Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Flashmall. How do I get rid of it?


  • Please log in to reply
7 replies to this topic

#1 kathy627

kathy627

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 29 May 2015 - 08:26 PM

I'm using Windows 8.1  There are so many ads on Internet Explorer that I can barely use it.



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:25 AM

Posted 07 June 2015 - 07:05 AM

I think you sholud search for help here:

 

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 AM

Posted 07 June 2015 - 03:53 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#4 kathy627

kathy627
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 08 June 2015 - 03:57 PM

Thanks for your help. Here is the log from step 1.

08 Jun 2015 12:38:55 [0b40] - **********************************************************
08 Jun 2015 12:38:56 [0b40] - MWAV - eScanAV AntiVirus Toolkit.
08 Jun 2015 12:38:56 [0b40] - Copyright © MicroWorld Technologies
08 Jun 2015 12:38:56 [0b40] - **********************************************************
08 Jun 2015 12:38:56 [0b40] - Source: C:\Users\Hannah\Desktop\mwav.exe
08 Jun 2015 12:38:56 [0b40] - Version 14.0.178 (C:\USERS\HANNAH\APPDATA\LOCAL\TEMP\MEXE.COM)
08 Jun 2015 12:38:56 [0b40] - Log File: C:\Users\Hannah\AppData\Local\Temp\MWAV.LOG
08 Jun 2015 12:38:56 [0b40] - MWAV Registered: TRUE
08 Jun 2015 12:38:56 [0b40] - User Account: Hannah (Administrator Mode)
08 Jun 2015 12:38:56 [0b40] - OS Type: Windows Workstation [InstallType: Client]
08 Jun 2015 12:38:56 [0b40] - OS: Windows 8.1 64-Bit [OS Install Date: 02 Jul 2014 21:37:50]
08 Jun 2015 12:38:56 [0b40] - Ver: Personal Build 9200
08 Jun 2015 12:38:56 [0b40] - System Up Time: 15 Hours, 19 Minutes, 50 Seconds

08 Jun 2015 12:38:56 [0b40] - Parent Process Name : C:\Users\Hannah\Desktop\mwav.exe
08 Jun 2015 12:38:56 [0b40] - Windows Root  Folder: C:\WINDOWS
08 Jun 2015 12:38:56 [0b40] - Windows Sys32 Folder: C:\WINDOWS\system32
08 Jun 2015 12:38:56 [0b40] - DHCP NameServer: 192.168.1.1
08 Jun 2015 12:38:56 [0b40] - Interface0 NameServer: 31.168.224.110,209.88.198.132
08 Jun 2015 12:38:56 [0b40] - Interface0 DHCPNameServer: 192.168.1.1
08 Jun 2015 12:38:56 [0b40] - Local Fixed Drives: c:\,d:\
08 Jun 2015 12:38:56 [0b40] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
08 Jun 2015 12:38:56 [0b40] - [CREATED ZIP FILE: C:\Users\Hannah\AppData\Local\Temp\pinfect.zip]
08 Jun 2015 12:38:56 [0b40] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
08 Jun 2015 12:38:58 [0b40] - ** Changed Value of "Path"
08 Jun 2015 12:38:58 [0b40] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Hannah\AppData\Local\Temp\ESCANDB.LOG]
08 Jun 2015 12:39:01 [0b40] - Loaded/Created FileScan Cache Database...
08 Jun 2015 12:39:01 [0b40] - Loading AV Library [DB]...
08 Jun 2015 12:40:48 [0b40] - ArchiveScan: DISABLED
08 Jun 2015 12:40:50 [0b40] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
08 Jun 2015 12:40:50 [0b40] - MWAV doing self scanning...
08 Jun 2015 12:40:50 [0b40] - MWAV files are clean.
08 Jun 2015 12:41:24 [0b40] - ArchiveScan: DISABLED
08 Jun 2015 12:41:24 [0b40] - Virus Database Date: 02 Mar 2015
08 Jun 2015 12:41:24 [0b40] - Virus Database Count: 6701505
08 Jun 2015 12:41:24 [0b40] - Sign Version: 7.59505 [518257]
08 Jun 2015 12:50:22 [0b40] - Downloading AntiVirus and Anti-Spyware Databases...
08 Jun 2015 12:50:27 [0b40] - Update Not Successful!
08 Jun 2015 12:50:33 [0b40] - Downloading AntiVirus and Anti-Spyware Databases...
08 Jun 2015 12:50:34 [0b40] - Update Not Successful!
 
