Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

imptestrm.com page keeps coming up in browsers


  • Please log in to reply
23 replies to this topic

#1 WiredAfrican

WiredAfrican

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 May 2015 - 04:51 AM

Hi everyone,

I did a search for this term in the Bleepingcomputer forum "imptestrm.com" and nothing came up so am creating a new post.

When I try load a webpage hosted on hostgator I keep getting a "search and advertising page" that is created from imptestrm.com. When I look at the html source it has imptestrm.com and rmgserving.com in it.

 

If I go to the same URL using my mobile and not through my ISP or modem/router then it loads the correct web page. Somehow it's being redirected to this imptestrm.com advertising page and I can't find where or how.

Please help me if you can.

Thanks!

 

p.s. I've posted the source underneath....

 

  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">   <html xmlns="http://www.w3.org/1999/xhtml" data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKrfIMFkSaoTSqKmC+BrghK0CpDHc0MuVzmMHin8LIORhpXbped+iYhSnZurWnEO0zcKcVIrzp026LVc5pMB9bUCAwEAAQ==_oJiknclgtiPrRDX8ptlOvbfWA/6nr3yr7iffW1gKjzp+ZcZWwIp2c4qjAWsOvQp21FLOvz6dNEGrLUSA2UaW8A==">   <head><title>gideonmalherbe.com</title>   <meta http-equiv="Content-Type" content="text/html; charset=">   <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">   <style type="text/css">   *{ padding:0; margin:0; list-style:none; font-family:Arial}   .clr { clear:both}   body { background:url(http://d.rmgserving.com/rmgpsc/1582/body-bg.gif) #cccccc repeat-x}   #wrapper { background:#f2f2f2; width:950px; margin:0 auto}   #header { height:75px; border-top:4px solid #358a35; background:#fff}   h1.domain-nm { word-wrap: break-word;   overflow: hidden;   height: 65px;   padding-top: 10px;   font-size: 25px;   color: #55A654;   width: 405px;   padding-left: 15px;   float: left;}   #main-nav { padding:10px 10px 0 10px}   #left-nav { width:300px; float:left}   #right-nav {width:300px; float:left}   .lft{background:url(http://a.rmgserving.com/rmgpsc/1582/left-nav-bg.gif) no-repeat; width:300px; float:left; height:219px; padding:14px 0 0 10px}   .rgt{background:url(http://c.rmgserving.com/rmgpsc/1582/right-nav-bg.gif) no-repeat; width:300px; float:left; height:219px; padding:14px 0 0 10px}       #main-img { width:305px; float:left}   #secondary-links { padding:0px 10px 10px 10px}   .block { width:427px; padding:10px 15px 10px 15px; background:#fff; float:left; margin-right:15px}   .block-b { width:427px; padding:10px 15px 10px 15px; background:#fff; float:left}   .thumbnail { padding-right:20px; float:left}   .keyword-wrapper { float:left; width:305px}   #footer { background:url(http://d.rmgserving.com/rmgpsc/1582/footer-bg.gif) repeat-x; padding:15px 10px 0px 10px; height:72px !important; padding-left:100px}   .privacy { padding-top:15px; text-align:center; background:#CCCCCC}   .privacy a { font-size:12px; color:#5d6369; text-decoration:none}   .privacy a:hover { text-decoration:underline}   .srch-wrapper {margin-top:10px; float:right; width: 500px; *width: 514px; height:26px !important; /*background:url(http://a.rmgserving.com/rmgpsc/7815/srchbox.gif) 0 0 no-repeat;*/ padding:3px 16px 0 0}       .custom-msg { background:#fdffec; border-bottom: 1px solid #ffe594;border-top: 1px solid #ffe594; color:#000000; text-align: center; font-size: 11px; padding:10px 0px}   .custom-msg a { text-decoration: none; color:#CC0000; font-size: 11px}   .custom-msg a:hover { text-decoration: underline}   .custom-footer-msg { text-align:center; width:99.98%; padding:20px 0; color:#535353}   .custom-footer-msg a { color:#8f8f8f; text-decoration:underline}   .custom-footer-msg a:hover { text-decoration:none}   #for-sale-wrapper { background:url(http://d.rmgserving.com/rmgpsc/1657/top-yellow-bg.gif) repeat-x; height:40px}   #notice { width:960px; margin:0 auto; padding-top:10px; text-align:center}   #notice p { color:#000; font-size:12px; font-weight:bold}   #notice p a { color:#0099cc; font-size:12px; text-decoration:underline}   #notice p a:hover { text-decoration:none}   </style>   <script type="text/javascript" src="http://www.google.com/adsense/domains/caf.js"></script></head>   <body onload="" onunload="" onBeforeUnload="">   <noscript><meta http-equiv="refresh" content="0;url=http://imptestrm.com/rg-erdr.php?