Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't access internet after running adwcleaner


  • This topic is locked This topic is locked
7 replies to this topic

#1 flamingporu

flamingporu

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 03 March 2015 - 05:07 PM

Hello! Recently I downloaded some freeware and I accidentally installed Youtube Accelerator adware. I saw a thread from your site and started following instructions here: http://www.bleepingcomputer.com/forums/t/545668/cant-get-rid-of-youtube-accelerator/

 

So I got past the first stage(logs uploaded) and then my internet won't start.

 

Similarly I saw a thread with the same situation so I followed the instructions and ran zoek(See logs): http://malwaretips.com/threads/cant-connect-to-internet-after-running-adwcleaner-to-removed-pup.37328/

 

But it's still not working. Zoek is saying something about "normal mode with no internet connection" at the first few lines. Help?

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 07 March 2015 - 10:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Try this fix to restore you internet connection.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Please wait for further instructions.

===

p.s.
If you need use a good computer to download the Farbar tool.
Copy the file to the problem computer and run it.
Post both logs for my review.

#3 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 08 March 2015 - 04:36 AM

Hello again! My internet is now working thanks to your instructions! Thank you!!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Santos (administrator) on SANTOS-PC on 08-03-2015 17:32:17
Running from D:\Program Files (x86)\Downloads\Programs
Loaded Profiles: Santos (Available profiles: Santos)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() D:\062813\Games\Garena Plus\ggdllhost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() D:\062813\Games\Garena Plus\GarenaMessenger.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-4040493504-2972077504-3497799315-1000\...\Run: [GarenaPlus] => D:\062813\Games\Garena Plus\GarenaMessenger.exe [9981528 2015-01-20] ()
HKU\S-1-5-21-4040493504-2972077504-3497799315-1000\...\Run: [cdloader] => C:\Users\Santos\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-02] (magicJack L.P.)
HKU\S-1-5-21-4040493504-2972077504-3497799315-1000\...\Run: [uTorrent] => C:\Users\Santos\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-01-22] (BitTorrent Inc.)
HKU\S-1-5-21-4040493504-2972077504-3497799315-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-02-06] (Tonec Inc.)
HKU\S-1-5-21-4040493504-2972077504-3497799315-1000\...\MountPoints2: {5f432121-56bd-11e4-8616-08606e682767} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4040493504-2972077504-3497799315-1000\...\MountPoints2: {daf9a9cd-f1ac-11e2-aab5-08606e682767} - E:\Autorun_rlsmm.exe
HKU\S-1-5-21-4040493504-2972077504-3497799315-1000\...\MountPoints2: {daf9a9cf-f1ac-11e2-aab5-08606e682767} - F:\Autorun_rlsmm.exe
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
Startup: C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet Ink Adv 2060 K110.lnk
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4040493504-2972077504-3497799315-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-01-26] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-01-31] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-01-26] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-31] (AVAST Software)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll [2013-02-14] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll [2013-02-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4040493504-2972077504-3497799315-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F4DF0BDF-2BEF-4BB1-AEE7-968F59CC82CE}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Santos\AppData\Roaming\Mozilla\Firefox\Profiles\9wwhhcz1.default-1390264319226
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-05-12] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\062813\Games\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-19] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn [2015-03-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-30]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKU\S-1-5-21-4040493504-2972077504-3497799315-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Santos\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Santos\AppData\Roaming\IDM\idmmzcc5 [2015-02-20]
FF HKU\S-1-5-21-4040493504-2972077504-3497799315-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Santos\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-04]
CHR Extension: (IDM Integration Module) - C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-03-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Norton Security Toolbar) - C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-03-04]
CHR Extension: (Gmail) - C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-04]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-31]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-07]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\Exts\Chrome.crx [2013-06-30]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-31] (AVAST Software)
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-06-25] (Disc Soft Ltd)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe [144520 2012-12-24] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-31] ()
