Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects are driving me nuts


  • Please log in to reply
22 replies to this topic

#1 taelyra

taelyra

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:29 PM

Posted 11 April 2015 - 08:39 PM

I am running IE 11 and Chrome.  There are no installed programs that I can find, no extensions that should not be there, have ran Malware Bytes, and numerous other programs to no avail.
 
The redirects keep coming back, and affecting Chrome.  Stamplive, just about anything.  Please help.

Edit: Topic moved from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 11 April 2015 - 09:16 PM

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 taelyra

taelyra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:29 PM

Posted 12 April 2015 - 09:28 AM

12 Apr 2015 08:53:47 [058c] - **********************************************************
12 Apr 2015 08:53:47 [058c] - MWAV - eScanAV AntiVirus Toolkit.
12 Apr 2015 08:53:47 [058c] - Copyright © MicroWorld Technologies
12 Apr 2015 08:53:47 [058c] - **********************************************************
12 Apr 2015 08:53:47 [058c] - Source: C:\Users\RonMeadus\Downloads\mwav.exe
12 Apr 2015 08:53:47 [058c] - Version 14.0.178 (C:\USERS\RONMEADUS\APPDATA\LOCAL\TEMP\MEXE.COM)
12 Apr 2015 08:53:47 [058c] - Log File: C:\Users\RonMeadus\AppData\Local\Temp\MWAV.LOG
12 Apr 2015 08:53:47 [058c] - MWAV Registered: TRUE
12 Apr 2015 08:53:47 [058c] - User Account: RonMeadus (Administrator Mode)
12 Apr 2015 08:53:47 [058c] - OS Type: Windows Workstation [InstallType: Client]
12 Apr 2015 08:53:47 [058c] - OS: Windows 7 64-Bit [OS Install Date: 22 Feb 2011 11:56:33]
12 Apr 2015 08:53:47 [058c] - Ver: Personal Service Pack 1 (Build 7601)
12 Apr 2015 08:53:47 [058c] - System Up Time: 9 Minutes, 41 Seconds
 
 
12 Apr 2015 08:53:47 [058c] - Parent Process Name : C:\Users\RonMeadus\Downloads\mwav.exe
12 Apr 2015 08:53:47 [058c] - Windows Root  Folder: C:\Windows
12 Apr 2015 08:53:47 [058c] - Windows Sys32 Folder: C:\Windows\system32
12 Apr 2015 08:53:47 [058c] - DHCP NameServer: 192.168.254.254 192.168.254.254
12 Apr 2015 08:53:47 [058c] - Interface0 DHCPNameServer: 192.168.254.254 192.168.254.254
12 Apr 2015 08:53:47 [058c] - Interface1 DHCPNameServer: 64.71.255.205 64.71.255.253
12 Apr 2015 08:53:47 [058c] - Local Fixed Drives: c:\,d:\,q:\
12 Apr 2015 08:53:47 [058c] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
12 Apr 2015 08:53:47 [058c] - [CREATED ZIP FILE: C:\Users\RonMeadus\AppData\Local\Temp\pinfect.zip]
12 Apr 2015 08:53:47 [058c] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
12 Apr 2015 08:53:49 [058c] - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "ChromeHTML" to "htmlfile"
12 Apr 2015 08:53:49 [058c] - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "ChromeHTML" to "htmlfile"
12 Apr 2015 08:53:49 [058c] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\RonMeadus\AppData\Local\Temp\ESCANDB.LOG]
12 Apr 2015 08:53:52 [058c] - Loaded/Created FileScan Cache Database...
12 Apr 2015 08:53:52 [058c] - Loading AV Library [DB]...
12 Apr 2015 08:55:20 [058c] - ArchiveScan: DISABLED
12 Apr 2015 08:55:21 [058c] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].
12 Apr 2015 08:55:21 [058c] - MWAV doing self scanning...
12 Apr 2015 08:55:22 [058c] - MWAV files are clean.
12 Apr 2015 08:55:26 [058c] - ArchiveScan: DISABLED
12 Apr 2015 08:55:26 [058c] - Virus Database Date: 02 Mar 2015
12 Apr 2015 08:55:26 [058c] - Virus Database Count: 6701505
12 Apr 2015 08:55:26 [058c] - Sign Version: 7.59505 [518257]
12 Apr 2015 08:55:33 [058c] - Downloading AntiVirus and Anti-Spyware Databases...
12 Apr 2015 09:02:22 [058c] - Update Successful...
12 Apr 2015 09:02:50 [058c] - Indexed Spyware Databases Successfully Created...
12 Apr 2015 09:02:50 [058c] - Old Sign Version: 7.59505 New Sign Version: 7.60076
12 Apr 2015 09:03:06 [058c] - Reload of AntiVirus Signatures successfully done.
12 Apr 2015 09:03:06 [058c] - Virus Database Date: 12 Apr 2015
12 Apr 2015 09:03:06 [058c] - Virus Database Count: 5681164
12 Apr 2015 09:03:06 [058c] - Sign Version: 7.60076 [518828]
 