_rpo=T nFwzFZe&_rdm=QWB4WBsNf93a5.JvV&p=J1c4gcNvvUVf4W1FzoFgXo%3D9%7C%40%7CbFbGFA%2C5f95Gz%7C%40%7CsW4fvBV1aXfN%2Ff.JvV%7C%40%7CfB%7C%40%7C%7C%40%7CFtEEtEHFZ%7C%40%7CZEZGA%7C%40%7CpM%7C%40%7C19c4NW4cGFGAGHzbAFHEbzAG%7C%40%7CT+nZGtZMw%7C%40%7CT+7RyFj_T&ga=d87ATyxM0PSW3ZT6oHC4lJq5VYp2FQMjQ1XrZ1RSvfxpv3dcr9uWOPKZW%2FxtBWdi%2FejL3ZKwCBVDxprCZiSYZro35wMjUTXQI7mQkln%2FgmIFM0Q1FWleGhmhRWyUq7uFrhhTICyRxDLOUpHXZrbYDrHHFNdjD3tbDbBXwD1dtwZ7msiZCintW5EwlvDZPjsI3TiTA3XoLZppXEkJW1WJ%2Fw%3D%3D&t=gnojs" /><center><p style="padding:1em; font-size:1.5em;">For search results please <a href="http://imptestrm.com/rg-erdr.php?_rpo=T nFwzFZe&_rdm=QWB4WBsNf93a5.JvV&p=J1c4gcNvvUVf4W1FzoFgXo%3D9%7C%40%7CbFbGFA%2C5f95Gz%7C%40%7CsW4fvBV1aXfN%2Ff.JvV%7C%40%7CfB%7C%40%7C%7C%40%7CFtEEtEHFZ%7C%40%7CZEZGA%7C%40%7CpM%7C%40%7C19c4NW4cGFGAGHzbAFHEbzAG%7C%40%7CT+nZGtZMw%7C%40%7CT+7RyFj_T&ga=d87ATyxM0PSW3ZT6oHC4lJq5VYp2FQMjQ1XrZ1RSvfxpv3dcr9uWOPKZW%2FxtBWdi%2FejL3ZKwCBVDxprCZiSYZro35wMjUTXQI7mQkln%2FgmIFM0Q1FWleGhmhRWyUq7uFrhhTICyRxDLOUpHXZrbYDrHHFNdjD3tbDbBXwD1dtwZ7msiZCintW5EwlvDZPjsI3TiTA3XoLZppXEkJW1WJ%2Fw%3D%3D&t=gnojs" style="text-decoration:underline; color:#0000EE;">CLICK HERE</a>.</p></center></noscript> <script type="text/javascript" language="javascript">   function __gpup(url, height, width, name) { sw=window.open(url,name,'height='+height+',width='+width+',location=no,toolbar=0,resizable=1,scrollbars=1');if (window.focus) {sw.focus()}; return false;};   </script>       <!-- Wrapper Starts Here -->   <div id="wrapper">       <!-- Header Starts Here -->   <div id="header">   <h1 class="domain-nm">gideonmalherbe.com</h1>   <div class="srch-wrapper" id="searchbox"></div>   <div class="clr"></div>   </div>   <!-- Header Ends Here -->   <script text="text/javascript" >       var design = {   'pageOptions':{   // Required params.   'pubId' : '',   'resultsPageBaseUrl' : '',   // Optional params.   'fontFamily' : 'arial',   'hl' : 'en',   'maxTermLength' : 20,   'adtest' : 'on',   'clicktrackUrl' : '',   'fontFamilyAttribution' : 'Arial',   'type' : 'pageoptions',   'pageLoadedCallback' : function(requestAccepted, status) {   // Show whole page after CAF ads come back.   document.body.style.visibility = 'visible';   if (!requestAccepted) {   // Handle blocked requests, for example backfill with other ads.   // alert('page request is blocked')   }   }   },       'searchboxBlock':{   // Required params.   'container' : 'searchbox',   'type' : 'searchbox',   'fontSizeSearchInput' : 13,   'fontSizeSearchButton' : 14,   'widthSearchInput' : 245,   'colorSearchButton' : '#dbdbdb',   'colorSearchButtonText' : '#7d7b7b',   'hideSearchInputBorder' : false,   'colorBackground' : 'transparent',   'hideSearchButtonBorder' : false   },       'lftrsblock':{   // Required params.   'container' : 'left-nav',   'type' : 'relatedsearch',   // Optional params.   'number' : 4,   'fontSizeTitle' : 15,   'colorTitleLink' : '#ffffff',   'noTitleUnderline' : true,   'titleBold': true,   'lineHeightTitle' : 30,   'fontFamily': 'Arial',   'fontSizeAttribution' : 11,   'colorAttribution' : '#ffffff',   'colorBackground' : 'transparent',   'adIconUrl': 'http://afs.googleusercontent.com/dp-rookmedia/caf-arrow-v1.gif'   'adIconWidth': 12,   'adIconHeight': 12,   'adIconSpacingAbove' : 8,   'adIconSpacingAfter' : 10,   'rolloverLinkUnderline' : true,   'colorAdSeparator': '#227e22'   },       'rghtrsblock':{   // Required params.   'container' : 'right-nav',   'type' : 'relatedsearch',   // Optional params.   'number' : 4,   'fontSizeTitle' : 15,   'colorTitleLink' : '#ffffff',   'noTitleUnderline' : true,   'titleBold': true,   'lineHeightTitle' : 30,   'fontFamily': 'Arial',   'fontSizeAttribution' : 11,   'colorAttribution' : '#ffffff',   'colorBackground' : 'transparent',   'adIconUrl': 'http://afs.googleusercontent.com/dp-rookmedia/caf-arrow-v2.gif'   'adIconWidth': 12,   'adIconHeight': 12,   'adIconSpacingAbove' : 8,   'adIconSpacingAfter' : 10,   'rolloverLinkUnderline' : true,   'colorAdSeparator': '#424242'   },       'midrsblk1':{   // Required params.   'container' : 'midblk1',   'type' : 'relatedsearch',   // Optional params.   