66], PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SystemHealer Monitor, Quarantined, [fa31d577eab01c1a6c6b4f8b28db23dd], PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DF0993004A79CC7DBFC7BB1075CA3358, Quarantined, [72b90b4195058aac2dd0e41861a251af], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtHoldtam, Quarantined, [ac7f5defddbdd066fd5da84e44bfc040], PUP.Optional.Social2Search, HKLM\SOFTWARE\WOW6432NODE\Social2Se Browser Enhancer, Quarantined, [5bd0d379673306300ff2eddfaf554eb2], PUP.Optional.SpringFiles, HKLM\SOFTWARE\WOW6432NODE\SrpnFiles, Quarantined, [200b3d0fcfcb82b416e54e7bf909fb05], PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\YHID, Quarantined, [2704d577524882b45a28e01c19ea42be], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASAPI32, Quarantined, [44e778d49cfe82b4f5d96194ff047e82], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASMANCS, Quarantined, [c665430934662a0c329c7d787390639d], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Holdtam_RASAPI32, Quarantined, [a487400c207aab8b1bc1698cb54efb05], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Holdtam_RASMANCS, Quarantined, [2ffc3d0f17839f97617b00f5c73c15eb], PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASAPI32, Quarantined, [b17aa2aa17833df9d7668c355ba88f71], PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASMANCS, Quarantined, [2704aaa29a007abc40fd04bdd13248b8], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Holdtam.exe, Quarantined, [0e1d52fa8a10f145100dd323ed166e92], PUP.Optional.SystemHealer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SystemHealer, Quarantined, [ac7fd577e7b37cba067afb0134cfb050], PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [c566cc80debc3ff7866bac0e08fba957], PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7CD798A8-FD07-4323-BCB2-BE88333C2C87}, Quarantined, [d556ff4d9dfdef47971ac9df0300b34d], PUP.Optional.Shopperz, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bsdpf64, Quarantined, [2308301ce8b2c96d6a149e5e659e3ac6], PUP.Optional.Shopperz, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bsdpr64, Quarantined, [fc2f0b414159a393c8b70fed7f843fc1], Rootkit.Cherimoya.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya, Quarantined, [270450fccdcdbf7772962bc20ef5c43c], PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, Quarantined, [7ab13418128847ef360ef1bebd4646ba], PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, Quarantined, [3dee0e3edcbe91a5feaf62949e653bc5], PUP.Optional.ProntSpooler, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ProntSpooler, Quarantined, [dc4f74d88d0d1e18c8c77187bb48738d], PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\mtHoldtam, Quarantined, [0d1e391334668ea80b2c25d028db07f9], PUP.Optional.Wajam, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\WajIEnhance, Quarantined, [f932301c5d3dee4885a3bdfe22e1f709], PUP.Optional.Wizzlabs, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\Wizzlabs, Quarantined, [42e96ddf43576cca917147b6e91acb35], PUP.Optional.Komodia, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\INSTALLPATH\STATUS, Quarantined, [8e9dc6869604b6809f43f3f1c53ef907], PUP.Optional.SystemHealer, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\SYSTEM HEALER, Quarantined, [67c49ab2c2d8a78f738abb1fac57dc24], Registry Values: 20 PUP.Optional.VBates, HKLM\SOFTWARE\Yhid|installer_name, vbates_clkmgbex_.exe, Quarantined, [66c52b21594151e53c4667954bb8a45c] PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{25A1AEAF-5E18-4DBC-B183-82D4D6490AF0}|Path, \SystemHealer