SppExtComObj.Exe

Page 2 of 7 FirstFirst 1234 ... LastLast

  1. Posts : 61
    Windows 10 Pro
    Thread Starter
       #11

    simrick said:
    Was it really Cryptolocker that you had? or Torrentlocker? or something else? Because Cryptolocker was taken down, and a possible decryption scheme was released (for free). Torrentlocker made copies of your data, encrypted it, and then deleted the original, so many people got their data back by using recovery software or ShadowExplorer. Just curious - not that it makes any difference now...
    It cerainly said it was cryptolocker and looked like it. Australia where I am has been targeted with this malware this year with lots being affected. This is where I got mine from in May:

    Thousands targeted by 'ransomware' email scam which copies AGL Energy bills

    Fortunately it didn't jump to the second machine in the network as we didn't have the share as a drive letter and I managed to stop the process with spyhunter (which I don't use now) when I saw it happening. The encryption started at A and did my account files first and was half way through my archive files when I stopped it. It deleted all restore points first and as I had the backup connected it infected that at exactly the same time. This is how I learnt the hard way re a single permanently connected backup drive. Happy with my backup setup now (will ditch SC8 if it doesn't start behaving properly and support doesn't get back to me) but my machine has had a few problems in the last couple of weeks, hence why I am here in the first place, probably nothing to do with the cryptolocker but like I said, I'm paranoid now lol.
    Ok I will let you know how I go.
      My Computer


  2. Posts : 61
    Windows 10 Pro
    Thread Starter
       #12

    simrick said:
    Ouch! You're lucky you got your files back - some of these creeps take the money and run.


    Great. When they roll that into their paid version, it may be worth looking at a subscription.



    No problem. Actually, they all run pretty quickly. But, no rush.



    That sounds like a good setup. :)



    Hmmm... I am not familiar with Second Copy 8 - have never used it. I do know that Macrium Reflect Free allows you to mount the images and even extract specific files from the images (just did this on a system I was working on that wouldn't boot). I personally have 2 backup schemes in addition to my Operating System backup, (for which I use Macrium): CrashPlan and Robocopy. CrashPlan compresses and provides versioning, while Robocopy is basically a copy function (so data is in original state). But, you really could do everything with Macrium, and backups would be smaller since they're compressed, and can be verified as they're made. Really, since you can extract files from the images, it makes things quite nice. You can also set it up for incremental and differential images, although I don't do that - I always make full images (makes life easier if I have to restore).

    Here's some info on it:
    Solved Tell your backup software, win Macrium Reflect Home license! - Windows 10 Forums

    To get started with system imaging, see these tutorials:

    Just checked out Robocopy and not sure that's for me or my misses. For daily backup with SC8 you can set it up to backup each time you shut down and it will switch the computer off after the backup is complete. It's a simple single click on the program icon.
      My Computer


  3. Posts : 16,325
    W10Prox64
       #13

    stevenson53 said:
    I already use macrium for the weekly OS disk image although I use SC8 for backing up the weekly data disk. In fact I restored the operating system 2 weeks ago from a macrium image and that worked well. As for the data file backup, I just like to see the actual files are there. I'll have a look at robocopy and see what that's all about thanks.
    Okay, try this: Open Macrium, in the Restore Tab, navigate to one of your backups, select Browse Image, select partition C, notice the drive letter it will assign when it mounts it as a virtual drive. Go to file explorer and have a look at that virtual drive - you'll see all your files in their "natural state", which could then be copied from there to someplace you want at any time.

    stevenson53 said:
    It cerainly said it was cryptolocker and looked like it. Australia where I am has been targeted with this malware this year with lots being affected. This is where I got mine from in May:

