Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm under an Adware attack... Jelbrus secure web, Coupondropdown, Trovi.


  • Please log in to reply
12 replies to this topic

#1 zacberg

zacberg

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 12 March 2015 - 09:49 PM

Hey there, I've been experiencing an adware attack for a few weeks. It's getting out of hand. I've tried running AdAware and windows defender to no avail. So, to you I turn, masters of the internet.

 

Initally, Trovi/search protect was hijacking my browser. I was able to make this one leave me alone by uninstalling and deleting files. The next problem to manifest was ads by Coupon drop down. It seemed to be disabling features in chrome like docs, etc... nothing shows up in ie/chrome extensions or program manager.

 

I'm running 32-bit windows 7

 

The obnoxious ads started appearing in chrome, which is my primary browser, 3-4 weeks ago. Like I said above, I tried a few different things without success. I uninstalled chrome and re-installed. I also installed firefox, which is ad-free at this point.

 

After looking at a few other posts here for advice, I installed AdwCleaner and malwarebytes , log results to follow.

 

 

 

# AdwCleaner v4.112 - Logfile created 12/03/2015 at 20:07:02
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x86)
# Username : Administrator - ECKBERG
# Running from : C:\Users\Administrator\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : PrivoxyService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\Program Files\Bench
Folder Deleted : C:\Program Files\Jelbrus Secure Web
Folder Deleted : C:\Users\Administrator\AppData\Local\SecTaskMan
Folder Deleted : C:\Users\Erin McSweetpants\AppData\Local\Browsersafeguard

***** [ Scheduled tasks ] *****

Task Deleted : Jelbrus Secure Web Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C09954F-CDA8-4BD1-8794-1D543E050378}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\InetStat
Key Deleted : HKCU\Software\UpdateFiles
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Browser Warden
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.1 (x86 en-US)

[hocwbxcp.default\prefs.js] - Line Deleted : user_pref("browser.download.lastDir", "C:\\Users\\Erin McSweetpants\\Pictures\\etsy photos");

*************************

AdwCleaner[R0].txt - [1971 bytes] - [12/03/2015 20:03:32]
AdwCleaner[S0].txt - [1949 bytes] - [12/03/2015 20:07:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2008  bytes] ##########

 

 

 

 

 

 

Malwarebytes log:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/12/2015
Scan Time: 9:22:59 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.13.01
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 412227
Time Elapsed: 14 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-4214401543-1011196289-560704910-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [33d2a2a32e5c3df946ab819d2fd4ce32],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [33d2a2a32e5c3df946ab819d2fd4ce32],
PUP.Optional.SecureWeb.A, HKU\S-1-5-21-4214401543-1011196289-560704910-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, , [8f76f55057337cba7e14a576a75c3fc1],
PUP.Optional.SecureWeb.A, HKU\S-1-5-21-4214401543-1011196289-560704910-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, , [8f76f55057337cba7e14a576a75c3fc1],
PUP.Optional.ConsumerInput.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, , [a3623510a0ea64d279ec0e1630d3fa06],
PUP.Optional.BrowserSafeGuard.A, HKU\S-1-5-21-4214401543-1011196289-560704910-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BrowsersafeguardInstalled, , [8e77cc794e3c65d1ced1e8ee1be822de],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.SearchProtect.A, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect, , [d035f35266240b2b3221334e8e751ae6],
PUP.Optional.SearchProtect.A, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect\SearchProtect, , [d035f35266240b2b3221334e8e751ae6],
PUP.Optional.SearchProtect.A, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep, , [d035f35266240b2b3221334e8e751ae6],
PUP.Optional.Extutil.A, C:\Users\Erin McSweetpants\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [b84dcd784743c47274f3c1c219eaa759],
PUP.Optional.Managera.A, C:\Users\Erin McSweetpants\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [8c7961e454369d999ccc166db84b7b85],