'number' : 2,   'fontSizeTitle' : 13,   'lineHeightTitle' : 18,   'colorTitleLink' : '#0099cc',   'noTitleUnderline' : true,   'titleBold': true,   'adIconUrl': 'http://afs.googleusercontent.com/dp-rookmedia/caf-arrow-v3.gif'   'adIconWidth': 8,   'adIconHeight': 8,   'adIconSpacingAbove' : 5,   'adIconSpacingAfter' : 8,   'fontFamily': 'Arial',   'fontSizeAttribution' : 12,   'colorBackground' : 'transparent',   'colorAttribution' : '#343434',   'attributionBold' : false,   'verticalSpacing' : 5,   'rolloverLinkUnderline' : true   },       'midrsblk2':{   // Required params.   'container' : 'midblk2',   'type' : 'relatedsearch',   // Optional params.   'number' : 2,   'fontSizeTitle' : 13,   'lineHeightTitle' : 18,   'colorTitleLink' : '#0099cc',   'noTitleUnderline' : true,   'titleBold': true,   'adIconUrl': 'http://afs.googleusercontent.com/dp-rookmedia/caf-arrow-v3.gif'   'adIconWidth': 8,   'adIconHeight':8,   'adIconSpacingAbove' : 5,   'adIconSpacingAfter' : 8,   'fontFamily': 'Arial',   'fontSizeAttribution' : 12,   'colorBackground' : 'transparent',   'colorAttribution' : '#343434',   'attributionBold' : false,   'verticalSpacing' : 5,   'rolloverLinkUnderline' : true   },       'bttmrsblock':{   // Required params.   'container' : 'footer',   'type' : 'relatedsearch',   // Optional params.   'number' : 4,   'horizontalFlow' : true,   'fontSizeTitle' : 12,   'lineHeightTitle' : 15,   'colorTitleLink' : '#343434',   'noTitleUnderline' : true,   'titleBold': true,   'fontFamily': 'Arial',   'fontSizeAttribution' : 12,   'attributionBold' : false,   'colorBackground' : 'transparent',   'colorAttribution' : '#343434',   'horizontalAlignment': 'center',   'columnSpacing' : 10,       'rolloverLinkUnderline' : true   }   };   </script> <!-- Main Navigation Starts Here -->   <div id="main-nav">   <div class="lft">   <div id="left-nav"></div>   </div>   <div id="main-img">   <img src='http://b.rmgserving.com/rmgisc/5185_5008_Project-Management-big.jpg' width="305" height="200" id='image1' alt='image1' title='image1' />   </div>   <div class="rgt">   <div id="right-nav"></div>   </div>   <div class="clr"></div>   </div>   <!-- Main Navigation Ends Here -->       <!-- Secondary Navigation Starts Here -->   <div id="secondary-links">   <div class="block">   <div class="thumbnail"><img src='http://d.rmgserving.com/rmgisc/5192_5013_Business-Planning-tn.jpg' width="100" height="80" id='image2' alt='image2' title='image2' /></div>   <div class="keyword-wrapper" id="midblk1"></div>   <div class="clr"></div>   </div>   <div class="block-b">   <div class="thumbnail"><img src='http://b.rmgserving.com/rmgisc/5191_5015_Business-Consultant-tn.jpg' width="100" height="80" id='image3' alt='image3' title='image3' /></div>   <div class="keyword-wrapper" id="midblk2"></div>   <div class="clr"></div>   </div>   <div class="clr"></div>   </div>   <!-- Secondary Navigation Ends Here -->       <!-- Footer Starts Here -->   <div id="footer">   <div class="clr"></div>   </div>   <!-- Footer Ends Here -->   <div class="privacy"><a href="#" onclick="return __gpup('http://imptestrm.com/rmgdsc/rprivacypolicy.php,600,800,rpp');">Privacy Policy</a></div>       </div>   <!-- Wrapper Ends Here -->   <script type="text/javascript" language="javascript">   window._debug=false; window._dumpdata=false;   var _cflp = true;   var pgld = true;   var totRS = -1;   var cntRS = 0;   var _cfstc = false;   var _cfblocker = true;   var _cfrg =false;   var _cfHelp = _cfHelp || {};   _cfHelp.design = design || {};   _cfHelp.servVars= {"webadfl":"webads.php","_clhdl":"http:\/\/imptestrm.com\/rg-cltrack.php?&gr=%5B%7Crdr_url%7C%5D&gm=7Bc4RAqYXn3oWRTLmahqvcGOH9S8L2AkcyySnB%2BpuP%2BRaYqzcO5ncP%2FehWviyAwIYenrnl0S%2FBq0CEyhe6MoDriY3k%2BUKJhKWIsoFd6frzAS8CpL39RmciwQ55r8rR0acLWmzmOP1X%2FiSrqiBcnJj7ETLOkTP2uihg8UJTObDPq4dCzSWaF3tsQ0jfpGyPOU&gc=11191796599353300539498&gi=gKj32ykLxO%2FGuVdoPG4OKLADyVPALDcmBnfwIEc0g97iE45ElWgWiTNL22dlhyli%2Fhq0tCYdkk68KHb9IIGAoEDNoKITUcLvUc9%2BiVWk%2Flw97rUE%2F6kYnfqIUU8DtiglbBXGLjKRpmAm4NHe0sLlQxo0wPZmtsUQ9V1ANq0JyiS1P%2BSLvzzUHWt8d6nUZMtZrtCMzc52EcaR70ayIc%2F1ozixplYVrxi3hLTZb%2FS1XeSk2dhIAuE%2FyY8rcAjl7GrcmueGEp7l8YZRVTXhgK%2BMwAQpWwdo4CSyKJSDhtDNMjz43AVqQD%2BHG3Iyo9FzNWKurAsD8G3AO5l6%2BPNdOVL0gg%3D%3D","kchst":"http:\/\/imptestrm.com\/","kcpg":"render","kcprm":"ga=d87ATyxM0PSW3ZT6oHC4lJq5VYp2FQMjQ1XrZ1RSvfxpv3dcr9uWOPKZW%2FxtBWdi%2FejL3ZKwCBVDxprCZiSYZro35wMjUTXQI7mQkln%2FgmIFM0Q1FWleGhmhRWyUq7uFrhhTICyRxDLOUpHXZrbYDrHHFNdjD3tbDbBXwD1dtwZ7msiZCintW5EwlvDZPjsI3TiTA3XoLZppXEkJW1WJ%2Fw%3D%3D&gqsg=mI9aBA%2BwCzOGAG6VOLM9zzd8lHRRw96tXKrdFQffWDVQW3ETxhPT3pkethRAyRjq&maxads=0&gerf=hLGFtDm28uiKpRiVDjoBE69WbKgSB2f8uCwMC6lV9MVbXMg8VWzQ0V%2FZgtCTUSps&d_bkt=9727&_srg=1&bkt=9727&cf_session=CiYKEwiMmpOpgNDFAhVPmrwKHdvFAK4YBHGwlCqKio1vknjc66_jAxIZAG06ipAXhvNXQEGrGnuBNmCBBJjGqFlEDg&ref=&cf_drid=as-drid-2328251083540182","jtchdl":"0","lkwtkn":null,"qry":null,"cntry":"AU","prvid":64628,"lgky":"QUdhbjY4MFhrY2dJNEwzVVdiMW13MXJLV2RWeWxsbFVsTHZJRldxeFBldDM0dTkwZEFkY1VWeE12Mk1zUEFCazVFMUJza0dreGdjSWpKRmYyUWp6VlJhQXVTQ3VEQURYSTZkSkdIQ3R5c0hYdlQrRDZCbzFGUHQ0YW9oa25vcGVKWVlCd1c2SHQ0U2t1Y0JpMnpXVjBMbGxXUzYyQXNYa2ZuMk54dUpQN1pvPQ%3D%3D","_aftrprss":"","wclhdl":"http:\/\/imptestrm.com\/webclk?