Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adobe flash player update pop up


  • This topic is locked This topic is locked
34 replies to this topic

#1 b.rabbit12

b.rabbit12

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 24 November 2014 - 10:56 AM

greetings, 

 

i have a problem very similar to this one.( http://www.bleepingcomputer.com/forums/t/550853/malware-cprogramdatamicrosoftsecureiconstemp/)

 

a continuing pop up of adobe flash player update and avast just keeps blocking harmful webpages done by this virus i think.

 

But i read the topic above and followed what you instructed, now im waiting for further instructions, i have attached here the report given by the farbar recovery tool that you have recommended. Thank you and il be waiting for your reply.

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:58 PM

Posted 24 November 2014 - 06:41 PM

Hello b.rabbit12,

  •  

     

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

Attached File  fixlist.txt   5.5KB   4 downloads

 

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 b.rabbit12

b.rabbit12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 24 November 2014 - 09:28 PM

the attachments that you want sir is at attached at the first post, but if you want me to re do the process, here's the new one's.

 

 

 

im currently downloading AdwCleaner, Please continue to instruct me on what to do. Thankyou.

 

 

 

 

 

 

Attached Files



#4 b.rabbit12

b.rabbit12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 25 November 2014 - 10:39 AM

adwCleaner report 

 

 

 

# AdwCleaner v4.102 - Report created 25/11/2014 at 23:29:47

# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows 8 Single Language  (64 bits)
# Username : hurich amanquiton - HURICH
# Running from : D:\Users\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : KMSServerService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\hurich amanquiton\AppData\Local\Conduit
Folder Deleted : C:\Users\hurich amanquiton\AppData\Local\iLivid
Folder Deleted : C:\Users\hurich amanquiton\AppData\Local\torch
Folder Deleted : C:\Users\hurich amanquiton\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\hurich amanquiton\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\hurich amanquiton\AppData\Roaming\Optimizer Pro
File Deleted : C:\Windows\System32\kms.exe
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{13193140-49E1-4208-9C57-17AB4A647A8E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{813E6F82-C817-4DFB-8F00-FDFF2465249B}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17148
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v39.0.2171.65
 
 
*************************
 
AdwCleaner[R0].txt - [3688 octets] - [25/11/2014 23:24:47]
AdwCleaner[S0].txt - [2876 octets] - [25/11/2014 23:29:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2936 octets] ##########
 

 

Attached Files



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:58 PM

Posted 25 November 2014 - 12:08 PM

Please read my instruction from my previous post about running FRST using the fixlixt.txt provided in that post. Then post the fixlog.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 b.rabbit12

b.rabbit12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 25 November 2014 - 06:20 PM

my apologies, i overlooked your instruction.

 

 

here is the fixlog that you needed.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
Ran by hurich amanquiton at 2014-11-26 06:51:33 Run:1
Running from D:\Users\Desktop
Loaded Profiles: UpdatusUser & hurich amanquiton (Available profiles: UpdatusUser & hurich amanquiton & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\Run: [Itqtsoft] => regsvr32.exe "C:\Users\hurich amanquiton\AppData\Local\Itqtsoft\corePathdb24.dll" <===== ATTENTION
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\Run: [Utppmedia] => C:\Windows\SysWOW64\regsvr32.exe "C:\Users\hurich amanquiton\AppData\Local\YdvnPack\kbdWan.dll"
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\MountPoints2: {26112951-d59a-11e2-be7a-2016d8a1ceb2} - "G:\Autorun.exe" 
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\MountPoints2: {2db00267-ff26-11e2-bedb-2016d8a21d86} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\MountPoints2: {458d99e7-5d8e-11e3-be84-2016d8a21d86} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\MountPoints2: {474c0966-755a-11e3-be8f-2016d8a21d86} - "H:\LGAutoRun.exe" 
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\MountPoints2: {594cf07d-cdfc-11e3-bea4-2016d8a21d86} - "G:\Autorun.exe" 
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\MountPoints2: {68610905-6334-11e3-be84-2016d8a21d86} - "F:\Autorun.exe" 
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\MountPoints2: {ee9680d3-6f31-11e4-beed-2016d8a21d86} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\MountPoints2: {ef6ba538-b2f1-11e3-be98-2016d8a21d86} - "H:\MediaManager.exe" 
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\MountPoints2: {ef6bab34-b2f1-11e3-be98-2016d8a21d86} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\MountPoints2: {ef6bab78-b2f1-11e3-be98-2016d8a21d86} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\MountPoints2: {ef6bacf9-b2f1-11e3-be98-2016d8a21d86} - "H:\AutoRun.exe" 
SearchScopes: HKU\S-1-5-21-3136207907-3740560466-4176952929-1002 -> {13193140-49E1-4208-9C57-17AB4A647A8E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826&CUI=UN17787211772244865&UM=1
SearchScopes: HKU\S-1-5-21-3136207907-3740560466-4176952929-1002 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: No Name -> {5347542D-5637-006A-76A7-7A786E7484D7} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
 
