Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Reply to thread
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
i have random adds playing in the background
Message
<blockquote data-quote="brandon t briggs" data-source="post: 551583" data-attributes="member: 55958"><p>thats the second one, </p><p>Zemana AntiMalware 2.50.2.133 (Installed)</p><p></p><p>-------------------------------------------------------</p><p>Scan Result : Completed</p><p>Scan Date : 2016/10/8</p><p>Operating System : Windows 10 64-bit</p><p>Processor : 8X Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz</p><p>BIOS Mode : UEFI</p><p>CUID : 129AC19F677BB27145BE3C</p><p>Scan Type : Smart Scan</p><p>Duration : 3m 46s</p><p>Scanned Objects : 39773</p><p>Detected Objects : 13</p><p>Excluded Objects : 0</p><p>Read Level : Normal</p><p>Auto Upload : Enabled</p><p>Detect All Extensions : Disabled</p><p>Scan Documents : Disabled</p><p>Domain Info : WORKGROUP,0,2</p><p></p><p>Detected Objects</p><p>-------------------------------------------------------</p><p></p><p>NlaSvc Manual Proxies</p><p>Status : Scanned</p><p>Object : HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@</p><p>MD5 : -</p><p>Publisher : -</p><p>Size : -</p><p>Version : -</p><p>Detection : Suspicious Setting</p><p>Cleaning Action : Delete</p><p>Related Objects :</p><p> Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@ = 1http=127.0.0.1:8877;https=127.0.0.1:8877</p><p></p><p>Proxy Settings (Policy)</p><p>Status : Scanned</p><p>Object : HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy</p><p>MD5 : -</p><p>Publisher : -</p><p>Size : -</p><p>Version : -</p><p>Detection : Suspicious Setting</p><p>Cleaning Action : Delete</p><p>Related Objects :</p><p> Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = enabled</p><p></p><p>Proxy Settings (Policy)</p><p>Status : Scanned</p><p>Object : HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy</p><p>MD5 : -</p><p>Publisher : -</p><p>Size : -</p><p>Version : -</p><p>Detection : Suspicious Setting</p><p>Cleaning Action : Delete</p><p>Related Objects :</p><p> Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = enabled</p><p></p><p>Proxy Enabled (System)</p><p>Status : Scanned</p><p>Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable</p><p>MD5 : -</p><p>Publisher : -</p><p>Size : -</p><p>Version : -</p><p>Detection : Suspicious Setting</p><p>Cleaning Action : Repair</p><p>Related Objects :</p><p> Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled</p><p></p><p>Proxy Enabled (User)</p><p>Status : Scanned</p><p>Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable</p><p>MD5 : -</p><p>Publisher : -</p><p>Size : -</p><p>Version : -</p><p>Detection : Suspicious Setting</p><p>Cleaning Action : Repair</p><p>Related Objects :</p><p> Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled</p><p></p><p>Proxy Server (System)</p><p>Status : Scanned</p><p>Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer</p><p>MD5 : -</p><p>Publisher : -</p><p>Size : -</p><p>Version : -</p><p>Detection : Suspicious Setting</p><p>Cleaning Action : Delete</p><p>Related Objects :</p><p> Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877</p><p></p><p>Proxy Server (User)</p><p>Status : Scanned</p><p>Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer</p><p>MD5 : -</p><p>Publisher : -</p><p>Size : -</p><p>Version : -</p><p>Detection : Suspicious Setting</p><p>Cleaning Action : Delete</p><p>Related Objects :</p><p> Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877</p><p></p><p>kana.exe</p><p>Status : Scanned</p><p>Object : %programfiles%\darned\kana.exe</p><p>MD5 : AF2FDBB38288E12956CFE2551CDB0B7E</p><p>Publisher : -</p><p>Size : 516096</p><p>Version : 1.0.0.0</p><p>Detection : Adware:Win32/Fitzia.A!Ltal</p><p>Cleaning Action : Quarantine</p><p>Related Objects :</p><p> File - %programfiles%\darned\kana.exe</p><p> Process - 4112 - C:\Program Files (x86)\Darned\kana.exe</p><p> Scheduled Task - C:\Windows\System32\Tasks\Da3975449239754492</p><p> Scheduled