Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove the extension "ShopDRop"


  • This topic is locked This topic is locked
29 replies to this topic

#1 saraynachan

saraynachan

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 18 February 2014 - 09:26 AM

I've noticed recently when I clicked on some links I would instead be directed to some ad sites. I googled and found out that the extension "ShopDRop" in my chrome was behind all this but my every attempt to remove it failed after I restarted Chrome. Besides, removal guides I found on google all seemed a bit off. I appreciate any help! 

 

Here's the dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.45.2
Run by Sarayna at 22:10:37 on 2014-02-18
#Option MBR scan  is disabled.
Microsoft Windows 7 家用進階版   6.1.7601.1.950.886.1028.18.2047.258 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Program Files\ExpressFiles\EFupdater.exe
C:\Program Files\Glary Utilities 3\Integrator.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Anvisoft\Cloud System Booster\CSBSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\eMachines\Registration\GregHSRW.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\D-Link\DWA-171\WlanWpsSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ImSmart\ImSmart\ImSmart.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Users\Sarayna\AppData\Local\Youdao\Dict\Application\YodaoDict.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
C:\Program Files\D-Link\DWA-171\wirelesscm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Sarayna\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Sarayna\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\RescueTime\RescueTime.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\Sarayna\AppData\Local\Youdao\Dict\Application\6.0.50.4937\YoudaoIE.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Sarayna\AppData\Local\Youdao\Dict\Application\6.0.50.4937\YoudaoDictHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Sarayna\AppData\Local\Youdao\Dict\Application\6.0.50.4937\wordbook.exe
C:\Users\Sarayna\AppData\Local\Youdao\Dict\Application\6.0.50.4937\YoudaoIE.exe
C:\Windows\system32\DllHost.exe
C:\Users\Sarayna\AppData\Local\Youdao\Dict\Application\6.0.50.4937\YoudaoDictHelper.exe
C:\Users\Sarayna\AppData\Local\Youdao\Dict\Application\6.0.50.4937\YoudaoDictHelper.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0404&m=et1830&r=173509100406p0425v1l5r4781s345
mStart Page = hxxp://www.google.com
uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.6\iobitappsToolbarIE.dll
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.6\iobitappsToolbarIE.dll
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.6\iobitappsToolbarIE.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [YodaoDict] "c:\users\sarayna\appdata\local\youdao\dict\application\YodaoDict.exe" -hide -autostart
uRun: [HP Officejet 4620 series (NET)] "c:\program files\hp\hp officejet 4620 series\bin\ScanToPCActivationApp.exe" -deviceID "CN28O2305105RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [GoogleChromeAutoLaunch_C387FD6B814881ECA85C3A9C22C1138F] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [CloudSystemBooster] "c:\program files\anvisoft\cloud system booster\CloudSystemBooster.exe"  /hide /autorun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ImSmart] c:\program files\imsmart\imsmart\ImSmart.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
StartupFolder: c:\users\sarayna\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\sarayna\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\sarayna\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\users\sarayna\appdata\local\apps\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\sarayna\appdata\roaming\micros~1\windows\startm~1\programs\startup\rescue~1.lnk - c:\program files\rescuetime\RescueTime.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-171\wirelesscm.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - c:\users\sarayna\appdata\local\apps\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: 收藏到有道云?? - <no file>
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {65D09F88-CE18-4A95-B8AF-311C3311DB03} - c:\program files\youdao\youdaonote\ieext_btn.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {12755229-656A-4508-BC94-2DA4D314B4C8} - hxxps://www.mybank.com.tw/MyATM/CAB/CathayMyATM.CAB
DPF: {5D5EF079-C21D-47EE-9249-D4E89C8D3E43} - hxxps://my.taishinbank.com.tw/ActiveX/eATM/Bull.cab
DPF: {603B9E6C-0467-4C23-8098-ACC2ED6FEB75} - hxxps://my.taishinbank.com.tw/ActiveX/eATM/TSBANK.cab
DPF: {7067DEA7-8C20-4519-8615-B1829371D8B9} - hxxps://family.chinatrust.com.tw/WebATM/1009/CTCBWebATM.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A6132015-5796-48B5-B776-16D009021D81} - hxxps://eatm.firstbank.com.tw/acq/firstbankATM.CAB
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{87B9C7EC-864B-4954-9A66-C86FADB02145} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A9022C51-22E5-4CBE-B59D-2C78A1044546} : DHCPNameServer = 168.95.1.1 168.95.192.1
TCP: Interfaces\{EC803D97-891F-4D21-90B1-63A6EEFA44DE} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files\stardock\fences\FencesMenu.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sarayna\appdata\roaming\mozilla\firefox\profiles\y8yv16d2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchere.info/?pid=512&r=2013/09/29&hid=16341015464460084776&lg=EN&cc=TW&unqvl=37&l=1&q=
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.searchere.info/?pid=512&r=2013/09/29&hid=16341015464460084776&lg=EN&cc=TW&unqvl=37&l=1&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_507\npaosmgr.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25sp.dll
FF - plugin: c:\program files\beanfun!\beanfun! plugin\npBFWebStart.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\sarayna\appdata\roaming\360yunpan\npUploadPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2014-01-09 23:54; zxb7ys@zwfdeyiu.org; c:\users\sarayna\appdata\roaming\mozilla\firefox\profiles\y8yv16d2.default\extensions\zxb7ys@zwfdeyiu.org