DPF: HKLM-x32 {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcDcToday.ocx
DPF: HKLM-x32 {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstBanr.ocx
DPF: HKLM-x32 {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstFred.ocx
DPF: HKLM-x32 {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcPreview.ocx
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
2014-11-18 00:00 - 2014-11-23 07:44 - 00000000 ____D () C:\Users\hurich amanquiton\AppData\Local\YdvnPack
2014-11-18 00:00 - 2014-11-22 00:39 - 00000000 ____D () C:\Users\hurich amanquiton\AppData\Local\Itqtsoft
C:\Users\hurich amanquiton\AppData\Local\Itqtsoft
C:\Users\hurich amanquiton\AppData\Local\YdvnPack
C:\Users\hurich amanquiton\AppData\Local\Temp\tmpC0D.exe
Empty Temp:
Task: {EAFD74BB-B510-4531-9238-147586E8D6E0} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {F2283CD6-77DD-4D43-BC12-7655DCF2B1F3} - System32\Tasks\pc-dis-upd => C:\Program Files (x86)\PC Cleaners\PCCleaners.exe <==== ATTENTION
Task: C:\Windows\Tasks\pc-dis-upd.job => C:\Program Files (x86)\PC Cleaners\PCCleaners.exe <==== ATTENTION
C:\Program Files (x86)\PC Cleaners
MSCONFIG\startupreg: PC Cleaners => "C:\ProgramData\PC Cleaners\PCCleaners.exe" /minimize
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\StartupApproved\Run: => "PC Cleaners"
 
 
 
*****************
 
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Itqtsoft => value deleted successfully.
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Utppmedia => value deleted successfully.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26112951-d59a-11e2-be7a-2016d8a1ceb2}" => Key deleted successfully.
"HKCR\CLSID\{26112951-d59a-11e2-be7a-2016d8a1ceb2}" => Key not found.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2db00267-ff26-11e2-bedb-2016d8a21d86}" => Key deleted successfully.
"HKCR\CLSID\{2db00267-ff26-11e2-bedb-2016d8a21d86}" => Key not found.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{458d99e7-5d8e-11e3-be84-2016d8a21d86}" => Key deleted successfully.
"HKCR\CLSID\{458d99e7-5d8e-11e3-be84-2016d8a21d86}" => Key not found.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{474c0966-755a-11e3-be8f-2016d8a21d86}" => Key deleted successfully.
"HKCR\CLSID\{474c0966-755a-11e3-be8f-2016d8a21d86}" => Key not found.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{594cf07d-cdfc-11e3-bea4-2016d8a21d86}" => Key deleted successfully.
"HKCR\CLSID\{594cf07d-cdfc-11e3-bea4-2016d8a21d86}" => Key not found.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68610905-6334-11e3-be84-2016d8a21d86}" => Key deleted successfully.
"HKCR\CLSID\{68610905-6334-11e3-be84-2016d8a21d86}" => Key not found.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee9680d3-6f31-11e4-beed-2016d8a21d86}" => Key deleted successfully.
"HKCR\CLSID\{ee9680d3-6f31-11e4-beed-2016d8a21d86}" => Key not found.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef6ba538-b2f1-11e3-be98-2016d8a21d86}" => Key deleted successfully.
"HKCR\CLSID\{ef6ba538-b2f1-11e3-be98-2016d8a21d86}" => Key not found.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef6bab34-b2f1-11e3-be98-2016d8a21d86}" => Key deleted successfully.
"HKCR\CLSID\{ef6bab34-b2f1-11e3-be98-2016d8a21d86}" => Key not found.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef6bab78-b2f1-11e3-be98-2016d8a21d86}" => Key deleted successfully.
"HKCR\CLSID\{ef6bab78-b2f1-11e3-be98-2016d8a21d86}" => Key not found.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef6bacf9-b2f1-11e3-be98-2016d8a21d86}" => Key deleted successfully.
"HKCR\CLSID\{ef6bacf9-b2f1-11e3-be98-2016d8a21d86}" => Key not found.
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{13193140-49E1-4208-9C57-17AB4A647A8E}" => Key not found.
"HKCR\CLSID\{13193140-49E1-4208-9C57-17AB4A647A8E}" => Key not found.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{813E6F82-C817-4DFB-8F00-FDFF2465249B}" => Key not found.
"HKCR\CLSID\{813E6F82-C817-4DFB-8F00-FDFF2465249B}" => Key not found.
"HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key not found.
"HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5347542D-5637-006A-76A7-7A786E7484D7}" => Key deleted successfully.
"HKCR\CLSID\{5347542D-5637-006A-76A7-7A786E7484D7}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{78AF2F24-A9C3-11D3-BF8C-0060B0FCC122}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{78AF2F24-A9C3-11D3-BF8C-0060B0FCC122}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{AE563720-B4F5-11D4-A415-00108302FDFD}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{AE563720-B4F5-11D4-A415-00108302FDFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{C6637286-300D-11D4-AE0A-0010830243BD}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{C6637286-300D-11D4-AE0A-0010830243BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{F281A59C-7B65-11D3-8617-0010830243BD}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{F281A59C-7B65-11D3-8617-0010830243BD}" => Key deleted successfully.
"HKCR\PROTOCOLS\Filter\application/x-mfe-ipt" => Key deleted successfully.
"HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}" => Key not found.
"HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0" => Key deleted successfully.
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.
"C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx" => File/Directory not found.
ew_hwusbdev => Service deleted successfully.
ew_usbenumfilter => Service deleted successfully.
GGSAFERDriver => Service deleted successfully.
huawei_cdcacm => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
C:\Users\hurich amanquiton\AppData\Local\YdvnPack => Moved successfully.
C:\Users\hurich amanquiton\AppData\Local\Itqtsoft => Moved successfully.
"C:\Users\hurich amanquiton\AppData\Local\Itqtsoft" => File/Directory not found.
"C:\Users\hurich amanquiton\AppData\Local\YdvnPack" => File/Directory not found.
C:\Users\hurich amanquiton\AppData\Local\Temp\tmpC0D.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EAFD74BB-B510-4531-9238-147586E8D6E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAFD74BB-B510-4531-9238-147586E8D6E0}" => Key deleted successfully.
C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2283CD6-77DD-4D43-BC12-7655DCF2B1F3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2283CD6-77DD-4D43-BC12-7655DCF2B1F3}" => Key deleted successfully.
C:\Windows\System32\Tasks\pc-dis-upd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pc-dis-upd" => Key deleted successfully.
C:\Windows\Tasks\pc-dis-upd.job => Moved successfully.
"C:\Program Files (x86)\PC Cleaners" => File/Directory not found.
MSCONFIG\startupreg: PC Cleaners => "C:\ProgramData\PC Cleaners\PCCleaners.exe" /minimize => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3136207907-3740560466-4176952929-1002\...\StartupApproved\Run: => "PC Cleaners" => Value not found.
EmptyTemp: => Removed 660.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