12 Apr 2015 09:03:52 [058c] - **********************************************************
12 Apr 2015 09:03:52 [058c] - MWAV - eScanAV AntiVirus Toolkit.
12 Apr 2015 09:03:52 [058c] - Copyright © MicroWorld Technologies
12 Apr 2015 09:03:52 [058c] - 
12 Apr 2015 09:03:52 [058c] - Support: support@escanav.com
12 Apr 2015 09:03:52 [058c] - Web: http://www.escanav.com
12 Apr 2015 09:03:52 [058c] - **********************************************************
12 Apr 2015 09:03:52 [058c] - Version 14.0.178[DB] (C:\USERS\RONMEADUS\APPDATA\LOCAL\TEMP\MEXE.COM)
12 Apr 2015 09:03:52 [058c] - Log File: C:\Users\RonMeadus\AppData\Local\Temp\MWAV.LOG
12 Apr 2015 09:03:52 [058c] - User Account: RonMeadus (Administrator Mode)
12 Apr 2015 09:03:52 [058c] - Parent Process Name : C:\Users\RonMeadus\Downloads\mwav.exe
12 Apr 2015 09:03:52 [058c] - Windows Root  Folder: C:\Windows
12 Apr 2015 09:03:52 [058c] - Windows Sys32 Folder: C:\Windows\system32
12 Apr 2015 09:03:52 [058c] - OS: Windows 7 64-Bit [OS Install Date: 22 Feb 2011 11:56:33]
12 Apr 2015 09:03:52 [058c] - Ver: Personal Service Pack 1 (Build 7601)
12 Apr 2015 09:03:52 [058c] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
12 Apr 2015 09:03:52 [00f4] - Options Selected by User:
12 Apr 2015 09:03:52 [00f4] - Memory Check: Enabled
12 Apr 2015 09:03:52 [00f4] - Registry Check: Enabled
12 Apr 2015 09:03:52 [00f4] - StartUp Folder Check: Enabled
12 Apr 2015 09:03:52 [00f4] - System Folder Check: Enabled
12 Apr 2015 09:03:52 [00f4] - Services Check: Enabled
12 Apr 2015 09:03:52 [00f4] - Scan Spyware: Enabled
12 Apr 2015 09:03:52 [00f4] - Scan Archives: Disabled
12 Apr 2015 09:03:52 [00f4] - Drive Check: Enabled
12 Apr 2015 09:03:52 [00f4] - All Drive Check :Disabled
12 Apr 2015 09:03:52 [00f4] - Drive Selected = C:\
12 Apr 2015 09:03:52 [00f4] - Folder Check: Disabled
12 Apr 2015 09:03:52 [00f4] - SCAN: All_Files [ANSI]
12 Apr 2015 09:03:52 [00f4] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
12 Apr 2015 09:03:52 [00f4] - Scanning DNS Records...
12 Apr 2015 09:03:52 [00f4] - Scanning Master Boot Record (User)...
12 Apr 2015 09:03:52 [00f4] - Scanning Logical Boot Records...
12 Apr 2015 09:03:53 [00f4] - ***** Scanning For Hidden Rootkit Processes *****
12 Apr 2015 09:03:53 [00f4] - ***** Scanning For Hidden Rootkit Services *****
 
