Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan Virus Causes Disk To Idle at 100%


  • Please log in to reply
7 replies to this topic

#1 irobet

irobet

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 08 June 2015 - 08:43 PM

System Type: 64 Bit Operating system. Windows 8.1 Pro.

 

 

I have recently had issues with my Disk Usage Idling at 100%. I did a scan with 360 Total Security and it claimed to have found a Trojan Virus. I attempted to remove it but it just keeps returning. At this point I am at a loss. The Disk issue seems to happen randomly but doesn't seem to hinder me when I play games like League of Legends. Occasionally rebooting happens very slowly sometimes once windows loads it takes several minutes before I can operate my computer.

 

Please Advise



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 08 June 2015 - 08:50 PM

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt


#3 irobet

irobet
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 08 June 2015 - 09:14 PM

Thanks! Here's the Malwarebytes Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/8/2015
Scan Time: 8:58:09 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.08.05
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Darren
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359746
Time Elapsed: 11 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Ask.A, HKU\S-1-5-21-1369765927-2048141944-3219459284-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D14FC841-F00B-4271-A4D6-96C81E357E7A}, Quarantined, [e85de1d7117989adf124592d3dc8ca36], 
 
Registry Values: 1
PUP.Optional.Ask.A, HKU\S-1-5-21-1369765927-2048141944-3219459284-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D14FC841-F00B-4271-A4D6-96C81E357E7A}|URL, http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCA&apn_uid=E9447A11-3579-48D9-85D0-BF69A7963976&apn_sauid=063965E7-91CC-496D-8DDB-30AE10282410, Quarantined, [e85de1d7117989adf124592d3dc8ca36]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 08 June 2015 - 09:30 PM

Keep on with the other programs. :guitar:  Let me know how things are going after.



#5 irobet

irobet
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 08 June 2015 - 10:45 PM

9-lab Removal Tool 1.0.0.35 BETA
9-lab.com
 
Database version: 105.31746
 
Windows 8.1 (Version 6.3, Build 0, 64-bit Edition)
Internet Explorer 9.11.9600.17801
Darren :: DARREN
 
6/8/2015 9:15:15 PM
9lab-log-2015-06-08 (21-15-15).txt
 
Scan type: Full
Objects scanned: 55982
Time Elapsed: 32 m 56 s
 
Files detected: 5
[4A888C603532780548FF61F0AB97B07D] Malware.Win32.Gen.sm [C:\Users\Darren\AppData\Local\Microsoft\Windows\GameExplorer\{4A4260C1-000C-455D-BC11-117B44BB5A0C}\PlayTasks\0\Play.lnk]
[2394AA87D0F59AB448DEB53AB3086378] Trojan.Win32.Gen.vb!n [C:\Users\Darren\AppData\Roaming\DesktopIconForAmazon\desktopicon-chip-amazon.exe]
[0AC5D39B93C82BC7DC55037D2F9F1297] Adware.Win32.VGen.vb!s8 [C:\Users\Darren\Downloads\CuteWriter (1).exe]
[0AC5D39B93C82BC7DC55037D2F9F1297] Adware.Win32.VGen.vb!s8 [C:\Users\Darren\Downloads\CuteWriter.exe]
[3A431E23A1F3348015D3680470DF4BFB] Malware.Win32.Gen.sm [C:\Users\Public\Videos\No-Cd Cracks\Age Of Empires II\empires2.exe]
 
 
 
The root kit found no problems :)


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 09 June 2015 - 02:11 AM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#7 irobet

irobet
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 16 June 2015 - 10:08 PM

I have done the rest of the steps! I hope that you are still willing and able to help! 