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys [168096 2012-11-16] (Symantec Corporation)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-07-21] (Disc Soft Ltd)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
U0 avc3; No ImagePath
S3 GGSAFERDriver; \??\D:\062813\Games\Garena Plus\Room\safedrv.sys [X]
S2 SPDRIVER_1529.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1529.0.0.0\jsdrv.sys [X]
U4 vsserv; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-08 17:32 - 2015-03-08 17:32 - 00000000 ____D () C:\FRST
2015-03-07 15:58 - 2015-03-07 15:58 - 00001113 _____ () C:\Users\Santos\Desktop\Internet Download Manager.lnk
2015-03-07 15:58 - 2015-03-07 15:58 - 00000000 ____D () C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-07 15:58 - 2015-03-07 15:58 - 00000000 ____D () C:\ProgramData\IDM
2015-03-07 15:58 - 2015-03-07 15:58 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-03-04 16:43 - 2015-03-04 16:43 - 00001151 _____ () C:\Users\Santos\Desktop\JRT.txt
2015-03-04 16:36 - 2015-03-04 16:36 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-04 16:36 - 2015-03-04 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-04 16:30 - 2015-03-08 17:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 16:30 - 2015-03-08 16:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-04 16:30 - 2015-03-04 17:35 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-04 05:38 - 2015-03-04 04:57 - 01304576 _____ () C:\Users\Santos\Desktop\zoek.exe
2015-03-04 05:22 - 2015-03-04 05:15 - 00012058 _____ () C:\zoek-results2015-03-03-211535.log
2015-03-04 05:00 - 2015-03-04 05:35 - 00006922 _____ () C:\zoek-results.log
2015-03-04 04:59 - 2015-03-04 05:10 - 00000000 ____D () C:\zoek_backup
2015-03-04 04:36 - 2015-03-04 04:41 - 00000000 ____D () C:\AdwCleaner
2015-03-04 00:29 - 2015-03-04 00:29 - 00206296 _____ () C:\Windows\SysWOW64\0c6.exe
2015-03-04 00:23 - 2015-03-08 17:26 - 00001064 _____ () C:\Windows\setupact.log
2015-03-04 00:23 - 2015-03-05 19:53 - 00007478 _____ () C:\Windows\PFRO.log
2015-03-04 00:23 - 2015-03-04 00:23 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-04 00:02 - 2015-03-04 00:02 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-03-03 23:44 - 2015-03-03 23:44 - 00000000 ____D () C:\Frozen (2013) [1080p]
2015-03-03 23:37 - 2015-03-03 23:37 - 00000000 ____D () C:\Akatsuki no Yona
2015-03-01 15:18 - 2015-03-01 15:44 - 00001456 _____ () C:\Users\Santos\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-02-27 10:09 - 2015-02-27 10:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-20 18:58 - 2014-11-29 08:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-02-19 17:45 - 2015-02-19 17:45 - 00000540 _____ () C:\Windows\SysWOW64\maestro-server.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-08 17:30 - 2013-06-29 08:06 - 01439063 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 17:30 - 2013-06-28 18:55 - 00000000 ____D () C:\Users\Santos\AppData\Roaming\GarenaPlus
2015-03-08 17:30 - 2013-06-28 18:55 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-03-08 17:27 - 2014-07-30 23:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-08 17:27 - 2013-11-28 11:46 - 00000000 ____D () C:\Users\Santos\AppData\Roaming\uTorrent
2015-03-08 17:27 - 2013-09-06 12:00 - 00000000 ____D () C:\Users\Santos\AppData\Local\CrashDumps
2015-03-08 17:27 - 2013-06-30 13:43 - 00000000 ____D () C:\Users\Santos\AppData\Roaming\DMCache
2015-03-08 17:26 - 2015-02-03 04:41 - 00003454 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Santos
2015-03-08 17:26 - 2013-06-28 17:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-08 17:26 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 15:41 - 2014-04-20 12:19 - 00000000 ____D () C:\Users\Santos\AppData\Roaming\vlc
2015-03-08 11:42 - 2009-07-14 12:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 11:42 - 2009-07-14 12:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 16:34 - 2013-12-31 13:02 - 00000000 ____D () C:\Users\Santos\AppData\Roaming\IDM
2015-03-07 10:11 - 2009-07-14 13:13 - 00782154 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-04 17:35 - 2013-08-19 22:09 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-04 16:36 - 2013-08-19 22:09 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-04 05:15 - 2014-10-18 21:48 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-04 05:09 - 2009-07-14 11:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-04 04:41 - 2013-06-30 14:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2015-03-04 04:41 - 2013-06-28 17:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Surfing
2015-03-04 04:36 - 2009-07-14 10:34 - 00000689 _____ () C:\Windows\win.ini
2015-03-04 01:00 - 2014-06-30 08:47 - 00000000 ____D () C:\ergo
2015-03-04 00:45 - 2014-01-10 22:07 - 00000000 ____D () C:\ProgramData\Temp
2015-03-04 00:21 - 2014-11-16 21:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-02 06:08 - 2013-06-28 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-02 06:08 - 2009-07-14 12:45 - 00431968 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-01 17:47 - 2013-06-28 17:39 - 00119448 _____ () C:\Users\Santos\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-01 15:03 - 2014-06-05 10:27 - 00000132 _____ () C:\Users\Santos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-02-14 15:23 - 2015-01-31 17:59 - 00001970 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
 