12 Apr 2015 09:03:59 [00f4] - ***** Scanning Memory Files *****
 
12 Apr 2015 09:04:08 [00f4] - ***** Scanning Registry Files *****
12 Apr 2015 09:04:11 [00f4] - ERROR(3)!!! Invalid Entry cmdline = %SystemRoot%\system32\ntvdm.exe (in key HKLM64\SYSTEM\CurrentControlSet\Control\WOW). Action Taken: Removing it.
12 Apr 2015 09:04:12 [00f4] - ERROR(3)!!! Invalid Entry Stronghold AntiMalware = C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
 
12 Apr 2015 09:04:12 [00f4] - ***** Scanning StartUp Folders *****
12 Apr 2015 09:07:46 [0b10] - Scanning File C:\ProgramData\InstallMate\{1CA558CC-2D3C-4006-A2ED-651EC7467A3A}\Custom.dll
12 Apr 2015 09:07:46 [0b10] - File C:\ProgramData\InstallMate\{1CA558CC-2D3C-4006-A2ED-651EC7467A3A}\Custom.dll infected by "Gen:Variant.Application.Downloader.164 (DB)" Virus! Action Taken: File Deleted.
 
12 Apr 2015 09:07:46 [0750] - Scanning File C:\ProgramData\InstallMate\{7B32AFEE-C07A-41DC-A337-8858A0D18D18}\Custom.dll
12 Apr 2015 09:07:46 [0750] - File C:\ProgramData\InstallMate\{7B32AFEE-C07A-41DC-A337-8858A0D18D18}\Custom.dll infected by "Gen:Variant.Application.Kazy.365295 (DB)" Virus! Action Taken: File Deleted.
 
12 Apr 2015 09:07:46 [0b10] - Scanning File C:\ProgramData\InstallMate\{BAB34E0F-FDDC-4AD3-A838-B5FE61506CF9}\Custom.dll
12 Apr 2015 09:07:46 [0b10] - File C:\ProgramData\InstallMate\{BAB34E0F-FDDC-4AD3-A838-B5FE61506CF9}\Custom.dll infected by "Gen:Variant.Application.Downloader.164 (DB)" Virus! Action Taken: File Deleted.
 
 
12 Apr 2015 09:09:00 [00f4] - ***** Scanning Service Files *****
12 Apr 2015 09:09:00 [00f4] - Invalid DLL ["c:\Program Files (x86)\TerminusKeeper\TerminusKeeper.dll] in entry [ImagePath="C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TerminusKeeper\TerminusKeeper.dll",serv]
12 Apr 2015 09:09:06 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgandbus64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\Andbus.
12 Apr 2015 09:09:06 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lganddiag64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\AndDiag.
12 Apr 2015 09:09:06 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgandgps64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\AndGps.
12 Apr 2015 09:09:06 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgandmodem64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\ANDModem.
12 Apr 2015 09:09:06 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgandnetdiag64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\AndNetDiag.
12 Apr 2015 09:09:06 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgandnetmodem64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\ANDNetModem.
12 Apr 2015 09:09:06 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgandnetndis64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\andnetndis.
12 Apr 2015 09:09:06 [00f4] - ERROR(2)!!! Invalid Entry System32\Drivers\lgandadb.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\androidusb.
12 Apr 2015 09:09:06 [00f4] - ERROR(2)!!! Invalid Entry %SystemRoot%\System32\appmgmts.dll. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\AppMgmt.
12 Apr 2015 09:09:07 [00f4] - ERROR(2)!!! Invalid Entry \??\C:\ComboFix\catchme.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\catchme.
12 Apr 2015 09:09:15 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgbtpt64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\LgBttPort.
12 Apr 2015 09:09:15 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgbtbs64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\lgbusenum.
12 Apr 2015 09:09:15 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgvmdm64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\LGVMODEM.
12 Apr 2015 09:09:15 [00f4] - ERROR(2)!!! Invalid Entry \??\C:\Windows\system32\drivers\mkfczuak.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\mkfczuak.
12 Apr 2015 09:09:25 [00f4] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
12 Apr 2015 09:09:26 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgx64bus.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\usbbus.
12 Apr 2015 09:09:26 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgx64diag.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\UsbDiag.
12 Apr 2015 09:09:26 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgx64gps.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\UsbGps.
12 Apr 2015 09:09:26 [00f4] - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgx64modem.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\USBModem.
 