08 Jun 2015 12:50:53 [0b40] - **********************************************************
08 Jun 2015 12:50:53 [0b40] - MWAV - eScanAV AntiVirus Toolkit.
08 Jun 2015 12:50:53 [0b40] - Copyright © MicroWorld Technologies
08 Jun 2015 12:50:53 [0b40] -
08 Jun 2015 12:50:53 [0b40] - Support: support@escanav.com
08 Jun 2015 12:50:53 [0b40] - Web: http://www.escanav.com
08 Jun 2015 12:50:53 [0b40] - **********************************************************
08 Jun 2015 12:50:53 [0b40] - Version 14.0.178[DB] (C:\USERS\HANNAH\APPDATA\LOCAL\TEMP\MEXE.COM)
08 Jun 2015 12:50:53 [0b40] - Log File: C:\Users\Hannah\AppData\Local\Temp\MWAV.LOG
08 Jun 2015 12:50:53 [0b40] - User Account: Hannah (Administrator Mode)
08 Jun 2015 12:50:53 [0b40] - Parent Process Name : C:\Users\Hannah\Desktop\mwav.exe
08 Jun 2015 12:50:53 [0b40] - Windows Root  Folder: C:\WINDOWS
08 Jun 2015 12:50:53 [0b40] - Windows Sys32 Folder: C:\WINDOWS\system32
08 Jun 2015 12:50:53 [0b40] - OS: Windows 8.1 64-Bit [OS Install Date: 02 Jul 2014 21:37:50]
08 Jun 2015 12:50:53 [0b40] - Ver: Personal Build 9200
08 Jun 2015 12:50:53 [0b40] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
08 Jun 2015 12:50:53 [0700] - Options Selected by User:
08 Jun 2015 12:50:53 [0700] - Memory Check: Enabled
08 Jun 2015 12:50:53 [0700] - Registry Check: Enabled
08 Jun 2015 12:50:53 [0700] - StartUp Folder Check: Enabled
08 Jun 2015 12:50:53 [0700] - System Folder Check: Enabled
08 Jun 2015 12:50:53 [0700] - Services Check: Enabled
08 Jun 2015 12:50:53 [0700] - Scan Spyware: Enabled
08 Jun 2015 12:50:53 [0700] - Scan Archives: Disabled
08 Jun 2015 12:50:53 [0700] - Drive Check: Enabled
08 Jun 2015 12:50:53 [0700] - All Drive Check :Disabled
08 Jun 2015 12:50:53 [0700] - Drive Selected = C:\
08 Jun 2015 12:50:53 [0700] - Folder Check: Disabled
08 Jun 2015 12:50:53 [0700] - SCAN: All_Files [ANSI]
08 Jun 2015 12:50:53 [0700] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
08 Jun 2015 12:50:53 [0700] - Scanning DNS Records...
08 Jun 2015 12:50:53 [0700] - Scanning Master Boot Record (User)...
08 Jun 2015 12:50:53 [0700] - Scanning Logical Boot Records...
08 Jun 2015 12:50:57 [0700] - ***** Scanning For Hidden Rootkit Processes *****
08 Jun 2015 12:50:57 [0700] - ***** Scanning For Hidden Rootkit Services *****
 
08 Jun 2015 12:51:03 [0700] - ***** Scanning Memory Files *****
 
08 Jun 2015 12:51:21 [0700] - ***** Scanning Registry Files *****
08 Jun 2015 12:51:31 [0700] - ERROR(3)!!! Invalid Entry  Maintance = "C:\Program Files\\net1.exe" windowsStartup (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
 
08 Jun 2015 12:51:32 [0700] - ***** Scanning StartUp Folders *****
08 Jun 2015 12:52:51 [1328] - ScanFile (C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\diStRptr\diStRptr.dat) took 7563 ms
08 Jun 2015 12:52:56 [090c] - ScanFile (C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\NCO\IDD2.dat) took 5187 ms
08 Jun 2015 12:52:57 [0214] - ScanFile (C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\NPC\Support.dat) took 6015 ms
08 Jun 2015 12:52:58 [11bc] - ScanFile (C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\Product\Layout.dat) took 5750 ms
08 Jun 2015 12:52:58 [1454] - ScanFile (C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\Product\Backup.dat) took 6234 ms
08 Jun 2015 12:52:58 [04a4] - ScanFile (C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\Product\set-priv.dat) took 5484 ms
 
08 Jun 2015 12:54:35 [0700] - ***** Scanning Service Files *****
08 Jun 2015 12:54:40 [04a4] - ScanFile (C:\ProgramData\WildTangent\GameInstalls\WTA-e3d67100-5f96-4a59-8ec5-d9367e407440-extr.exe) took 6844 ms
08 Jun 2015 12:55:09 [0700] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
08 Jun 2015 12:55:19 [0700] - ***** Scanning Registry and File system for Adware/Spyware *****
08 Jun 2015 12:55:20 [0700] - Loading Spyware Signatures from new External Database [Name: C:\Users\Hannah\AppData\Local\Temp\spydb.avs, Size: 464717]...
08 Jun 2015 12:55:20 [0700] - Indexed Spyware Databases Successfully Created...
 