FF - ExtSQL: 2014-01-09 23:54; i1.auuy@ioey-ai.com; c:\users\sarayna\appdata\roaming\mozilla\firefox\profiles\y8yv16d2.default\extensions\i1.auuy@ioey-ai.com
FF - ExtSQL: 2014-01-30 16:10; rescuetime_firefox@rescuetime.com; c:\users\sarayna\appdata\roaming\mozilla\firefox\profiles\y8yv16d2.default\extensions\rescuetime_firefox@rescuetime.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-11-24 21576]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-9-13 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-9-13 177864]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2014-2-15 18624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-3 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-3 369584]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-8-26 37352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-10 242240]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-1-2 176128]
R2 AntiVirSchedulerService;Avira 排程管理員;c:\program files\avira\antivir desktop\sched.exe [2013-8-26 440376]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-8-26 440376]
R2 AnviCsbSvc;Anvi Cloud System Booster Speed Service;c:\program files\anvisoft\cloud system booster\CSBSvc.exe [2013-12-24 42680]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2014-1-16 807800]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-3 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-3 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-9-13 46808]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-8-26 90400]
R2 hmip;hmip;c:\windows\system32\drivers\hmip.sys [2014-1-10 25448]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-1-2 167936]
R3 RtlWlanu;D-Link DWA-171 Wireless AC Dual Band Adapter;c:\windows\system32\drivers\RTWlanU.sys [2014-2-16 2122312]
S2 3f0ddfac;Filteligent;c:\windows\system32\rundll32.exe [2009-7-14 44544]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 EMVSCARD;EMVSCARD;c:\windows\system32\drivers\EMVSCARD.sys [2006-12-19 20736]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-9 39272]
S3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2BthF.sys [2013-2-5 81168]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2013-2-5 167696]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2013-2-5 103056]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2013-7-25 18944]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-9-19 13464]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-8-26 1011768]
.
=============== Created Last 30 ================
.
2014-02-18 12:57:43 -------- d-----w- c:\program files\Anvisoft
2014-02-18 11:21:27 -------- d-----w- c:\users\sarayna\appdata\local\Razer_Inc
2014-02-18 11:19:56 -------- d-----w- c:\users\sarayna\appdata\roaming\Malwarebytes
2014-02-18 11:19:36 -------- d-----w- c:\programdata\Malwarebytes
2014-02-18 11:19:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-18 11:19:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-18 11:12:40 -------- d-----w- c:\users\sarayna\appdata\local\Razer
2014-02-16 07:48:37 2122312 ----a-w- c:\windows\system32\drivers\RTWlanU.sys
2014-02-16 07:48:36 -------- d-----w- c:\windows\pcidevice
2014-02-16 07:48:28 -------- d-----w- c:\program files\D-Link
2014-02-14 20:01:59 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2014-02-14 19:03:12 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-14 15:29:10 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-14 15:29:10 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-14 15:28:45 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-14 15:28:45 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-14 15:28:40 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-14 15:28:38 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-14 15:28:38 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-14 15:28:37 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-14 15:28:36 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-14 15:28:34 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-14 15:28:34 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-14 15:28:33 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-14 15:28:32 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-07 20:53:12 6583664 ----a-w- C:\Pro
2014-02-06 18:16:25 -------- d-----w- c:\program files\BandiMPEG1
2014-02-06 18:01:30 -------- d-----w- c:\programdata\beanfun!
2014-01-31 00:25:41 -------- d-----w- c:\programdata\YTAdaRiemoeval
2014-01-31 00:25:26 -------- d-----w- c:\programdata\oenjofkngdmijekapocjfmmmjpfilphh
2014-01-26 16:50:55 -------- d-----w- c:\users\sarayna\appdata\local\RescueTime.com
2014-01-26 16:50:50 -------- d-----w- c:\program files\RescueTime
2014-01-23 08:31:45 -------- d-----w- c:\programdata\PopCap Games
.
==================== Find3M  ====================
.
2014-02-06 10:20:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-01-19 11:56:24 230 ----a-w- c:\windows\system32\audition.reg
2013-12-19 14:05:32 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-19 14:05:32 69240 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-13 15:20:45 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-27 01:14:25 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:13:46 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:13:44 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:13:41 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:13:38 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:13:36 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:13:33 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:11:29 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:10:21 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll
.
============= FINISH: 22:13:10.05 ===============
 