12 Apr 2015 09:09:30 [00f4] - ***** Scanning Registry and File system for Adware/Spyware *****
12 Apr 2015 09:09:30 [00f4] - Loading Spyware Signatures from new External Database [Name: C:\Users\RONMEA~1\AppData\Local\Temp\spydb.avs, Size: 464724]...
12 Apr 2015 09:09:30 [00f4] - Indexed Spyware Databases Successfully Created...
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{0BE385A3-85A5-4722-B677-68DAE891FF21})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{7468213E-010E-4EC6-A17D-642E909BA7EC})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{A916AF3C-976D-4358-8736-95BEA0B5FD2C})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{BE45F056-E005-437B-BE88-23ACF70B0B6A})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{CB971AC0-6408-40DA-A540-92F9F256F51F})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{D5694DFE-43B6-4E05-AA29-8C556C968973})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{EBAB4A71-8C34-461A-B57D-DD041D439555})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:19 [00f4] - System found infected with Ares Toolbar (HKEY_CLASSES_ROOT\interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209})! Action taken: Entries Removed.
12 Apr 2015 09:10:19 [00f4] - Object "Ares Toolbar" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:27 [00f4] - Offending file found: C:\Users\RonMeadus\Desktop\Chameleon\Windows\windows.exe
12 Apr 2015 09:10:27 [00f4] - System found infected with BOH Worm (windows.exe)! Action taken: File Deleted.
12 Apr 2015 09:10:27 [00f4] - Object "BOH Worm" found in File System! Action Taken: File Deleted.
 
12 Apr 2015 09:10:33 [00f4] - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
12 Apr 2015 09:10:33 [00f4] - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Entries Removed.
12 Apr 2015 09:10:33 [00f4] - Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.
 
12 Apr 2015 09:10:33 [00f4] - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
12 Apr 2015 09:10:33 [00f4] - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Entries Removed.
12 Apr 2015 09:10:33 [00f4] - Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.
 
 
12 Apr 2015 09:10:33 [00f4] - ***** Scanning Registry Files *****
12 Apr 2015 09:10:34 [00f4] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://www.kissonline.com
12 Apr 2015 09:10:34 [00f4] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = www.google.com
12 Apr 2015 09:10:34 [00f4] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.kissonline.com/
12 Apr 2015 09:10:34 [00f4] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
12 Apr 2015 09:10:34 [00f4] - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
12 Apr 2015 09:10:34 [00f4] - ** Value in 64-bit HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
 
12 Apr 2015 09:10:34 [00f4] - ***** Scanning System32 Folders *****
 
12 Apr 2015 09:11:33 [02a8] - Scanning File C:\Users\RonMeadus\AppData\Local\Temp\1420\temp\LinkSys.xyz
12 Apr 2015 09:11:33 [02a8] - File C:\Users\RonMeadus\AppData\Local\Temp\1420\temp\LinkSys.xyz infected by "Gen:Variant.Adware.Kazy.554588 (DB)" Virus! Action Taken: File Renamed.
 
 
12 Apr 2015 09:12:09 [00f4] - ***** Scanning Drive C:\ *****
12 Apr 2015 09:12:13 [1478] - Scanning File C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir
12 Apr 2015 09:12:13 [1478] - File C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir infected by "Adware.SwiftBrowse.CZ (DB)" Virus! Action Taken: File Renamed.
 
12 Apr 2015 09:12:13 [0b10] - Scanning File C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ColorMedia.dll.vir
12 Apr 2015 09:12:13 [0b10] - File C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ColorMedia.dll.vir infected by "Gen:Variant.Adware.Jatif.290 (DB)" Virus! Action Taken: File Renamed.
 
