Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups, Malware and unwanted redirects. Adwcleaner trouble as well.


  • Please log in to reply
52 replies to this topic

#1 sheldonofosaka

sheldonofosaka

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 14 April 2015 - 10:31 AM

I'm running Windows XP.

 

I've been experiencing unwanted pop-ups and redirects. Almost every time I click on the search button or a link on a website, a pop-up will open a new tab

or redirect the site I'm on to a new site, usually some sort of advert. 

 

I had this problem in the past ran a number of scans FRST, Adwcleaner etc and was able to get rid of the problem but it's come back.

 

Also, I ran Adwecleaner this morning hoping to fix the problem and pressed "Clean" ... I don't think I should have done that? As Windows Media Player no longer 

works and I have a host of different operating system problems, e.g. can't find "My Computer", certain shortcuts don't work anymore.

 

Any information on what scans to run appreciated. I understand operating system problems a separate problem, please advise where to post, if separate post necessary?

 

Thanks

 

Sheldon Of Osaka

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-04-2015
Ran by Owner (administrator) on ANONYMOUS on 15-04-2015 00:21:07
Running from D:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe
() D:\WINDOWS\system32\GManager.exe
(Oracle Corporation) D:\Program Files\JAVA\jre7\bin\jqs.exe
() D:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe
() D:\WINDOWS\system32\U2VSvr.exe
() D:\WINDOWS\system32\U2VT2Svr.exe
(Microsoft Corporation) D:\Program Files\UPHClean\uphclean.exe
(InstallShield Software Corporation) D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Magic Control Technology Corporation) D:\Program Files\Common Files\DesktopUtil\FDispPos.exe
(Oracle Corporation) D:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(Skype Technologies S.A.) D:\Program Files\Skype\Phone\Skype.exe
(Safer-Networking Ltd.) D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(BitTorrent Inc.) D:\Documents and Settings\Owner\Application Data\BitTorrent\BitTorrent.exe
(Magic Control Technology Corporation) D:\WINDOWS\system32\MTrigger2.exe
(Magic Control Technology Corporation) D:\WINDOWS\system32\MTri1+.exe
(Magic Control Technology Corporation) D:\Program Files\Common Files\DesktopUtil\MCTDUtil.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Apple Inc.) D:\Program Files\iTunes\iTunes.exe
(Apple Inc.) D:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
() D:\Program Files\VideoLAN\VLC\vlc.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Oracle Corporation) D:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
() D:\Program Files\VideoLAN\VLC\vlc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AzMixerSel] => D:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ISUSPM Startup] => D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] => D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM\...\Run: [APSDaemon] => D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [MCTDUtil] => D:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => D:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [Util] => D:\WINDOWS\system32\Util.exe [195200 2011-05-04] ()
HKLM\...\Run: [Util-MTrigger2] => D:\WINDOWS\system32\Util-MTrigger2.exe [195200 2011-05-04] ()
HKLM\...\Run: [Systweak Support Dock] => "D:\Program Files\Systweak Support Dock\SystweakDock.exe" /autorun
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => D:\Program Files\QuickTime Alternative\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => D:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [NoSharedDocuments] 1
HKLM\...\Policies\Explorer: [MaxRecentDocs] 18
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [Google Update] => D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [Skype] => D:\Program Files\Skype\Phone\Skype.exe [26100520 2010-03-09] (Skype Technologies S.A.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [SpybotSD TeaTimer] => D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [cdloader] => D:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe [51592 2014-07-05] (magicJack L.P.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [BitTorrent] => D:\Documents and Settings\Owner\Application Data\BitTorrent\BitTorrent.exe [1744472 2015-03-04] (BitTorrent Inc.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [Akamai NetSession Interface] => "D:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe"
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> D:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HD Writer.lnk
Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
Startup: D:\Documents and Settings\Owner\Start Menu\Programs\Startup\Empire 2015 S01E11 720p HDTV 2CH x265 HEVC-PSA mkv.lnk
BootExecute: autocheck autochk * D:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {08695E7C-3FF8-408F-89E5-CDCE161D6692} URL = http://www.google.co.jp/search?hl=en&q={searchTerms}&rlz=1I7SUNC_en
BHO: keepItuBroowse -> {3d31f990-12a4-4116-81ca-57392a6032c7} -> D:\Program Files\keepItuBroowse\zyE5JwGbjzwhcJ.dll [2015-04-10] ()
BHO: AutoDealssAPp -> {9b3e82b4-8c16-4ed0-8125-49ec6b9a7326} -> D:\Program Files\AutoDealssAPp\oUOMNNhv9Ft4k8.dll [2015-04-10] ()
Toolbar: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> No Name - {01E04581-4EEE-11D0-BFE9-00AA005B4383} -  No File
Toolbar: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> No Name - {0E5CBF21-D15F-11D0-8301-00AA005B4383} -  No File
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} -  No File []
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll [2010-03-09] (Skype Technologies)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} -  No File []
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File []
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File []
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File []
Winsock: Catalog5 04 D:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> D:\Program Files\JAVA\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> D:\Program Files\JAVA\jre7\bin\plugin2\npjp2.dll [2015-01-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll [2011-05-30] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-11] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-11] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> D:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> D:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 -> D:\Program Files\Veetle\VLCBroadcast\npvbp.dll [2010-03-23] (Veetle Inc)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> D:\Program Files\Veetle\plugins\npVeetle.dll [2010-10-16] (Veetle Inc)
