Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My browser is infected with some nasty adware.


  • Please log in to reply
6 replies to this topic

#1 drokly

drokly

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 07 May 2015 - 11:15 PM

My browser has been infected with adware for the past few days.  I can't go to a new page without it opening up two to three more pages.  Most of the ads are invisible and are placed in front of links, or search bars.  It also changes every few words on a page into links to other pages as well.  The pages that open up are very annoying to try and close out of.  I've tried adaware, malwarebytes, combofix, and rkill.  I haven't been able to get rid of it.  Please help.

 

Thank you



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 AM

Posted 08 May 2015 - 12:11 AM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 drokly

drokly
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 08 May 2015 - 11:35 AM

08 May 2015 10:51:28 [0790] - **********************************************************
08 May 2015 10:51:28 [0790] - MWAV - eScanAV AntiVirus Toolkit.
08 May 2015 10:51:28 [0790] - Copyright © MicroWorld Technologies
08 May 2015 10:51:28 [0790] - **********************************************************
08 May 2015 10:51:28 [0790] - Source: C:\Users\drokly\Desktop\mwav.exe
08 May 2015 10:51:28 [0790] - Version 14.0.178 (C:\USERS\DROKLY\APPDATA\LOCAL\TEMP\MEXE.COM)
08 May 2015 10:51:28 [0790] - Log File: C:\Users\drokly\AppData\Local\Temp\MWAV.LOG
08 May 2015 10:51:28 [0790] - MWAV Registered: TRUE
08 May 2015 10:51:28 [0790] - User Account: drokly (Administrator Mode)
08 May 2015 10:51:28 [0790] - OS Type: Windows Workstation [InstallType: Client]
08 May 2015 10:51:28 [0790] - OS: Windows 7 64-Bit [OS Install Date: 26 Jul 2014 20:22:23]
08 May 2015 10:51:28 [0790] - Ver: Professional Service Pack 1 (Build 7601)
08 May 2015 10:51:28 [0790] - System Up Time: 7 Minutes, 53 Seconds
 
 
08 May 2015 10:51:28 [0790] - Parent Process Name : C:\Users\drokly\Desktop\mwav.exe
08 May 2015 10:51:28 [0790] - Windows Root  Folder: C:\Windows
08 May 2015 10:51:28 [0790] - Windows Sys32 Folder: C:\Windows\system32
08 May 2015 10:51:28 [0790] - DHCP NameServer: 192.168.1.10 192.168.1.10
08 May 2015 10:51:28 [0790] - Interface0 DHCPNameServer: 192.168.1.10 192.168.1.10
08 May 2015 10:51:28 [0790] - Local Fixed Drives: c:\
08 May 2015 10:51:28 [0790] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
08 May 2015 10:51:28 [0790] - [CREATED ZIP FILE: C:\Users\drokly\AppData\Local\Temp\pinfect.zip]
08 May 2015 10:51:28 [0790] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
08 May 2015 10:51:30 [0790] - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "OperaStable" to "htmlfile"
08 May 2015 10:51:30 [0790] - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "OperaStable" to "htmlfile"
08 May 2015 10:51:31 [0790] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\drokly\AppData\Local\Temp\ESCANDB.LOG]
08 May 2015 10:51:31 [0790] - Loaded/Created FileScan Cache Database...
08 May 2015 10:51:31 [0790] - Loading AV Library [DB]...
08 May 2015 10:52:09 [0790] - ArchiveScan: DISABLED
08 May 2015 10:52:10 [0790] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
08 May 2015 10:52:10 [0790] - MWAV doing self scanning...
08 May 2015 10:52:10 [0790] - MWAV files are clean.
08 May 2015 10:52:13 [0790] - ArchiveScan: DISABLED
08 May 2015 10:52:13 [0790] - Virus Database Date: 02 Mar 2015
08 May 2015 10:52:13 [0790] - Virus Database Count: 6701505
08 May 2015 10:52:13 [0790] - Sign Version: 7.59505 [518257]
08 May 2015 10:52:23 [0790] - Uninitializing Scanner (3)...
08 May 2015 10:52:23 [0790] - Freeing Libraries (3)...
08 May 2015 10:52:24 [0790] - AV Library Unloaded (3)...
08 May 2015 10:52:24 [0790] - Exiting App...
08 May 2015 10:52:28 [12f4] - **********************************************************
08 May 2015 10:52:28 [12f4] - MWAV - eScanAV AntiVirus Toolkit.
08 May 2015 10:52:28 [12f4] - Copyright © MicroWorld Technologies
08 May 2015 10:52:28 [12f4] - **********************************************************
08 May 2015 10:52:28 [12f4] - Version 14.0.178 (C:\USERS\DROKLY\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
08 May 2015 10:52:28 [12f4] - Log File: C:\Users\drokly\AppData\Local\Temp\MWAV.LOG
08 May 2015 10:52:28 [12f4] - MWAV Registered: TRUE
08 May 2015 10:52:28 [12f4] - User Account: drokly (Administrator Mode)
08 May 2015 10:52:28 [12f4] - OS Type: Windows Workstation [InstallType: Client]
08 May 2015 10:52:28 [12f4] - OS: Windows 7 64-Bit [OS Install Date: 26 Jul 2014 20:22:23]
08 May 2015 10:52:28 [12f4] - Ver: Professional Service Pack 1 (Build 7601)
08 May 2015 10:52:28 [12f4] - System Up Time: 8 Minutes, 52 Seconds
 
