Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VO Package Issue


  • This topic is locked This topic is locked
13 replies to this topic

#1 slowshootin

slowshootin

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 26 April 2015 - 03:19 PM

Well this is a late reply and my english is not great but here it goes. I basically was busy with my computer and somehow i got infected with the VO package. The (un)funny thing is that i cant see it in my installed programs. I used Ccleaner to remove a lot of bleep that was installed on my computer along with the VOpackage. then al of the sudden i saw this in my startup programs. My virus scanner did not pick up any infected files and so did the Microsoft scanner thingy. I also tried deleting its registry in regedit. this did not work. As you can see i tried to turn it off and delete it via Ccleaner but but this did not work either.5n6glt.png Any idea how i can get rid of it.

 

SlowShootin

 

 

 

EDIT: Split from http://www.bleepingcomputer.com/forums/t/551744/vo-package-search-protect-and-rtsdsrite/ ~bloopie


Edited by bloopie, 27 April 2015 - 04:12 PM.
Split post to new topic. ~bloopie


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:18 AM

Posted 27 April 2015 - 06:43 PM

Hello slowshootin

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
    • If no threats were found, click View detailed log.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    • If the scan detected any threats, click Apply Actions.
      • To complete any actions taken you will be prompted to restart your computer...click on Yes.
      • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
      • Check the box next to Scan Log. Choose the most current scan and click View.
      • Click Export and save the log as a .txt file on your Desktop or another location.
  • Providing the MalwareBytes' Anti-Malware log file
    • Attach the log file you just saved to your next reply for further review.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 slowshootin

slowshootin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 01 May 2015 - 03:35 PM

Hello boopme,
 
In advance thanks for your help.
Here is the requested log for adwcleaner. I dont know if it is a problem but it is in dutch.(if you have any questions dont hesitate to ask)
 
# AdwCleaner v4.203 - Logbestand aangemaakt 01/05/2015 op 21:37:00
# Laatste update 30/04/2015 door Xplode
# Database : 2015-04-30.2 [Server]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
# Gebruikersnaam : piet - PIET-HP
# Gestart vanuit : C:\Users\piet\Downloads\adwcleaner_4.203.exe
# Optie : Scannen
 
***** [ Services ] *****
 
Service Gevonden : WindowsMangerProtect
 
***** [ Bestanden / Mappen ] *****
 
Bestand Gevonden : C:\Users\piet\AppData\Local\Temp\Uninstall.exe
Map Gevonden : C:\ProgramData\{d08f09d6-e36b-65fd-d08f-f09d6e36275b}
Map Gevonden : C:\ProgramData\apn
Map Gevonden : C:\ProgramData\Ask
Map Gevonden : C:\ProgramData\e2d2dde200003bbe
Map Gevonden : C:\ProgramData\IHProtectUpDate
Map Gevonden : C:\ProgramData\Trymedia
Map Gevonden : C:\ProgramData\WindowsMangerProtect
Map Gevonden : C:\Users\piet\AppData\Local\Bundled software uninstaller
Map Gevonden : C:\Users\piet\AppData\Local\Conduit
Map Gevonden : C:\Users\piet\AppData\Local\Mindspark_Interactive_Net
Map Gevonden : C:\Users\piet\AppData\Local\Temp\apn
Map Gevonden : C:\Users\piet\AppData\Local\Temp\Browser Good
Map Gevonden : C:\Users\piet\AppData\Local\Temp\mt_ffx
Map Gevonden : C:\Users\piet\AppData\LocalLow\Conduit
Map Gevonden : C:\Users\piet\AppData\LocalLow\iac
Map Gevonden : C:\Users\piet\AppData\LocalLow\PriceGong
Map Gevonden : C:\Users\piet\AppData\Roaming\5BF9A412-1429899737-6744-0B71-E9A206337D25
Map Gevonden : C:\Users\piet\AppData\Roaming\Babylon
Map Gevonden : C:\Users\piet\AppData\Roaming\luckysearches
Map Gevonden : C:\Users\piet\SupTab
Map Gevonden : C:\Windows\SysWOW64\Save
 