    Thousands targeted by 'ransomware' email scam which copies AGL Energy bills

    Fortunately it didn't jump to the second machine in the network as we didn't have the share as a drive letter and I managed to stop the process with spyhunter (which I don't use now) when I saw it happening. The encryption started at A and did my account files first and was half way through my archive files when I stopped it. It deleted all restore points first and as I had the backup connected it infected that at exactly the same time. This is how I learnt the hard way re a single permanently connected backup drive. Happy with my backup setup now (will ditch SC8 if it doesn't start behaving properly and support doesn't get back to me) but my machine has had a few problems in the last couple of weeks, hence why I am here in the first place, probably nothing to do with the cryptolocker but like I said, I'm paranoid now lol.
    Ok I will let you know how I go.
    Okay I just read that article link and I noticed:
    Even if the ransom is paid the malware will continue to monitor the computer, Mr Schippers said, recording keystrokes and mouse movements.
    You said you had a professional IT person working on your system, so they made sure it was clean right? Or, did they completely reinstall the operating system? What are the problems you're having with the system?
    Just for the record: Spyhunter has a less-than-stellar reputation in the industry.

    stevenson53 said:
    Just checked out Robocopy and not sure that's for me or my misses. For daily backup with SC8 you can set it up to backup each time you shut down and it will switch the computer off after the backup is complete. It's a simple single click on the program icon.
    Yes, Robocopy...I believe it can be setup to run using Task Scheduler (I haven't gotten around to that yet myself).
      My Computer


  4. Posts : 61
    Windows 10 Pro
    Thread Starter
       #14

    simrick said:
    Okay, try this: Open Macrium, in the Restore Tab, navigate to one of your backups, select Browse Image, select partition C, notice the drive letter it will assign when it mounts it as a virtual drive. Go to file explorer and have a look at that virtual drive - you'll see all your files in their "natural state", which could then be copied from there to someplace you want at any time.



    Okay I just read that article link and I noticed:


    You said you had a professional IT person working on your system, so they made sure it was clean right? Or, did they completely reinstall the operating system? What are the problems you're having with the system?
    Just for the record: Spyhunter has a less-than-stellar reputation in the industry.



    Yes, Robocopy...I believe it can be setup to run using Task Scheduler (I haven't gotten around to that yet myself).

    Yes that's what the IT guy told me about Spyhunter so I deleted it. When I got the Cryptolocker I downloaded all sort of programs and went to various websites to find out how to recover my files and remove it so I could easily have picked something up then. The IT guy said he cleaned up my machine up but I'm not that confident really.

    I am working through the RKILL process then running the various programs.
    Here is the current log:
    Rkill 2.8.4 by Lawrence Abrams (Grinler)
    BleepingComputer.com - News, Reviews, and Technical Support
    Copyright 2008-2016 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesnt - A brief introduction to the program - Anti-Virus, Anti-Malware, and Privacy Software

    Program started at: 08/27/2016 11:32:45 AM in x64 mode.
    Windows Version: Windows 10 Pro

    Checking for Windows services to stop:
    * No malware services found to stop.

    Checking for processes to terminate:
    * No malware processes found to kill.

    Checking Registry for malware related settings:
    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:
    * Windows Defender Disabled
    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:
    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    Searching for Missing Digital Signatures:
    * No issues found.

    Checking HOSTS File:
    * Cannot edit the HOSTS file.
    * Permissions Fixed. Administrators can now edit the HOSTS file.

    * HOSTS file entries found:
    127.0.0.1 http://www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 http://www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 http://www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 http://www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 http://www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 http://www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 http://www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 http://www.100888290cs.com
    127.0.0.1 http://www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    20 out of 15593 HOSTS entries shown.
    Please review HOSTS file for further entries.

    Program finished at: 08/27/2016 11:33:00 AM
    Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

    Some of this looks dodgy to me. I don't go anywhere near sex sites!

    MBAM didn't find anything. Panda found some things but nothing which was highlighted as a threat.

    Superantispyware is still running as is ESET.
      My Computer


  5. Posts : 16,325
    W10Prox64
       #15

    stevenson53 said:
    Yes that's what the IT guy told me about Spyhunter so I deleted it. When I got the Cryptolocker I downloaded all sort of programs and went to various websites to find out how to recover my files and remove it so I could easily have picked something up then. The IT guy said he cleaned up my machine up but I'm not that confident really.
    ...[snip]
    Checking Windows Service Integrity:
    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)
    Please open Services (type services.msc in the search box) and look for Security Center. Make sure it is set to Automatic (Delayed Start), and that it is running. If it's not running, please Start the service. If you have problems starting the service, please let me know. You can do this while a scan is running.