 
08 May 2015 10:52:28 [12f4] - Parent Process Name : c:\Windows\explorer.exe
08 May 2015 10:52:28 [12f4] - Windows Root  Folder: C:\Windows
08 May 2015 10:52:28 [12f4] - Windows Sys32 Folder: C:\Windows\system32
08 May 2015 10:52:28 [12f4] - DHCP NameServer: 192.168.1.10 192.168.1.10
08 May 2015 10:52:28 [12f4] - Interface0 DHCPNameServer: 192.168.1.10 192.168.1.10
08 May 2015 10:52:28 [12f4] - Local Fixed Drives: c:\
08 May 2015 10:52:28 [12f4] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
08 May 2015 10:52:28 [12f4] - [CREATED ZIP FILE: C:\Users\drokly\AppData\Local\Temp\pinfect.zip]
08 May 2015 10:52:28 [12f4] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
08 May 2015 10:52:28 [12f4] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\drokly\AppData\Local\Temp\ESCANDB.LOG]
08 May 2015 10:52:28 [12f4] - Loaded/Created FileScan Cache Database...
08 May 2015 10:52:28 [12f4] - Loading AV Library [DB]...
08 May 2015 10:52:30 [12f4] - ArchiveScan: DISABLED
08 May 2015 10:52:30 [12f4] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
08 May 2015 10:52:30 [12f4] - MWAV doing self scanning...
08 May 2015 10:52:30 [12f4] - MWAV files are clean.
08 May 2015 10:52:30 [12f4] - ArchiveScan: DISABLED
08 May 2015 10:52:30 [12f4] - Virus Database Date: 02 Mar 2015
08 May 2015 10:52:30 [12f4] - Virus Database Count: 6701505
08 May 2015 10:52:30 [12f4] - Sign Version: 7.59505 [518257]
08 May 2015 10:52:35 [12f4] - Downloading AntiVirus and Anti-Spyware Databases...
08 May 2015 10:58:39 [12f4] - Update Successful...
08 May 2015 10:58:42 [12f4] - Indexed Spyware Databases Successfully Created...
08 May 2015 10:58:42 [12f4] - Old Sign Version: 7.59505 New Sign Version: 7.60476
08 May 2015 10:58:57 [12f4] - Reload of AntiVirus Signatures successfully done.
08 May 2015 10:58:57 [12f4] - Virus Database Date: 08 May 2015
08 May 2015 10:58:57 [12f4] - Virus Database Count: 6058667
08 May 2015 10:58:57 [12f4] - Sign Version: 7.60476 [519228]
 