***** [ Geplande taken ] *****
 
 
***** [ Snelkoppelingen ] *****
 
 
***** [ Register ] *****
 
Gegevens Gevonden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.luckysearches.com/?type=sc&ts=1429899568&from=amt&uid=ST31500341AS_9VS57SN2
Sleutel Gevonden : HKCU\Software\APN PIP
Sleutel Gevonden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Sleutel Gevonden : HKCU\Software\AppDataLow\Software\Conduit
Sleutel Gevonden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Sleutel Gevonden : HKCU\Software\AppDataLow\Software\PriceGong
Sleutel Gevonden : HKCU\Software\AppDataLow\Software\Toolbar
Sleutel Gevonden : HKCU\Software\BabylonToolbar
Sleutel Gevonden : HKCU\Software\BI
Sleutel Gevonden : HKCU\Software\DataMngr
Sleutel Gevonden : HKCU\Software\DataMngr_Toolbar
Sleutel Gevonden : HKCU\Software\HomeTab
Sleutel Gevonden : HKCU\Software\Linkey
Sleutel Gevonden : HKCU\Software\Local AppWizard-Generated Applications
Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.com
Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2620CB67-C31C-4963-9697-6FBCBE426034}
Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D3BBB655-3117-4CCF-8F11-B5C9DF8D927D}
Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Sleutel Gevonden : HKCU\Software\MyBestOffersToday
Sleutel Gevonden : HKCU\Software\SearchProtectWS
Sleutel Gevonden : HKCU\Software\simplytech
Sleutel Gevonden : HKCU\Software\TNT2
Sleutel Gevonden : HKCU\Software\Tutorials
Sleutel Gevonden : HKCU\Software\TutoTag
Sleutel Gevonden : HKCU\Software\WajIntEnhance
Sleutel Gevonden : [x64] HKCU\Software\APN PIP
Sleutel Gevonden : [x64] HKCU\Software\BabylonToolbar
Sleutel Gevonden : [x64] HKCU\Software\BI
Sleutel Gevonden : [x64] HKCU\Software\DataMngr
Sleutel Gevonden : [x64] HKCU\Software\DataMngr_Toolbar
Sleutel Gevonden : [x64] HKCU\Software\HomeTab
Sleutel Gevonden : [x64] HKCU\Software\Linkey
Sleutel Gevonden : [x64] HKCU\Software\Local AppWizard-Generated Applications
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2620CB67-C31C-4963-9697-6FBCBE426034}
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D3BBB655-3117-4CCF-8F11-B5C9DF8D927D}
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Sleutel Gevonden : [x64] HKCU\Software\MyBestOffersToday
Sleutel Gevonden : [x64] HKCU\Software\SearchProtectWS
Sleutel Gevonden : [x64] HKCU\Software\simplytech
Sleutel Gevonden : [x64] HKCU\Software\TNT2
Sleutel Gevonden : [x64] HKCU\Software\Tutorials
Sleutel Gevonden : [x64] HKCU\Software\TutoTag
Sleutel Gevonden : [x64] HKCU\Software\WajIntEnhance
Sleutel Gevonden : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Sleutel Gevonden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Sleutel Gevonden : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Sleutel Gevonden : HKLM\SOFTWARE\4991dce9-d257-1730-7bf8-ab82da371195
Sleutel Gevonden : HKLM\SOFTWARE\857d8dde16aee42
Sleutel Gevonden : HKLM\SOFTWARE\AIM Toolbar
Sleutel Gevonden : HKLM\SOFTWARE\AskPartnerNetwork
Sleutel Gevonden : HKLM\SOFTWARE\Babylon
Sleutel Gevonden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{8538002b-d91f-4242-9fea-b397ab3ee6f9}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ToolbarProtector
Sleutel Gevonden : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ToolbarProtector.1
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Installer\Features\EFEE0228DC83E77358593193D847A0EC
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Installer\Products\EFEE0228DC83E77358593193D847A0EC
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Gevonden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Sleutel Gevonden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Toolbar.CT3242338
Sleutel Gevonden : HKLM\SOFTWARE\Classes\TypeLib\{ff1ba25f-c7bb-4282-8887-4d9e040a08fc}
Sleutel Gevonden : HKLM\SOFTWARE\Conduit
Sleutel Gevonden : HKLM\SOFTWARE\DataMngr
Sleutel Gevonden : HKLM\SOFTWARE\IHProtect
Sleutel Gevonden : HKLM\SOFTWARE\Iminent
Sleutel Gevonden : HKLM\SOFTWARE\luckysearchesSoftware
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95969fa6-c35a-4552-a1fe-34c45fe13799}
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{db9efcee-b30c-4989-98cc-ee371fa5b355}
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{63894242-d1a7-4235-a425-c124cb8f4633}
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sonic and All Stars Racing Transformed © SEGA_is1
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Sleutel Gevonden : HKLM\SOFTWARE\Mindspark
Sleutel Gevonden : HKLM\SOFTWARE\MyBestOffersToday
Sleutel Gevonden : HKLM\SOFTWARE\SearchProtect
Sleutel Gevonden : HKLM\SOFTWARE\SpeedBit
Sleutel Gevonden : HKLM\SOFTWARE\SupDp
Sleutel Gevonden : HKLM\SOFTWARE\SupTab
Sleutel Gevonden : HKLM\SOFTWARE\supWindowsMangerProtect
Sleutel Gevonden : HKLM\SOFTWARE\Trymedia Systems
Sleutel Gevonden : HKLM\SOFTWARE\Tutorials
Sleutel Gevonden : HKLM\SOFTWARE\WajIntEnhance
Sleutel Gevonden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{95969fa6-c35a-4552-a1fe-34c45fe13799}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC
Sleutel Gevonden : HKU\.DEFAULT\Software\AskPartnerNetwork
 