    SppExtComObj.Exe-security-center.png


    stevenson53 said:
    Checking HOSTS File:
    * Cannot edit the HOSTS file.
    * Permissions Fixed. Administrators can now edit the HOSTS file.

    * HOSTS file entries found:
    127.0.0.1 http://www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 http://www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 http://www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 http://www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 http://www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 http://www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 http://www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 http://www.100888290cs.com
    127.0.0.1 http://www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    20 out of 15593 HOSTS entries shown.
    Please review HOSTS file for further entries.

    Program finished at: 08/27/2016 11:33:00 AM
    Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

    Some of this looks dodgy to me. I don't go anywhere near sex sites!

    MBAM didn't find anything. Panda found some things but nothing which was highlighted as a threat.

    Superantispyware is still running as is ESET.
    Please only one scan at a time - it can cause troubles running more than one at the same time.

    The HOSTS file appears to have been modified, perhaps by your IT guy. From what I see, all those sites are being blocked, by telling your machine to look at your machine when it wants to go there. I can't explain this very well, so here's a good article for you to read to understand the concept.

    What are these 127.0.0.1 entries in my system hosts file?

    The problem is, I can't see the entire HOSTS file from the RKILL report, so I have no idea what's in there. If you know your IT guy did this, then we'll let it go at that. If you're unsure, then what we have to do is navigate to the HOSTS file, copy it to the desktop, and then open it with Notepad, and paste it here in a code box (use the # icon in the toolbar).

    MBAM - was that run with the ROOTKIT box checked? Posting the log, even if it found nothing, would answer that question for me.
      My Computer


  6. Posts : 61
    Windows 10 Pro
    Thread Starter
       #16

    simrick said:
    Please open Services (type services.msc in the search box) and look for Security Center. Make sure it is set to Automatic (Delayed Start), and that it is running. If it's not running, please Start the service. If you have problems starting the service, please let me know. You can do this while a scan is running.



    SppExtComObj.Exe-security-center.png




    Please only one scan at a time - it can cause troubles running more than one at the same time.

    The HOSTS file appears to have been modified, perhaps by your IT guy. From what I see, all those sites are being blocked, by telling your machine to look at your machine when it wants to go there. I can't explain this very well, so here's a good article for you to read to understand the concept.

    What are these 127.0.0.1 entries in my system hosts file?

    The problem is, I can't see the entire HOSTS file from the RKILL report, so I have no idea what's in there. If you know your IT guy did this, then we'll let it go at that. If you're unsure, then what we have to do is navigate to the HOSTS file, copy it to the desktop, and then open it with Notepad, and paste it here in a code box (use the # icon in the toolbar).

    MBAM - was that run with the ROOTKIT box checked? Posting the log, even if it found nothing, would answer that question for me.
    I have no idea what the IT guy did except help get my files back. I don't think he was that experienced as when I started asking him questions he didn't seem to respond too well.
    The security centre was already on auto delayed start and is "No Issues" now.
    Here is the MBAM log and Rootkits was selected as you will see.
    Code:
    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 27/08/2016
    Scan Time: 11:34 AM
    Logfile: MBAM log.txt
    Administrator: Yes
    Version: 2.2.1.1043
    Malware Database: v2016.08.26.11
    Rootkit Database: v2016.08.15.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled
    
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Paul
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 446047
    Time Elapsed: 35 min, 16 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 0
    (No malicious items detected)
    Physical Sectors: 0
    (No malicious items detected)
    [end)
    There are a lot of files in the Host folder "etc" Mostly backups going back as far as 2009. Here is the latest. It's mostly been changed by Spybot which is a feature of the program when you "immunise". I have removed the massive number of Spybot adds so that it's not like 20 pages!