08 May 2015 10:59:19 [12f4] - **********************************************************
08 May 2015 10:59:19 [12f4] - MWAV - eScanAV AntiVirus Toolkit.
08 May 2015 10:59:19 [12f4] - Copyright © MicroWorld Technologies
08 May 2015 10:59:19 [12f4] - 
08 May 2015 10:59:19 [12f4] - Support: support@escanav.com
08 May 2015 10:59:19 [12f4] - Web: http://www.escanav.com
08 May 2015 10:59:19 [12f4] - **********************************************************
08 May 2015 10:59:19 [12f4] - Version 14.0.178[DB] (C:\USERS\DROKLY\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
08 May 2015 10:59:19 [12f4] - Log File: C:\Users\drokly\AppData\Local\Temp\MWAV.LOG
08 May 2015 10:59:19 [12f4] - User Account: drokly (Administrator Mode)
08 May 2015 10:59:19 [12f4] - Parent Process Name : c:\Windows\explorer.exe
08 May 2015 10:59:19 [12f4] - Windows Root  Folder: C:\Windows
08 May 2015 10:59:19 [12f4] - Windows Sys32 Folder: C:\Windows\system32
08 May 2015 10:59:19 [12f4] - OS: Windows 7 64-Bit [OS Install Date: 26 Jul 2014 20:22:23]
08 May 2015 10:59:19 [12f4] - Ver: Professional Service Pack 1 (Build 7601)
08 May 2015 10:59:19 [12f4] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
08 May 2015 10:59:19 [0b60] - Options Selected by User:
08 May 2015 10:59:19 [0b60] - Memory Check: Enabled
08 May 2015 10:59:19 [0b60] - Registry Check: Enabled
08 May 2015 10:59:19 [0b60] - StartUp Folder Check: Enabled
08 May 2015 10:59:19 [0b60] - System Folder Check: Enabled
08 May 2015 10:59:19 [0b60] - Services Check: Enabled
08 May 2015 10:59:19 [0b60] - Scan Spyware: Enabled
08 May 2015 10:59:19 [0b60] - Scan Archives: Disabled
08 May 2015 10:59:19 [0b60] - Drive Check: Enabled
08 May 2015 10:59:19 [0b60] - All Drive Check :Disabled
08 May 2015 10:59:19 [0b60] - Drive Selected = C:\
08 May 2015 10:59:19 [0b60] - Folder Check: Disabled
08 May 2015 10:59:19 [0b60] - SCAN: All_Files [ANSI]
08 May 2015 10:59:19 [0b60] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
08 May 2015 10:59:19 [0b60] - Scanning DNS Records...
08 May 2015 10:59:19 [0b60] - Scanning Master Boot Record (User)...
08 May 2015 10:59:19 [0b60] - Scanning Logical Boot Records...
08 May 2015 10:59:21 [0b60] - ***** Scanning For Hidden Rootkit Processes *****
08 May 2015 10:59:21 [0b60] - ***** Scanning For Hidden Rootkit Services *****
 
08 May 2015 10:59:26 [0b60] - ***** Scanning Memory Files *****
 
08 May 2015 10:59:31 [0b60] - ***** Scanning Registry Files *****
08 May 2015 10:59:32 [0b60] - ERROR(3)!!! Invalid Entry cmdline = %SystemRoot%\system32\ntvdm.exe (in key HKLM64\SYSTEM\CurrentControlSet\Control\WOW). Action Taken: Removing it.
 
08 May 2015 10:59:33 [0b60] - ***** Scanning StartUp Folders *****
08 May 2015 11:00:14 [0794] - ScanFile (C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\Support\NisLog.txt) took 5725 ms
 
08 May 2015 11:00:28 [0b60] - ***** Scanning Service Files *****
08 May 2015 11:00:30 [0b60] - ERROR(2)!!! Invalid Entry %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\aspnet_state.
08 May 2015 11:00:35 [0b60] - ERROR(2)!!! Invalid Entry \??\D:\[MSI Drivers]\CDriver64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\MSICDSetup.
08 May 2015 11:00:37 [0b60] - ERROR(2)!!! Invalid Entry \??\D:\[MSI Drivers]\NTIOLib_X64.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\NTIOLib_1_0_C.
08 May 2015 11:00:41 [0b60] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
08 May 2015 11:00:44 [0b60] - ***** Scanning Registry and File system for Adware/Spyware *****
08 May 2015 11:00:44 [0b60] - Loading Spyware Signatures from new External Database [Name: C:\Users\drokly\AppData\Local\Temp\spydb.avs, Size: 464724]...
08 May 2015 11:00:44 [0b60] - Indexed Spyware Databases Successfully Created...
 