FF Plugin HKU\S-1-5-21-1645522239-1844237615-1177238915-1003: @tools.google.com/Google Update;version=3 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1645522239-1844237615-1177238915-1003: @tools.google.com/Google Update;version=9 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-11]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Widevine Content Decryption Module) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\41.0.2272.118\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - D:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - D:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - D:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (DealPlyLive Update) - D:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
CHR Plugin: (Google Update) - D:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U13) - D:\Program Files\JAVA\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (McAfee Security Scanner +) - D:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - D:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Veetle TV Player) - D:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle Broadcaster Plugin) - D:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - D:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (iTunes Application Detector) - D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - D:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - D:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
StartMenuInternet: chrome.exe - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 GManager; D:\WINDOWS\system32\GManager.exe [226904 2012-08-28] ()
R2 JavaQuickStarterService; D:\Program Files\JAVA\jre7\bin\jqs.exe [182696 2015-01-05] (Oracle Corporation)
S3 McComponentHostService; D:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MCTDesktopSvr; D:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 U2VSvr; D:\WINDOWS\system32\U2VSvr.exe [199296 2012-02-03] ()
R2 U2VT2Svr; D:\WINDOWS\system32\U2VT2Svr.exe [199296 2011-06-27] ()
R2 UPHClean; D:\Program Files\UPHClean\uphclean.exe [241725 2005-04-28] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 NETw4x32; D:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2530176 2008-03-13] (Intel Corporation)
S3 nm; D:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
R3 Rasirda; D:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 Tcpip; D:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2009-04-21] (Microsoft Corporation) [File not signed]
U5 Tcpip6; D:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-11 10:10 - 2015-04-11 10:10 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\{e0aa9ea0-476f-847c-e0aa-a9ea04767a81}
2015-04-10 23:27 - 2015-04-14 08:41 - 00000020 _____ () D:\Documents and Settings\Owner\Application Data\appdataFr3.bin
2015-04-10 23:07 - 2015-04-10 23:07 - 00000000 ____D () D:\Program Files\Start
2015-04-10 23:06 - 2015-04-10 23:06 - 00000000 ____D () D:\Program Files\keepItuBroowse
2015-04-10 23:05 - 2015-04-10 23:07 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\14943958585682999316
2015-04-10 23:05 - 2015-04-10 23:05 - 00000000 ____D () D:\Program Files\DiscountBomb
2015-04-10 23:05 - 2015-04-10 23:05 - 00000000 ____D () D:\Program Files\AutoDealssAPp
2015-03-19 22:01 - 2015-04-10 23:08 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\{16d8394c-47c2-281d-16d8-8394c47ce531}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-15 00:23 - 2010-02-13 07:16 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\BitTorrent
2015-04-15 00:23 - 2010-02-11 20:01 - 00000422 ____H () D:\WINDOWS\Tasks\User_Feed_Synchronization-{0C645668-D06E-4D40-A724-910F14F0648C}.job
2015-04-15 00:21 - 2014-12-30 22:53 - 00000000 ____D () D:\FRST
2015-04-15 00:21 - 2010-08-26 05:22 - 00000000 ____D () D:\Documents and Settings\Owner\Local Settings\temp
2015-04-15 00:13 - 2010-02-11 18:53 - 00032580 _____ () D:\WINDOWS\SchedLgU.Txt
2015-04-14 23:46 - 2010-02-13 09:32 - 00000886 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 23:42 - 2010-02-13 09:53 - 00000978 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1844237615-1177238915-1003UA.job
2015-04-14 23:37 - 2013-10-16 22:38 - 00000830 _____ () D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-14 22:24 - 2014-12-30 22:42 - 00030305 _____ () D:\WINDOWS\WindowsUpdate.log
2015-04-14 22:09 - 2013-11-22 13:21 - 00000727 _____ () D:\WINDOWS\wiadebug.log
2015-04-14 14:57 - 2010-02-11 19:52 - 00000664 _____ () D:\WINDOWS\system32\d3d9caps.dat
2015-04-14 13:08 - 2015-01-05 00:43 - 00000000 ____D () D:\AdwCleaner
2015-04-14 12:56 - 2013-12-21 18:07 - 00002801 _____ () D:\WINDOWS\system32\GManager.ini
2015-04-14 12:56 - 2013-11-22 13:21 - 00000049 _____ () D:\WINDOWS\wiaservc.log
2015-04-14 12:56 - 2010-04-04 01:23 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\Skype
2015-04-14 12:56 - 2010-02-13 09:32 - 00000882 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 12:56 - 2010-02-11 18:53 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2015-04-14 12:54 - 2010-02-11 18:53 - 00000178 ___SH () D:\Documents and Settings\Owner\ntuser.ini
2015-04-14 10:07 - 2011-05-23 23:04 - 00000284 _____ () D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-04-14 08:48 - 2008-04-14 21:00 - 00002206 _____ () D:\WINDOWS\system32\wpa.dbl
2015-04-14 08:42 - 2010-02-13 09:53 - 00000926 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1844237615-1177238915-1003Core.job
2015-04-13 22:09 - 2010-02-11 19:05 - 00033792 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-12 10:41 - 2011-05-20 22:33 - 00001010 _____ () D:\Documents and Settings\Owner\Start Menu\Programs\magicJack.lnk
2015-04-12 10:41 - 2011-05-20 22:33 - 00001004 _____ () D:\Documents and Settings\Owner\Desktop\magicJack.lnk
2015-04-12 10:41 - 2011-05-20 22:32 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\mjusbsp
2015-04-10 23:08 - 2015-01-05 00:22 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\468941472
2015-04-06 11:02 - 2014-12-31 17:22 - 00004280 _____ () D:\WINDOWS\wmsetup.log
2015-04-03 09:43 - 2010-02-13 09:54 - 00002284 _____ () D:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
2015-03-31 12:14 - 2014-05-20 23:19 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\vlc
 