08 Jun 2015 12:55:34 [0700] - Offending file found: C:\WINDOWS\DOWNLO~1\popcaploader.dll
08 Jun 2015 12:55:34 [0700] - System found infected with Downloader-AK Trojan-Downloader (popcaploader.dll)! Action taken: File Deleted.
08 Jun 2015 12:55:34 [0700] - Object "Downloader-AK Trojan-Downloader" found in File System! Action Taken: File Deleted.

08 Jun 2015 12:56:15 [0700] - Offending file found: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.0.100\Logs\LU.dat
08 Jun 2015 12:56:15 [0700] - System found infected with ImIServer IEPlugin Spyware/Adware (LU.dat)! Action taken: File Deleted.
08 Jun 2015 12:56:15 [0700] - Object "ImIServer IEPlugin Spyware/Adware" found in File System! Action Taken: File Deleted.

 
08 Jun 2015 12:56:18 [0700] - ***** Scanning Registry Files *****
08 Jun 2015 12:56:22 [0700] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
08 Jun 2015 12:56:22 [0700] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
08 Jun 2015 12:56:22 [0700] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
08 Jun 2015 12:56:22 [0700] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
08 Jun 2015 12:56:22 [0700] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
08 Jun 2015 12:56:22 [0700] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://g.msn.com/HPNOT13/1
08 Jun 2015 12:56:22 [0700] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = https://idm.west.cox.net/coxlogin/ui/webmail?type=33554432&realmoid=06-f40ea76b-77cc-1000-8959-83a094a10cb3&guid=1&smauthreason=0&method=get&smagentname=-sm-nimxsvkfy%2butrs6jtieiehwtshv9bw0grsbhz3axedls40c9fhu8cemwjuhlw1yi&target=-sm-http%3a%2f%2fwebmail%2ewest%2ecox%2enet%2fdo%2fmail%2ffolder%2fview
08 Jun 2015 12:56:22 [0700] - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.7.0.11
08 Jun 2015 12:56:22 [0700] - ** Value in 64-bit HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
 
08 Jun 2015 12:56:22 [0700] - ***** Scanning System32 Folders *****
08 Jun 2015 12:56:38 [0214] - ScanFile (C:\WINDOWS\SysWOW64\amdhdl32.dll) took 13500 ms
 
 
08 Jun 2015 12:57:43 [0700] - ***** Scanning Drive C:\ *****
08 Jun 2015 12:57:55 [1328] - ScanFile (C:\AMD\WU-CCC2\ccc2_install\WULaunchApp.exe) took 7813 ms
08 Jun 2015 12:58:01 [1454] - ScanFile (C:\$Recycle.Bin\S-1-5-21-2127158189-4084132617-2914976742-1002\$RW9IQWY) took 15031 ms



#5 kathy627

kathy627
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 08 June 2015 - 05:09 PM

Step 3:

 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.0 (06.07.2015:1)
OS: Windows 8.1 x64
Ran by Hannah on Mon 06/08/2015 at 15:00:59.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] couponprinterservice
Successfully deleted: [Service] couponprinterservice

 

~~~ Tasks

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\WINDOWS\couponprinter.ocx

 

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\coupons
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\coupons

 

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Hannah\appdata\local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

[C:\Users\Hannah\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Hannah\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
mkfokfffehpeedafpekjeddnmnjhmcmk

[C:\Users\Hannah\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Hannah\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  blmchfpimpbbdmgpcieclabeafkljbhm,
  bopakagnckmlgajfccecajhnimjiiedh,
  mkfokfffehpeedafpekjeddnmnjhmcmk
]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/08/2015 at 15:05:19.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 



#6 kathy627

kathy627
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 08 June 2015 - 05:22 PM

Step 4:

# AdwCleaner v4.206 - Logfile created 08/06/2015 at 15:16:53
# Updated 01/06/2015 by Xplode
# Database : 2015-06-08.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Hannah - HANNAHSPC
# Running from : C:\Users\Hannah\Desktop\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.6

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v43.0.2357.81

*************************

AdwCleaner[R0].txt - [4945 bytes] - [03/06/2015 11:38:00]
AdwCleaner[R1].txt - [1073 bytes] - [08/06/2015 15:14:24]
AdwCleaner[S0].txt - [4667 bytes] - [03/06/2015 11:43:05]
AdwCleaner[S1].txt - [1004 bytes] - [08/06/2015 15:16:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1063  bytes] ##########



#7 hanzo99999

hanzo99999

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 08 June 2015 - 06:02 PM

You shouldn't have any problems now. Though I advised not to go on any weird websites like hacking sites. You usually don't walk out of there empty-handed. And torrents as well. Seems like the cleaner cleaned everything up. Scan every 2-3 days, every computer will have some sort of weird/unidentified virus that can came from anywhere.



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 AM

Posted 08 June 2015 - 08:49 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users