&gr=%5B%7Crdr_url%7C%5D&gm=zOKPCV3dgqijyrS5QA%2BhqRfeDJM3WlX4WbMGonxWD30%2Be9Yj59AhQC1tDPXWpcVviRqR71852Y4ngjQfVUOVEYYpgywb%2BOGjU20Pnhn3OI%2BvBFcXmHfVbyhmVd7hpbIe9LxaqJSV1diXEt6jZ%2FT41aDwuBIRP0GBosKzvc0nrhxY%2B6sImnzdz44Q3PnQw5bc&gc=11191796599353300539964&gi=2cKkOMzWVDzN9l5KTbl%2FmFVt%2BfaHT9Igd6w%2FU3EhnIres4d2KAQhK7hhx49Qh6gNNHe2HnRtOnHC5qNdHaA9MZZwYyw8r0JoX9jVv7qJrfYzpT1rIPJ8BrwVXmA%2FDk1lQmO1%2BQywchEgra8Q6pn2SVdTQMvIhRddfNGPPrjV2jsSqcdodLlGia55rHJRtB0d%2FhKK5SZH95PFmt99uszKz%2B92eXLNWVhC1b%2FFi00D8gGUSLrUo73n%2BqXSQx%2F129qdSGFwudiUfRDnjXqElbmxslNP1KX9GgZ3es7p8oXEIuwGGKkAMErfRgKxAUZQOC2%2FIIEctl6PH7kWFZYV6UxLkg%3D%3D","is_webad_enabled":0,"loaderimage":"http:\/\/d.rmgserving.com\/rmgisc\/loader.gif","_afdad":1,"erpub":"ca-dp-rookmedia31_3ph_adult_js","erch":"030617","erpubcln":"ca-dp-rookmedia31_3ph_js","erchcln":"50392","ghu":"http:\/\/imptestrm.com\/rg-erdr.php?_rpo=T nFwzFZe&_rdm=QWB4WBsNf93a5.JvV&p=J1c4gcNvvUVf4W1FzoFgXo%3D9%7C%40%7CbFbGFA%2C5f95Gz%7C%40%7CsW4fvBV1aXfN%2Ff.JvV%7C%40%7CfB%7C%40%7C%7C%40%7CFtEEtEHFZ%7C%40%7CZEZGA%7C%40%7CpM%7C%40%7C19c4NW4cGFGAGHzbAFHEbzAG%7C%40%7CT+nZGtZMw%7C%40%7CT+7RyFj_T&ga=d87ATyxM0PSW3ZT6oHC4lJq5VYp2FQMjQ1XrZ1RSvfxpv3dcr9uWOPKZW%2FxtBWdi%2FejL3ZKwCBVDxprCZiSYZro35wMjUTXQI7mQkln%2FgmIFM0Q1FWleGhmhRWyUq7uFrhhTICyRxDLOUpHXZrbYDrHHFNdjD3tbDbBXwD1dtwZ7msiZCintW5EwlvDZPjsI3TiTA3XoLZppXEkJW1WJ%2Fw%3D%3D"};   _cfHelp.newOpts = {   "pageoptions": {"kw":"gideon+malherbe","pubId":"dp-rookmedia31_3ph_js","channel":"030238,test21","hl":"en","adtest":"off","resultsPageBaseUrl":"http:\/\/imptestrm.com\/?ga=d87ATyxM0PSW3ZT6oHC4lJq5VYp2FQMjQ1XrZ1RSvfxpv3dcr9uWOPKZW%2FxtBWdi%2FejL3ZKwCBVDxprCZiSYZro35wMjUTXQI7mQkln%2FgmIFM0Q1FWleGhmhRWyUq7uFrhhTICyRxDLOUpHXZrbYDrHHFNdjD3tbDbBXwD1dtwZ7msiZCintW5EwlvDZPjsI3TiTA3XoLZppXEkJW1WJ%2Fw%3D%3D&gqsg=mI9aBA%2BwCzOGAG6VOLM9zzd8lHRRw96tXKrdFQffWDVQW3ETxhPT3pkethRAyRjq&maxads=0&gerf=c6QbuCWCt%2BX5WVBxYmPVOUtmtfh4KQP58LUhjdci4f0RP%2Bc%2BqTOCJQlMQw%2FGoqIk&d_bkt=9727&_srg=1&bkt=9727&cf_session=CiYKEwiMmpOpgNDFAhVPmrwKHdvFAK4YBHGwlCqKio1vknjc66_jAxIZAG06ipAXhvNXQEGrGnuBNmCBBJjGqFlEDg&ref=&cf_drid=as-drid-2328251083540182","clicktrackUrl":"http:\/\/imptestrm.com\/rg-cltrack.php?&gr=http%3A%2F%2Fgoogle.com%2F%3FRMGcaf%261432114335&gm=Ay8HyJ867tuVtg%2B9YdHvaSNJp6EpwBXI%2Bux3swrBjVWwQLigaBLnRCfObPiUcSjzFUL2EW3CgplYusEjWod1UuuDVw8XlQJ5ZPe45DiZFyTb9r3FE5a%2Fpegn9DvZT236YEFMftCZhZUfG%2FnEak9gb%2FPAbOydm9dx%2FsKAY5nyJnSXreMT69wcEfHi0c%2BJitmn&gc=11191796599353300539868&gi=xPcnMRokAhJaYtdrhUG0dqq1MBt%2B4vDFFGus19OfZshCIbVcwss%2ByfOgLivD0wBYVhox6jAZAuHgpBWBnSAzMgCBsFWorQfvOOOs03qc9EFAakcXtG5kpLbe7PAsFkC5CW7YHb1XMFiJJhUjEsOvPPEoRVg6LQkKoic%2Ff%2FvXGffrUY1uCW%2F0CfFl%2Bkj49AQeOxMFvcPI0yVdqzsnJIS0iSkNdPj6k5EGypWhT5DCpzt%2B6uQ5DrM5zIsRz8cmShVEGXBjBZ72%2FVvm9M96dcXwGRy%2F47wllesGoL2x4DJfWQqUavwW9jL2LvP%2Bze67rDms3AFrLN3xTDfEACvReVpyzpKxLjqN%2F4mVktBXWNKhvmQQ1Cqvr6PY8CgGg68fEO%2F1","domainRegistrant":"as-drid-2328251083540182","uiOptimize":false,"domainSessionToken":"CiYKEwiMmpOpgNDFAhVPmrwKHdvFAK4YBHGwlCqKio1vknjc66_jAxIZAG06ipAXhvNXQEGrGnuBNmCBBJjGqFlEDg","domainName":"gideonmalherbe.com"} ,   "relatedsearch" :{ "adLoadedCallback": function (cnm, ld) {if(pgld && !ld && _cfrg && !_cfstc && _cflp){cntRS++;if(cntRS >= totRS && totRS!= -1 ){window.location="http://imptestrm.com/?_stc_=1"}}}},   "textads" : {"adLoadedCallback": function (cnm, ld) {} },   "imagead" : {"adLoadedCallback": function (cnm, ld) {}},   "ads" : { "adLoadedCallback": function (cnm, ld) {}}   };       _cfHelp.newOpts.pageoptions["pageLoadedCallback"] = function(requestAccepted, status) { this.onPageLoad(requestAccepted, status); _cfblocker=false};   </script>   <script type="text/javascript" src="http://c.rmgserving.com/rmgdsc/newcafv1.js?1.0"></script> </body>   </html>


