Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Closed Topic
 
Topic Tools
  #46  
Old October 22nd, 2017, 01:35 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
Sorry that seems a bunch of data. I hope it was needed... Thank you Olgun.


  #47  
Old October 23rd, 2017, 12:15 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Hi,

Did you check and how is now it ? Send a picture of it if necessary.
================================================== ======
Quote:
Malicious Software Removal Tool
Trend Micro HouseCall
HitmanPro
Adware Removal Tool by TSA
Please don't install or uninstall software during the cleanup unless you are told to do so. If this keeps going, I can not help you. It's confusing to me and may be cause other problems.

------------------------------------------------------------
(Please with RevoUninstaller)
Uninstall :wildgames
Adware Removal Tool by TSA
Trend Micro HouseCal
HitmanPro
C:\Program Files\WildGames
C:\Program Files\Adware Removal Tool by TSA
===========================================
Let me know when you get that done
  #48  
Old October 23rd, 2017, 01:39 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
Hello Olgun,
Thanks for your reply. I'll do these tonight. I don't know when HouseCall came on, sorry for that any way. I'll remove these tonight.
I'd been going through some old papers & came across a notation of IP 105.15.132.163 with asterisk (i.e. important. Follow up) & "DrvStore. Is this Hacker?" made to myself. This may have come from an unsigned Task Manager entry a few months back. I did a Whois, it's the same Network (CellC) as myself supplied by Terraco servicing hotels in Capetown. I haven't been there in nearly 2 years. Is it important as a footprint from the 'Administrators' author?
I'll post report after finalising your instruction in am Tues.
Sorry again over Housecall & thank you.
  #49  
Old October 23rd, 2017, 11:48 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
I thinks, this issue may be related to favorites folder
Quote:
InternetURL: C:\Users\Darryl\Favorites
The contents this folder are very complex. What are these ? If they important not, can you delete ?

Quote:
I've been going through some old papers & came across a notation of IP 105.15.132.163 with asterisk
Where did you see. I do not fully understand

Last edited by olgun52; October 23rd, 2017 at 11:52 PM.
  #50  
Old October 29th, 2017, 12:27 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
Hello Olgun,

I was really upset that I had gone against what you had specifically said that I must not do.

But have found the solution, no program has been added. I think I may have had my HDD plugged in & that reflected those programs being nearby. They are on the HDD. After the last Reset, I added as few as possible programs to the C:.

So to answer you:
Quote:
(Please with RevoUninstaller)
Uninstall :wildgames
Adware Removal Tool by TSA
Trend Micro HouseCal
HitmanPro
C:\Program Files\WildGames
C:\Program Files\Adware Removal Tool by TSA
===========================================
Let me know when you get that done
Using Program Search & Revo:
TM Housecall is nowhere to be found in Programs as is Wildgames.
TSA is a Quarrantine & Log Folder only (don't know how or why?),
Hitman Pro is an Empty Folder (don't know how or why?).
If I use Revo Hunter Mode & aim it at TSA or Hitman, a pop-up says
"Do you want to uninstall Explorer. exe?" So no package is installed, I apologize for any
confusion all the same. Must I delete all entries with Regedit Olgun?

The Other Bookmarks Folder had got overloaded due to duplicates from Importing Bookmarks every time I Factory Reset to Favorites. I am in the process of starting a new Non-Profit Orginisation business, which involves a number of projects, so until I have the Web Page & the Projects up & running, my Favorites needs a lot of references. However it is now smaller/simpler.

Quote:
Where did you see. I do not fully understand
This was from a hard copy note I had made to myself, after checking through the e-mail address's I must send, I came across it. Right in the begining before we got going, I had followed an unsigned entry in Task Manager, this was 'drvstore.exe' which was somehow connected to that IP. I can't remember the details bud. That is why I asked about it.

As to the UAC, Olgun is it not possible to just master reset:
1) Every Drive & Folder and all the sub-folders & their Admin functions?
2) & Then remove these groups & AdministratorS
- so that just System & (single user not group) Administrator/ Darryl exist with Full Control?
3) There must be a means to then lock UAC & stop changes. Perhaps even with an OTP being sent to my mobile/Cell Phone?

Glad not to have swamped you with mega data today . Take care. I'm online till 19:00 Turkey & SA are same time zone I think.
  #51  
Old October 30th, 2017, 10:54 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Please do this following.