Attached Files



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:58 PM

Posted 25 November 2014 - 07:32 PM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 b.rabbit12

b.rabbit12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 26 November 2014 - 09:14 AM

as of now, the pop-ups seemed to have stopped. I'l further monitor this and report to you any changes or problems, Thank you very much for the effort. :)



#9 b.rabbit12

b.rabbit12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 26 November 2014 - 09:45 AM

apparently, this thing still keeps popping up. And i dont know why what causes this. (please see the printscreen photos that i attached).

 

and the fake flash player update still shows up.

 

 

 

Attached Files

  • Attached File  ss.png   274.22KB   0 downloads


#10 b.rabbit12

b.rabbit12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 26 November 2014 - 11:27 AM

the situation sir has worsened, i am now having a nonstop alert from Avast "Threat has been detected".

 

blocking a harmful webpage or file, its been on for almost 40 mins now. 

 

:( What do i do.



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:58 PM

Posted 26 November 2014 - 02:54 PM

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 b.rabbit12

b.rabbit12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 27 November 2014 - 06:53 PM

here is the quarantine report sir, as requested. Attached File  Quarantine_141128-075157.txt   2.87KB   4 downloads



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:58 PM

Posted 28 November 2014 - 12:29 AM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 b.rabbit12

b.rabbit12
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 28 November 2014 - 08:03 PM

Windows cannot find C:\ProgramData\Microsoft\Secure\Icons\temp\tmp92D26.exe

 

followed by an avast malware block

 

Avast Webshield has blocked a harmful webpage\file.

Object:http://nezhyezho.com/b/opt/7AB3BD2BD6DD40DE750B7750

Infection: URL;Mal

Process: C:Users\hurich amanquiton\AppData\Roaming\Uzefvu\urnab.exe

 

 

 

 

 

 

and it will go on consecutively until you disconnect urself from the internet. :(



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:58 PM

Posted 28 November 2014 - 11:24 PM

Please run first as you did the first time you ran it and post the FRST.txt log


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users