Attached File  attach.txt   10.68KB   0 downloads


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 18 February 2014 - 09:51 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either avast! or avira.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 saraynachan

saraynachan
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 18 February 2014 - 10:36 AM

I had Avira removed accordingly. Thanks for telling me this!



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 18 February 2014 - 11:22 AM

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

 

 

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 saraynachan

saraynachan
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 19 February 2014 - 06:34 PM

The first and the second steps went okay and I have the logs on my desktop. But I ran the ESET scan two times and each time ended up with it not responding and windows would just close the scan. What should I do?

#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 20 February 2014 - 07:56 AM

Try it on another browser.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 saraynachan

saraynachan
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 20 February 2014 - 01:32 PM

Still didn't work. The second the scan was finished, it stopped responding and the error message popped up again to tell me to close it.



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 24 February 2014 - 04:13 AM

Please reboot into safe mode with networking and try again


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 saraynachan

saraynachan
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 26 February 2014 - 01:19 PM

Here's the AdwCleaner text:

 

# AdwCleaner v3.019 - Report created 19/02/2014 at 23:35:58
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Sarayna - NNNN-PC
# Running from : C:\Users\Sarayna\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : Application Updater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Filteligent
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\SpeedyPC Software
Folder Deleted : C:\ProgramData\uniblue
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ExpressFiles
Folder Deleted : C:\Program Files\IObit Apps Toolbar
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Users\nnnn\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\nnnn\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\nnnn\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Sarayna\AppData\Local\Conduit
Folder Deleted : C:\Users\Sarayna\AppData\Local\PackageAware
Folder Deleted : C:\Users\Sarayna\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sarayna\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Sarayna\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Sarayna\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Sarayna\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Sarayna\AppData\Roaming\SpeedyPC Software
Folder Deleted : C:\Users\Sarayna\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
Folder Deleted : C:\Users\nnnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh
File Deleted : C:\Users\Sarayna\AppData\Roaming\Mozilla\Firefox\Profiles\y8yv16d2.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\nnnn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\nnnn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fbtemplate.conduitapps.com_0.localstorage
File Deleted : C:\Users\nnnn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0B739C14-9814-446B-8355-29B3288CB5AE}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B739C14-9814-446B-8355-29B3288CB5AE}
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SpeedyPC Software
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\WinWSD ToolBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{3f0ddfac}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v26.0 (zh-TW)
 
[ File : C:\Users\Sarayna\AppData\Roaming\Mozilla\Firefox\Profiles\y8yv16d2.default\prefs.js ]
 
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchere.info/?pid=512&r=2013/09/29&hid=16341015464460084776&lg=EN&cc=TW&unqvl=37&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.D9V615pU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.match(/ressb[...]
Line Deleted : user_pref("extensions.JVRuvhAuMw9I.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.match(/ressbar.com[^f]+fid=6[...]
Line Deleted : user_pref("extensions.wu1Rj0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.match(/ressbar[...]
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchere.info/?pid=512&r=2013/09/29&hid=16341015464460084776&lg=EN&cc=TW&unqvl=37&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\nnnn\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Sarayna\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [9504 octets] - [19/02/2014 23:30:05]
AdwCleaner[R1].txt - [9597 octets] - [19/02/2014 23:35:02]
AdwCleaner[S0].txt - [333 octets] - [19/02/2014 23:33:19]
AdwCleaner[S1].txt - [9762 octets] - [19/02/2014 23:35:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9822 octets] ##########
 