==================== Files in the root of some directories =======
 
2015-04-10 23:27 - 2015-04-14 08:41 - 0000020 _____ () D:\Documents and Settings\Owner\Application Data\appdataFr3.bin
2010-02-11 19:05 - 2015-04-13 22:09 - 0033792 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some content of TEMP:
====================
D:\Documents and Settings\Owner\Local Settings\temp\jre-7u71-windows-i586-iftw.exe
D:\Documents and Settings\Owner\Local Settings\temp\uninst1.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\18467.exe
C:\Windows\System32\41.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 AM

Posted 17 April 2015 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: keepItuBroowse -> {3d31f990-12a4-4116-81ca-57392a6032c7} -> D:\Program Files\keepItuBroowse\zyE5JwGbjzwhcJ.dll [2015-04-10] ()
BHO: AutoDealssAPp -> {9b3e82b4-8c16-4ed0-8125-49ec6b9a7326} -> D:\Program Files\AutoDealssAPp\oUOMNNhv9Ft4k8.dll [2015-04-10] ()
Toolbar: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> No Name - {01E04581-4EEE-11D0-BFE9-00AA005B4383} -  No File
Toolbar: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> No Name - {0E5CBF21-D15F-11D0-8301-00AA005B4383} -  No File
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} -  No File []
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} -  No File []
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File []
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File []
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File []
CHR Plugin: (Widevine Content Decryption Module) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Native Client) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (DealPlyLive Update) - D:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
CHR Plugin: (Google Update) - D:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - D:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll No File
CHR Plugin: (Veetle TV Player) - D:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Shockwave Flash) - D:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - D:\WINDOWS\system32\npDeployJava1.dll No File
D:\Documents and Settings\Owner\Local Settings\temp\jre-7u71-windows-i586-iftw.exe
D:\Documents and Settings\Owner\Local Settings\temp\uninst1.exe
D:\Program Files\keepItuBroowse
D:\Program Files\AutoDealssAPp

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===


CHR dev: Chrome dev build detected! <======= ATTENTION

Your version of Chrome as been compromised I suggest your remove using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is the computer running now?

#3 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 17 April 2015 - 11:32 AM

Nasdaq, thank you for your attention.

I can no longer access the Internet since I uninstalled chrome...my IE doesn't work.
Have tried to download Firefox...but cannot find Address bar on Windows XP.

Please help situation is going from bad to worse.
Before that could barely stay on bleeping website malware redirects too quickly.
I have both logs..not sure how to paste them because of redirects.

Thanks

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 AM

Posted 17 April 2015 - 01:16 PM

Go to the DOS prompt on you XP machine.

http://www.computerhope.com/issues/chdos.htm

Follow the instructions on this section.
Windows NT, 2000, and XP users

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

Restart the computer normally.

