Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse & Adware Generic5.ARIH


  • Please log in to reply
27 replies to this topic

#1 samoyed

samoyed

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 02 May 2014 - 09:36 PM

AVG had picked up Trojan Horse & Adware Generic5.ARIH. I selected for AVG to remove the threats but looked like it was unsuccessful as I am now receiving popup ads although I have set the settings to block pop ups. Kindly advisehow to remove the threst totally. Thank You.

BC AdBot (Login to Remove)

 


#2 gettingthere

gettingthere

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 02 May 2014 - 09:55 PM

reboot to safe mode w/ networking and run malwarebytes and then superantispyware, that should get it, I've seen this one before and that's how I did it



#3 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 03 May 2014 - 02:49 AM

AVG had picked up Trojan Horse & Adware Generic5.ARIH. I selected for AVG to remove the threats but looked like it was unsuccessful as I am now receiving popup ads although I have set the settings to block pop ups. Kindly advisehow to remove the threst totally. Thank You.

 



#4 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 03 May 2014 - 03:06 AM

I have run malwarebytes and then superantispyware using safe mode with networking. Both programs have detected stuff and had these stuff removed. However I am still attacked by pop up ads as well as scrolling ads. Everything else has also slowed down. Kindly assist.

#5 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 03 May 2014 - 10:32 AM

Hallo samoyed!

Please download AdwCleaner by Xplode HERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.



#6 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 03 May 2014 - 01:06 PM

Hello. AdwCleaner didn't find anything. I am still getting pop up ads and other kind of ads when I am surfing the internet. The Laptop has slowed down tremendously. I have tried using the below with no success although they have removed stuff from my laptop: AVG Malwarebytes Superantispyware tdsskiller JRT esetsmart # AdwCleaner v3.205 - Report created 04/05/2014 at 03:54:20 # Updated 28/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : David - TOSHI # Running from : C:\Users\David\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v27.0.1 (en-GB) [ File : C:\Users\Adele\AppData\Roaming\Mozilla\Firefox\Profiles\bqx5kgon.default\prefs.js ] [ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\cfn11mju.default\prefs.js ] -\\ Google Chrome v34.0.1847.131 [ File : C:\Users\Adele\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [5217 octets] - [04/05/2014 00:02:37] AdwCleaner[R1].txt - [1204 octets] - [04/05/2014 00:22:06] AdwCleaner[R2].txt - [1324 octets] - [04/05/2014 03:37:08] AdwCleaner[S0].txt - [5232 octets] - [04/05/2014 00:07:54] AdwCleaner[S1].txt - [1265 octets] - [04/05/2014 00:24:47] AdwCleaner[S2].txt - [1245 octets] - [04/05/2014 03:54:20] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1305 octets] ##########

#7 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 03 May 2014 - 01:18 PM

So you have used:

AVG Malwarebytes Superantispyware tdsskiller JRT esetsmart

and no success.

Let`s see as it Generic is.Download Emsisoft Emergency Kit - https://www.emsisoft.com/en/software/eek/

It will be extracted in C:\EEK but the icon will appear onto your desktop.Start the application and from window choose first option.Update the program and from left click on Scan PC and after that deep scan.

Why do you need to use safe mode?Is it possible standard regime?


Edited by Alex&Vanko, 03 May 2014 - 01:31 PM.


#8 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 04 May 2014 - 08:38 AM

Hello. The other kind person helping out suggested using safe mode. I have ran emsisoft. It has detected Gen:Variant.Kazy.367577. Deleted but problem persist. I still get bombarded by ads. It has also made it diffficult to click on stuff on website such as Bleeping Computer. Example,for the life of me I am unale to clickon the 'Post' button. Nothing happens although I have click on it several times. Everythng has slowed down tremendously. Emsisoft Emergency Kit - Version 4.0 Last update: 5/4/2014 9:12:47 PM User account: TOSHI\David Scan settings: Scan type: Deep Scan Objects: Rootkits, Memory, Traces, C:\, E:\ Detect PUPs: On Scan archives: On ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 5/4/2014 9:18:51 PM C:\Users\David\AppData\Local\Temp\foouwuci.11i.exe detected: Gen:Variant.Kazy.367577 (B) Scanned 311034 Found 1 Scan end: 4/05/2014 11:25:42 PM Scan time: 2:06:51 C:\Users\David\AppData\Local\Temp\foouwuci.11i.exe Deleted Gen:Variant.Kazy.367577 (B) Deleted 1

#9 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 04 May 2014 - 09:09 AM

It is no good to scan in safe mode.Ok post the last log of Malwarebytes where the detection was from here - C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

 

Also from Superantispyware.From main Window click System tools&Program settings then Scan logs.Post it here.