***** [ Webbrowsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
Setting Gevonden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.luckysearches.com/?type=hp&ts=1429899568&from=amt&uid=ST31500341AS_9VS57SN2
Setting Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.luckysearches.com/?type=hp&ts=1429899568&from=amt&uid=ST31500341AS_9VS57SN2
Setting Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.luckysearches.com/web/?type=ds&ts=1429899568&from=amt&uid=ST31500341AS_9VS57SN2&q={searchTerms}
Setting Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.luckysearches.com/?type=hp&ts=1429899568&from=amt&uid=ST31500341AS_9VS57SN2
Setting Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.luckysearches.com/web/?type=ds&ts=1429899568&from=amt&uid=ST31500341AS_9VS57SN2&q={searchTerms}
Setting Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.luckysearches.com/web/?type=ds&ts=1429899568&from=amt&uid=ST31500341AS_9VS57SN2&q={searchTerms}
Setting Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.luckysearches.com/?type=hp&ts=1429899568&from=amt&uid=ST31500341AS_9VS57SN2
Setting Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.luckysearches.com/?type=hp&ts=1429899568&from=amt&uid=ST31500341AS_9VS57SN2
Setting Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.luckysearches.com/web/?type=ds&ts=1429899568&from=amt&uid=ST31500341AS_9VS57SN2&q={searchTerms}
 
-\\ Google Chrome v42.0.2311.135
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [15630 bytes] - [01/05/2015 21:37:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15690 bytes] ##########
 
 
 
 
 
And here we have the log for malware
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scandatum: 1-5-2015
Scantijd: 21:53:44
Logbestand: aa.txt
Beheerder: Ja
 
Versie: 2.01.6.1022
Malware Gegevensbestand: v2015.05.01.06
Rootkit Gegevensbestand: v2015.04.21.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Zelfbescherming: Uitgeschakeld
 
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: piet
 
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 389040
Verstreken Tijd: 29 m, 1 s
 
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
 
Processen: 0
(Geen kwaadaardige items gedetecteerd)
 
Modules: 0
(Geen kwaadaardige items gedetecteerd)
 