Files: 9
PUP.Optional.ChromeHitory.A, C:\Users\Administrator\AppData\Local\ChromeHitoryDB, , [33d2bd88d2b86ec8e56913a7c1420cf4],
PUP.Optional.GetPrivateVPN, C:\Windows\System32\Tasks\GPUP, , [5ea7da6b008ac2741b3aae150df68878],
PUP.Optional.Proxy.A, C:\Users\Administrator\AppData\Local\proxy.log, , [fa0bbc89d3b70333398377565ca7659b],
PUP.Optional.SearchProtect.A, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [d035f35266240b2b3221334e8e751ae6],
PUP.Optional.Extutil.A, C:\Users\Erin McSweetpants\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [b84dcd784743c47274f3c1c219eaa759],
PUP.Optional.Extutil.A, C:\Users\Erin McSweetpants\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [b84dcd784743c47274f3c1c219eaa759],
PUP.Optional.Extutil.A, C:\Users\Erin McSweetpants\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [b84dcd784743c47274f3c1c219eaa759],
PUP.Optional.Managera.A, C:\Users\Erin McSweetpants\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [8c7961e454369d999ccc166db84b7b85],
PUP.Optional.Managera.A, C:\Users\Erin McSweetpants\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [8c7961e454369d999ccc166db84b7b85],

Physical Sectors: 0
(No malicious items detected)


(end)
 

 

Thank you for helping!



BC AdBot (Login to Remove)

 


m

#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 12 March 2015 - 10:19 PM

g'day zacberg, and :welcome: to BC.

 

AdwCleaner has done its job

 

In MBAM, (malwarebytes) , Click on Settings, then Detection and Protection, then under Non-malware protection....choose "treat detections as Malware" for both PUP and PUM

 

Then run the scan again.

Allow MBAM to quarantine/delete all that it finds. If it requests a reboot, do so immediately.

 

 Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

 

Next

 

Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.


Please DO NOT reboot, until you Complete the NEXT STEP

 

Please download  Junkware Removal Tool  to your desktop.
Temporarily Disable your Antivirus  now to avoid potential conflicts.
* Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

Next, and very important -

 
Please go to Control Panel and open Internet Options > Down to the box that has your normal Home Page and check this. Re-set it if it is not correct, and click APPLY > OK. While there go across the top to Connections, Down to LAN Settings, Click that and make sure the only box ticked is Automatically detect settings >Click OK to close the box and Apply at the bottom.



 

Please reply with the logs requested and tell me if the situation has improved...

 

Then....(be prepared for a long scan time...2-3 hours would not be unusual )

 

Run ESET Online Scanner.

  • For Internet Explorer users only, hold down Control  (Ctrl) and click on This Link to open ESET OnlineScan in a new window.
  • Click the ESET Online button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu. to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives Do Not Check Remove Threats"
  • Click Advanced settings and select the following:
    Scan potentially unwanted applications
     Scan for potentially unsafe applications
     Enable Anti-Stealth technology
  • ESET will then download
    updates for itself, install itself, and begin scanning your computer.
  • Please be patient as this will take some time (2 hours is not unusual for a first scan).
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

 


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 


#3 zacberg

zacberg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 13 March 2015 - 08:18 PM

malware bytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/13/2015
Scan Time: 7:43:16 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.13.09
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 412511
Time Elapsed: 14 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Rkill:

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/13/2015 08:01:20 PM in x86 mode.
Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  0.0.0.0         .psf
  0.0.0.0         psf

Program finished at: 03/13/2015 08:03:22 PM
Execution time: 0 hours(s), 2 minute(s), and 2 seconds(s)
 

 

Junkware removal tool:

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/13/2015 08:01:20 PM in x86 mode.
Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  0.0.0.0         .psf
  0.0.0.0         psf

Program finished at: 03/13/2015 08:03:22 PM
Execution time: 0 hours(s), 2 minute(s), and 2 seconds(s)
 



#4 zacberg

zacberg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 13 March 2015 - 09:23 PM

Eset scan log:

 