Run FRST fixlist:
Note:Run the tool (FRST) from your DeskTop based on the instructions given.Farbar Recovery Scan Tool and Fixlist file should be on the desktop.

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt
Code:
CreateRestorePoint:
CloseProcesses:
C:\Program Files\WildGames
C:\Program Files\Adware Removal Tool by TSA
C:\Users\Darryl\AppData\Local\housecall.guid.cache
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => -> No File
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => -> No File
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => -> No File
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => -> No File
ContextMenuHandlers1: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} => -> No File
ContextMenuHandlers5: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} => -> No File
ContextMenuHandlers6: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} => -> No File
Task: {C4901BFC-569B-45A1-876E-648B20672D00} - System32\Tasks\{486CBA3C-24B5-47CD-A976-53A7CFC40E43} => C:\windows\system32\pcalua.exe -a C:\Users\Darryl\AppData\Local\Temp\jre-8u151-windows-au.exe -d C:\windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\MountPoints2: F - F:\setup.exe
SearchScopes: HKU\S-1-5-21-917511795-3256536166-560280740-1000 -> DefaultScope {1CBB2697-5E83-4628-9994-D357F3A638D0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-917511795-3256536166-560280740-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-917511795-3256536166-560280740-1000 -> {1CBB2697-5E83-4628-9994-D357F3A638D0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff => not found
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
2017-10-15 20:53 - 2012-11-09 13:50 - 000023040 _____ (Windows (R) 2000 DDK provider) C:\Users\Darryl\AppData\Local\Temp\DeviceSetup.exe
2017-10-19 23:12 - 2017-10-19 23:13 - 001856576 _____ (Oracle Corporation) C:\Users\Darryl\AppData\Local\Temp\jre-8u151-windows-au.exe
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- Play Games -.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
C:\Users\Darryl\AppData\Local\.guid.cache
2017-10-03 11:12 - 2017-10-03 11:12 - 000000000 ____D C:\Program Files\HitmanPro
2017-10-03 11:11 - 2017-10-03 11:29 - 000000000 ____D C:\ProgramData\HitmanPro
2017-10-03 10:52 - 2017-10-03 10:52 - 000000000 ____D C:\Program Files\Adware Removal Tool by TSA
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Agatha Christie - Death on the Nile.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Build-a-lot.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chuzzle Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Farm Frenzy.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Insaniquarium Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\John Deere Drive Green.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games - WildTangent ORB.lnk -> C:\Program Files\WildGames\Game Explorer Categories - main\provider.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Peggle.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Golfer.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{fa8 07689-2dac-4a39-8e5d-afd0d3082724}\PlayTasks\0\Penguins!.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{f5a a5b6a-a384-422b-a907-d999459ba78e}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{e57 8aad3-b3ff-4ad5-9025-ce2b7b08258c}\PlayTasks\0\Insaniquarium Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{c0e ce13b-586f-4a9f-97b9-c4ce9580cdb8}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{adb bcb61-5032-4d77-bed4-7c74d86c07b8}\PlayTasks\0\Plants vs. Zombies.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{977 b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files\WildGames\Game Explorer Categories - main\provider.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{858 832fa-2921-4f05-ab02-1e13a842ae39}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{7ad 64128-be81-4f69-9356-9934f0d3c5b8}\PlayTasks\0\Farm Frenzy.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{56e 56f32-3715-450b-aa67-5bcd65a3a212}\PlayTasks\0\John Deere Drive Green.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{367 a1a34-e291-466e-b1c8-0380d1b3646c}\PlayTasks\0\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{34e ffc27-0104-4012-af9a-331b3ddfb271}\PlayTasks\0\Agatha Christie - Death on the Nile.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{32a ea27d-498e-4ee7-86da-127272427b0c}\PlayTasks\0\Build-a-lot.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{30c b7b5a-1c20-431b-a00c-de091e514e62}\PlayTasks\0\Peggle.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{1dd 28cf6-954c-426b-a6cb-f704e09f6689}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\Users\Darryl\Links\Zoho Docs.lnk -> C:\Users\Darryl\Zoho Docs (No File)
CMD: ipconfig /flushdns
EmptyTemp:
NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press theFix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