Monitor, Quarantined, [25066ae2a9f1d0662bbd619027dcf60a] PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C974F20C-C659-42DB-8DC3-20410989FFF9}|Path, \psv_Dentoit, Quarantined, [dc4f27251c7eca6c1af244b280838878] PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\df0993004a79cc7dbfc7bb1075ca3358|DisplayName, Social2Search, Quarantined, [72b90b4195058aac2dd0e41861a251af] PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\Yhid|installer_name, vbates_clkmgbex_.exe, Quarantined, [2704d577524882b45a28e01c19ea42be] PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObJ4yEovi8uSgNEYrIE80PLbEIGd6dAF0oFWatqgJ8kVJYtUxEE4T_sEbHMjHPOm8Xt7y0Kz9ODVI4A4LDtSaUt2LIxRwshHw5TGhT-DyCc2YMc747lpsHSaxJ1CY9M0274rQIr3VhaDRQWD9RVVy7C8SHqaNThEf0wPhJe6IPT&q={searchTerms}, Quarantined, [46e567e55d3dd75f4d392ba1e61cc13f] PUP.Optional.AnySend, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPACKAGE|DisplayName, AnySend, Quarantined, [101b193305950333f09fe8fa17ec7090] PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7CD798A8-FD07-4323-BCB2-BE88333C2C87}|Publisher, Linkury, Quarantined, [d556ff4d9dfdef47971ac9df0300b34d] Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{168096C8-AA57-4C10-87FD-9271CAB8019B}|AutoConfigUrl, http://stoppblock.org/wpad.dat?6f2367be9ce41e2eac77c90bf71929c314470654, Quarantined, [4fdc7dcf7921d066fff3eec5897b9b65] PUP.Optional.IDSCProduct, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{B7E669DA-1166-4DC6-BFBE-131F7004319D}, v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Max Driver Updater\maxdu.exe|Name=MaxDriverUpdater|, Quarantined, [9c8ff953891169cd1f27e415b84bf907] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\ENVIRONMENT|SNF, C:\ProgramData\Holdtams\snp.sc, Quarantined, [9e8d1b31d0ca71c53fd3fcf954af6c94] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\ENVIRONMENT|SNP, http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D?publisher=APSFSWAds&co=GB&userid=ca571e78-edbd-7260-0439-a0ac2eb9bb0c&searchtype=sc&installDate=15/08/2016&barcodeid=51129011&channelid=11&av=windows, Quarantined, [ad7e96b63d5d1521997a40b5847fdb25] PUP.Optional.Komodia, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\INSTALLPATH\STATUS|FlowsurfCB, N, Quarantined, [8e9dc6869604b6809f43f3f1c53ef907] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObJ4yEovi8uSgNEYrIE80PLbEIGd6dAF0oFWatqgJ8kVJYtUxEE4T_sEbHMjHPOm8Xt7y0Kz9ODVI4A4LDtSaUt2LIxRwshHw5TGhT-DyCc2YMc747lpsHSaxJ1CY9M0274rQIr3VhaDRQWD9RVVy7C8SHqaNThEf0wPhJe6IPT&q={searchTerms}, Quarantined, [b675e9639bff87af15d4aa4c956e44bc] PUP.Optional.Caster, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Caster, C:\Program Files (x86)\Max Driver Updater\wizzcaster.exe, Quarantined, [6cbfd973405a9b9b0b4faf50877c738d] PUP.Optional.SystemHealer, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\SYSTEM HEALER|HomePage, http://systemhealer.com/, Quarantined, [67c49ab2c2d8a78f738abb1fac57dc24] PUP.Optional.SystemHealer, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\SYSTEM HEALER|CartURL, http://gen2.securedshopgate.com/?b=35&t=1&tid=351002513-GB-263_2DD2E019-76AA-4A9B-90FA-4EC342BE7D89&clb=1, Quarantined, [f833cc80544666d0b925e815e61d2bd5] PUP.Optional.SystemHealer, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\SYSTEM HEALER|SupportPage, http://systemhealer.com/support/#contact, Quarantined, [8c9f68e434662016fb022ab0e81b5da3] PUP.Optional.SystemHealer, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\SYSTEM HEALER|CallBanner1, http://callbanner.systemhealer.com/?type=45, Quarantined, [0e1d72da3367b2848776518938cba55b] PUP.Optional.SystemHealer, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\SYSTEM HEALER|CallBanner2, http://callbanner.systemhealer.com/?type=46, Quarantined, [0328e963d4c66acc639a627862a1936d] Registry Data: 7 PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[082325279dfd46f0b6d74633b0549f61] Hijack.UserInit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|userinit, wscript C:\WINDOWS\run.vbs,, Good: (userinit.exe), Bad: (wscript C:\WINDOWS\run.vbs,),Replaced,[d8533e0e7426072f6e87620d9074867a] PUM.Optional.UserInit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|userinit, wscript C:\WINDOWS\run.vbs,, Good: (userinit.exe), Bad: (wscript