    Code:
     Copyright (c) 1993-2009 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    #      102.54.94.97     rhino.acme.com          # source server
    #       38.25.63.10     x.acme.com              # x client host
    
    # localhost name resolution is handled within DNS itself.
    #	127.0.0.1       localhost
    #	::1             localhost
    
    # Start of entries inserted by Spybot - Search & Destroy
    # This list is Copyright 2000-2015 Safer-Networking Ltd.
    # This list is Copyright 2000-2010 Safer-Networking Ltd.
    127.0.0.1	www.007guard.com
    LOTS OF OTHER ENTRIES LIKE THIS I HAVE DELETED AND HAVE ALL BEEN ADDED BY SPYBOT inc
    127.0.0.1	www.100sexlinks.com
    127.0.0.1	100sexlinks.com
    and the others in the Rkill report.
    # End of entries inserted by Spybot - Search & Destroy
    
    127.0.0.1	3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    127.0.0.1	activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    127.0.0.1	adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    127.0.0.1	ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    127.0.0.1	www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    127.0.0.1	www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
    I had a look at a backup from a year ago and it looks very similar.

    I am thinking of doing a repair install tomorrow as my machine I think needs a refresher, what do you think? I might bite the bullet and do a clean install at Christmas when I will have time to reinstall all of my programs.
      My Computer


  7. Posts : 16,325
    W10Prox64
       #17

    stevenson53 said:
    I have no idea what the IT guy did except help get my files back. I don't think he was that experienced as when I started asking him questions he didn't seem to respond too well.
    The security centre was already on auto delayed start and is "No Issues" now.
    Here is the MBAM log and Rootkits was selected as you will see.
    Yes, thanks - that looks good.


    stevenson53 said:
    There are a lot of files in the Host folder "etc" Mostly backups going back as far as 2009. Here is the latest. It's mostly been changed by Spybot which is a feature of the program when you "immunise". I have removed the massive number of Spybot adds so that it's not like 20 pages!
    Okay that's where all the entries came from - Spybot. No problem.

    So security center is now "ON" and have you looked at it to make sure it's reporting properly? Please type security and maintenance in the search box. Expand the down arrow to the right of Security, and make sure it is reporting Firewall ON, ESET Virus protection ON, Internet security settings OK, UAC ON, Smart Screen ON.

    stevenson53 said:
    I had a look at a backup from a year ago and it looks very similar.

    I am thinking of doing a repair install tomorrow as my machine I think needs a refresher, what do you think? I might bite the bullet and do a clean install at Christmas when I will have time to reinstall all of my programs.
    I take it ESET is still running? I'd really like to see the ADWCleaner and JRT logs before you do the repair install.

    When you are ready for the repair, do the repair install using an in-place upgrade:

    Repair Install Windows 10 with an In-place Upgrade - Windows 10 Forums

    Remove all drives except OS drive; remove all peripherals except keyboard, mouse and monitor; remove 3rd-party AV; remove Spybot; remove any hard drive monitoring software. Make sure you have a current image for restoration, just in case, but this procedure is pretty robust, and I've never had a problem with it.
      My Computer


  8. Posts : 61
    Windows 10 Pro
    Thread Starter
       #18

    simrick said:
    Yes, thanks - that looks good.




    Okay that's where all the entries came from - Spybot. No problem.

    So security center is now "ON" and have you looked at it to make sure it's reporting properly? Please type security and maintenance in the search box. Expand the down arrow to the right of Security, and make sure it is reporting Firewall ON, ESET Virus protection ON, Internet security settings OK, UAC ON, Smart Screen ON.



    I take it ESET is still running? I'd really like to see the ADWCleaner and JRT logs before you do the repair install.

    When you are ready for the repair, do the repair install using an in-place upgrade:

    Repair Install Windows 10 with an In-place Upgrade - Windows 10 Forums

    Remove all drives except OS drive; remove all peripherals except keyboard, mouse and monitor; remove 3rd-party AV; remove Spybot; remove any hard drive monitoring software. Make sure you have a current image for restoration, just in case, but this procedure is pretty robust, and I've never had a problem with it.
    Ok I'm out for a few hours so will get to it when I get back. I assume my second monitor should also be disconnected, would disabling the antivirus do? I will get the other logs over to u later.
      My Computer


  9. Posts : 2,935
    Windows 10 Home x64
       #19

    Just chiming in to say that the Cryptoprevent link provided by Majorgeeks seems to be outdated...

    Cryptoprevent download.
      My Computer


  10. Posts : 61
    Windows 10 Pro
    Thread Starter
       #20

    simrick said:
    Yes, thanks - that looks good.