Edited by WiredAfrican, 20 May 2015 - 04:52 AM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 20 May 2015 - 04:59 AM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 WiredAfrican

WiredAfrican
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 May 2015 - 06:26 AM

Thanks. Busy with steps now.



#4 WiredAfrican

WiredAfrican
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 May 2015 - 08:34 AM

MWAVE log (excluding clean file logs containing confidential data). I notice a second DHCP Nameserver entry.....

"20 May 2015 21:18:24 [17c4] - Interface1 DHCPNameServer: 209.222.18.222 209.222.18.218"

I don't recognize the IP addresses (209.222.18.218/222). Looks a bit weird, but perhaps from Private Internet Access (PIA)?

 

 

 

20 May 2015 21:18:24 [17c4] - **********************************************************
20 May 2015 21:18:24 [17c4] - MWAV - eScanAV AntiVirus Toolkit.
20 May 2015 21:18:24 [17c4] - Copyright © MicroWorld Technologies
20 May 2015 21:18:24 [17c4] - **********************************************************
20 May 2015 21:18:24 [17c4] - Source: F:\Temp\INSTAL~1\ANTIMA~1\mwav.exe
20 May 2015 21:18:24 [17c4] - Version 14.0.178 (C:\USERS\WIREDAFRICAN\APPDATA\LOCAL\TEMP\MEXE.COM)
20 May 2015 21:18:24 [17c4] - Log File: C:\Users\Wiredafrican\AppData\Local\Temp\MWAV.LOG
20 May 2015 21:18:24 [17c4] - MWAV Registered: TRUE
20 May 2015 21:18:24 [17c4] - User Account: Wiredafrican (Administrator Mode)
20 May 2015 21:18:24 [17c4] - OS Type: Windows Workstation [InstallType: Client]
20 May 2015 21:18:24 [17c4] - OS: Windows 7 [OS Install Date: 29 Sep 2013 13:34:39]
20 May 2015 21:18:24 [17c4] - Ver: Personal Service Pack 1 (Build 7601)
20 May 2015 21:18:24 [17c4] - System Up Time: 3 Minutes, 58 Seconds
20 May 2015 21:18:24 [17c4] - Parent Process Name : F:\Temp\Installation Files\Antimalware\mwav.exe
20 May 2015 21:18:24 [17c4] - Windows Root  Folder: C:\Windows
20 May 2015 21:18:24 [17c4] - Windows Sys32 Folder: C:\Windows\system32
20 May 2015 21:18:24 [17c4] - DHCP NameServer: 192.168.1.253
20 May 2015 21:18:24 [17c4] - Interface0 DHCPNameServer: 192.168.1.253
20 May 2015 21:18:24 [17c4] - Interface1 DHCPNameServer: 209.222.18.222 209.222.18.218
20 May 2015 21:18:24 [17c4] - Local Fixed Drives: c:\,e:\,f:\
20 May 2015 21:18:24 [17c4] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
20 May 2015 21:18:24 [17c4] - [CREATED ZIP FILE: C:\Users\Wiredafrican\AppData\Local\Temp\pinfect.zip]
20 May 2015 21:18:24 [17c4] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
20 May 2015 21:18:27 [17c4] - ** Changed Value of "Path"
20 May 2015 21:18:27 [17c4] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Wiredafrican\AppData\Local\Temp\ESCANDB.LOG]
20 May 2015 21:18:27 [17c4] - Loaded/Created FileScan Cache Database...
20 May 2015 21:18:27 [17c4] - Loading AV Library [DB]...
20 May 2015 21:18:44 [17c4] - ArchiveScan: DISABLED
20 May 2015 21:18:44 [17c4] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
20 May 2015 21:18:44 [17c4] - MWAV doing self scanning...
20 May 2015 21:18:44 [17c4] - MWAV files are clean.
20 May 2015 21:18:50 [17c4] - ArchiveScan: DISABLED
20 May 2015 21:18:50 [17c4] - Virus Database Date: 03 Mar 2015
20 May 2015 21:18:50 [17c4] - Virus Database Count: 6701505
20 May 2015 21:18:50 [17c4] - Sign Version: 7.59505 [518257]
20 May 2015 21:19:29 [17c4] - Downloading AntiVirus and Anti-Spyware Databases...
20 May 2015 21:30:45 [17c4] - Update Successful...
20 May 2015 21:33:38 [17c4] - Indexed Spyware Databases Successfully Created...
20 May 2015 21:33:38 [17c4] - Old Sign Version: 7.59505 New Sign Version: 7.60672
20 May 2015 21:33:49 [17c4] - Reload of AntiVirus Signatures successfully done.
20 May 2015 21:33:49 [17c4] - Virus Database Date: 20 May 2015
20 May 2015 21:33:49 [17c4] - Virus Database Count: 5523549
20 May 2015 21:33:49 [17c4] - Sign Version: 7.60672 [519424]
 
20 May 2015 21:34:11 [17c4] - **********************************************************
20 May 2015 21:34:11 [17c4] - MWAV - eScanAV AntiVirus Toolkit.
20 May 2015 21:34:11 [17c4] - Copyright © MicroWorld Technologies
20 May 2015 21:34:11 [17c4] - 
20 May 2015 21:34:11 [17c4] - Support: support@escanav.com
20 May 2015 21:34:11 [17c4] - Web: http://www.escanav.com
20 May 2015 21:34:11 [17c4] - **********************************************************
20 May 2015 21:34:11 [17c4] - Version 14.0.178[DB] (C:\USERS\WIREDAFRICAN\APPDATA\LOCAL\TEMP\MEXE.COM)
20 May 2015 21:34:11 [17c4] - Log File: C:\Users\Wiredafrican\AppData\Local\Temp\MWAV.LOG
20 May 2015 21:34:11 [17c4] - User Account: Wiredafrican (Administrator Mode)
20 May 2015 21:34:11 [17c4] - Parent Process Name : F:\Temp\Installation Files\Antimalware\mwav.exe
20 May 2015 21:34:11 [17c4] - Windows Root  Folder: C:\Windows
20 May 2015 21:34:11 [17c4] - Windows Sys32 Folder: C:\Windows\system32
20 May 2015 21:34:11 [17c4] - OS: Windows 7 [OS Install Date: 29 Sep 2013 13:34:39]
20 May 2015 21:34:11 [17c4] - Ver: Personal Service Pack 1 (Build 7601)
20 May 2015 21:34:11 [17c4] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
20 May 2015 21:34:30 [0428] - Options Selected by User:
20 May 2015 21:34:30 [0428] - Memory Check: Enabled
20 May 2015 21:34:30 [0428] - Registry Check: Enabled
20 May 2015 21:34:30 [0428] - StartUp Folder Check: Enabled
20 May 2015 21:34:30 [0428] - System Folder Check: Enabled
20 May 2015 21:34:30 [0428] - Services Check: Enabled
20 May 2015 21:34:30 [0428] - Scan Spyware: Enabled
20 May 2015 21:34:30 [0428] - Scan Archives: Disabled
20 May 2015 21:34:30 [0428] - Drive Check: Disabled
20 May 2015 21:34:30 [0428] - All Drive Check :Enabled
20 May 2015 21:34:30 [0428] - Folder Check: Disabled
20 May 2015 21:34:30 [0428] - SCAN: All_Files [ANSI]
20 May 2015 21:34:30 [0428] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
20 May 2015 21:34:30 [0428] - Scanning DNS Records...
20 May 2015 21:34:30 [0428] - Scanning Master Boot Record (Kernel)...
20 May 2015 21:34:30 [0428] - Scanning Logical Boot Records...
20 May 2015 21:34:31 [0428] - ***** Scanning For Hidden Rootkit Processes *****
20 May 2015 21:34:31 [0428] - ***** Scanning For Hidden Rootkit Services *****
 
20 May 2015 21:34:32 [0428] - ***** Scanning Memory Files *****
 
20 May 2015 21:34:42 [0428] - ***** Scanning Registry Files *****
20 May 2015 21:34:42 [0428] - Invalid Entry DLLName = igfxdev.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui). Action Taken: Deleting 
Registry Key igfxcui.
 