08 May 2015 11:00:47 [0b60] - Offending Registry Entry found: HKCU\SOFTWARE\Wget
08 May 2015 11:00:47 [0b60] - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: Entries Removed.
08 May 2015 11:00:47 [0b60] - Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.
 
08 May 2015 11:00:47 [0b60] - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
08 May 2015 11:00:47 [0b60] - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Entries Removed.
08 May 2015 11:00:47 [0b60] - Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.
 
08 May 2015 11:00:47 [0b60] - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
08 May 2015 11:00:47 [0b60] - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Entries Removed.
08 May 2015 11:00:47 [0b60] - Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.
 
 
08 May 2015 11:00:47 [0b60] - ***** Scanning Registry Files *****
08 May 2015 11:00:47 [0b60] - ** Possible invalid line [127.0.0.1  validation.sls.microsoft.com] in HOSTS file!
08 May 2015 11:00:47 [0b60] - ** Renamed C:\Windows\system32\drivers\etc\hosts to C:\Windows\system32\drivers\etc\hosts.31554816
08 May 2015 11:00:47 [0b60] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
08 May 2015 11:00:47 [0b60] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
08 May 2015 11:00:47 [0b60] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
08 May 2015 11:00:47 [0b60] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
08 May 2015 11:00:47 [0b60] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
08 May 2015 11:00:47 [0b60] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
08 May 2015 11:00:47 [0b60] - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
08 May 2015 11:00:47 [0b60] - ** Value in 64-bit HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
 
08 May 2015 11:00:47 [0b60] - ***** Scanning System32 Folders *****
 
 
08 May 2015 11:01:29 [0b60] - ***** Scanning Drive C:\ *****
08 May 2015 11:02:00 [117c] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2B8A798D-98AF-42C4-B8DE-87042A82F6FF}\nvcompiler32.dl_) took 6942 ms
08 May 2015 11:02:02 [0794] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2B8A798D-98AF-42C4-B8DE-87042A82F6FF}\nvcompiler.dl_) took 8892 ms
08 May 2015 11:02:04 [0a74] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2B8A798D-98AF-42C4-B8DE-87042A82F6FF}\nvlddmkm.sy_) took 7691 ms
08 May 2015 11:02:05 [0e40] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2B8A798D-98AF-42C4-B8DE-87042A82F6FF}\nvopencl32.dl_) took 5710 ms
08 May 2015 11:02:15 [117c] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{64C60CE6-DEA7-48F5-A2C1-C60D6B226DDB}\nvoglv32.dl_) took 6427 ms
08 May 2015 11:02:18 [0794] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{69BDE4D9-603F-486F-8088-A3AD6404C237}\nvcompiler.dl_) took 6162 ms
08 May 2015 11:02:18 [0e40] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{64C60CE6-DEA7-48F5-A2C1-C60D6B226DDB}\nvoglv64.dl_) took 10140 ms
08 May 2015 11:02:19 [0920] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2B8A798D-98AF-42C4-B8DE-87042A82F6FF}\nvoglv32.dl_) took 22027 ms
08 May 2015 11:02:19 [0920] - Scanning of C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2B8A798D-98AF-42C4-B8DE-87042A82F6FF}\nvoglv32.dl_ Timed out!!!
08 May 2015 11:02:22 [0eec] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{69BDE4D9-603F-486F-8088-A3AD6404C237}\nvd3dumx.dl_) took 6319 ms
08 May 2015 11:02:24 [0984] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{69BDE4D9-603F-486F-8088-A3AD6404C237}\nvopencl32.dl_) took 5288 ms
08 May 2015 11:02:26 [0e40] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{69BDE4D9-603F-486F-8088-A3AD6404C237}\nvoglv64.dl_) took 7145 ms
08 May 2015 11:02:55 [0794] - ScanFile (C:\Program Files (x86)\Battle.net\Battle.net.5746\libcef.dll) took 7441 ms
08 May 2015 11:05:38 [0e40] - ScanFile (C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe) took 5429 ms
08 May 2015 11:09:07 [0a74] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
08 May 2015 11:09:07 [0390] - Scanning File C:\System Volume Information\{5e48e97b-f438-11e4-921e-448a5b8861f0}{3808876b-c176-4e48-b7ae-04046e6cc752}
08 May 2015 11:09:25 [0794] - ScanFile (C:\Users\drokly\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp) took 9219 ms
08 May 2015 12:29:35 [0a74] - ScanFile (C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.1.7601.17514_none_c0f01f501d19ea73\ehexthost.exe) took 6193 ms
08 May 2015 12:29:35 [0920] - ScanFile (C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.1.7600.16385_none_bebf0b88202b66d9\ehexthost.exe) took 6364 ms
 