--------------------------------------------------------------
MalwareBytes scan:
  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-3.2.2.2029 .exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
  #52  
Old November 2nd, 2017, 12:36 AM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
Hi Olgun,
Here's the logs...
1 of 2
Fix result of Farbar Recovery Scan Tool (x86) Version: 26-10-2017
Ran by Darryl (01-11-2017 01:39:49) Run:4
Running from C:\Users\Darryl\Desktop
Loaded Profiles: Darryl (Available Profiles: Darryl & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Program Files\WildGames
C:\Program Files\Adware Removal Tool by TSA
C:\Users\Darryl\AppData\Local\housecall.guid.cache
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => -> No File
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => -> No File
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => -> No File
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => -> No File
ContextMenuHandlers1: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} => -> No File
ContextMenuHandlers5: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} => -> No File
ContextMenuHandlers6: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} => -> No File
Task: {C4901BFC-569B-45A1-876E-648B20672D00} - System32\Tasks\{486CBA3C-24B5-47CD-A976-53A7CFC40E43} => C:\windows\system32\pcalua.exe -a C:\Users\Darryl\AppData\Local\Temp\jre-8u151-windows-au.exe -d C:\windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\MountPoints2: F - F:\setup.exe
SearchScopes: HKU\S-1-5-21-917511795-3256536166-560280740-1000 -> DefaultScope {1CBB2697-5E83-4628-9994-D357F3A638D0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-917511795-3256536166-560280740-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-917511795-3256536166-560280740-1000 -> {1CBB2697-5E83-4628-9994-D357F3A638D0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff => not found
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
2017-10-15 20:53 - 2012-11-09 13:50 - 000023040 _____ (Windows (R) 2000 DDK provider) C:\Users\Darryl\AppData\Local\Temp\DeviceSetup.exe
2017-10-19 23:12 - 2017-10-19 23:13 - 001856576 _____ (Oracle Corporation) C:\Users\Darryl\AppData\Local\Temp\jre-8u151-windows-au.exe
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- Play Games -.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
C:\Users\Darryl\AppData\Local\.guid.cache
2017-10-03 11:12 - 2017-10-03 11:12 - 000000000 ____D C:\Program Files\HitmanPro
2017-10-03 11:11 - 2017-10-03 11:29 - 000000000 ____D C:\ProgramData\HitmanPro
2017-10-03 10:52 - 2017-10-03 10:52 - 000000000 ____D C:\Program Files\Adware Removal Tool by TSA
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Agatha Christie - Death on the Nile.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Build-a-lot.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chuzzle Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Farm Frenzy.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Insaniquarium Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\John Deere Drive Green.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games - WildTangent ORB.lnk -> C:\Program Files\WildGames\Game Explorer Categories - main\provider.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Peggle.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Golfer.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{fa8 07689-2dac-4a39-8e5d-afd0d3082724}\PlayTasks\0\Penguins!.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{f5a a5b6a-a384-422b-a907-d999459ba78e}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{e57 8aad3-b3ff-4ad5-9025-ce2b7b08258c}\PlayTasks\0\Insaniquarium Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{c0e ce13b-586f-4a9f-97b9-c4ce9580cdb8}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{adb bcb61-5032-4d77-bed4-7c74d86c07b8}\PlayTasks\0\Plants vs. Zombies.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{977 b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files\WildGames\Game Explorer Categories - main\provider.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{858 832fa-2921-4f05-ab02-1e13a842ae39}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{7ad 64128-be81-4f69-9356-9934f0d3c5b8}\PlayTasks\0\Farm Frenzy.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{56e 56f32-3715-450b-aa67-5bcd65a3a212}\PlayTasks\0\John Deere Drive Green.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{367 a1a34-e291-466e-b1c8-0380d1b3646c}\PlayTasks\0\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{34e ffc27-0104-4012-af9a-331b3ddfb271}\PlayTasks\0\Agatha Christie - Death on the Nile.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{32a ea27d-498e-4ee7-86da-127272427b0c}\PlayTasks\0\Build-a-lot.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{30c b7b5a-1c20-431b-a00c-de091e514e62}\PlayTasks\0\Peggle.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{1dd 28cf6-954c-426b-a6cb-f704e09f6689}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files\WildGames\onplay\onplay.exe (No File)
Shortcut: C:\Users\Darryl\Links\Zoho Docs.lnk -> C:\Users\Darryl\Zoho Docs (No File)
CMD: ipconfig /flushdns
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Program Files\WildGames" => not found.
C:\Program Files\Adware Removal Tool by TSA => moved successfully
C:\Users\Darryl\AppData\Local\housecall.guid.cache => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\__SafeBox1 => key removed successfully.
HKLM\Software\Classes\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\__SafeBox2 => key removed successfully.