Registersleutels: 15
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{89b64b69-5fdc-460e-9ae6-6e119c2ca7ac}, In Quarantaine, [c1b9c7c7ef9b2214588e4b3cbc47de22], 
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4444fb5a-fb16-4833-a55b-4b076285909b}, In Quarantaine, [c1b9c7c7ef9b2214588e4b3cbc47de22], 
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{87473071-67C5-4F5D-9754-8B9643969DEC}, In Quarantaine, [c1b9c7c7ef9b2214588e4b3cbc47de22], 
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{87473071-67C5-4F5D-9754-8B9643969DEC}, In Quarantaine, [c1b9c7c7ef9b2214588e4b3cbc47de22], 
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{87473071-67C5-4F5D-9754-8B9643969DEC}, In Quarantaine, [c1b9c7c7ef9b2214588e4b3cbc47de22], 
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4444fb5a-fb16-4833-a55b-4b076285909b}, In Quarantaine, [c1b9c7c7ef9b2214588e4b3cbc47de22], 
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{4444fb5a-fb16-4833-a55b-4b076285909b}, In Quarantaine, [c1b9c7c7ef9b2214588e4b3cbc47de22], 
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{89B64B69-5FDC-460E-9AE6-6E119C2CA7AC}, In Quarantaine, [c1b9c7c7ef9b2214588e4b3cbc47de22], 
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{89B64B69-5FDC-460E-9AE6-6E119C2CA7AC}, In Quarantaine, [c1b9c7c7ef9b2214588e4b3cbc47de22], 
PUP.Optional.BrowserGood.A, HKU\S-1-5-21-1855744329-2542374384-547676269-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{89B64B69-5FDC-460E-9AE6-6E119C2CA7AC}, In Quarantaine, [c1b9c7c7ef9b2214588e4b3cbc47de22], 
PUP.Optional.BrowserGood.A, HKU\S-1-5-21-1855744329-2542374384-547676269-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{89B64B69-5FDC-460E-9AE6-6E119C2CA7AC}, In Quarantaine, [c1b9c7c7ef9b2214588e4b3cbc47de22], 
PUP.Optional.Babylon.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantaine, [f8828d01fa908caad10cbc8d07fcc43c], 
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\Browser Good, In Quarantaine, [6812fb936327191d0b81f7e5d330aa56], 
PUP.Optional.BrowserGood.A, HKU\S-1-5-21-1855744329-2542374384-547676269-1000\SOFTWARE\Browser Good, In Quarantaine, [95e5048a3852cc6a0f7ed80436cdbd43], 
PUP.Optional.WiseConvert.A, HKU\S-1-5-21-1855744329-2542374384-547676269-1000\SOFTWARE\APPDATALOW\SOFTWARE\WiseConvert_1.4, In Quarantaine, [4c2e65294743ad89d21dad3a9a69946c], 
 
Registerwaardes: 3
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cizodyde|ImagePath, C:\Users\piet\AppData\Roaming\5BF9A412-1429899737-6744-0B71-E9A206337D25\jnso42EC.tmp, In Quarantaine, [68122668305af73f3303273538cde41c]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qyjohehi|ImagePath, C:\Users\piet\AppData\Roaming\5BF9A412-1429899737-6744-0B71-E9A206337D25\nsdD844.tmp, In Quarantaine, [92e8810d137770c672c31c40f60fac54]
PUM.LowRiskFileTypes, HKU\S-1-5-21-1855744329-2542374384-547676269-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;, In Quarantaine, [3d3d1a7492f8fc3a62b446a34ab91be5]
 
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
 
Mappen: 6
PUP.Optional.MultiPlug.A, C:\Users\piet\AppData\Local\5BF9A412-1429907143-6744-0B71-E9A206337D25, In Quarantaine, [24560c8287030135c2ebeb7208fdb050], 
PUP.Optional.WiseConvert.A, C:\Users\piet\AppData\LocalLow\WiseConvert_1.4, In Quarantaine, [d1a9246a62289a9c6de1991d36cd7e82], 
PUP.Optional.WiseConvert.A, C:\Users\piet\AppData\LocalLow\WiseConvert_1.4\Repository, In Quarantaine, [d1a9246a62289a9c6de1991d36cd7e82], 
PUP.Optional.WiseConvert.A, C:\Users\piet\AppData\LocalLow\WiseConvert_1.4\Repository\conduit_CT3242338_CT3242338, In Quarantaine, [d1a9246a62289a9c6de1991d36cd7e82], 
PUP.Optional.WiseConvert.A, C:\Users\piet\AppData\LocalLow\WiseConvert_1.4\Repository\conduit_CT3242338_CT3242338\AppsMetaData, In Quarantaine, [d1a9246a62289a9c6de1991d36cd7e82], 
PUP.Optional.WiseConvert.A, C:\Users\piet\AppData\LocalLow\WiseConvert_1.4\Repository\conduit_CT3242338_CT3242338\ToolbarSettings, In Quarantaine, [d1a9246a62289a9c6de1991d36cd7e82], 
 