    Okay that's where all the entries came from - Spybot. No problem.

    So security center is now "ON" and have you looked at it to make sure it's reporting properly? Please type security and maintenance in the search box. Expand the down arrow to the right of Security, and make sure it is reporting Firewall ON, ESET Virus protection ON, Internet security settings OK, UAC ON, Smart Screen ON.



    I take it ESET is still running? I'd really like to see the ADWCleaner and JRT logs before you do the repair install.

    When you are ready for the repair, do the repair install using an in-place upgrade:

    Repair Install Windows 10 with an In-place Upgrade - Windows 10 Forums

    Remove all drives except OS drive; remove all peripherals except keyboard, mouse and monitor; remove 3rd-party AV; remove Spybot; remove any hard drive monitoring software. Make sure you have a current image for restoration, just in case, but this procedure is pretty robust, and I've never had a problem with it.
    OK, here is the ADWCleaner Log:

    Code:
    AdwCleaner v6.010 - Logfile created 27/08/2016 at 11:09:34
    # Updated on 12/08/2016 by ToolsLib
    # Database : 2016-08-26.1 [Server]
    # Operating System : Windows 10 Pro  (X64)
    # Username : Paul - PAUL1
    # Running from : C:\Users\Paul\Desktop\adwcleaner_6.010.exe
    # Mode: Scan
    # Support : https://toolslib.net/forum
    
    ***** [ Services ] *****
    
    No malicious services found.
    
    
    ***** [ Folders ] *****
    
    Folder Found:  C:\Program Files (x86)\nicenfreaE
    Folder Found:  C:\Program Files (x86)\1ClickDownload
    Folder Found:  C:\Program Files (x86)\SectionDouble
    
    ***** [ Files ] *****
    
    No malicious files found.
    
    ***** [ DLL ] *****
    
    No malicious DLLs found.
    
    ***** [ WMI ] *****
    
    No malicious keys found.
    
    
    ***** [ Shortcuts ] *****
    
    No infected shortcut found.
    
    
    ***** [ Scheduled Tasks ] *****
    
    No malicious task found.
    
    ***** [ Registry ] *****
    
    Key Found:  HKCU\Software\584d98bbc68bf46
    Key Found:  HKLM\SOFTWARE\3f74aedd-9dd0-ebef-5721-2156c5605700
    Key Found:  HKU\S-1-5-21-3973668099-4131815052-1200373551-1000\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
    Key Found:  HKU\S-1-5-21-3973668099-4131815052-1200373551-1000\Software\Classes\DWGTrueViewToolCatalog
    Key Found:  HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
    Key Found:  HKCU\Software\Classes\DWGTrueViewToolCatalog
    Key Found:  HKLM\SOFTWARE\Classes\AVSAsyncBuffer.AVSVideoTimeShift
    Key Found:  HKLM\SOFTWARE\Classes\AVSAsyncBuffer.AVSVideoTimeShift.1
    Key Found:  HKLM\SOFTWARE\Classes\AVSAsyncBuffer.UVideoTimeShift
    Key Found:  HKLM\SOFTWARE\Classes\AVSAsyncBuffer.UVideoTimeShift.1
    Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
    Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91EE0830-B539-45AB-83F2-741FED0B0E2F}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
    Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
    Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
    Key Found:  HKU\S-1-5-21-3973668099-4131815052-1200373551-1000\Software\AppDataLow\Toolbar
    Key Found:  HKCU\Software\AppDataLow\Toolbar
    Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
    Value Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MalwareProtectionLive]
    
    ***** [ Web browsers ] *****
    
    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.
    
    *************************
    
    C:\AdwCleaner\AdwCleaner[S0].txt - [3570 Bytes] - [27/08/2016 11:09:34]
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3643 Bytes] ##########
    and here is the JRT log file:

    Code:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 10 Pro x64 
    Ran by Paul (Administrator) on Sat 27/08/2016 at 20:04:25.64
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    File System: 0 
    
    Registry: 0 
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 27/08/2016 at 20:07:38.82
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    BTW, I am still getting the AppExtComObj blocked contact.
      My Computer


 

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:04.
Find Us




Windows 10 Forums