C:\AdwCleaner\Quarantine\C\Program Files\Jelbrus Secure Web\jswchromium.exe.vir    a variant of Win32/Techsnab.C potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Jelbrus Secure Web\jswchromium64.exe.vir    a variant of Win32/Techsnab.C potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Jelbrus Secure Web\jsweb.dll.vir    a variant of Win32/Techsnab.C potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Jelbrus Secure Web\jsweb64.dll.vir    a variant of Win32/Techsnab.C potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Jelbrus Secure Web\jswff.exe.vir    a variant of Win32/Techsnab.C potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Jelbrus Secure Web\jswtask.exe.vir    a variant of Win32/Techsnab.C potentially unwanted application    deleted - quarantined
C:\Users\Administrator\AppData\Local\Temp\ConsumerInputSetup.exe    Win32/Compete.A potentially unwanted application    deleted - quarantined
C:\Users\Administrator\AppData\Local\Temp\GPUpd54E2ACCE0.exe    a variant of Win32/Techsnab.C potentially unwanted application    deleted - quarantined
C:\Users\Erin McSweetpants\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8V5A4VV3\sp-downloader[1].exe    Win32/Toolbar.Conduit.R potentially unwanted application    deleted - quarantined
C:\Users\Erin McSweetpants\Downloads\FireFox_Setup.exe    a variant of Win32/InstallCore.WX potentially unwanted application    deleted - quarantined
C:\Users\Erin McSweetpants\Downloads\OffercastInstaller_AVR_U-0488-01-Blank-0000-00-en_ (1).exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application    deleted - quarantined
C:\Users\Erin McSweetpants\Downloads\OffercastInstaller_AVR_U-0488-01-Blank-0000-00-en_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application    deleted - quarantined
 



#5 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 14 March 2015 - 03:37 AM

My pleasure !

 

We are getting amongst the gremlins there.....I am a little surprised that MBAM did not have the same result as your first scan with it.......did you do a second and third scan by any chance...?

 

We now need to backtrack and gather a little bit of info ....

 

First we will  Reset your Browser Settings

  1. In the top-right corner of the browser window, click the Chrome menu (three horizontal lines)
  2. Select Settings.
  3. At the bottom, click Show advanced settings.
  4. Under the section "Reset settings,” click Reset settings.
  5. In the dialog that appears, click Reset.

then....

 

 

Download Screen317 Security Check from Here or Here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please Copy/Paste the contents of that document.

Note 1:: If any security program requests permission to access the Internet, allow it to
Note 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message, (or similar) restart computer and Security Check should run

 

 

 

Please download  MiniToolBox  to desktop to run it.
 Checkmark the following boxes:

    List content of Hosts
    Flush DNS
    Report IE Proxy Settings
    Reset IE Proxy Settings
    Report FF Proxy Settings
    Reset FF Proxy Settings
    List last 10 Event Viewer log
    List Installed Programs
    List Users, Partitions and Memory size

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 


#6 zacberg

zacberg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 14 March 2015 - 08:18 AM

I ran MB again with the same results, no nasties detected.

 

starting Security Check now.



#7 zacberg

zacberg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 14 March 2015 - 08:23 AM

 Results of screen317's Security Check version 0.99.98  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Ad-Aware Antivirus              
Microsoft Security Essentials   
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Java 8 Update 31  
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
  Java 64-bit 8 Update 31  
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox (36.0.1)
 Google Chrome (41.0.2272.89)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.5.202.7299\AdAwareService.exe
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.5.202.7299\AdAwareTray.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#8 zacberg

zacberg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 14 March 2015 - 08:29 AM

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Administrator (administrator) on 14-03-2015 at 08:26:26
Running from "C:\Users\Administrator\Downloads"
Microsoft Windows 7 Enterprise  Service Pack 1 (X86)
Model: HP EliteBook 8540p Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

0.0.0.0         .psf
0.0.0.0         psf



========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/22/2014 04:17:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7427 seconds with 420 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-07-11 11:30:17.608
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\LameACM.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-11 11:30:17.500
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-11 10:50:57.098
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\LameACM.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-11 10:50:56.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-11 09:39:34.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\LameACM.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-11 09:39:34.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-11 09:14:32.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\LameACM.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-11 09:14:32.459
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-06 01:35:29.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\LameACM.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-06 01:35:29.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.



=========================== Installed Programs ============================
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{69489131-0E91-491B-9E15-1987CDAD95C6}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\{FFB768E4-E427-4553-BC36-A11F5E62A94D}) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP ESU for Microsoft Windows 7 (HKLM\...\{871732B3-1EE5-4C54-8462-8BFF516880B7}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{D9B4150C-9EF6-4861-902F-5F5CB760D7ED}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{DF711F5A-C9E4-4241-9A83-58532C99DB28}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6257.0 - IDT)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (Version: 2.8.31.13 - Oracle Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.7.0205.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
NVIDIA Control Panel 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2920794) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BB006B39-9FD7-4DD5-942E-CDF1BBD718DB}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2956104) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A8AEAD3C-C39C-47DA-A9B3-7F8C895B9E6A}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 3005.32 MB
Available physical RAM: 2077.02 MB
Total Pagefile: 6008.94 MB
Available Pagefile: 4547.82 MB
Total Virtual: 3071.88 MB
Available Virtual: 2960.94 MB