Bestanden: 19
PUP.Optional.Bundle, C:\Users\piet\AppData\Local\Temp\MediaPlayer__3137_il44.exe, In Quarantaine, [6416eda1dfab1b1b4c6a004142c0659b], 
PUP.Optional.SearchProtect.A, C:\Users\piet\AppData\Local\Temp\uttB060.tmp.exe, In Quarantaine, [d5a52f5fe6a4bd7904bc4a68d32e5ea2], 
Trojan.Downloader, C:\Users\piet\AppData\Local\Temp\nsxCE6C.tmp, In Quarantaine, [87f32d61206a93a33c7dac9006fd619f], 
PUP.Optional.Bundle, C:\Users\piet\AppData\Local\Temp\nsxCE6D.tmp, In Quarantaine, [86f4fe900e7c22141d490ef02cd905fb], 
PUP.Optional.Delta.A, C:\Users\piet\AppData\Local\Temp\DeltaTB.exe, In Quarantaine, [b3c7523ce8a28da9ead586b38f72629e], 
PUP.Optional.Tuto4PC.A, C:\Users\piet\AppData\Local\Temp\is-KCRES.tmp\gentlemjmp_ieu.exe, In Quarantaine, [e9912e60c7c31323dcce73d738cef60a], 
PUP.Optional.SkyTech.A, C:\Users\piet\AppData\Local\Temp\tmp-RunningMan\QQBrowserFrame.dll, In Quarantaine, [047690fe8505d95d1bfd07ffe9197888], 
PUP.Optional.Elex, C:\Users\piet\AppData\Local\Temp\tmp-RunningMan\tmp\wpm_v20.0.0.2227.exe, In Quarantaine, [48322c62e5a58caa5e9fb1c411ef9c64], 
PUP.Optional.Giner, C:\Users\piet\AppData\Local\Temp\tmp-RunningMan\tmp\XTab_Setup2253.exe, In Quarantaine, [9ae01e708109043299474cfe45c19070], 
PUP.Optional.Babylon.A, C:\Users\piet\AppData\Local\Temp\E34D962A-BAB0-7891-A46E-CBC049C7509D\Latest\BExternal.dll, In Quarantaine, [bac08a04d6b438fed661240127d9d42c], 
PUP.Optional.Babylon.A, C:\Users\piet\AppData\Local\Temp\E34D962A-BAB0-7891-A46E-CBC049C7509D\Latest\CrxInstaller.dll, In Quarantaine, [94e6c4ca1773cc6a78f3e9620af743bd], 
PUP.Optional.Babylon.A, C:\Users\piet\AppData\Local\Temp\E34D962A-BAB0-7891-A46E-CBC049C7509D\Latest\Setup.exe, In Quarantaine, [bac01f6f3753e65095f64ed48c7454ac], 
PUP.Optional.MultiPlug.A, C:\Users\piet\AppData\Local\5BF9A412-1429907143-6744-0B71-E9A206337D25\onse128E.tmp, In Quarantaine, [24560c8287030135c2ebeb7208fdb050], 
PUP.Optional.MultiPlug.A, C:\Users\piet\AppData\Local\5BF9A412-1429907143-6744-0B71-E9A206337D25\pnsk12AF.exe, In Quarantaine, [24560c8287030135c2ebeb7208fdb050], 
PUP.Optional.MultiPlug.A, C:\Users\piet\AppData\Local\5BF9A412-1429907143-6744-0B71-E9A206337D25\rnsp127E.exe, In Quarantaine, [24560c8287030135c2ebeb7208fdb050], 
PUP.Optional.MultiPlug.A, C:\Users\piet\AppData\Local\5BF9A412-1429907143-6744-0B71-E9A206337D25\snsp127D.tmp, In Quarantaine, [24560c8287030135c2ebeb7208fdb050], 
PUP.Optional.MultiPlug.A, C:\Users\piet\AppData\Local\5BF9A412-1429907143-6744-0B71-E9A206337D25\Uninstall.exe, In Quarantaine, [24560c8287030135c2ebeb7208fdb050], 
PUP.Optional.WiseConvert.A, C:\Users\piet\AppData\LocalLow\WiseConvert_1.4\Repository\conduit_CT3242338_CT3242338\AppsMetaData\data.txt, In Quarantaine, [d1a9246a62289a9c6de1991d36cd7e82], 
PUP.Optional.WiseConvert.A, C:\Users\piet\AppData\LocalLow\WiseConvert_1.4\Repository\conduit_CT3242338_CT3242338\ToolbarSettings\data.txt, In Quarantaine, [d1a9246a62289a9c6de1991d36cd7e82], 
 
