Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus or Malware >_>


  • Please log in to reply
10 replies to this topic

#1 ShinVon

ShinVon

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 08 September 2012 - 04:33 PM

I have a process that keeps coming back and taking all my CPU
and now just recently i cant go to certain websites

142kkk290347.exe

he7f2p3d

Any info will be great.

BC AdBot (Login to Remove)

 


#2 OSO ROJO

OSO ROJO

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Salt Lake City, UT
  • Local time:08:39 PM

Posted 08 September 2012 - 04:36 PM

To start .. check out:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

:busy:

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:39 PM

Posted 08 September 2012 - 04:38 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 ShinVon

ShinVon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 08 September 2012 - 04:40 PM

Thanks ill try :)

#5 ShinVon

ShinVon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 08 September 2012 - 10:22 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-08 14:46:37
-----------------------------
14:46:37.789 OS Version: Windows 6.1.7600
14:46:37.789 Number of processors: 2 586 0x602
14:46:37.792 ComputerName: SHELDORETHEGAYN UserName: Sheldizzle
14:46:40.823 Initialize success
14:50:19.316 AVAST engine defs: 12090801
14:50:24.186 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
14:50:24.195 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
14:50:24.226 Disk 0 MBR read successfully
14:50:24.234 Disk 0 MBR scan
14:50:24.248 Disk 0 Windows 7 default MBR code
14:50:24.259 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:50:24.282 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
14:50:24.294 Disk 0 scanning sectors +976771072
14:50:24.397 Disk 0 scanning C:\Windows\system32\drivers
14:50:36.664 Service scanning
14:51:07.154 Modules scanning
14:51:15.426 Disk 0 trace - called modules:
14:51:15.464 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
14:51:15.826 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863a5948]
14:51:15.838 3 CLASSPNP.SYS[8b0a959e] -> nt!IofCallDriver -> [0x853a2700]
14:51:15.847 5 ACPI.sys[833bf3b2] -> nt!IofCallDriver -> \Device\00000071[0x85d06808]
14:51:18.528 AVAST engine scan C:\Windows
14:51:25.499 AVAST engine scan C:\Windows\system32
14:57:16.781 AVAST engine scan C:\Windows\system32\drivers
14:57:55.295 AVAST engine scan C:\Users\Sheldizzle
14:58:34.927 File: C:\Users\Sheldizzle\AppData\Local\ApplicationHistory\Apple Computer\jvxxgvvc.dll **INFECTED** Win32:Trojan-gen
15:10:12.350 Disk 0 MBR has been saved successfully to "C:\Users\Sheldizzle\Desktop\MBR.dat"
15:10:12.353 The log file has been saved successfully to "C:\Users\Sheldizzle\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-08 14:46:37
-----------------------------
14:46:37.789 OS Version: Windows 6.1.7600
14:46:37.789 Number of processors: 2 586 0x602
14:46:37.792 ComputerName: SHELDORETHEGAYN UserName: Sheldizzle
14:46:40.823 Initialize success
14:50:19.316 AVAST engine defs: 12090801
14:50:24.186 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
14:50:24.195 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
14:50:24.226 Disk 0 MBR read successfully
14:50:24.234 Disk 0 MBR scan
14:50:24.248 Disk 0 Windows 7 default MBR code
14:50:24.259 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:50:24.282 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
14:50:24.294 Disk 0 scanning sectors +976771072
14:50:24.397 Disk 0 scanning C:\Windows\system32\drivers
14:50:36.664 Service scanning
14:51:07.154 Modules scanning
14:51:15.426 Disk 0 trace - called modules:
14:51:15.464 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
14:51:15.826 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863a5948]
14:51:15.838 3 CLASSPNP.SYS[8b0a959e] -> nt!IofCallDriver -> [0x853a2700]
14:51:15.847 5 ACPI.sys[833bf3b2] -> nt!IofCallDriver -> \Device\00000071[0x85d06808]