 

09 Jun 2015 13:29:35 [0c0c] - **********************************************************

09 Jun 2015 13:29:35 [0c0c] - MWAV - eScanAV AntiVirus Toolkit.

09 Jun 2015 13:29:35 [0c0c] - Copyright © MicroWorld Technologies

09 Jun 2015 13:29:35 [0c0c] - **********************************************************

09 Jun 2015 13:29:35 [0c0c] - Version 14.0.185 (C:\USERS\DARREN\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)

09 Jun 2015 13:29:35 [0c0c] - Log File: C:\Users\Darren\AppData\Local\Temp\LOG\MWAV.LOG

09 Jun 2015 13:29:35 [0c0c] - MWAV Registered: TRUE

09 Jun 2015 13:29:35 [0c0c] - User Account: Darren (Administrator Mode)

09 Jun 2015 13:29:35 [0c0c] - OS Type: Windows Workstation [InstallType: Client]

09 Jun 2015 13:29:35 [0c0c] - OS: Windows 8.1 64-Bit [OS Install Date: 04 Feb 2014 17:54:42]

09 Jun 2015 13:29:35 [0c0c] - Ver: Professional Build 9200

09 Jun 2015 13:29:35 [0c0c] - System Up Time: 1 Hour, 18 Minutes, 44 Seconds

 

 

09 Jun 2015 13:29:35 [0c0c] - Parent Process Name : c:\Windows\explorer.exe

09 Jun 2015 13:29:35 [0c0c] - Windows Root  Folder: C:\WINDOWS

09 Jun 2015 13:29:35 [0c0c] - Windows Sys32 Folder: C:\WINDOWS\system32

09 Jun 2015 13:29:35 [0c0c] - DHCP NameServer: 192.168.1.1

09 Jun 2015 13:29:35 [0c0c] - Interface0 DHCPNameServer: 192.168.1.1

09 Jun 2015 13:29:35 [0c0c] - Local Fixed Drives: c:\

09 Jun 2015 13:29:35 [0c0c] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)

09 Jun 2015 13:29:35 [0c0c] - [CREATED ZIP FILE: C:\Users\Darren\AppData\Local\Temp\pinfect.zip]

09 Jun 2015 13:29:36 [0c0c] - Latest Date of files inside MWAV: Tue Jun  9 18:13:18 2015.

09 Jun 2015 13:29:36 [0c0c] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Darren\AppData\Local\Temp\LOG\ESCANDB.LOG]

09 Jun 2015 13:29:36 [0c0c] - Loaded/Created FileScan Cache Database...

09 Jun 2015 13:29:36 [0c0c] - Loading AV Library [DB]...

09 Jun 2015 13:29:38 [0c0c] - ArchiveScan: DISABLED

09 Jun 2015 13:29:38 [0c0c] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].

09 Jun 2015 13:29:38 [0c0c] - MWAV doing self scanning...

09 Jun 2015 13:29:38 [0c0c] - MWAV files are clean.

09 Jun 2015 13:29:57 [0c0c] - ArchiveScan: DISABLED

09 Jun 2015 13:29:57 [0c0c] - Virus Database Date: 09 Jun 2015

09 Jun 2015 13:29:57 [0c0c] - Virus Database Count: 5727934

09 Jun 2015 13:29:57 [0c0c] - Sign Version: 7.60977 [519729]

09 Jun 2015 13:30:02 [0c0c] - Downloading AntiVirus and Anti-Spyware Databases...

09 Jun 2015 13:30:17 [0c0c] - Update Successful...

09 Jun 2015 13:30:18 [0c0c] - Old Sign Version: 7.60977    New Sign Version: 7.60978

09 Jun 2015 13:30:24 [0c0c] - Reload of AntiVirus Signatures successfully done.

09 Jun 2015 13:30:24 [0c0c] - Virus Database Date: 09 Jun 2015

09 Jun 2015 13:30:24 [0c0c] - Virus Database Count: 5729132

09 Jun 2015 13:30:24 [0c0c] - Sign Version: 7.60978 [519730]

 