HKLM\Software\Classes\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\__SafeBox3 => key removed successfully.
HKLM\Software\Classes\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\__SafeBox4 => key removed successfully.
HKLM\Software\Classes\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandler s\SafeBoxContext => key removed successfully.
HKLM\Software\Classes\CLSID\{0244E652-07EF-43C2-8AAD-ABA3CF40DF16} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx \ContextMenuHandlers\SafeBoxContext => key removed successfully.
HKLM\Software\Classes\CLSID\{0244E652-07EF-43C2-8AAD-ABA3CF40DF16} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHa ndlers\SafeBoxContext => key removed successfully.
HKLM\Software\Classes\CLSID\{0244E652-07EF-43C2-8AAD-ABA3CF40DF16} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4901B FC-569B-45A1-876E-648B20672D00} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4901B FC-569B-45A1-876E-648B20672D00} => key removed successfully.
C:\Windows\System32\Tasks\{486CBA3C-24B5-47CD-A976-53A7CFC40E43} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{486CBA3 C-24B5-47CD-A976-53A7CFC40E43} => key removed successfully.
HKU\S-1-5-21-917511795-3256536166-560280740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\F => key removed successfully.
HKU\S-1-5-21-917511795-3256536166-560280740-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-917511795-3256536166-560280740-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully.
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-917511795-3256536166-560280740-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CBB2697-5E83-4628-9994-D357F3A638D0} => key removed successfully.
HKLM\Software\Classes\CLSID\{1CBB2697-5E83-4628-9994-D357F3A638D0} => key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\bdwtwe@b itdefender.com => value removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnn ibpcajpcglclefindmkaj => key removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\fabcmochhfp ldjekobfaaggijgohadih => key removed successfully.
C:\Users\Darryl\AppData\Local\Temp\DeviceSetup.exe => moved successfully
"C:\Users\Darryl\AppData\Local\Temp\jre-8u151-windows-au.exe" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- Play Games -.lnk => not found.
"C:\Users\Darryl\AppData\Local\.guid.cache" => not found.
C:\Program Files\HitmanPro => moved successfully
C:\ProgramData\HitmanPro => moved successfully
"C:\Program Files\Adware Removal Tool by TSA" => not found.
HKLM\System\CurrentControlSet\Services\AppMgmt => key removed successfully.
AppMgmt => service removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Agatha Christie - Death on the Nile.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 2 Deluxe.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Build-a-lot.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chuzzle Deluxe.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Diner Dash 2 Restaurant Rescue.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Farm Frenzy.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Insaniquarium Deluxe.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\John Deere Drive Green.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games - WildTangent ORB.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Peggle.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Golfer.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma Deluxe.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\GameExplorer\{fa8 07689-2dac-4a39-8e5d-afd0d3082724}\PlayTasks\0\Penguins!.lnk => not found.
C:\ProgramData\Microsoft\Windows\GameExplorer\{f5a a5b6a-a384-422b-a907-d999459ba78e}\PlayTasks\0\Polar Golfer.lnk => not found.
C:\ProgramData\Microsoft\Windows\GameExplorer\{e57 8aad3-b3ff-4ad5-9025-ce2b7b08258c}\PlayTasks\0\Insaniquarium Deluxe.lnk => not found.
C:\ProgramData\Microsoft\Windows\GameExplorer\{c0e ce13b-586f-4a9f-97b9-c4ce9580cdb8}\PlayTasks\0\Bejeweled 2 Deluxe.lnk => not found.
C:\ProgramData\Microsoft\Windows\GameExplorer\{adb bcb61-5032-4d77-bed4-7c74d86c07b8}\PlayTasks\0\Plants vs. Zombies.lnk => not found.
C:\ProgramData\Microsoft\Windows\GameExplorer\{977 b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk => not found.
C:\ProgramData\Microsoft\Windows\GameExplorer\{858 832fa-2921-4f05-ab02-1e13a842ae39}\PlayTasks\0\Zuma Deluxe.lnk => not found.
C:\ProgramData\Microsoft\Windows\GameExplorer\{7ad 64128-be81-4f69-9356-9934f0d3c5b8}\PlayTasks\0\Farm Frenzy.lnk => not found.
C:\ProgramData\Microsoft\Windows\GameExplorer\{56e 56f32-3715-450b-aa67-5bcd65a3a212}\PlayTasks\0\John Deere Drive Green.lnk => not found.
C:\ProgramData\Microsoft\Windows\GameExplorer\{367 a1a34-e291-466e-b1c8-0380d1b3646c}\PlayTasks\0\Diner Dash 2 Restaurant Rescue.lnk => not found.
C:\ProgramData\Microsoft\Windows\GameExplorer\{34e ffc27-0104-4012-af9a-331b3ddfb271}\PlayTasks\0\Agatha Christie - Death on the Nile.lnk => not found.
C:\ProgramData\Microsoft\Windows\GameExplorer\{32a ea27d-498e-4ee7-86da-127272427b0c}\PlayTasks\0\Build-a-lot.lnk => not found.
C:\ProgramData\Microsoft\Windows\GameExplorer\{30c b7b5a-1c20-431b-a00c-de091e514e62}\PlayTasks\0\Peggle.lnk => not found.
C:\ProgramData\Microsoft\Windows\GameExplorer\{1dd 28cf6-954c-426b-a6cb-f704e09f6689}\PlayTasks\0\Chuzzle Deluxe.lnk => not found.
C:\Users\Darryl\Links\Zoho Docs.lnk => not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8194337 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2944 B
Edge => 0 B
Chrome => 400162105 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
LocalService => 0 B
NetworkService => 0 B
Darryl => 19382451 B
Administrator => 502539 B