12 Apr 2015 09:28:10 [1478] - ScanFile (C:\swsetup\DRV\Graphics\AMD\UMAGraphics\8.733\src\Packages\Drivers\Display\W76A_INF\B_99826\atioglxx.dl_) took 5179 ms
12 Apr 2015 09:28:27 [02a8] - ScanFile (C:\swsetup\sp51956\Packages\Drivers\Display\W76A_INF\B111234\atioglxx.dl_) took 5350 ms
12 Apr 2015 09:28:29 [0b10] - ScanFile (C:\swsetup\sp51956\Packages\Drivers\Display\W7_INF\B111234\atioglxx.dl_) took 5242 ms
12 Apr 2015 09:28:41 [0750] - ScanFile (C:\swsetup\sp55618\Packages\Drivers\Display\W76A_INF\B126813\atioglxx.dl_) took 5492 ms
12 Apr 2015 09:28:43 [02a8] - ScanFile (C:\swsetup\sp55618\Packages\Drivers\Display\W7_INF\B126813\atioglxx.dl_) took 5273 ms
12 Apr 2015 09:28:46 [02a8] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
12 Apr 2015 09:28:46 [0750] - Scanning File C:\System Volume Information\{6a3335fa-dbbd-11e4-8865-d48564baa2af}{3808876b-c176-4e48-b7ae-04046e6cc752}
12 Apr 2015 09:28:46 [1478] - Scanning File C:\System Volume Information\{a48fca2d-db0a-11e4-9bef-d48564baa2af}{3808876b-c176-4e48-b7ae-04046e6cc752}
12 Apr 2015 09:28:46 [0b10] - Scanning File C:\System Volume Information\{1936b67c-d684-11e4-a688-d48564baa2af}{3808876b-c176-4e48-b7ae-04046e6cc752}
12 Apr 2015 09:28:46 [02a8] - Scanning File C:\System Volume Information\{b290f25a-dfcb-11e4-9fa0-d48564baa2af}{3808876b-c176-4e48-b7ae-04046e6cc752}
12 Apr 2015 09:29:04 [1478] - ScanFile (C:\Users\RonMeadus\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000223) took 5039 ms
12 Apr 2015 09:32:18 [1478] - Scanning File C:\Users\RonMeadus\AppData\Local\nsi39C4.tmp
12 Apr 2015 09:32:18 [1478] - File C:\Users\RonMeadus\AppData\Local\nsi39C4.tmp infected by "Adware.Generic.1218317 (DB)" Virus! Action Taken: File Deleted.
 
12 Apr 2015 10:22:07 [1478] - ScanFile (C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.2.9600.16428_none_828666943772c435\msfeedssync.exe) took 5694 ms
12 Apr 2015 10:22:07 [0750] - ScanFile (C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_10.2.9200.16521_none_1e08ed1a92d83052\msfeedssync.exe) took 5803 ms
 
12 Apr 2015 10:25:20 [00f4] - ***** Checking for specific ITW Viruses *****
 
12 Apr 2015 10:25:21 [00f4] - ***** Scanning complete. *****
 
12 Apr 2015 10:25:21 [00f4] - Total Objects Scanned: 332670
12 Apr 2015 10:25:21 [00f4] - Total Critical Objects: 27
12 Apr 2015 10:25:21 [00f4] - Total Disinfected Objects: 0
12 Apr 2015 10:25:21 [00f4] - Total Objects Renamed: 3
12 Apr 2015 10:25:21 [00f4] - Total Deleted Objects: 24
12 Apr 2015 10:25:21 [00f4] - Total Errors: 20
12 Apr 2015 10:25:21 [00f4] - Time Elapsed: 01:20:20
12 Apr 2015 10:25:21 [00f4] - Virus Database Date: 12 Apr 2015
12 Apr 2015 10:25:21 [00f4] - Virus Database Count: 5681164
12 Apr 2015 10:25:21 [00f4] - Sign Version: 7.60076 [518828]
 
12 Apr 2015 10:25:21 [00f4] - Scan Completed.
 
Will do the second scan shortly


#4 taelyra

taelyra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:29 PM

Posted 12 April 2015 - 11:30 AM

Zemana AntiMalware 2.10.2.18 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/4/12
Operating System      : Windows 7 64-bit
Processor             : 2X AMD Athlon™ II X2 220 Processor
BIOS Mode             : Legacy
CUID                  : 00E26E486B41D343AA4DB1
Scan Type             : Deep Scan
Duration              : 115m 55s
Scanned Objects       : 65694
Detected Objects      : 6
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Engines               : Zemana, Avira, Eset, Bitdefender, AVG, Kaspersky
 
 
Detected Objects
-------------------------------------------------------
DO_NOT_TRUST_FiddlerRoot
   Status             : Scanned
   Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D36BFF0F6EF2C5F4DF9BC95790B05A3866E97DE3\Blob
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detections         : Suspicious Root CA
   Cleaning Action    : Delete
   Traces             :
                Registry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D36BFF0F6EF2C5F4DF9BC95790B05A3866E97DE3\Blob
 