 
 
The JRT text:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x86
Ran by Sarayna on 2014/02/19 週三 at 23:54:54.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Sarayna\AppData\Roaming\rambler"
Successfully deleted: [Folder] "C:\Users\Sarayna\appdata\local\rambler"
Successfully deleted: [Folder] "C:\Users\Sarayna\appdata\locallow\rambler"
Successfully deleted: [Empty Folder] C:\Users\Sarayna\appdata\local\{0284BF47-90C1-4B19-89A8-82D64271DA60}
Successfully deleted: [Empty Folder] C:\Users\Sarayna\appdata\local\{099FF4B5-53C9-48C7-B234-E555E8B35A9F}
Successfully deleted: [Empty Folder] C:\Users\Sarayna\appdata\local\{70AD7913-E79A-4CFA-A8A1-D520F613CE14}
Successfully deleted: [Empty Folder] C:\Users\Sarayna\appdata\local\{BCD6249A-F661-4F28-9CB2-2F88DEED205B}
Successfully deleted: [Empty Folder] C:\Users\Sarayna\appdata\local\{D71ADD8D-CD9B-43FF-9F5F-70D6266B2855}
Successfully deleted: [Empty Folder] C:\Users\Sarayna\appdata\local\{DB98289F-A401-43C0-8E03-BD55E23E13E8}
Successfully deleted: [Empty Folder] C:\Users\Sarayna\appdata\local\{F8D8C034-0D3C-4861-83EB-658EA15B9171}
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Sarayna\AppData\Roaming\mozilla\firefox\profiles\y8yv16d2.default\minidumps [5 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014/02/19 週三 at 23:58:23.56
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
I'll post the third text once it's finished! (It's been running for an hour now)


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 28 February 2014 - 06:28 AM

Did it finish already?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 saraynachan

saraynachan
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 28 February 2014 - 09:37 AM

Sorry to get back to you so late, and no it didn't work out fine. I entered the safe mode with networking but as soon as it's finished it stopped responding.

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 02 March 2014 - 08:58 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 saraynachan

saraynachan
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 08 March 2014 - 10:35 AM

Sorry it is all in Chinese, I'll try to translate the key information into English. If there's anything else you need translation of, don't hesitate to ask me. Thanks! 
 
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
資料庫版本: v2014.03.07.06
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
Sarayna :: NNNN-PC [系統管理員]
 
2014/3/7 吸血鬼 09:56:40
mbam-log-2014-03-07 (21-56-40).txt
 
掃描類型: 完全掃描 (C:\|D:\|)
啟用掃描選項: 記憶體 | 啟動 | 登錄檔 | 檔案系統 | 啟發式/額外 | 啟發式/Shuriken 引擎 | PUP | PUM
停用掃描選項: P2P
被掃描物件數量: 597932
總共掃描時間: 3 小時, 19 分鐘, 50 秒
 
被檢測到記憶體進程數量: 0
(沒有檢測到有害項目)
 
被檢測到記憶體模組數量: 0
(沒有檢測到有害項目)
 
被檢測到登錄檔項目數量: 0
(沒有檢測到有害項目)
 
被檢測到登錄檔值數量: 0
(沒有檢測到有害項目)
 
被檢測到登錄檔資料項目數量: 0
(沒有檢測到有害項目)
 
被檢測到資料夾數量(the quantity of detected folders): 1
C:\Users\nnnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh (PUP.Optional.1ClickDownLoader.A) -> 已成功隔離及刪除 (successfully deleted)
 
被檢測到檔案數量(the quantity of detected files): 2
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> 已成功隔離及刪除 (successfully deleted)
C:\AdwCleaner\Quarantine\C\Program Files\ExpressFiles\uninstall.exe.vir (PUP.Optional.ExpressFiles.A) -> 已成功隔離及刪除 (successfully deleted)
 
﹝結束﹞ (End)


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 08 March 2014 - 12:04 PM

Do you still see the extension you wanted to remove?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 saraynachan

saraynachan
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 09 March 2014 - 12:14 PM

Unfortunately yes.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users