RecycleBin => 0 B
EmptyTemp: => 416.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:43:34 ====
  #53  
Old November 2nd, 2017, 12:37 AM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
2 of 2

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/1/17
Scan Time: 1:52 AM
Log File: 87862acb-be96-11e7-9b48-90a4de6a0dc0.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3143
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: WIZARDS-PC\Darryl

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276640
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
  #54  
Old November 3rd, 2017, 09:17 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Hi,

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:
Microsoft Windows Malicious Software Removal Tool

PC restart.
====================
How is your PC behaving now? Any issue ?
  #55  
Old November 3rd, 2017, 09:18 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
Hi Olgun,
Bitdefender has expired & I need do something about it but don't want to upset you with adding anything. What can I do?
Strange thing happened, I received a mail saying Kakalan668 had replied to the thread on Cybertech. There are no added posts. Yet the e-mails link does take me to this page??? But when I Google Translated it from Vietnamese, it turns out to be some junk about how to keep erections & loose fat etc. How is possible that that can happen? I opened no other links except that the link of Cybertech. Do you want to see what was sent? Can you check on who he is & why he was able to send the junk? Thanks Olgun.
  #56  
Old November 3rd, 2017, 09:32 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
What a co-incidence, we both posted at the same time.
The MS Malicious Software Tool isn't listed there Olgun. Must I look elsewhere for it? It obviously is a concern for you. I take it that you see it in some places. The computer is just slow but I suppose some cleanups will help fix that. But I am sure that after all your input the Pakistani is out. I could do help with knowing how to master reset all the UAC & sub-trees/folders?
  #57  
Old November 3rd, 2017, 09:55 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Quote:
Bitdefender has expired & I need do something about it but don't want to upset you with adding anything. What can I do?
you should not change the antivirus,as much as possible ..You can use free software.

Quote:
Kakalan668 ??

Yet the e-mails link does take me to this page???
Which page is it going?

Quote:
Do you want to see what was sent?
Could you send a full picture of the message

Quote:
The MS Malicious Software Tool isn't listed there Olgun.
But there are their files.

Quote:
But I am sure that after all your input the Pakistani is out.
I hope.
  #58  
Old November 5th, 2017, 06:58 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
Hi Olgun,

I uninstalled BD 2015 & am using the online app for now until you are finished then I'll talk with BD support about why my 700day supscription is not working in SA.