C:\WINDOWS\run.vbs,),Replaced,[7ead6ddf8b0f42f4b51033460afa28d8] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-625965878-1710555110-3148715526-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObJ4yEovi8uSgNEYrIE80PLbEIGd6dAF0oFWatqgJ8kVJYtUxEE4T_sEbHMjHPOm8Xt7y0Kz9ODVI4A4LDtSaUt2LIxRwshHw5TGhT-DyCc2YMc747lpsHSaxJ1CY9M0274rQIr3VhaDRQWD9RVVy7C8SHqaNThEf0wPhJe6IPT&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObJ4yEovi8uSgNEYrIE80PLbEIGd6dAF0oFWatqgJ8kVJYtUxEE4T_sEbHMjHPOm8Xt7y0Kz9ODVI4A4LDtSaUt2LIxRwshHw5TGhT-DyCc2YMc747lpsHSaxJ1CY9M0274rQIr3VhaDRQWD9RVVy7C8SHqaNThEf0wPhJe6IPT&q={searchTerms}),Replaced,[61ca292326745adcfb9b9edbc93bc53b] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{231b875b-d3ce-4e7d-88bd-11a6310c661d}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[0229df6dafebee481154d8a20301fd03] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{260338c2-b023-495b-ad4a-f5efed6e8dff}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[ac7f3b11d1c9ad89ed78b4c6aa5af60a] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e34906d0-b900-4fe8-acb7-bb15e96bef5f}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[5bd0e26a7e1cd066194ca5d5bd47f60a] Folders: 24 PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler, Quarantined, [eb40d9732d6deb4bd4ff24a6ae54f808], PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X64, Quarantined, [eb40d9732d6deb4bd4ff24a6ae54f808], PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X86, Quarantined, [eb40d9732d6deb4bd4ff24a6ae54f808], PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Se Browser Enhancer, Quarantined, [a388b5975d3dad8988519337857dfa06], PUP.Optional.ASPackage, C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage, Quarantined, [a883dd6f6f2b3ef86a57abec788b59a7], PUP.Optional.ConvertAd, C:\Users\User\AppData\Local\57BA0800-1471264135-11E1-0000-E839353B68AA, Quarantined, [4fdc05471882df5712e2a9f3c43fcf31], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\Company\Product\1.0, Quarantined, [d655004c039792a45315962e31d234cc], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\Company\Product, Quarantined, [d655004c039792a45315962e31d234cc], PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter, Quarantined, [7ead0a42f8a24de923e411e46e956898], PUP.Optional.MCorp, C:\Users\User\AppData\Roaming\MCorp\1147, Quarantined, [72b90547e0ba2511095d956856ad11ef], PUP.Optional.MCorp, C:\Users\User\AppData\Roaming\MCorp, Quarantined, [72b90547e0ba2511095d956856ad11ef], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, Quarantined, [1c0f80cc9604db5b44428d352ad89b65], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, Quarantined, [1c0f80cc9604db5b44428d352ad89b65], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, Quarantined, [1c0f80cc9604db5b44428d352ad89b65], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer\Languages, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer, Quarantined, [4be0e06cd9c1a0966672d9eaf80ada26], PUP.Optional.ASPackage, C:\Users\User\AppData\Roaming\ASPackage, Quarantined, [d15a9ab2b2e8280e37597b4bf30fe61a], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\ondemand, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\32a4dd81-44c5-1, Quarantined, [ba7171dbbae02c0a0badddead52d08f8], PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\32a4dd81-6617-0, Quarantined, [9e8d1e2e049647ef01b7b41353af2dd3], PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Zaamfan, Quarantined, [5bd0cb81ddbdc373bd45455852b247b9], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtams, Quarantined, [3dee0f3da0fa4de959d158450ff57789], Files: 98 PUP.Optional.Wajam, C:\WINDOWS\SYSTEM32\drivers\431e58e130d789b7a0bb0c8d2a291918.sys, Delete-on-Reboot, [5df75defbb0f89c2ca65090b161e42c3], Rootkit.Komodia.PUA, C:\WINDOWS\SYSTEM32\drivers\bsdpf64.sys, Delete-on-Reboot, [d89b9890e5bdbc020126a257de5a7458], Rootkit.Komodia.PUA, C:\WINDOWS\SYSTEM32\drivers\bsdpr64.sys, Delete-on-Reboot, [f617955b62482d563ae3df028e8c8722], Rootkit.Agent, C:\WINDOWS\SYSTEM32\drivers\cherimoya.sys, Delete-on-Reboot, [ae2e953a2179e75e7f1f99ec3f8a3a09], PUP.Optional.Linkury, C:\Users\User\AppData\Roaming\Lamlam.bin, Quarantined, [d8530844f6a464d273936eeae222fb05], PUP.Optional.ConvertAd, C:\Users\User\AppData\Roaming\ASPackage\Uninstall.exe, Quarantined, [a289e468a1f988ae8e37d2d08180be42], PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\set.exe.config, Quarantined, [eb40d9732d6deb4bd4ff24a6ae54f808], PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\Config.json, Quarantined, [eb40d9732d6deb4bd4ff24a6ae54f808], PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.dll, Quarantined, [eb40d9732d6deb4bd4ff24a6ae54f808], PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.Linq.dll, Quarantined, [eb40d9732d6deb4bd4ff24a6ae54f808], PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.xml, Quarantined, [eb40d9732d6deb4bd4ff24a6ae54f808], PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X64\SQLite.Interop.dll, Quarantined, [eb40d9732d6deb4bd4ff24a6ae54f808], PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X86\SQLite.Interop.dll, Quarantined, [eb40d9732d6deb4bd4ff24a6ae54f808], PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Se Browser Enhancer\Social2Search Website.lnk, Quarantined, [a388b5975d3dad8988519337857dfa06], PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Se Browser Enhancer\Settings.lnk, Quarantined, [a388b5975d3dad8988519337857dfa06], PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Se Browser Enhancer\SignIn with Facebook.lnk, Quarantined, [a388b5975d3dad8988519337857dfa06], PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Se Browser Enhancer\SignIn with Twitter.lnk, Quarantined, [a388b5975d3dad8988519337857dfa06], PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Se Browser Enhancer\uninstall.lnk, Quarantined, [a388b5975d3dad8988519337857dfa06], PUP.Optional.ASPackage, C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage\Configure.lnk, Quarantined, [a883dd6f6f2b3ef86a57abec788b59a7], PUP.Optional.ConvertAd, C:\Users\User\AppData\Local\57BA0800-1471264135-11E1-0000-E839353B68AA\Uninstall.exe, Quarantined, [4fdc05471882df5712e2a9f3c43fcf31], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, Quarantined, [d655004c039792a45315962e31d234cc], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\Company\Product\1.0\074D9AC8, Quarantined, [d655004c039792a45315962e31d234cc], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\Company\Product\1.0\084A2248, Quarantined, [d655004c039792a45315962e31d234cc], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\Company\Product\1.0\08F4FFF0, Quarantined, [d655004c039792a45315962e31d234cc], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\Company\Product\1.0\0952DF78, Quarantined, [d655004c039792a45315962e31d234cc], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\Company\Product\1.0\09E34BE8, Quarantined, [d655004c039792a45315962e31d234cc], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\Company\Product\1.0\0F07C058, Quarantined, [d655004c039792a45315962e31d234cc], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, Quarantined, [d655004c039792a45315962e31d234cc], PUP.Optional.SystemHealer, C:\Users\Public\Desktop\Launch System Healer.lnk, Quarantined, [46e5410b9109191d0ac72dad39caa957], PUP.Optional.SystemHealer, C:\Windows\System32\Tasks\SystemHealer Monitor, Quarantined, [46e50f3d702abf77666d5783e51e649c], PUP.Optional.Amonetize.Gen, C:\ProgramData\32a4dd81-44c5-1\BITAC69.tmp, Quarantined, [0328de6e5347dd59d411a7476a9911ef], PUP.Optional.Amonetize.Gen, C:\ProgramData\32a4dd81-6617-0\BITAF29.tmp, Quarantined, [ff2c72daccce80b60adb9757ec17a45c], PUP.Optional.Linkury, C:\Users\User\AppData\Roaming\ApplicationHosting.dat, Quarantined, [0e1d78d48812e2546f1543ac798a05fb], PUP.Optional.Linkury, C:\Users\User\AppData\Roaming\md.xml, Quarantined, [002b410bf4a62511295c7b74ff04fe02], PUP.Optional.Linkury, C:\Users\User\AppData\Roaming\noah.dat, Quarantined, [f13a103c15855bdb2066c6290003659b], PUP.Optional.Linkury, C:\Users\User\AppData\Roaming\uninstall_temp.ico, Quarantined, [270455f7c3d71f176027c12eee159769], PUP.Optional.Linkury, C:\Users\User\AppData\Roaming\lobby.dat, Quarantined, [d05b6fdd3169d46237d9569a1ae98c74], PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\CloudPrinter.dat, Quarantined, [7ead0a42f8a24de923e411e46e956898], PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\Config.xml, Quarantined, [7ead0a42f8a24de923e411e46e956898], PUP.Optional.Linkury.ACMB1, C:\Windows\SysWOW64\findit.xml, Quarantined, [40eb67e5d3c7e551db3212e36d9652ae], PUP.Optional.Linkury.ACMB1, C:\Windows\System32\Tasks\psv_Dentoit, Quarantined, [1f0c61eb8d0d83b323ebad4817ecf20e], PUP.Optional.ProntSpooler, C:\Users\User\AppData\Local\Apps\2.0\abril.InstallLog, Quarantined, [95963418a4f6e84e5935e216c63dbe42], PUP.Optional.ProntSpooler, C:\Users\User\AppData\Local\Apps\2.0\abril.InstallState, Quarantined, [b9721c3099014aec0b837484d62d837d], PUP.Optional.ProntSpooler, C:\Users\User\AppData\Local\Apps\2.0\abril.stt, Quarantined, [0724c8846a3049ed4e4058a0719245bb], PUP.Optional.Linkury.Gen, C:\Users\User\AppData\Roaming\Quozap.tst, Quarantined, [db50aba1a3f73303063a0fee4eb54eb2], PUP.Optional.Linkury.Gen, C:\Users\User\AppData\Roaming\TrisLam.tst, Quarantined, [2506f458dcbea4926dd3ba43d33031cf], PUP.Optional.MCorp, C:\Users\User\AppData\Roaming\MCorp\1147\udpx, Quarantined, [72b90547e0ba2511095d956856ad11ef], PUP.Optional.SafeFinder.ShrtCln, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage, Delete-on-Reboot, [ef3cc3893c5ee74fd6abd8f8de26ff01], PUP.Optional.SafeFinder.ShrtCln, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal, Delete-on-Reboot, [61ca202cc9d155e15d24448c31d3a55b], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, Quarantined, [1c0f80cc9604db5b44428d352ad89b65], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\tree.js, Quarantined, [1c0f80cc9604db5b44428d352ad89b65], PUP.Optional.VBates, C:\Users\User\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\wlist.js, Quarantined, [1c0f80cc9604db5b44428d352ad89b65], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer\Languages\Danish.xml, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer\Languages\Dutch.xml, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer\Languages\English.xml, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer\Languages\French.xml, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer\Languages\German.xml, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer\Languages\Italian.xml, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer\Languages\Norwegian.xml, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer\Languages\Parameters.xml, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer\Languages\Portuguese.xml, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer\Languages\Spanish.xml, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer\Languages\Swedish.xml, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\Users\User\AppData\Roaming\System Healer\Languages\tmpLang.xml, Quarantined, [9e8d0e3e15851521e6f1497a1ee40bf5], PUP.Optional.SystemHealer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer\Launch System Healer.lnk, Quarantined, [4be0e06cd9c1a0966672d9eaf80ada26], PUP.Optional.SystemHealer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer\System Healer on the Web.url, Quarantined, [4be0e06cd9c1a0966672d9eaf80ada26], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Hotfax.bin, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Betasaobam.bin, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\conf.config, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Config.xml, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Daltkix.bin, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Dalttam.exe, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Dalttam.exe.config, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Damfax.bin, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Fresh-Strong.exe, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Fresh-Strong.exe.config, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Holdtam.d.dat, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Holdtam.dat, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Hotlotcof.dat, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Kay-Hold.dat, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Labstrong.exe.config, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\md.xml, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\MedOzehome.bin, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Medzap.dll, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\QuoPhase.dat, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Ronlux.dll, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\Touchdax.bin, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\uninstall.dat, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtam\X--Stock.bin, Quarantined, [42e90448425889adcd8f70573fc39d63], PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Zaamfan\InstallationConfiguration.xml, Quarantined, [5bd0cb81ddbdc373bd45455852b247b9], PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Zaamfan\uninstall.dat, Quarantined, [5bd0cb81ddbdc373bd45455852b247b9], PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Zaamfan\uninstall.ico, Quarantined, [5bd0cb81ddbdc373bd45455852b247b9], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtams\ff.HP, Quarantined, [3dee0f3da0fa4de959d158450ff57789], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtams\ff.NT, Quarantined, [3dee0f3da0fa4de959d158450ff57789], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Holdtams\snp.sc, Quarantined, [3dee0f3da0fa4de959d158450ff57789], PUP.Optional.Linkury.ACMB1, C:\Users\User\AppData\Roaming\Config.xml, Quarantined, [14171d2ff0aa11259d5a7d1ff90b2fd1], PUP.Optional.Linkury.ACMB1, C:\Users\User\AppData\Roaming\InstallationConfiguration.xml, Quarantined, [31facb81b5e5d561c731c4d8ef154eb2], PUP.Optional.HijackHosts.Gen, C:\Windows\System32\epo\sip\mewdu.dat, Quarantined, [76b569e3c6d4181e9a50e4b5f70d8878], Physical Sectors: 0 (No malicious items detected) (end) # AdwCleaner v6.000 - Logfile created 17/08/2016 at 12:45:57 # Updated on 12/08/2016 by ToolsLib # Database : 2016-08-17.2 [Server] # Operating System : Windows 10 Pro (X64) # Username : User - USER-PC # Running from : C:\Users\User\Downloads\AdwCleaner.exe # Mode: Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** [!] Service not deleted: 1a15e296fab975a88d74a47a828a4a30 ***** [ Folders ] ***** [-] Folder deleted: C:\Users\User\AppData\Local\avg web tuneup [-] Folder deleted: C:\Users\User\AppData\LocalLow\avg web tuneup [-] Folder deleted: C:\ProgramData\AVG Security Toolbar [#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Security Toolbar [-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} [-] Folder deleted: C:\Users\User\AppData\Local\app [-] Folder deleted: C:\uninst ***** [ Files ] ***** [#] File deleted: C:\WINDOWS\SysNative\drivers\431e58e130d789b7a0bb0c8d2a291918.sys [#] File deleted: C:\WINDOWS\SysNative\drivers\cherimoya.sys [#] File deleted: C:\WINDOWS\SysNative\drivers\bsdpr64.sys [#] File deleted: C:\WINDOWS\SysNative\drivers\bsdpf64.sys ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A} [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CleanBrowser [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 [-] Value deleted: HKU\S-1-5-21-625965878-1710555110-3148715526-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Caster] ***** [ Web browsers ] ***** [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bopakagnckmlgajfccecajhnimjiiedh ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2356 Bytes] - [17/08/2016 12:45:57] C:\AdwCleaner\AdwCleaner[S0].txt - [2490 Bytes] - [17/08/2016 12:44:06] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2502 Bytes] ########## No threats were found with Sophos Free Virus Removal tool... 'shopperz' still appears in my list of installed programs/apps, but nothing happens when I try and uninstall it... Thanks again, blown away by the level of support . Fixlog.txt
Malware Bytes Runetime Error (at 110:137): Could not call proc.

elu5ive posted a topic in Resolved Malware Removal Logs

Tried installing Malware Bytes to remove multiple suspected viruses but get above error code. Have looked at other topics on these forums and have run FRST with attached results. Search.txt was generated after searching for dnsapi.dll. Someone please help! Thanks FRST.txt Addition.txt Search.txt

Sign In

elu5ive

Posts

Joined

Last visited

Reputation

Malware Bytes Runetime Error (at 110:137): Could not call proc.

Malware Bytes Runetime Error (at 110:137): Could not call proc.

Malware Bytes Runetime Error (at 110:137): Could not call proc.

Malware Bytes Runetime Error (at 110:137): Could not call proc.

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information