========================= Partitions: =====================================

1 Drive c: (OSDisk) (Fixed) (Total:465.46 GB) (Free:346.53 GB) NTFS

========================= Users: ========================================

User accounts for \\ECKBERG

Administrator            Erin McSweetpants        Guest                    
XOSAdmin                 


**** End of log ****
 



#9 zacberg

zacberg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 14 March 2015 - 08:40 AM

After using chrome for a few minutes, the ads aren't showing up anymore....

 

There is a new automatic re-direct that I'm getting, without opening new pages or clicking links. It's "opensoftwaredownload.com." Not showing up in FF, only chrome.



#10 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 14 March 2015 - 04:17 PM

Open control panel>>>programs and features and Uninstall it.

 

Tell me if that works.

 

 

Edited to Add : I am not at ease with the Malwarebytes scans.

 

Can you follow the path in post # 2 again.... In MBAM, (malwarebytes) , Click on Settings, then Detection and Protection, then under Non-malware protection....choose "treat detections as Malware" for both PUP and PUM

 

.......and be sure that those settings are to treat pum's and pup/s as malware...which means it should detect them, quarantine them, and remove them !

(pum = potentially unwanted modifications)        (pup = potentially unwanted program)


Edited by Condobloke, 14 March 2015 - 04:45 PM.

Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 


#11 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 14 March 2015 - 05:44 PM

You are running two AV programs.

Get rid of one.

Uninstall Ad-Aware Antivirus ..Control panel....programs and features...uninstall.

Reboot<<< Important

 

While you have Programs and Features open....

 

Uninstall ::  Java version 32-bit.... Adobe Reader 10.1.12 ....Java 64-bit 8 Update 31..... Adobe Flash Player 10

 

JAVA download (if you must have it.....this is one of the most exploited pieces of software)..also look for any old versions of java.....these are ultra high risk

 

Adobe Reader download ....be sure to untick the 'optional offer' of mcafee crap  Alternatively....try THIS   the download box is on the rhs of the page...select 32bit MSI installer...it is Free, and comes with no crapware.

 

java 64 bit is unneeded.....your system is 32 bit

 

Adobe Flashplayer download...untick the Mcafee stuff again... ( or try using Firefox with no flashplayer installed at all...it plays virtually anything...including all youtube)

 

more later.


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 


#12 zacberg

zacberg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 15 March 2015 - 03:05 PM

I uninstalled everything except ad-aware. When I try, a message that says, "you recently installed or uninstalled a software that requires a computer reboot. please restart your computer before installing Ad-aware anti virus." I have rebooted several times with the same result.

 

malware bytes is set the way that you suggested, here is the most recent scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/15/2015
Scan Time: 2:42:34 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.15.03
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 411163
Time Elapsed: 13 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Trovi.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: (   "homepage": "http://www.trovi.com/?gd=&ctid=CT3332200&octid=EB_ORIGINAL_CTID&ISID=MC2AF3699-C4F9-4D8A-8134-58935E72A1CE&SearchSource=55&CUI=&UM=8&UP=SP8CD2281A-FC47-4BAD-A795-FAAD408E854C&SSPV=",), Replaced,[715eaf96c9c1bb7bc0e274b2ae58da26]

Physical Sectors: 0
(No malicious items detected)


(end)

 

I re-installed chrome again...

 

There is no "opensoftwaredownload" listed on the program list or extensions in chrome



#13 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 15 March 2015 - 03:20 PM

very weird.

 

Given that MBAM has been run three ? times .....and yet on this occasion it returns a different result from the scan run on the 14th....??!!....and the scan result run on the 14th was also different from the scan run on the 13th....

 

I am not at ease with the results here...  open a new topic in the MRL area entitled  "Varying Results from Scans"

 

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. Note: Windows 8.1 Users will not be able run DDS and create a log

When you have done that,
Copy and Paste your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs or you're using Windows 8.1, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this
thread with a link to the new topic so we can close this one, to prevent others answering incorrectly.

 


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users