Here's the link that kakalan668 used in the mail. It points to this Topic. [URL=http://www.cybertechhelp.com/forums/showthread.php?t=232537&goto=newpost[/URL]

Use Google Translate set to Vietnamese: (Copy & Paste)
*HƯšNG DẪN C CH CƯỢC BANH B“NG QUA ONLINE*
Chúng ta thư ng biết cách chơi cá ‘™ bóng ‘á truy n th‘ng (http://fb88.cado8.net/) , ta thư ng bắt ‘™ ‘á banh thông qua bạn bè hay các tay cò cá ‘™. Cách chơi cá ‘™ bóng ‘á n*y chứa ‘ựng nhi u rủi ro như t‰ l‡ kèo thấp, b‹ xù hay nợ ti n v* kèo không ‘a dạng€ Hi‡n nay v›i công ngh‡ phát triƒn của Internet ch‰ cần có 1 máy t*nh, laptop, ‘i‡n thoại hay máy t*nh bảng, m™t t*i khoản ngân h*ng (ATM) bất kỳ ,sau ‘ó bạn ch n *trang web nh* cái uy tin FB88* (http://fb88.cado8.net/)‘ƒ ‘ƒng k* t*i khoản v* bạn có thƒ cá ‘™ ‘á banh trực tuyến trên mạng v*i cái click chu™t th*t ‘ơn giản v* ti‡n lợi ,v* cùng v›i rất nhi u loại kèo, t‰ l‡ cược cao nhất, ‘ặc bi‡t l* các chương trình khuyến mãi cực kỳ hấp dẫn như 150% ti n thưŸng d*nh cho th*nh viên m›i, 30% thư ng khi nạp ti n lần 3€




Image: https://1.bp.blogspot.com/-c2wmN0WgG...on-dang-ky.png (https://www.fb88.com/?affiliateId=30)

Image: https://4.bp.blogspot.com/-avOfspMHV...2Bfb88%2Bv.gif (https://www.fb88.com/?affiliateId=30)




M i giao dich g*i ti n, rút ti n ‘ u ‘ược thực hi‡n qua t*i khoản ngân h*ng (ATM), nếu t*i khoản của bạn có chức nƒng giao d‹ch qua mạng thì vi‡c *g*i ti n v* rút ti n* (http://fb88.cado8.net/)sẽ ‘ược thực hi‡n nhanh hơn v* cực kỳ ti‡n lợi.



V›i những nh* cái cá ‘™ bóng ‘á h*ng ‘ầu hi‡n nay thì uy t*n v* chất lượng phải luôn ‘ược ‘ặt lên h*ng ‘ầu, nên m i giao d‹ch g*i ti n v* rút ti n của bạn sẽ ‘ược ‘ảm bảo 100%.

Ưu ‘iƒm của *cá ‘™ bóng ‘á trực tuyến (http://fb88.cado8.net/)*



*Chơi cá ‘™ bóng ‘á v›i t‰ l‡ ‘™ t‘t nhất (http://fb88.cado8.net/)*, không b‹ xù ti n hay ƒn line vì những nh* cái uy t*n l* những thương hi‡u cá ‘™ l›n ‘ã ‘ược khẳng ‘‹nh v* có giấy phép hoạt ‘™ng trên to*n thế gi›i.



V›i các nh* cái cá ‘™ qua mạng, bạn có thƒ *chơi cá ‘™ bóng ‘á* bất cứ lúc n*o (kèo của m™t tr*n ‘ấu có trư›c 3 ng*y v* ‘ến phút thứ 89 của tr*n ‘ấu), bất kỳ Ÿ th i ‘iƒm n*o v* bất kỳ giải ‘ấu bóng ‘á n*o trên to*n thế gi›i.



Ngo*i vi‡c *chơi cá ‘™ bóng ‘á*, bạn còn có thƒ chơi cá ‘™ Ÿ các môn thƒ thao khác như bóng r•, tennis, cầu lông, ‘ua xe hay tham gia Casino , X• s‘, Slot v* các trò chơi cá ‘™ khác m* nh* cái cá ‘™ trực tuyến cung cấp.



M—i nh* cái uy t*n qua mạng ‘ u có ‘™i ngũ nhân viên h— trợ khách h*ng phục vụ 24/24, luôn ‘ảm bảo hư›ng dẫn giải ‘áp m i thắc mắc của ngư i chơi cá ‘™ bóng ‘á m™t cách nhanh chóng nhất.