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
 
 
(end)

 

again if you have any questions do not hesitate to ask.

 

The thing is it removed probably a lot of bad stuff but the original problem is still there.

Any more suggestions?

 

Slowshootin


Edited by slowshootin, 01 May 2015 - 03:36 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:18 AM

Posted 01 May 2015 - 07:37 PM

OK, let's remove what ADWcleaner found....

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
There was a lot of bad things on here so lastly run ESET.
This can take a few hours....

cvMlKv6.pngESET Online Scanner
  • Hold down Control and click on this link to open ESET Online Scanner in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE: Sometimes if ESET finds no infections it will not create a log.
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 slowshootin

slowshootin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 16 May 2015 - 03:50 AM

Hello boopme,

 

well results of the adw scan came in clean.

But then again the eset scan saw a lot of things as hostile including stuff of adwcleaner itself.

 

Here is the log 

C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{d08f09d6-e36b-65fd-d08f-f09d6e36275b}\hqghumeaylnlf.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AA application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\piet\AppData\Roaming\5BF9A412-1429899737-6744-0B71-E9A206337D25\rnso36F7.exe.vir a variant of Win32/Adware.ConvertAd.JD application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\piet\AppData\Roaming\5BF9A412-1429899737-6744-0B71-E9A206337D25\trz6853.tmp.vir a variant of Win32/Adware.ConvertAd.JF application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\piet\AppData\Roaming\5BF9A412-1429899737-6744-0B71-E9A206337D25\vnsdE6AC.tmp.vir a variant of Win32/Adware.ConvertAd.KZ.gen application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\piet\AppData\Roaming\luckysearches\UninstallManager.exe.vir a variant of Win32/ELEX.CP potentially unwanted application deleted - quarantined
C:\Config.Msi\ebf1d5.rbf a variant of Win32/Adware.Hicosmea.B application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Nidhogg\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe Win32/HackTool.Crack.BC potentially unsafe application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\APNStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\mox.exe a variant of Generik.ERIKAIL trojan cleaned by deleting - quarantined
C:\Users\piet\AppData\Local\Temp\nsd7675.tmp multiple threats cleaned by deleting - quarantined
C:\Users\piet\AppData\Local\Temp\nseCEB7.tmp Win32/Adware.ConvertAd.NK application cleaned by deleting - quarantined
C:\Users\piet\AppData\Local\Temp\nsg2C48.tmp Win32/Adware.ConvertAd.NK application cleaned by deleting - quarantined
C:\Users\piet\AppData\Local\Temp\nsj8D52.tmp multiple threats cleaned by deleting - quarantined
C:\Users\piet\AppData\Local\Temp\nsl43DD.tmp Win32/Adware.ConvertAd.NK application cleaned by deleting - quarantined
C:\Users\piet\AppData\Local\Temp\nsw3702.tmp Win32/Adware.ConvertAd.NK application cleaned by deleting - quarantined
C:\Users\piet\AppData\Local\Temp\nsw68FA.tmp Win32/Adware.ConvertAd.NK application cleaned by deleting - quarantined
C:\Users\piet\AppData\Local\Temp\supoptsetup.exe multiple threats cleaned by deleting - quarantined
C:\Users\piet\AppData\Local\Temp\tbedrs.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\tbWise.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\bus741\BabMaint.x Win32/Toolbar.Babylon.P potentially unwanted application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\bus741\BUSolution.x a variant of Win32/Toolbar.Babylon.P potentially unwanted application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\E34D962A-BAB0-7891-A46E-CBC049C7509D\Latest\BabMaint.exe a variant of Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\E34D962A-BAB0-7891-A46E-CBC049C7509D\Latest\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\E34D962A-BAB0-7891-A46E-CBC049C7509D\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\is-7OGGE.tmp\SupOptHelper.dll a variant of Win32/OptimizerPro.B potentially unwanted application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\is-960KM.tmp\superpct_soft_partner.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application cleaned by deleting - quarantined
C:\Users\piet\AppData\Local\Temp\is-DQBT9.tmp\browsergood_soft_partner.exe Win32/BrowseFox.AV potentially unwanted application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\is-U7O36.tmp\package_browsergood_installer_multilang.exe multiple threats cleaned by deleting - quarantined
C:\Users\piet\AppData\Local\Temp\is-U7O36.tmp\package_superpct_installer_multilang.exe multiple threats cleaned by deleting - quarantined
C:\Users\piet\AppData\Local\Temp\is45637729\15640620_stp\icc.dll a variant of Win32/InstallCore.YX potentially unwanted application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\nso42FD.tmp\nsWeb_DispOffr.dll a variant of Win32/InstallMonetizer.BC potentially unwanted application deleted - quarantined
C:\Users\piet\AppData\Local\Temp\tmp-RunningMan\UninstallManager.exe a variant of Win32/ELEX.CP potentially unwanted application deleted - quarantined
C:\Users\piet\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\piet\Downloads\Borderlands.The.Pre.Sequel.Update.v1.0.3.Incl.DLC-RELOADED\Crack\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted - quarantined
C:\Users\piet\Downloads\Far Cry 4 Update v1.4-RELOADED\Crack\bin\steam_api.dll Win32/HackTool.Crack.CS potentially unsafe application deleted - quarantined
C:\Users\piet\Downloads\Sniper.Elite.3-RELOADED\Crack\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted - quarantined
C:\Users\piet\Downloads\Update\update 1.0.2\Crack\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted - quarantined
C:\Windows\System32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
 