14:51:18.528 AVAST engine scan C:\Windows
14:51:25.499 AVAST engine scan C:\Windows\system32
14:57:16.781 AVAST engine scan C:\Windows\system32\drivers
14:57:55.295 AVAST engine scan C:\Users\Sheldizzle
14:58:34.927 File: C:\Users\Sheldizzle\AppData\Local\ApplicationHistory\Apple Computer\jvxxgvvc.dll **INFECTED** Win32:Trojan-gen
15:10:12.350 Disk 0 MBR has been saved successfully to "C:\Users\Sheldizzle\Desktop\MBR.dat"
15:10:12.353 The log file has been saved successfully to "C:\Users\Sheldizzle\Desktop\aswMBR.txt"
15:12:33.585 File: C:\Users\Sheldizzle\AppData\Local\RivalGaming\Uninstaller.exe **INFECTED** Win32:Malware-gen
15:30:06.911 File: C:\Users\Sheldizzle\AppData\Local\Temp\gjmmdi.tmp\gpqlri.dll **INFECTED** Win32:Malware-gen
16:13:18.751 File: C:\Users\Sheldizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com\components\FreeWorkzFirefox.dll **INFECTED** Win32:Adware-gen [Adw]
17:31:11.279 File: C:\Users\Sheldizzle\Downloads\Keygen Adobe CS6.exe **INFECTED** Win32:Malware-gen
17:52:47.571 Disk 0 MBR has been saved successfully to "C:\Users\Sheldizzle\Desktop\MBR.dat"
17:52:47.687 The log file has been saved successfully to "C:\Users\Sheldizzle\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-08 14:46:37
-----------------------------
14:46:37.789 OS Version: Windows 6.1.7600
14:46:37.789 Number of processors: 2 586 0x602
14:46:37.792 ComputerName: SHELDORETHEGAYN UserName: Sheldizzle
14:46:40.823 Initialize success
14:50:19.316 AVAST engine defs: 12090801
14:50:24.186 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
14:50:24.195 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
14:50:24.226 Disk 0 MBR read successfully
14:50:24.234 Disk 0 MBR scan
14:50:24.248 Disk 0 Windows 7 default MBR code
14:50:24.259 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:50:24.282 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
14:50:24.294 Disk 0 scanning sectors +976771072
14:50:24.397 Disk 0 scanning C:\Windows\system32\drivers
14:50:36.664 Service scanning
14:51:07.154 Modules scanning
14:51:15.426 Disk 0 trace - called modules:
14:51:15.464 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
14:51:15.826 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863a5948]
14:51:15.838 3 CLASSPNP.SYS[8b0a959e] -> nt!IofCallDriver -> [0x853a2700]
14:51:15.847 5 ACPI.sys[833bf3b2] -> nt!IofCallDriver -> \Device\00000071[0x85d06808]
14:51:18.528 AVAST engine scan C:\Windows
14:51:25.499 AVAST engine scan C:\Windows\system32
14:57:16.781 AVAST engine scan C:\Windows\system32\drivers
14:57:55.295 AVAST engine scan C:\Users\Sheldizzle
14:58:34.927 File: C:\Users\Sheldizzle\AppData\Local\ApplicationHistory\Apple Computer\jvxxgvvc.dll **INFECTED** Win32:Trojan-gen
15:10:12.350 Disk 0 MBR has been saved successfully to "C:\Users\Sheldizzle\Desktop\MBR.dat"
15:10:12.353 The log file has been saved successfully to "C:\Users\Sheldizzle\Desktop\aswMBR.txt"
15:12:33.585 File: C:\Users\Sheldizzle\AppData\Local\RivalGaming\Uninstaller.exe **INFECTED** Win32:Malware-gen
15:30:06.911 File: C:\Users\Sheldizzle\AppData\Local\Temp\gjmmdi.tmp\gpqlri.dll **INFECTED** Win32:Malware-gen
16:13:18.751 File: C:\Users\Sheldizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com\components\FreeWorkzFirefox.dll **INFECTED** Win32:Adware-gen [Adw]
17:31:11.279 File: C:\Users\Sheldizzle\Downloads\Keygen Adobe CS6.exe **INFECTED** Win32:Malware-gen
17:52:47.571 Disk 0 MBR has been saved successfully to "C:\Users\Sheldizzle\Desktop\MBR.dat"
17:52:47.687 The log file has been saved successfully to "C:\Users\Sheldizzle\Desktop\aswMBR.txt"
18:09:40.994 AVAST engine scan C:\ProgramData
19:02:33.736 Scan finished successfully
20:21:13.506 Disk 0 MBR has been saved successfully to "C:\Users\Sheldizzle\Desktop\MBR.dat"
20:21:13.556 The log file has been saved successfully to "C:\Users\Sheldizzle\Desktop\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:39 PM

Posted 08 September 2012 - 10:27 PM

You have posted ASWMBR log three times.

