Solved 2080.hit.buy-targeted-traffic.com

[pwn_yoda]

Basically I installed software that was ghosting Framework.NET 4.5 or something. it did not install but I clicked agree and it would stay at zero percent.

I do not know weather that is the problem but what keeps happening is I will get a pop up of a random sketchy web site.

I know it edited my registry but I cant look through everything and I would not know what to get rid of.

 

[pwn_yoda]

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

GroupPolicy: Restriction <==== ATTENTION

2017-08-08 10:39 - 2017-01-25 04:17 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2017-08-07 23:20 - 2016-08-05 13:33 - 000002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-07 23:20 - 2016-08-05 13:33 - 000002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk

 

[pwn_yoda]

I Think this fixed it
I put this in the fixlist

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
CHR HKU\S-1-5-21-1809737158-3945969422-1988955834-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

 

[TwinHeadedEagle]

Hello,

Do you still need assistance?

 

[pwn_yoda]

yes

 

[pwn_yoda]

What is this error

Error: (08/14/2017 11:34:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services

 

[pwn_yoda]

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by Shaggemister (14-08-2017 12:20:33) Run:3
Running from C:\Users\Shaggemister\Desktop\Programs\Farbar
Loaded Profiles: Shaggemister (Available Profiles: Shaggemister & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
HKU\S-1-5-21-1809737158-3945969422-1988955834-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
End:
*****************

Start:: => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1809737158-3945969422-1988955834-1000\Software\Classes\regfile => key removed successfully
End: => Error: No automatic fix found for this entry.

==== End of Fixlog 12:20:33 ====

 

[pwn_yoda]

I removed the virus. The farbar tool is extremely good.

 

[pwn_yoda]

nvm

 

[pwn_yoda]

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

I can not seem to get rid of this

 

[TwinHeadedEagle]

That's your Antivirus shutting down Windows Defender.

 

[pwn_yoda]

Oh Thank You but I am still getting this website show up its like an ad or something

 

[TwinHeadedEagle]

I don't understand?

 

[pwn_yoda]

On google chrome every now and then a tab will open with a webpage and it is always the same web pages. Also when I am using a program it will randomly select the desktop like as if Iwas clicking on it.

 

[TwinHeadedEagle]

Can you reinstall Chrome?

 

[pwn_yoda]

I uninstalled chrome an re installed it and it did not change same thing. I also when through sync settings on chrome

 

[TwinHeadedEagle]

What did you do with Sync settings?