DO_NOT_TRUST_FiddlerRoot
   Status             : Scanned
   Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4BAC41B1787316BF596A35D7B08B6C59DE18C3D9\Blob
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detections         : Suspicious Root CA
   Cleaning Action    : Delete
   Traces             :
                Registry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4BAC41B1787316BF596A35D7B08B6C59DE18C3D9\Blob
 
CartCrunch Israel LTD
   Status             : Scanned
   Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0C5168FA7AE2196AC1B0187C3795473FB3D8FECA\Blob
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detections         : Suspicious Root CA
   Cleaning Action    : Delete
   Traces             :
                Registry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0C5168FA7AE2196AC1B0187C3795473FB3D8FECA\Blob
 
ARTP3.exe
   Status             : Scanned
   Object             : %programw6432%\adware-removal-tool\artp3.exe
   MD5                : 785CC096C1286D187B1C5C6AE95BA774
   Publisher          : Pawan Kumar
   Size               : 118440
   Version            : 3.8.0.0
   Detections         : Eset: MSIL/FakeTool.PS trojan
   Cleaning Action    : Quarantine
   Traces             :
                File - %programw6432%\adware-removal-tool\artp3.exe
 
LinkSys.xyz.mwt
   Status             : Scanned
   Object             : %localappdata%\temp\1420\temp\linksys.xyz.mwt
   MD5                : 3EDAD3ACD740F5D5234ACE47E19E7493
   Publisher          : -
   Size               : 2362368
   Version            : -
   Detections         : Kaspersky: not-a-virus:HEUR:AdWare.Win32.Generic, Bitdefender: Gen:Variant.Adware.Kazy.554588, Avira: ADWARE/MultiPlug.Gen4, Eset: a variant of Win32/Adware.MultiPlug.ER
   Cleaning Action    : Quarantine
   Traces             :
                File - %localappdata%\temp\1420\temp\linksys.xyz.mwt
 
FacebookMonitor.exe
   Status             : Scanned
   Object             : %programfiles%\immontor\facebook chat monitor & sniffer\facebookmonitor.exe
   MD5                : 1488958541B181D26601880059AF5B88
   Publisher          : -
   Size               : 1620480
   Version            : 1.2.0.1
   Detections         : Eset: a variant of Win32/AIMMonitorSniffer.A
   Cleaning Action    : Quarantine
   Traces             :
                File - %programfiles%\immontor\facebook chat monitor & sniffer\facebookmonitor.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 6
Reported as safe      : 0
Failed                : 0


#5 taelyra

taelyra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:29 PM

Posted 12 April 2015 - 11:36 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Home Premium x64
Ran by RonMeadus on 12/04/2015 at 12:32:08.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/04/2015 at 12:35:13.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 taelyra

taelyra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:29 PM

Posted 12 April 2015 - 11:41 AM

# AdwCleaner v4.201 - Logfile created 12/04/2015 at 12:38:10
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : RonMeadus - RON
# Running from : C:\Users\RonMeadus\Downloads\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : 32506309
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\243d78a800004506
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\1f9b7f23-bb42-d89b-a9e8-cb7f4256c71d
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\RonMeadus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [4653 bytes] - [11/11/2014 12:34:01]
AdwCleaner[R1].txt - [8299 bytes] - [03/03/2015 17:45:13]
AdwCleaner[R2].txt - [1834 bytes] - [29/03/2015 21:51:19]
AdwCleaner[R3].txt - [314 bytes] - [29/03/2015 22:03:15]
AdwCleaner[R4].txt - [1240 bytes] - [29/03/2015 22:04:42]
AdwCleaner[R5].txt - [22184 bytes] - [12/04/2015 12:36:31]
AdwCleaner[S0].txt - [5577 bytes] - [11/11/2014 12:37:14]
AdwCleaner[S1].txt - [11855 bytes] - [03/03/2015 17:48:39]
AdwCleaner[S2].txt - [1922 bytes] - [29/03/2015 21:55:23]
AdwCleaner[S3].txt - [1513 bytes] - [12/04/2015 12:38:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1572  bytes] ##########


#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 12 April 2015 - 01:50 PM

How is your machine running now?