Please post the TDSSkiller and ESET logs

#7 ShinVon

ShinVon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 08 September 2012 - 10:34 PM

TDSSKiller wouldnt save a log
and i didnt post it three times i saved it three times Didnt mean to >_>

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:39 PM

Posted 08 September 2012 - 10:37 PM

You should find the TDSSkiller log in c drive

C:\tdsskiller....log.txt

ESET log?

#9 ShinVon

ShinVon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 08 September 2012 - 11:49 PM

Ill look and Eset is still goin

#10 ShinVon

ShinVon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 09 September 2012 - 02:49 PM

C:\Program Files\FreeWorkz\Uninstaller.exe a variant of Win32/Adware.Gamevance.CC application cleaned by deleting - quarantined
C:\Program Files\GamingWonderland\bar\1.bin\gtdatact.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
C:\Program Files\GamingWonderland\bar\1.bin\gthtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\Program Files\GamingWonderland\bar\1.bin\gtieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files\GamingWonderland\bar\1.bin\gtPlugin.dll probably a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\GamingWonderland\bar\1.bin\gtskin.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files\GamingWonderland\bar\1.bin\T8HTML.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.08.2012_03.44.20\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.08.2012_03.44.20\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.08.2012_03.44.20\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.08.2012_03.44.20\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.08.2012_03.44.20\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.08.2012_03.44.20\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.08.2012_03.44.20\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.08.2012_03.44.20\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.08.2012_18.52.37\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.08.2012_18.52.37\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.08.2012_18.52.37\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.08.2012_18.52.37\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.08.2012_18.52.37\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NP trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.08.2012_18.52.37\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.08.2012_18.52.37\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.08.2012_18.52.37\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.09.2012_14.41.52\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.09.2012_14.41.52\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.09.2012_14.41.52\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.09.2012_14.41.52\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.09.2012_14.41.52\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NP trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.09.2012_14.41.52\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.09.2012_14.41.52\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.09.2012_14.41.52\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_11.50.08\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_11.50.08\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_11.50.08\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_11.50.08\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_11.50.08\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_11.50.08\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_11.50.08\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_11.50.08\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_11.50.08\mbr0000\tdlfs0000\tsk0014.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\Users\Default\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com\components\FreeWorkzFirefox.dll a variant of Win32/Adware.Gamevance.BR application cleaned by deleting - quarantined
C:\Users\Sheldizzle\AppData\Local\Google\Chrome\User Data\Default\Default\aagcgdgggddfdhgfgddegbgbdedjdbde\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Sheldizzle\AppData\Local\RivalGaming\Uninstaller.exe a variant of Win32/Adware.Gamevance.CC application cleaned by deleting - quarantined
C:\Users\Sheldizzle\AppData\Local\Temp\0.21659110613437027 a variant of Win32/Kryptik.ALKK trojan cleaned by deleting - quarantined
C:\Users\Sheldizzle\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\033E5E75.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Users\Sheldizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com\components\FreeWorkzFirefox.dll a variant of Win32/Adware.Gamevance.BR application cleaned by deleting - quarantined
C:\Users\Sheldizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll a variant of Win32/Adware.Gamevance.BV application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\hamachi setup.exe a variant of Win32/Soft32Downloader.B application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\rpc412_setup.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Games\Star Wars EAW Gold Pack\Star Wars Empire at War Gold Pack\daemon4123-lite.exe Win32/Adware.Toolbar.Shopper application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(1).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(10).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(11).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(12).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(13).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(14).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(15).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(16).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(17).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(2).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(3).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(4).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(5).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(6).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(7).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(8).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\SetupFreeWorkz(9).exe a variant of Win32/Adware.Gamevance.BP application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\setup_ReadersDigestv15(1).exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\Users\Sheldizzle\Downloads\Random1212121\setup_ReadersDigestv15.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\Users\UpdatusUser\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com\components\FreeWorkzFirefox.dll a variant of Win32/Adware.Gamevance.BR application cleaned by deleting - quarantined

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:39 PM

Posted 09 September 2012 - 07:54 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users