Vi‡c ‘ƒng k* t*i khoản tại *nh* cái FB88* ‘ u rất d… d*ng v* ho*n to*n mi…n ph*,ch‰ vi‡c nạp ti n v*o v* nh*n ngay những ưu ‘ãi hấp dẫn m* nh* cái FB88 ‘em lại.



*Hư›ng Dẫn á G* Nh* Cái M8WIN* (http://m8win.cado8.net/)

*Hư›ng Dẫn ánh Lô Win2888* (http://win288.cado8.net/)
***************
There may be other replies also, but you will not receive any more notifications until you visit the forum again.

Kind Regards,
Cyber Tech Help Support Forums team
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here is where MS Windows MRT is kept. How do you want me to remove it, it's part of the entire MS Windows 7 package?
[IMG][/IMG]

Although the Pakistan is out, how can I repair UAC? Is there a way to from the Root C: & D: drives Properties Folder, to change the AdministratorS to Administrator, remove the Groups & set them to Single User that will result in changing all Sub-Folders / entire Trees? You can see from the pic here what there is e.g. 'Originator' has no rights but I don't know if it needs rights or even needs be there. 'Trusted Installer' who is that? Would it help to re-install Team Viewer & let you use it to get in to see for yourself what the Ownership is compared to what it should be?
[IMG][/IMG]

Olgun, you have been busy with me helping to get this hacker out & the damage he inserted, sorted for a long time & I just wanted to say a big thank you for all your help, the long hours spent working on all this. Many thanks.
  #59  
Old November 6th, 2017, 01:30 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Greetings Sonic Feathers,

Please look for UAC settings.
https://www.howtogeek.com/howto/wind...windows-vista/

If you have other questions, my friends in the Win7 section can help you better. I do not see malware on your computer.
http://www.cybertechhelp.com/forums/...splay.php?f=46
================================================== =====

Run FRST fixlist:
Note:Run the tool (FRST) from your DeskTop based on the instructions given.Farbar Recovery Scan Tool and Fixlist file should be on the desktop.

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

Code:
Start
netsh advfirewall reset
netsh int ip reset c: \ resetlog.txt
netsh int ipv6 reset
netsh winsock reset
CMD: ipconfig /flushdns
EmptyTemp:
end
NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press theFix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

=============================

For this:
Quote:
Administrator (S-1-5-21-917511795-3256536166-560280740-500 - Administrator - Enabled) => C:\Users\Administrator
How to Enable or Disable the Built-in Elevated Administrator Account in Windows 7
https://www.sevenforums.com/tutorial...e-disable.html
  • Push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
lusrmgr.msc
  • click ok
*Click Users >
*Right-click the Administrator account and select Properties. The *Administrator Properties window appears.
*On the General tab, Make sure the Account is Disable ticked box.
*Close the console.

Now machine restart. Okay ?
  #60  
Old November 6th, 2017, 09:19 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
Hi Olgun,
Thanks. Here are the reports 1) RogueKiller!, 2) Fixlog, 3) Addition: (I haven't done the Admin thing yet as time is short & I need finish work & sleep. Will do it asap & let you know the outcome...

1) RogueKiller V12.11.17.0 [Sep 25 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Darryl [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 11/06/2017 20:35:38 (Duration : 00:33:15)

Processes : 0

Registry : 2
[PUM.SearchPage] HKEY_USERS\S-1-5-21-917511795-3256536166-560280740-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{61B8ADB1-26E9-4985-80C8-84B326C30146} | NameServer : 41.50.20.61 41.50.20.29 ([South Africa][-]) -> Found

Tasks : 1
[Hj.Shortcut] \{CC1C8BBB-550A-4CA1-953C-5D21EA5C48EF} -- "c:\program files\google\chrome\application\chrome.exe" (https://ui.skype.com/ui/0/7.38.0.101...page=tsInstall) -> Found

Files : 0

WMI : 0

Hosts File : 0

Antirootkit : 0 (Driver: Loaded)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: WDC WD3200BPVT-35ZEST0 +++++
--- User ---
[MBR] 5130ed095ebe77edeba5e0aa3712f416
[BSP] 622503cd16bda2641ea5679500556658 : Kiwi MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 116736 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 239282176 | Size: 172824 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 593225728 | Size: 15582 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: 3G USB MMC Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
Closed Topic

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 08:42 PM.