 

Eset Scan
 
Disable your antivirus prior to running this scan.
 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#8 taelyra

taelyra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:29 PM

Posted 12 April 2015 - 02:03 PM

The machine itself seems to be running fine, just that damn annoying redirect in Chrome.  I will reply back when this next scan is done.



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 12 April 2015 - 02:15 PM

If you still experience redirect in chrome after then reset it.

http://windowsinstructed.com/how-to-reset-google-chrome-without-loosing-bookmarks/



#10 taelyra

taelyra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:29 PM

Posted 12 April 2015 - 03:43 PM

Still running this scan, but I keep doing that, then about a day later the redirects come back.



#11 taelyra

taelyra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:29 PM

Posted 12 April 2015 - 06:28 PM

C:\Users\All Users\InstallMate\{CB06DC06-802F-482B-AAC0-C80D10E5FEF0}\Custom.dll Win32/InstalleRex.T potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\lammgoppcodpnoijmagflejlaohlfhbb\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\lammgoppcodpnoijmagflejlaohlfhbb\Qqh.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\RonMeadus\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\RonMeadus\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\RonMeadus\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\RonMeadus\AppData\Local\torch\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir.mwt Win64/Riskware.NetFilter.G application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ColorMedia.dll.vir.mwt a variant of Win32/Komodia.A potentially unsafe application deleted - quarantined
C:\ProgramData\InstallMate\{CB06DC06-802F-482B-AAC0-C80D10E5FEF0}\Custom.dll Win32/InstalleRex.T potentially unwanted application deleted - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\RonMeadus\.frostwire5\updates\frostwire-5.7.1.windows.coc.premium.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined
C:\Users\RonMeadus\.frostwire5\updates\frostwire-5.7.2.windows.coc.premium.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined
C:\Users\RonMeadus\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oghjafimcoembbdjjfcpebbjgjipchfb\2.0\o8G9YSU3.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\RonMeadus\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Windows\Installer\MSI6371.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined


#12 taelyra

taelyra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:29 PM

Posted 12 April 2015 - 07:11 PM

Damn it.  Still have the redirect.  I did catch the redirect url though.  It is stamplive.com



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 12 April 2015 - 08:05 PM

Malwarebytes AntiRootkit
 
 
Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 12 April 2015 - 08:09 PM

Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.
 

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called [b]checkup.txt; please post the contents of that document



#15 taelyra

taelyra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:29 PM

Posted 12 April 2015 - 09:09 PM

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.04.13.01
  rootkit: v2015.03.31.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
RonMeadus :: RON [administrator]
 
12/04/2015 9:42:05 PM
mbar-log-2015-04-12 (21-42-05).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 468079
Time elapsed: 24 minute(s), 33 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17691
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.800000 GHz
Memory total: 6173265920, free: 3832426496
 
Could not load protection driver
Downloaded database version: v2015.04.13.01
Downloaded database version: v2015.03.31.01
Downloaded database version: v2015.04.06.02
=======================================
Initializing...
------------ Kernel report ------------
     04/12/2015 21:41:50
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\amdsata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\anodlwfx.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Windows\System32\drivers\zam64.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Windows\system32\drivers\cbfs_x64.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msctf.dll
\Windows\System32\clbcatq.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\kernel32.dll
\Windows\System32\setupapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\gdi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ws2_32.dll
\Windows\System32\Wldap32.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.04.13.01
  rootkit: v2015.03.31.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005e1a420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005e1b040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005e1a420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004f06b80, DeviceName: Unknown, DriverName: \Driver\amdxata\
DevicePointer: 0xfffffa8005d818f0, DeviceName: \Device\00000058\, DriverName: \Driver\amdsata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 12852ABA
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1438251008
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1438457856  Numsec = 26687488
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 750156374016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8006ebb790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006ebf040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006ebb790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006ec1bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8006ec3550, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8006ebe060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006ebeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006ebe060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006ebfbf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8006ec2060, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8006ebc060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006ebcb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006ebc060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006ebf7a0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8006ebd7b0, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8006ed5060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006eba940, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006ed5060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006ebb040, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8006ec1060, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8006ef6060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006ef6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006ef6060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006f11800, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8006efe760, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users