==================== Files in the root of some directories =======
 
2014-06-05 10:27 - 2015-03-01 15:03 - 0000132 _____ () C:\Users\Santos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-02-01 22:00 - 2014-10-14 22:05 - 0000108 _____ () C:\Users\Santos\AppData\Roaming\Camdata.ini
2014-02-01 22:00 - 2014-10-14 22:05 - 0000408 _____ () C:\Users\Santos\AppData\Roaming\CamLayout.ini
2014-02-01 22:00 - 2014-10-14 22:05 - 0000408 _____ () C:\Users\Santos\AppData\Roaming\CamShapes.ini
2014-02-01 21:59 - 2014-10-14 22:05 - 0004549 _____ () C:\Users\Santos\AppData\Roaming\CamStudio.cfg
2013-08-28 22:45 - 2015-01-31 17:39 - 0045270 _____ () C:\Users\Santos\AppData\Roaming\room_v3.dat
2014-02-01 21:58 - 2014-10-14 22:04 - 0000096 _____ () C:\Users\Santos\AppData\Roaming\version2.xml
2015-03-01 15:18 - 2015-03-01 15:44 - 0001456 _____ () C:\Users\Santos\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-07-31 19:52 - 2014-07-31 19:52 - 0003584 _____ () C:\Users\Santos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-08 14:34 - 2013-08-08 14:34 - 0381356 _____ () C:\ProgramData\1375943450.bdinstall.bin
2013-08-09 00:38 - 2013-08-09 00:38 - 0383929 _____ () C:\ProgramData\1375979804.bdinstall.bin
2013-08-09 09:02 - 2013-08-09 09:15 - 0225308 _____ () C:\ProgramData\1376010170.3512.bin
2013-08-09 09:02 - 2013-08-09 09:13 - 0002248 _____ () C:\ProgramData\1376010170.4040.bin
2013-08-09 09:02 - 2013-08-09 09:15 - 0041672 _____ () C:\ProgramData\1376010170.4500.bin
2013-08-09 09:03 - 2013-08-09 09:13 - 0053353 _____ () C:\ProgramData\1376010170.4840.bin
2013-08-09 09:16 - 2013-08-09 09:16 - 0235750 _____ () C:\ProgramData\1376010945.bdinstall.bin
2013-06-28 18:35 - 2013-06-28 18:35 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some content of TEMP:
====================
C:\Users\Santos\AppData\Local\Temp\DaS_21.exe
C:\Users\Santos\AppData\Local\Temp\PH_150223to150303.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-06 10:28
 
==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 08 March 2015 - 09:17 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-4040493504-2972077504-3497799315-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-31]
U0 avc3; No ImagePath
S3 GGSAFERDriver; \??\D:\062813\Games\Garena Plus\Room\safedrv.sys [X]
S2 SPDRIVER_1529.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1529.0.0.0\jsdrv.sys [X]
U4 vsserv; No ImagePath
C:\Users\Santos\AppData\Local\Temp\DaS_21.exe
C:\Users\Santos\AppData\Local\Temp\PH_150223to150303.exe
Task: {9DF2C548-F05D-4E78-A8E6-04B72737F5E8} - \SPBIW_UpdateTask_Time_313534363937303836332d344a414155342a2a236c6c5a No Task File <==== ATTENTION
Task: {F759BF70-3280-4FD7-9A50-0DF8CFC81EA4} - \YTAUpdate No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:56E2E879

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#5 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 10 March 2015 - 04:24 AM

Hi again! My PC is working normally now, thank you! I also ran junk cleaner before i ran frst... should I post the logs?

 

Toolbar: HKU\S-1-5-21-4040493504-2972077504-3497799315-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-31]
U0 avc3; No ImagePath
S3 GGSAFERDriver; \??\D:\062813\Games\Garena Plus\Room\safedrv.sys [X]
S2 SPDRIVER_1529.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1529.0.0.0\jsdrv.sys [X]
U4 vsserv; No ImagePath
C:\Users\Santos\AppData\Local\Temp\DaS_21.exe
C:\Users\Santos\AppData\Local\Temp\PH_150223to150303.exe
Task: {9DF2C548-F05D-4E78-A8E6-04B72737F5E8} - \SPBIW_UpdateTask_Time_313534363937303836332d344a414155342a2a236c6c5a No Task File <==== ATTENTION
Task: {F759BF70-3280-4FD7-9A50-0DF8CFC81EA4} - \YTAUpdate No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
 
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKU\S-1-5-21-4040493504-2972077504-3497799315-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => value deleted successfully.
HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
avc3 => Service deleted successfully.
GGSAFERDriver => Service deleted successfully.
SPDRIVER_1529.0.0.0 => Service deleted successfully.
vsserv => Service deleted successfully.
C:\Users\Santos\AppData\Local\Temp\DaS_21.exe => Moved successfully.
C:\Users\Santos\AppData\Local\Temp\PH_150223to150303.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DF2C548-F05D-4E78-A8E6-04B72737F5E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DF2C548-F05D-4E78-A8E6-04B72737F5E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_313534363937303836332d344a414155342a2a236c6c5a" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F759BF70-3280-4FD7-9A50-0DF8CFC81EA4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F759BF70-3280-4FD7-9A50-0DF8CFC81EA4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTAUpdate" => Key deleted successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-10 17:12:20)<=
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.
 
==== End of Fixlog 17:12:21 ====
 
 
 

Results of screen317's Security Check version 0.99.97  
 Windows 7  x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.235  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (36.0) 
 Google Chrome (41.0.2272.76) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 10 March 2015 - 09:40 AM

I also ran junk cleaner before i ran frst... should I post the logs?

Not required.

===

You have the latest Java Version.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

Out of date service pack!!

For your added security navigate to this page and install the service pack.
http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1

Restart the computer normally.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 11 March 2015 - 06:33 AM

Thank you so much for helping! My pc is working fine now! :D



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 11 March 2015 - 08:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users