How is it now?

#5 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 17 April 2015 - 09:13 PM

Nasdaq,
There is no change? Please clarify, am I to go through the whole recover process for xp as listed on the site (I do not have the diskette)?
I type the commands in as directed, it said it flushed for the first command the next two it simply showed some sort of default settings.

I pushed enter for each separate command, was that correct? Should I be typing anything else? Effectively I typed the commends at the first line was that correct?

Thanks again for your help, as you can imagine this is very upsetting, I'm not in a position to buy a new laptop.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 AM

Posted 18 April 2015 - 08:12 AM

How to use System Restore to restore Windows XP to a previous state

Follow the instructions on this page.
https://support.microsoft.com/en-us/kb/306084

I have posted the instructions on the page in case you cannot see it.

Log on to Windows as an administrator.
Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.

On the Welcome to System Restore page, click to select the Restore my computer to an earlier time option, and then click Next.

On the Select a Restore Point page, click the most recent system restore point in the On this list, click a restore point list, and then click Next

A System Restore message may appear that lists configuration changes that System Restore will make. Click OK

On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration, and then restarts the computer.

Log on to the computer as an administrator. Then, click OK on the System Restore Restoration Complete page.

p.s.
Select a date prior to start of your problems with this computer.

#7 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 19 April 2015 - 12:22 AM

Nasdaq, it didn't work.
When I get to the Select a Restore Point page there are no dates earlier than today's date. I cannot click an earlier date in the calendar either. It simply has today's date in bold and that cannot be changed.
I attempted to create an earlier checkpoint date..this also failed. It seemed to simply add the new date on today's date. So when I restored it simply went back to today's date.
Also, when I attempt to go into System Restore Settings, it says app fail because ScrRun.dll was not found.
Also when I first tried to get into system restore it said it had been turned off. I turned it back on, but perhaps whatever turned it off is part of the problem.

Thanks for your continued help, I'm getting a bit worried but I'm still thankful for your efforts.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 AM

Posted 19 April 2015 - 07:30 AM

Try this.

Reset Winsock (XP)

To reset Winsock on Windows XP:

1. Click Windows Start, then click Run.

2. In the Open: field type CMD, then click OK. The Windows Command Console (black DOS window) will appear.

3. At the blinking cursor, type netsh int ip reset c:\Reset.txt

4. Press Enter on the keyboard.

5. At the blinking cursor, type: netsh winsock reset

6. Press Enter.

7. At the blinking cursor, type: exit. This closes the Windows Command Console window.

8. Restart your computer.

#9 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 19 April 2015 - 10:39 AM

Nasdaq, it does not appear to have worked.
After typing command the DOS screen said "could not obtain host information from machine: [anonymous]. Some commands may not be available. Class not registered"
It says the same thing after the 2nd command then it says "successfully reset the winsock catalog"
But nothing appears to have changed.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 AM

Posted 19 April 2015 - 01:06 PM

In Windows Explorer, locate the CMD.COM or CMD.EXE file, click the program executable file (it should be hilighlted).
2.
Press SHIFT and hold, then right-click the CMD.COM or CMD.EXE, and then click Run as.
3.
To log on using an Administrator account, click The following user.
4.
In User name and Password, type the Administrator account name and password that you want to use.

This should give you the DOS prompt but with the Administrator rights.

Execute the instructions in my post No. 8.

How is it now?

#11 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 19 April 2015 - 08:38 PM

Nasdaq, it failed.

When I tried to put in a password it said.
"Unable to log on:
logon failure: unknown user name or bad password"

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 AM

Posted 20 April 2015 - 07:44 AM

Do you have access to an other computer to download programs?

#13 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 20 April 2015 - 08:39 AM

Nasdaq, I can try and ask a friend, but it's not very convenient. Is there no other way to get my browser working again?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 AM

Posted 20 April 2015 - 12:40 PM

How are you communicating with me now?


Start your computer in Safe mode with the Networking option, which loads all of the above files and drivers and the essential services and drivers to start networking

To start the computer in safe mode
1.
You should print these instructions before continuing. They will not be available after you shut your computer down in step 2.
2.
Click Start and then click Shut Down.
3.
In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.
4.
As your computer restarts but before Windows launches, press F8.
On a computer that is configured for booting to multiple operating systems, you can press F8 when the boot menu appears.
5.
Use the arrow keys to highlight the Networking option, and then press ENTER.

Do you have an internet connection now?

#15 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 20 April 2015 - 02:25 PM

Nasdaq, I'm on my IPhone. Yes the computer still has Internet at this moment.
I'm going to put computer into safe mode now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users