 

Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

 

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Thank you!



#10 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 04 May 2014 - 09:42 AM

Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 26
Java 7 Update 55
Adobe Flash Player 13.0.0.206
Adobe Reader XI
Mozilla Firefox 27.0.1 Firefox out of Date!
Google Chrome 33.0.1750.154
Google Chrome 34.0.1847.131
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

MiniToolBox by Farbar Version: 23-01-2014
Ran by David (administrator) on 05-05-2014 at 00:35:42
Running from "C:\Users\David\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 8118
"network.proxy.ssl", "127.0.0.1"
"network.proxy.ssl_port", 8118
"network.proxy.type", 1

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




========================= Event log errors: ===============================

Application errors:
==================
Error: (05/04/2014 11:40:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 27.0.1.5156, time stamp: 0x52fc0faa
Faulting module name: xul.dll, version: 27.0.1.5156, time stamp: 0x52fc0f79
Exception code: 0xc0000005
Fault offset: 0x001560c7
Faulting process id: 0x1a68
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (05/04/2014 10:47:11 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/04/2014 09:16:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/04/2014 09:16:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/04/2014 09:16:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/04/2014 04:08:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/04/2014 04:08:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/04/2014 04:08:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/04/2014 04:08:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/04/2014 03:01:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/04/2014 08:41:01 PM) (Source: Service Control Manager) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (05/04/2014 08:41:01 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