As you can see, there are some of what i believe are false positive results but they were put in quarantined just in case
 
What should i do next?
 
Thank again.
 
slowshootin


#6 slowshootin

slowshootin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 16 May 2015 - 03:55 AM

Hello again,

 

I just checked the start-up list again and it is still there.

Would it be possible to just save all needed items to a portable storage device and the factory reset the computer and completely wipe the hard-drive

 

slowshooting



#7 slowshootin

slowshootin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 16 May 2015 - 05:03 AM

And yet again an update.

 

Just got these messages

RvjPx4E.png?1

 

This isn't getting any better, but on the bright side it is not getting worse.

 

slowshootin



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:18 AM

Posted 17 May 2015 - 08:18 PM

Sorry for the delay ... I had to translate a lot to see.. We have to get a deeper look to un hook the problem.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 slowshootin

slowshootin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 18 May 2015 - 12:36 PM

Just a small question does a hard-reset remove all the malware?



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:18 AM

Posted 18 May 2015 - 01:18 PM

A reinstall of the Operating system will.

Edit; Note see quietman7's post 12 here

http://www.bleepingcomputer.com/forums/t/458645/pop-ups-of-ugly-face-webcam-and-unknown-chat/

Edited by boopme, 18 May 2015 - 01:20 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 slowshootin

slowshootin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 18 May 2015 - 01:32 PM

Hi again boopme,

 

Thank you so much, 

 

I indeed backed up some of the files now and ran the frst scan.

 

But what am i suppose to do with the logs?

 

slowshootin



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:18 AM

Posted 18 May 2015 - 01:38 PM

Hi, post the FRSAT logs as per step 7.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 slowshootin

slowshootin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 18 May 2015 - 01:48 PM

Ok i've done that,

 

Thank you so much for your help.

 

All questions should be asked with the other topic now right?

 

Slowshootin



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:18 AM

Posted 18 May 2015 - 02:29 PM

Yes that is correct.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users