20 May 2015 21:34:43 [0428] - ***** Scanning StartUp Folders *****
20 May 2015 21:36:03 [1984] - C:\Users\Wiredafrican\AppData\Roaming\DVDFab9\regRecord\localuse9157.rec not Scanned. Possibly password protected...
20 May 2015 21:36:03 [190c] - C:\Users\Wiredafrican\AppData\Roaming\DVDFab9\regRecord\localuse9063.rec not Scanned. Possibly password protected...
20 May 2015 21:36:03 [19a4] - C:\Users\Wiredafrican\AppData\Roaming\DVDFab9\regRecord\localuse9168.rec not Scanned. Possibly password protected...
20 May 2015 21:36:03 [19c0] - C:\Users\Wiredafrican\AppData\Roaming\DVDFab9\regRecord\localuse9181.rec not Scanned. Possibly password protected...
20 May 2015 21:36:03 [19c4] - C:\Users\Wiredafrican\AppData\Roaming\DVDFab9\regRecord\localuse9171.rec not Scanned. Possibly password protected...
20 May 2015 21:36:03 [19ac] - C:\Users\Wiredafrican\AppData\Roaming\DVDFab9\regRecord\localuse9196.rec not Scanned. Possibly password protected...
 
20 May 2015 21:36:16 [0428] - ***** Scanning Service Files *****
20 May 2015 21:36:33 [0428] - Giving rights(a) to [HKLM\SYSTEM\CurrentControlSet\Services\TrkWks].
 
20 May 2015 21:36:37 [0428] - ***** Scanning Registry and File system for Adware/Spyware *****
20 May 2015 21:36:37 [0428] - Loading Spyware Signatures from new External Database [Name: C:\Users\WIREDA~1\AppData\Local\Temp\spydb.avs, Size: 464724]...
20 May 2015 21:36:37 [0428] - Indexed Spyware Databases Successfully Created...
 
20 May 2015 21:36:38 [0428] - Offending file found: C:\Users\Wiredafrican\AppData\Roaming\.crazycraft\saves\New World---\JABBA\lock.dat
20 May 2015 21:36:38 [0428] - System found infected with WinFixer/ErrorSafe Adware (lock.dat)! Action taken: File Deleted.
20 May 2015 21:36:38 [0428] - Object "WinFixer/ErrorSafe Adware" found in File System! Action Taken: File Deleted.
 
20 May 2015 21:36:39 [0428] - Offending Folder found: C:\Users\Wiredafrican\AppData\Roaming\.crazycraft2\mods\resources\ruins
20 May 2015 21:36:39 [0428] - Deltree of Folder C:\Users\Wiredafrican\AppData\Roaming\.crazycraft2\mods\resources\ruins...
20 May 2015 21:36:39 [0428] - Object "WareOut Adware" found in File System! Action Taken: Entries Removed.
 
20 May 2015 21:36:39 [0428] - Offending file found: C:\Users\Wiredafrican\AppData\Roaming\.crazycraft2\saves\best world\JABBA\lock.dat
20 May 2015 21:36:39 [0428] - System found infected with WinFixer/ErrorSafe Adware (lock.dat)! Action taken: File Deleted.
20 May 2015 21:36:39 [0428] - Object "WinFixer/ErrorSafe Adware" found in File System! Action Taken: File Deleted.
 
20 May 2015 21:36:39 [0428] - Offending file found: C:\Users\Wiredafrican\AppData\Roaming\.crazycraft2\saves\fgsdttyjhts\JABBA\lock.dat
20 May 2015 21:36:39 [0428] - System found infected with WinFixer/ErrorSafe Adware (lock.dat)! Action taken: File Deleted.
20 May 2015 21:36:39 [0428] - Object "WinFixer/ErrorSafe Adware" found in File System! Action Taken: File Deleted.
 
20 May 2015 21:36:39 [0428] - Offending file found: C:\Users\Wiredafrican\AppData\Roaming\.crazycraft2\saves\New World\JABBA\lock.dat
20 May 2015 21:36:39 [0428] - System found infected with WinFixer/ErrorSafe Adware (lock.dat)! Action taken: File Deleted.
20 May 2015 21:36:39 [0428] - Object "WinFixer/ErrorSafe Adware" found in File System! Action Taken: File Deleted.
 
20 May 2015 21:36:39 [0428] - Offending file found: C:\Users\Wiredafrican\AppData\Roaming\.crazycraft2\saves\New World-\JABBA\lock.dat
20 May 2015 21:36:39 [0428] - System found infected with WinFixer/ErrorSafe Adware (lock.dat)! Action taken: File Deleted.
20 May 2015 21:36:39 [0428] - Object "WinFixer/ErrorSafe Adware" found in File System! Action Taken: File Deleted.
 
20 May 2015 21:36:39 [0428] - Offending file found: C:\Users\Wiredafrican\AppData\Roaming\.dreamcraft\saves\New World\JABBA\lock.dat
20 May 2015 21:36:39 [0428] - System found infected with WinFixer/ErrorSafe Adware (lock.dat)! Action taken: File Deleted.
20 May 2015 21:36:39 [0428] - Object "WinFixer/ErrorSafe Adware" found in File System! Action Taken: File Deleted.
 
20 May 2015 21:36:39 [0428] - Offending Folder found: C:\Users\Wiredafrican\AppData\Roaming\.electriciansjourney\config\Project Zulu\CustomResources
20 May 2015 21:36:39 [0428] - Deltree of Folder C:\Users\Wiredafrican\AppData\Roaming\.electriciansjourney\config\Project Zulu\CustomResources...
20 May 2015 21:36:39 [0428] - Object "MSS Spyware/Adware" found in File System! Action Taken: Entries Removed.
 
20 May 2015 21:36:40 [0428] - Offending file found: C:\Users\Wiredafrican\AppData\Roaming\.technic\modpacks\attack-of-the-bteam\saves\test\quantum\encryption.bin
20 May 2015 21:36:40 [0428] - System found infected with grokster Spyware/Adware (encryption.bin)! Action taken: File Deleted.
20 May 2015 21:36:40 [0428] - Object "grokster Spyware/Adware" found in File System! Action Taken: File Deleted.
 
20 May 2015 21:36:40 [0428] - Offending Folder found: C:\Users\Wiredafrican\AppData\Roaming\.technic\modpacks\hexxit\config\Project Zulu\CustomResources
20 May 2015 21:36:40 [0428] - Deltree of Folder C:\Users\Wiredafrican\AppData\Roaming\.technic\modpacks\hexxit\config\Project Zulu\CustomResources...
20 May 2015 21:36:40 [0428] - Object "MSS Spyware/Adware" found in File System! Action Taken: Entries Removed.
 