Error: (05/04/2014 03:56:37 AM) (Source: Service Control Manager) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (05/04/2014 03:56:37 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.4.1.30888)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Adobe Flash Player 13 ActiveX (Version: 13.0.0.206)
Adobe Flash Player 13 Plugin (Version: 13.0.0.206)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Amazon Links (Version: 2.02)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.17)
AUSkey software 1.4.0.6 (Version: 1.4.0.6)
AVG 2014 (Version: 14.0.3931)
AVG 2014 (Version: 14.0.4570)
AVG 2014 (Version: 2014.0.4570)
Bejeweled 2 Deluxe (Version: 2.2.0.82)
Blackhawk Striker 2 (Version: 2.2.0.82)
Bluetooth Stack for Windows by Toshiba (Version: v6.40.00(T))
Bonjour (Version: 3.0.0.10)
Changes (Version: 2.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.126.0.62)
Direct DiscRecorder (Version: 1.00.0000)
Dolby Control Center (Version: 2.2.1)
Dropbox (Version: 2.4.11)
DVD MovieFactory for TOSHIBA (Version: 7.0.0)
ESET Online Scanner v3
Ezvid (Version: 0982)
Faerie Solitaire (Version: 2.2.0.82)
FATE Undiscovered Realms (Version: 2.2.0.82)
Google Chrome (Version: 34.0.1847.131)
Google SketchUp 8 (Version: 3.0.4811)
Google Talk Plugin (Version: 5.3.1.18536)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.5111.1712)
Google Update Helper (Version: 1.3.23.9)
Google+ Auto Backup (Version: 1.0.21.81)
Google+ Auto Backup (Version: 1.0.25.133)
HDMI Control Manager (Version: 2.0)
iCloud (Version: 1.1.0.40)
Intel® Control Center (Version: 1.2.0.1006)
Intel® Rapid Storage Technology (Version: 9.5.0.1037)
Intel® Turbo Boost Technology Driver (Version: 01.00.01.1002)
iTunes (Version: 10.6.1.7)
Java 7 Update 55 (Version: 7.0.550)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 29 (64-bit) (Version: 6.0.290)
Junk Mail filter update (Version: 14.0.8089.726)
Lexmark S300-S400 Series
Lexmark Toolbar (Version: 4.3.37.0)
Lexmark Tools for Office (Version: 1.29.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.141.11)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Monopoly (Version: 2.2.0.82)
Mozilla Firefox 27.0.1 (x86 en-GB) (Version: 27.0.1)
Mozilla Maintenance Service (Version: 27.0.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyFreeCodec
NavDesk 7.50 (Version: 7.50.0109.128)
NetZero Launcher (Version: 2.01)
Nokia Connectivity Cable Driver (Version: 7.1.31.0)
NVIDIA Drivers (Version: 1.10.56.34)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA PhysX (Version: 9.10.0129)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.56)
PC Connectivity Solution (Version: 10.33.1.0)
PhotoScape
Picasa 3 (Version: 3.9)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.82)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Quickbooks Financial Center (Version: 2.02)
QuickTime (Version: 7.71.80.42)
Realtek WLAN Driver (Version: 2.00.0006)
Safari (Version: 5.34.57.2)
Samsung Kies (Version: 2.6.0.13064_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.34.0)
SaveVid Plug-in (Version: 2.0.0.107556)
Scrabble Plus (Version: 2.2.0.82)
Sid Meier's Civilization 4 Complete (Version: 1.74)
Skype Launcher (Version: 2.01)
Skype 5.10 (Version: 5.10.116)
SpywareBlaster 5.0 (Version: 5.0.0)
SUPERAntiSpyware (Version: 5.6.1014)
Synaptics Pointing Device Driver (Version: 13.2.7.3)
System Update kb70007 (Version: 1.0.0)
TOSHIBA Application Installer (Version: 9.0.1.0)
TOSHIBA Assist (Version: 3.00.10)
TOSHIBA Bulletin Board (Version: 1.5.05.64)
TOSHIBA ConfigFree (Version: 8.0.25)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA DVD PLAYER (Version: 3.01.1.07-A)
TOSHIBA eco Utility (Version: 1.1.12.64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Hardware Setup (Version: 4.02.01.00)
TOSHIBA HDD Protection (Version: 2.2.0.3)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.4)
TOSHIBA Media Controller (Version: 1.0.80.3.64)
Toshiba Online Backup (Version: 1.2.0.38)
TOSHIBA PC Health Monitor (Version: 1.5.1.64)
TOSHIBA Quality Application (Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.5.07.64)
TOSHIBA Service Station (Version: 2.2.9)
TOSHIBA Speech System Applications (Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 4.02.01.00)
TOSHIBA USB Sleep and Charge Utility (Version: 1.3.2.0)
TOSHIBA Value Added Package (Version: 1.2.34.64)
TOSHIBA Web Camera Application (Version: 1.1.1.10)
ToshibaRegistration (Version: 1.0.3)
Trader Workstation
Trader Workstation 4.0
TWS Interoperability Components (Version: Interopability Components version 9.65)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families (Version: 2.2.0.82)
Virtual Villagers - The Secret City (Version: 2.2.0.82)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.0.1 (Version: 2.0.1)
WildTangent Games (Version: 1.0.0.80)
WildTangent ORB Game Console
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Wireless Broadband (Version: 11.300.05.10.74)
Yahoo! Detect

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 4020.47 MB
Available physical RAM: 1808.71 MB
Total Pagefile: 8039.13 MB
Available Pagefile: 5393.61 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.61 MB

========================= Partitions: =====================================

1 Drive c: (TI105417W0F) (Fixed) (Total:443.73 GB) (Free:339.24 GB) NTFS
3 Drive e: (SAMSUNG) (Fixed) (Total:465.76 GB) (Free:133.36 GB) NTFS

========================= Users: ========================================

User accounts for \\TOSHI

Adele Administrator David
Guest


**** End of log ****

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.05.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
David :: TOSHI [administrator]

4/05/2014 11:45:07 PM
mbam-log-2014-05-04 (23-45-07).txt

Scan type: Custom scan (C:\Users\David\AppData\Local\Temp\MsiToExe.SetupExtension.msi|C:\Users\David\AppData\Local\Temp\m1lgbd3t.vig.exe|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 2
Time elapsed: 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/03/2014 at 03:48 PM