08 May 2015 12:32:41 [0b60] - ***** Checking for specific ITW Viruses *****
 
08 May 2015 12:32:41 [0b60] - ***** Scanning complete. *****
 
08 May 2015 12:32:41 [0b60] - Total Objects Scanned: 239091
08 May 2015 12:32:41 [0b60] - Total Critical Objects: 3
08 May 2015 12:32:41 [0b60] - Total Disinfected Objects: 0
08 May 2015 12:32:41 [0b60] - Total Objects Renamed: 0
08 May 2015 12:32:41 [0b60] - Total Deleted Objects: 3
08 May 2015 12:32:41 [0b60] - Total Errors: 4
08 May 2015 12:32:41 [0b60] - Time Elapsed: 00:25:38
08 May 2015 12:32:41 [0b60] - Virus Database Date: 08 May 2015
08 May 2015 12:32:41 [0b60] - Virus Database Count: 6058667
08 May 2015 12:32:41 [0b60] - Sign Version: 7.60476 [519228]
 
08 May 2015 12:32:41 [0b60] - Scan Completed.

I was only able to get up to the MWAV scan on your list,  I'll have to continue later tonight.



#4 drokly

drokly
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 08 May 2015 - 11:55 AM

Zemana AntiMalware 2.11.2.62 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/5/8
Operating System      : Windows 7 64-bit
Processor             : 8X AMD FX™-8320 Eight-Core Processor
BIOS Mode             : Legacy
CUID                  : 00C740841A0E964B88388F
Scan Type             : Deep Scan
Duration              : 16m 30s
Scanned Objects       : 50145
Detected Objects      : 1
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Engines               : Zemana, Avira, Eset, Bitdefender, AVG, Kaspersky
Domain Info           : WORKGROUP,1,2
 
 
Detected Objects
-------------------------------------------------------
ninja-setup-3.0.6.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\ninja-setup-3.0.6.exe
   MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
   Publisher          : -
   Size               : 2507200
   Version            : 0.0.0.0
   Detections         : Eset: Win32/OpenCandy potentially unsafe application, Zemana: Adware:Win32/OpenCandy
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\ninja-setup-3.0.6.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0


#5 drokly

drokly
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 08 May 2015 - 11:58 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.8 (05.06.2015:1)
OS: Windows 7 Professional x64
Ran by drokly on Fri 05/08/2015 at 12:55:51.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\drokly\appdata\local\google\chrome\user data\default\local storage\https_inst.shoppingate.info_0.localstorage-journal
Successfully deleted: [File] C:\Users\drokly\appdata\local\google\chrome\user data\default\local storage\https_inst.shoppingate.info_0.localstorage
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/08/2015 at 12:57:57.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 drokly

drokly
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 08 May 2015 - 12:02 PM

  # AdwCleaner v4.203 - Logfile created 08/05/2015 at 13:00:15

# Updated 30/04/2015 by Xplode
# Database : 2015-05-08.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : drokly - DROKLY-PC
# Running from : C:\Users\drokly\Downloads\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\drokly\AppData\Local\Doctor_PC
File Deleted : C:\Users\drokly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage
File Deleted : C:\Users\drokly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : DoctorPC_Popup
Task Deleted : DoctorPC_Start
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Users\drokly\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\drokly\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
-\\ Opera v29.0.1795.47
 
 
*************************
 
AdwCleaner[R0].txt - [1486 bytes] - [08/05/2015 12:58:59]
AdwCleaner[S0].txt - [1425 bytes] - [08/05/2015 13:00:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1484  bytes] ##########


#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 AM

Posted 08 May 2015 - 05:15 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
http://www.eset.com/us/online-scanner/

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users