09 Jun 2015 13:31:22 [0c0c] - **********************************************************

09 Jun 2015 13:31:22 [0c0c] - MWAV - eScanAV AntiVirus Toolkit.

09 Jun 2015 13:31:22 [0c0c] - Copyright © MicroWorld Technologies

09 Jun 2015 13:31:22 [0c0c] -

09 Jun 2015 13:31:22 [0c0c] - Support: support@escanav.com

09 Jun 2015 13:31:22 [0c0c] - Web: http://www.escanav.com

09 Jun 2015 13:31:22 [0c0c] - **********************************************************

09 Jun 2015 13:31:22 [0c0c] - Version 14.0.185[DB] (C:\USERS\DARREN\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)

09 Jun 2015 13:31:22 [0c0c] - Log File: C:\Users\Darren\AppData\Local\Temp\LOG\MWAV.LOG

09 Jun 2015 13:31:22 [0c0c] - User Account: Darren (Administrator Mode)

09 Jun 2015 13:31:22 [0c0c] - Parent Process Name : c:\Windows\explorer.exe

09 Jun 2015 13:31:22 [0c0c] - Windows Root  Folder: C:\WINDOWS

09 Jun 2015 13:31:22 [0c0c] - Windows Sys32 Folder: C:\WINDOWS\system32

09 Jun 2015 13:31:22 [0c0c] - OS: Windows 8.1 64-Bit [OS Install Date: 04 Feb 2014 17:54:42]

09 Jun 2015 13:31:22 [0c0c] - Ver: Professional Build 9200

09 Jun 2015 13:31:22 [0c0c] - Latest Date of files inside MWAV: Tue Jun  9 18:13:18 2015.

09 Jun 2015 13:31:22 [0c0c] - Priority: NORMAL

 

09 Jun 2015 13:31:22 [0440] - Options Selected by User:

09 Jun 2015 13:31:22 [0440] - Memory Check: Enabled

09 Jun 2015 13:31:22 [0440] - Registry Check: Enabled

09 Jun 2015 13:31:22 [0440] - StartUp Folder Check: Enabled

09 Jun 2015 13:31:22 [0440] - System Folder Check: Enabled

09 Jun 2015 13:31:22 [0440] - Services Check: Enabled

09 Jun 2015 13:31:22 [0440] - Scan Spyware: Enabled

09 Jun 2015 13:31:22 [0440] - Scan Archives: Disabled

09 Jun 2015 13:31:22 [0440] - Drive Check: Enabled

09 Jun 2015 13:31:22 [0440] - All Drive Check :Disabled

09 Jun 2015 13:31:22 [0440] - Drive Selected = C:\

09 Jun 2015 13:31:22 [0440] - Folder Check: Disabled

09 Jun 2015 13:31:22 [0440] - SCAN: All_Files [ANSI]

09 Jun 2015 13:31:22 [0440] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)

 

09 Jun 2015 13:31:22 [0440] - Scanning DNS Records...

09 Jun 2015 13:31:22 [0440] - Scanning Master Boot Record (User)...

09 Jun 2015 13:31:22 [0440] - Scanning Logical Boot Records...

09 Jun 2015 13:31:22 [0440] - ***** Scanning For Hidden Rootkit Processes *****

09 Jun 2015 13:31:22 [0440] - ***** Scanning For Hidden Rootkit Services *****

 

09 Jun 2015 13:31:25 [0440] - ***** Scanning Memory Files *****

 

09 Jun 2015 13:31:31 [0440] - ***** Scanning Registry Files *****

09 Jun 2015 13:31:33 [0440] - ERROR(3)!!! Invalid Entry  Maintance = "C:\Program Files\\net1.exe" windowsStartup (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.