Application Version : 5.7.1018

Core Rules Database Version : 11206
Trace Rules Database Version: 9018

Scan type : Complete Scan
Total Scan Time : 01:28:24

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 402
Memory threats detected : 0
Registry items scanned : 71276
Registry threats detected : 0
File items scanned : 200874
File threats detected : 4

Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
c1.adform.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
c1.adform.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

#11 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 04 May 2014 - 10:36 AM

Uninstall this from Program and Features - System Update kb70007

Also:
 

McAfee Security Scan Plus

SpywareBlaster 5.0

Java™ 6 Update 26
Java™ 6 Update 29

Google Chrome 33.0.1750.154

Did you set manually proxy connection for browsers?

Do you have automated logins in browsers?

If you have written your passwords somewhere Uninstall Firefox.

  1. Delete the Firefox installation folder, which is located in one of these locations, by default:
    • Windows:
      • C:\Program Data\Mozilla Firefox
      • C:\Program Files (x86)\Mozilla Firefox
      • C:\Users\User name\AppData\Local
      • C:\Users\User name\AppData\Roaming
    • Download the latest Desktop version of Firefox from http://www.mozilla.org/en-US/firefox/channel/#firefox and save the setup file to your computer.
    • Install Firefox.


#12 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 05 May 2014 - 04:10 AM

I cant locate System Update kb70007 to have it removed. I have removed the suggested programs including Mozilla Firefox. I reinstalled Firefox using the link you had provided. What is strange is the ads come back. I did not reinstall Chrome. So puzzling; these ads are so persistent.

#13 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 05 May 2014 - 07:01 AM

Please,

Download HitmanPro x64 from HERE onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.

 

Thank you!


Edited by Alex&Vanko, 05 May 2014 - 07:12 AM.


#14 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 05 May 2014 - 07:59 AM

Hello. See below. Thanks.
HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : TOSHI
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : TOSHI\David
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-05-05 22:47:48
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 9s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 31

   Objects scanned . . . : 2,130,361
   Files scanned . . . . : 61,873
   Remnants scanned  . . : 432,561 files / 1,635,927 keys

Repairs _____________________________________________________________________

   Proxy server on this computer (User)
   127.0.0.1:8118

   Proxy server on this computer (User)
   127.0.0.1:8118

   Proxy server on this computer (User)
   127.0.0.1:8118

   Proxy server on this computer (User)
   127.0.0.1:8118

   Proxy server on this computer (User)
   127.0.0.1:8118

   Proxy server on this computer (User)
   127.0.0.1:8118

   Proxy server on this computer (User)
   127.0.0.1:8118


Cookies _____________________________________________________________________

   C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bleepingcomputer.com
   C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\RNPML64M.txt
   C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\XNOXA05Y.txt
   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\t9cknvy7.default\cookies.sqlite:ad.360yield.com
   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\t9cknvy7.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\t9cknvy7.default\cookies.sqlite:ads.yahoo.com
   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\t9cknvy7.default\cookies.sqlite:adtechus.com
   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\t9cknvy7.default\cookies.sqlite:advertising.com
   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\t9cknvy7.default\cookies.sqlite:atdmt.com
   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\t9cknvy7.default\cookies.sqlite:burstnet.com
   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\t9cknvy7.default\cookies.sqlite:casalemedia.com
   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\t9cknvy7.default\cookies.sqlite:doubleclick.net
   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\t9cknvy7.default\cookies.sqlite:media6degrees.com
   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\t9cknvy7.default\cookies.sqlite:ru4.com
   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\t9cknvy7.default\cookies.sqlite:serving-sys.com
   C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\t9cknvy7.default\cookies.sqlite:smartadserver.com


#15 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 05 May 2014 - 08:08 AM

So Click Next and remove cookies.Close Hitman and uninstall it.Also delete folder EEK from C:

Did you set manually proxy for browsers?

Agree and download Dr.WEB CureIt HERE on your desktop.
Start the application.
Choose objects for scan.
Set ticks in all checkboxes
Below choose files and folders for scan.
Set ticks in checkboxes in all your drives/C,D,E etc./
Do a scan and post the result as screenshot.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users