Task - C:\Windows\System32\Tasks\39754492</p><p> Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup = C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</p><p> Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\overfished = "C:\Program Files (x86)\Darned\kana.exe"</p><p></p><p>pinpricks.exe</p><p>Status : Scanned</p><p>Object : %systemroot%\pinpricks.exe</p><p>MD5 : AB98F594A71E7F9EFB4DCC4B9B7B3A56</p><p>Publisher : -</p><p>Size : 7680</p><p>Version : 7.2.6.18</p><p>Detection : Adware:Win32/Tyron.A!Aaea</p><p>Cleaning Action : Quarantine</p><p>Related Objects :</p><p> File - %systemroot%\pinpricks.exe</p><p> Process - 2260 - C:\Windows\pinpricks.exe</p><p> Registry Entry - HKLM\System\CurrentControlSet\Services\indentured\ImagePath = C:\Windows\pinpricks.exe</p><p></p><p>interstatnogui.exe</p><p>Status : Scanned</p><p>Object : %appdata%\interstatnogui\interstatnogui.exe</p><p>MD5 : E2D02E48943BD9D255661BB892656CBC</p><p>Publisher : OOO "FENIKS"</p><p>Size : 3220416</p><p>Version : 3.5.7.0</p><p>Detection : Adware:Win32/BandwidthStat-DJ!Ep</p><p>Cleaning Action : Quarantine</p><p>Related Objects :</p><p> File - %appdata%\interstatnogui\interstatnogui.exe</p><p> Process - 5864 - C:\Users\Laptop\AppData\Roaming\Interstatnogui\interstatnogui.exe</p><p> Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Interstatnogui = C:\Users\Laptop\AppData\Roaming\Interstatnogui\interstatnogui.exe</p><p></p><p>recalibrated.exe</p><p>Status : Scanned</p><p>Object : %systemroot%\recalibrated.exe</p><p>MD5 : 56D652CED8BF2843D66F775888940351</p><p>Publisher : -</p><p>Size : 7680</p><p>Version : 5.6.8.140</p><p>Detection : Adware:Win32/Gavin.A!Aaea</p><p>Cleaning Action : Quarantine</p><p>Related Objects :</p><p> File - %systemroot%\recalibrated.exe</p><p> Process - 2500 - C:\Windows\recalibrated.exe</p><p> Registry Entry - HKLM\System\CurrentControlSet\Services\murthy\ImagePath = C:\Windows\recalibrated.exe</p><p></p><p>sampras.exe</p><p>Status : Scanned</p><p>Object : %programfiles%\stahl\sampras.exe</p><p>MD5 : 03634CAD29542E643C38C0D7CEE0F0BA</p><p>Publisher : -</p><p>Size : 523264</p><p>Version : 7.7.5.136</p><p>Detection : Adware:Win32/Bander.A!Taec</p><p>Cleaning Action : Quarantine</p><p>Related Objects :</p><p> File - %programfiles%\stahl\sampras.exe</p><p> Scheduled Task - C:\Windows\System32\Tasks\b404112</p><p> Scheduled Task - C:\Windows\System32\Tasks\217173660</p><p> Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pollack = "C:\Program Files (x86)\stahl\sampras.exe"</p><p></p><p>research soft</p><p>Status : Scanned</p><p>Object : NE->c:\windows\marketing research association\research soft</p><p>MD5 : -</p><p>Publisher : -</p><p>Size : -</p><p>Version : -</p><p>Detection : PUA:Win32/Research Soft.B!Neng</p><p>Cleaning Action : Quarantine</p><p>Related Objects :</p><p> (null) - (null)</p><p></p><p></p><p>Cleaning Result</p><p>-------------------------------------------------------</p><p>Cleaned : 13</p><p>this is the first one. it said its quarantined everything.</p></blockquote><p></p>
[QUOTE="brandon t briggs, post: 551583, member: 55958"] thats the second one, Zemana AntiMalware 2.50.2.133 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/10/8 Operating System : Windows 10 64-bit Processor : 8X Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz BIOS Mode : UEFI CUID : 129AC19F677BB27145BE3C Scan Type : Smart Scan Duration : 3m 46s Scanned Objects : 39773 Detected Objects : 13 Excluded Objects : 0 Read Level : Normal Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- NlaSvc Manual Proxies Status : Scanned Object : HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@ MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Setting Cleaning Action : Delete Related Objects : Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@ = 1http=127.0.0.1:8877;https=127.0.0.1:8877 Proxy Settings (Policy) Status : Scanned Object : HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Setting Cleaning Action : Delete Related Objects : Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = enabled Proxy Settings (Policy) Status : Scanned Object : HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Setting Cleaning Action : Delete Related Objects : Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = enabled Proxy Enabled (System) Status : Scanned Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Setting Cleaning Action : Repair Related Objects : Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled Proxy Enabled (User) Status : Scanned Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Setting Cleaning Action : Repair Related Objects : Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled Proxy Server (System) Status : Scanned Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Setting Cleaning Action : Delete Related Objects : Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877 Proxy Server (User) Status : Scanned Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Setting Cleaning Action : Delete Related Objects : Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877 kana.exe Status : Scanned Object : %programfiles%\darned\kana.exe MD5 : AF2FDBB38288E12956CFE2551CDB0B7E Publisher : - Size : 516096 Version : 1.0.0.0 Detection : Adware:Win32/Fitzia.A!Ltal Cleaning Action : Quarantine Related Objects : File - %programfiles%\darned\kana.exe Process - 4112 - C:\Program Files (x86)\Darned\kana.exe Scheduled Task - C:\Windows\System32\Tasks\Da3975449239754492 Scheduled Task - C:\Windows\System32\Tasks\39754492 Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup = C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\overfished = "C:\Program Files (x86)\Darned\kana.exe" pinpricks.exe Status : Scanned Object : %systemroot%\pinpricks.exe MD5 : AB98F594A71E7F9EFB4DCC4B9B7B3A56 Publisher : - Size : 7680 Version : 7.2.6.18 Detection : Adware:Win32/Tyron.A!Aaea Cleaning Action : Quarantine Related Objects : File - %systemroot%\pinpricks.exe Process - 2260 - C:\Windows\pinpricks.exe Registry Entry - HKLM\System\CurrentControlSet\Services\indentured\ImagePath = C:\Windows\pinpricks.exe interstatnogui.exe Status : Scanned Object : %appdata%\interstatnogui\interstatnogui.exe MD5 : E2D02E48943BD9D255661BB892656CBC Publisher : OOO "FENIKS" Size : 3220416 Version : 3.5.7.0 Detection : Adware:Win32/BandwidthStat-DJ!Ep Cleaning Action : Quarantine Related Objects : File - %appdata%\interstatnogui\interstatnogui.exe Process - 5864 - C:\Users\Laptop\AppData\Roaming\Interstatnogui\interstatnogui.exe Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Interstatnogui = C:\Users\Laptop\AppData\Roaming\Interstatnogui\interstatnogui.exe recalibrated.exe Status : Scanned Object : %systemroot%\recalibrated.exe MD5 : 56D652CED8BF2843D66F775888940351 Publisher : - Size : 7680 Version : 5.6.8.140 Detection : Adware:Win32/Gavin.A!Aaea Cleaning Action : Quarantine Related Objects : File - %systemroot%\recalibrated.exe Process - 2500 - C:\Windows\recalibrated.exe Registry Entry - HKLM\System\CurrentControlSet\Services\murthy\ImagePath = C:\Windows\recalibrated.exe sampras.exe Status : Scanned Object : %programfiles%\stahl\sampras.exe MD5 : 03634CAD29542E643C38C0D7CEE0F0BA Publisher : - Size : 523264 Version : 7.7.5.136 Detection : Adware:Win32/Bander.A!Taec Cleaning Action : Quarantine Related Objects : File - %programfiles%\stahl\sampras.exe Scheduled Task - C:\Windows\System32\Tasks\b404112 Scheduled Task - C:\Windows\System32\Tasks\217173660 Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pollack = "C:\Program Files (x86)\stahl\sampras.exe" research soft Status : Scanned Object : NE->c:\windows\marketing research association\research soft MD5 : - Publisher : - Size : - Version : - Detection : PUA:Win32/Research Soft.B!Neng Cleaning Action : Quarantine Related Objects : (null) - (null) Cleaning Result ------------------------------------------------------- Cleaned : 13 this is the first one. it said its quarantined everything. [/QUOTE]
Insert quotes…
Verification
Post reply
Top