20 May 2015 21:36:40 [0428] - Offending Folder found: C:\Users\Wiredafrican\AppData\Roaming\.technic\modpacks\hexxit\mods\resources\ruins
20 May 2015 21:36:40 [0428] - Deltree of Folder C:\Users\Wiredafrican\AppData\Roaming\.technic\modpacks\hexxit\mods\resources\ruins...
20 May 2015 21:36:41 [0428] - Object "WareOut Adware" found in File System! Action Taken: Entries Removed.
 
20 May 2015 21:36:41 [0428] - Offending Folder found: C:\Users\Wiredafrican\AppData\Roaming\.voidswrath\mods\resources\ruins
20 May 2015 21:36:41 [0428] - Deltree of Folder C:\Users\Wiredafrican\AppData\Roaming\.voidswrath\mods\resources\ruins...
20 May 2015 21:36:41 [0428] - Object "WareOut Adware" found in File System! Action Taken: Entries Removed.
 
20 May 2015 21:37:06 [0428] - Offending Folder found: F:\Users\Wiredafrican\Pictures\Lightroom Catalogs\Light Masters Photography\Lightroom 4 Catalog Previews.lrdata\3\3721
20 May 2015 21:37:06 [0428] - Deltree of Folder F:\Users\Wiredafrican\Pictures\Lightroom Catalogs\Light Masters Photography\Lightroom 4 Catalog Previews.lrdata\3\3721...
20 May 2015 21:37:06 [0428] - Object "CnsMin Browser Hijacker" found in File System! Action Taken: Entries Removed.
 
20 May 2015 21:38:24 [0428] - Offending file found: F:\Users\Wiredafrican\Documents\My eBooks\Calibre Library\Michael Sienoff\!FREE_$500_Advertising_Workshop\player.html
20 May 2015 21:38:24 [0428] - System found infected with ClipGenie Spyware/Adware (player.html)! Action taken: File Deleted.
20 May 2015 21:38:24 [0428] - Object "ClipGenie Spyware/Adware" found in File System! Action Taken: File Deleted.
 
20 May 2015 21:38:34 [0428] - Offending file found: F:\Users\Wiredafrican\Documents\Personal\Andre\Personal\Visio 2002\Program Files\Microsoft Office\Visio10\DLL\SG.dll
20 May 2015 21:38:34 [0428] - System found infected with SpyGuarder Corrupted Adware/Spyware (SG.dll)! Action taken: File Deleted.
20 May 2015 21:38:34 [0428] - Object "SpyGuarder Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
 
20 May 2015 21:38:42 [0428] - Offending Registry Entry found: HKCR\csfile
20 May 2015 21:38:42 [0428] - System found infected with Virtob Leftover Virus (HKCR\csfile)! Action taken: Entries Removed.
20 May 2015 21:38:42 [0428] - Object "Virtob Leftover Virus" found in File System! Action Taken: Entries Removed.
 
 
20 May 2015 21:38:42 [0428] - ***** Scanning Registry Files *****
20 May 2015 21:38:43 [0428] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
20 May 2015 21:38:43 [0428] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.google.com/
 
20 May 2015 21:38:43 [0428] - ***** Scanning System32 Folders *****
 
 
20 May 2015 21:38:54 [0428] - ***** Scanning All Drives *****
20 May 2015 21:38:54 [0428] - ***** C:,E:,F: ***** 
20 May 2015 21:38:54 [0428] - Scanning C:\ Drive
 
20 May 2015 21:40:44 [19ac] - Scanning File C:\System Volume Information\{04dd6875-f5c9-11e4-951e-bc5ff4c85e14}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 May 2015 21:40:44 [19c0] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
20 May 2015 21:40:44 [1984] - Scanning File C:\System Volume Information\{2ba91ae7-fb44-11e4-845d-bc5ff4c85e14}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 May 2015 21:40:44 [19a4] - Scanning File C:\System Volume Information\{563b4f3c-f364-11e4-abb5-bc5ff4c85e14}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 May 2015 21:40:44 [1448] - Scanning File C:\System Volume Information\{75d32648-fa90-11e4-850f-bc5ff4c85e14}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 May 2015 21:40:44 [1998] - Scanning File C:\System Volume Information\{75d32675-fa90-11e4-850f-bc5ff4c85e14}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 May 2015 21:40:44 [190c] - Scanning File C:\System Volume Information\{96e61ee8-fcf5-11e4-8c04-bc5ff4c85e14}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 May 2015 21:40:44 [19c0] - Scanning File C:\System Volume Information\{96e61f0f-fcf5-11e4-8c04-bc5ff4c85e14}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 May 2015 21:40:44 [19ac] - Scanning File C:\System Volume Information\{96e61f0b-fcf5-11e4-8c04-bc5ff4c85e14}{3808876b-c176-4e48-b7ae-04046e6cc752}
20 May 2015 21:44:34 [0428] - Scanning E:\ Drive
 
20 May 2015 22:18:05 [1448] - Scanning File F:\Temp\Installation Files\Adobe Master Collection\Adobe CS4\Adobe CS4 Master Collection - The Professional\Adobe CS4 Keygen.exe
20 May 2015 22:18:05 [1448] - File F:\Temp\Installation Files\Adobe Master Collection\Adobe CS4\Adobe CS4 Master Collection - The Professional\Adobe CS4 Keygen.exe infected by 
 
"Application.HackTool.GV (DB)" Virus! Action Taken: File Renamed.
20 May 2015 22:23:16 [19ac] - Scanning File F:\Temp\Lead Monster Bonuses\2015 Top Online Directories PLR\2015-TOD-Full.zip.exe
20 May 2015 22:23:16 [19ac] - File F:\Temp\Lead Monster Bonuses\2015 Top Online Directories PLR\2015-TOD-Full.zip.exe infected by "Gen:Variant.Adware.Kazy.559386 (DB)" Virus! 
 
Action Taken: File Renamed.
 
20 May 2015 23:11:12 [0428] - ***** Checking for specific ITW Viruses *****
 
20 May 2015 23:11:12 [0428] - ***** Scanning complete. *****
 
20 May 2015 23:11:12 [0428] - Total Objects Scanned: 651969
20 May 2015 23:11:12 [0428] - Total Critical Objects: 18
20 May 2015 23:11:12 [0428] - Total Disinfected Objects: 0
20 May 2015 23:11:12 [0428] - Total Objects Renamed: 2
20 May 2015 23:11:12 [0428] - Total Deleted Objects: 16
20 May 2015 23:11:12 [0428] - Total Errors: 1
20 May 2015 23:11:12 [0428] - Time Elapsed: 01:35:22
20 May 2015 23:11:12 [0428] - Virus Database Date: 20 May 2015
20 May 2015 23:11:12 [0428] - Virus Database Count: 5523549
20 May 2015 23:11:12 [0428] - Sign Version: 7.60672 [519424]
 
20 May 2015 23:11:12 [0428] - Scan Completed.


#5 WiredAfrican

WiredAfrican
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 May 2015 - 09:06 AM

Hi

MWAV has no uninstall option? How do I remove it?