 

09 Jun 2015 13:31:34 [0440] - ***** Scanning StartUp Folders *****

09 Jun 2015 13:32:02 [1214] - ScanFile (C:\Users\Darren\AppData\Roaming\Dropbox\bin\libcef.dll) took 9984 ms

09 Jun 2015 13:32:08 [0448] - ScanFile (C:\Users\Darren\AppData\Roaming\SplitMediaLabs\XSplit\install\BAA9DC7\cef\libcef.dll) took 6797 ms

 

 

 

 

 

 

 

 

 

Zemana AntiMalware 2.15.2.721 (Installed)

 

-------------------------------------------------------

Scan Result            : Completed

Scan Date              : 2015/6/15

Operating System       : Windows 8.1 64-bit

Processor              : 4X Intel® Core™ i5-3570 CPU @ 3.40GHz

BIOS Mode              : Legacy

CUID                   : 000E474E705D34430CFBC1

Scan Type              : Deep Scan

Duration               : 24m 31s

Scanned Objects        : 260521

Detected Objects       : 3

Excluded Objects       : 0

Read Level             : Normal

Auto Upload            : Yes

Include All Extensions : No

Scan Documents         : Yes

Domain Info            : WORKGROUP,1,2

Detected Objects

-------------------------------------------------------

 

ninja-setup-3.0.6.exe

Status             : Scanned

Object             : %userprofile%\downloads\ninja-setup-3.0.6.exe

MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74

Publisher          : -

Size               : 2507200

Version            : 0.0.0.0

Detection          : Adware:Win32/OpenCandy

Cleaning Action    : Quarantine

Traces             :

                File - %userprofile%\downloads\ninja-setup-3.0.6.exe

 

WINZIPSSHelper.dll

Status             : Scanned

Object             : %programw6432%\winzip\utils\wzsysscan\winzipsshelper.dll

MD5                : 29471EFC62E40020408FA033531A6795

Publisher          : WinZip Computing

Size               : 685384

Version            : 1.0.648.10781

Detection          : Scareware:Win32/FakeOptimizer

Cleaning Action    : Quarantine

Traces             :

                File - %programw6432%\winzip\utils\wzsysscan\winzipsshelper.dll

 

WINZIPSSRegistryOptimizer.exe

Status             : Scanned

Object             : %programw6432%\winzip\utils\wzsysscan\winzipssregistryoptimizer.exe

MD5                : 976D40622F283CA543385FB8CDEADE69

Publisher          : WinZip Computing

Size               : 241480

Version            : 1.0.648.10762

Detection          : Scareware:Win32/FakeOptimizer

Cleaning Action    : Quarantine

Traces             :

                File - %programw6432%\winzip\utils\wzsysscan\winzipssregistryoptimizer.exe

 

Cleaning Result

-------------------------------------------------------

Cleaned               : 3

Reported as safe      : 0

Failed                : 0

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.9.9 (06.16.2015:2)

OS: Windows 8.1 Pro x64

Ran by Darren on Tue 06/16/2015 at 18:52:10.26

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Users\Darren\AppData\Roaming\microsoft\internet explorer\quick launch\goodgame empire.lnk

Successfully deleted: [File] C:\Users\Darren\AppData\Roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\goodgame empire.lnk

Successfully deleted: [File] C:\users\public\desktop\winzip registry optimizer.lnk

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] C:\Program Files (x86)\winzip registry optimizer

Successfully deleted: [Folder] C:\ProgramData\ask

 

 

 

~~~ Chrome

 

 

[C:\Users\Darren\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\Darren\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

 

[C:\Users\Darren\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\Darren\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 06/16/2015 at 18:53:45.22

End of JRT log

 

 

 

 

# AdwCleaner v4.206 - Logfile created 16/06/2015 at 19:00:14

# Updated 01/06/2015 by Xplode

# Database : 2015-06-16.1 [Server]

# Operating system : Windows 8.1 Pro  (x64)

# Username : Darren - DARREN

# Running from : C:\Users\Darren\Downloads\adwcleaner_4.206.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer

Folder Deleted : C:\Users\Darren\AppData\Roaming\DesktopIconForAmazon

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKCU\Software\OCS

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17840

 

 

-\\ Google Chrome v43.0.2357.124

 

[C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

-\\ Chromium v

 

 

*************************

 

AdwCleaner[R0].txt - [3155 bytes] - [16/06/2015 18:56:45]

AdwCleaner[S0].txt - [3031 bytes] - [16/06/2015 19:00:14]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3090  bytes] ##########



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 17 June 2015 - 08:41 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users