Thanks.



#6 WiredAfrican

WiredAfrican
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 May 2015 - 04:02 PM

Zemana log.....

Zemana AntiMalware 2.14.2.667 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/5/21
Operating System      : Windows 7 32-bit
Processor             : 4X Intel® Core™ i5-4570 CPU @ 3.20GHz
BIOS Mode             : Legacy
CUID                  : 00A2330C35F89C4A1FC0B7
Scan Type             : Deep Scan
Duration              : 30m 20s
Scanned Objects       : 71506
Detected Objects      : 2
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Domain Info           : WORKGROUP,1,2
 
 
Detected Objects
-------------------------------------------------------
XVM.exe
   Status             : Scanned
   Object             : %programfiles%\spoon\3.33.602.0\xvm.exe
   MD5                : 1E900F8FF38354A1E517BBA5829C6351
   Publisher          : Code Systems Corporation
   Size               : 4869536
   Version            : 11.8.588.0
   Detection          : Worm:Win32/Conficker.Variant
   Cleaning Action    : Quarantine
   Traces             :
                File - %programfiles%\spoon\3.33.602.0\xvm.exe
 
UBotBase.dll
   Status             : Scanned
   Object             : %appdata%\ubot studio\browser\5.0.5\ubotbase.dll
   MD5                : 9F02B3641ED9C84F45477CDFD4E7CF5C
   Publisher          : -
   Size               : 2212864
   Version            : -
   Detection          : TrojanCryptor:Win32/Generic
   Cleaning Action    : Quarantine
   Traces             :
                File - %appdata%\ubot studio\browser\5.0.5\ubotbase.dll
 
scala-library-2.10.2.jar
   Status             : Failed
   Object             : %appdata%\.minecraft\libraries\org\scala-lang\scala-library\2.10.2\scala-library-2.10.2.jar
   MD5                : 43F4FBE68F0506AE4AC76FF44BEA1882
   Publisher          : -
   Size               : 7218347
   Version            : -
   Detection          : 
   Cleaning Action    : Quarantine
   Traces             :
                File - %appdata%\.minecraft\libraries\org\scala-lang\scala-library\2.10.2\scala-library-2.10.2.jar
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0


#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 20 May 2015 - 05:06 PM

You can simply delete MWAV by right clicking and selecting delete, also continue with the others scans please, then tell me how things are running. :)



#8 WiredAfrican

WiredAfrican
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 May 2015 - 07:01 PM

JRT log.....

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.5 (05.20.2015:1)
OS: Windows 7 Home Premium x86
Ran by Wiredafrican on Thu 21/05/2015 at  9:16:51.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~ Services
 
~~~ Tasks
 
~~~ Registry Values
 
~~~ Registry Keys
 
~~~ Files
 
~~~ Folders
 
Failed to delete: [Folder] C:\Windows\System32\ai_recyclebin
Failed to delete: [Folder] C:\Windows\syswow64\ai_recyclebin
 
~~~ FireFox
 
Emptied folder: C:\Users\Wiredafrican\AppData\Roaming\mozilla\firefox\profiles\x4lrt455.default\minidumps [46 files]
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 21/05/2015 at  9:33:55.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 WiredAfrican

WiredAfrican
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 May 2015 - 07:03 PM

AdwCleaner log...

# AdwCleaner v4.204 - Logfile created 21/05/2015 at 07:08:48
# Updated 12/05/2015 by Xplode
# Database : 2015-05-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Wiredafrican - WA-DT
# Running from : F:\Temp\Installation Files\Antimalware\adwcleaner_4.204.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Wiredafrican\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fmconverter@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKCU\Software\Softonic
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v38.0.1 (x86 en-ZA)
 
 
-\\ Google Chrome v42.0.2311.152
 
[C:\Users\Wiredafrican\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
[C:\Users\Wiredafrican\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : dkpejdfnpdkhifgbancbammdijojoffk
 
*************************
 
AdwCleaner[R0].txt - [1612 bytes] - [21/05/2015 07:06:54]
AdwCleaner[S0].txt - [1553 bytes] - [21/05/2015 07:08:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1612  bytes] ##########


#10 WiredAfrican

WiredAfrican
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 May 2015 - 07:14 PM

Just tested gideonmalherbe.com and it still loads the same adverts page in my browsers.



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 20 May 2015 - 08:14 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#12 WiredAfrican

WiredAfrican
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 May 2015 - 08:37 PM

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
 
Adware Removal Tool v3.9
Time: 2015_05_21_11_21_43
OS: Windows 7 - 32 Bit
Account Name: Wiredafrican
U0L0S19
 
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\CisConfigs\0\Settings:taskbarpositions
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\CisConfigs\1\Settings:taskbarpositions
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\CisConfigs\2\Settings:taskbarpositions
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Configurations\0\Settings:taskbarpositions
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Configurations\1\Settings:taskbarpositions
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Configurations\2\Settings:taskbarpositions
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966:2180bd1e06d2bd34ea90c607729db382
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\2180BD1E06D2BD34EA90C607729DB382:file
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
 
\\ Finished


#13 WiredAfrican

WiredAfrican
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 May 2015 - 08:47 PM

~ ZHPCleaner v2015.5.20.247 by Nicolas Coolman (2015\05\20)
~ Run by Wiredafrican (Administrator)  (21/05/2015 11:44:59)
~ State version : No network file
~ Type : Repair
~ Report : F:\Users\Wiredafrican\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Wiredafrican\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 32-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious items found.
 
 
---\\  Browser internet (0)
~ No malicious items found.
 
 
---\\  Hosts file (0)
~ No malicious items found.
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious items found.
 
 
---\\  Explorer ( File, Folder) (10)
MOVED folder: C:\Windows\Installer\MSI7093.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI716E.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI724A.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI7325.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI869A.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI889E.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI8989.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI8F1A.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSI9F81.tmp- (Empty)
MOVED folder: C:\Windows\Installer\MSIA166.tmp- (Empty)
 
 
---\\  Registry ( Key, Value, Data) (1)
REPLACED data: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope \\\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} (Hijacker.SearchScopes)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 5340
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 11
 
 
End of clean at 11:45:09
===================
ZHPCleaner-[R]-21052015-11_45_09.txt
ZHPCleaner-[S]-21052015-11_44_14.txt


#14 WiredAfrican

WiredAfrican
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 May 2015 - 08:52 PM

ZHP Cleaner didn't ask to reboot



#15 WiredAfrican

WiredAfrican
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 May 2015 - 08:57 PM

 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Zemana AntiMalware    
 CCleaner     
 Java 8 Update 45  
 Adobe Flash Player 17.0.0.169  
 Mozilla Firefox (38.0.1) 
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.152) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users