Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected?Credit card information was stolen


  • Please log in to reply
17 replies to this topic

#1 agreycat

agreycat

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 10 June 2015 - 08:52 PM

I found some fraud payments in my bank account activity, and I really want to  be certain about whether my laptop is infected or not, so that I can remove any malware that steals my information or feel relieved!  

 

My operating system is Windows 7. I have run full system scans  with free scanners from Kaspersky, Bitdefender and Malwarebytes, and none of them found any threat. My regular anti-virus software with real time protection is from a Chinese Corporation called 360, and it didn't find any threat, either.

 

So can I be 100% sure that my laptop is not infected? What else can I do to check if there's any threat in my system that was missed by the scanners? 

 

Please help me! Thank you very much :lol:  :flowers:



BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 PM

Posted 10 June 2015 - 09:25 PM

Change all of your banking passwords from a known clean  machine.

 

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 agreycat

agreycat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 10 June 2015 - 09:43 PM

Thank you for helping me! :thumbup2:  I will follow your instruction and scan my laptop and post the logs tomorrow



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 PM

Posted 10 June 2015 - 10:04 PM

:guitar:



#5 agreycat

agreycat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 June 2015 - 08:42 AM

Have done step 1.

 

The log from eScanAV :

 

11 Jun 2015 08:59:32 [0c1c] - **********************************************************
11 Jun 2015 08:59:32 [0c1c] - MWAV - eScanAV AntiVirus Toolkit.
11 Jun 2015 08:59:32 [0c1c] - Copyright © MicroWorld Technologies
11 Jun 2015 08:59:32 [0c1c] - **********************************************************
11 Jun 2015 08:59:32 [0c1c] - Source: C:\Users\babypinkpaw\Desktop\mwav.exe
11 Jun 2015 08:59:32 [0c1c] - Version 14.0.188 (C:\USERS\BABYPINKPAW\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
11 Jun 2015 08:59:32 [0c1c] - Log File: C:\Users\babypinkpaw\AppData\Local\Temp\LOG\MWAV.LOG
11 Jun 2015 08:59:32 [0c1c] - MWAV Registered: TRUE
11 Jun 2015 08:59:32 [0c1c] - User Account: babypinkpaw (Administrator Mode)
11 Jun 2015 08:59:32 [0c1c] - OS Type: Windows Workstation [InstallType: Client]
11 Jun 2015 08:59:32 [0c1c] - OS: Windows 7 64-Bit [OS Install Date: 03 Nov 2013 02:08:15]
11 Jun 2015 08:59:32 [0c1c] - Ver: Professional Service Pack 1 (Build 7601)
11 Jun 2015 08:59:32 [0c1c] - System Up Time: 26 Minutes, 41 Seconds
11 Jun 2015 08:59:32 [0c1c] - Parent Process Name : C:\Users\babypinkpaw\AppData\Local\Temp\mexe.com
11 Jun 2015 08:59:32 [0c1c] - Windows Root  Folder: C:\Windows
11 Jun 2015 08:59:32 [0c1c] - Windows Sys32 Folder: C:\Windows\system32
11 Jun 2015 08:59:32 [0c1c] - DHCP NameServer: 192.168.200.1
11 Jun 2015 08:59:32 [0c1c] - Interface0 NameServer: 140.207.198.6,114.114.114.114
11 Jun 2015 08:59:32 [0c1c] - Interface0 DHCPNameServer: 192.168.200.1
11 Jun 2015 08:59:32 [0c1c] - Local Fixed Drives: c:\,e:\
11 Jun 2015 08:59:32 [0c1c] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
11 Jun 2015 08:59:32 [0c1c] - [CREATED ZIP FILE: C:\Users\babypinkpaw\AppData\Local\Temp\pinfect.zip]
11 Jun 2015 08:59:32 [0c1c] - Command Line Options Given: /xsign
11 Jun 2015 08:59:35 [0c1c] - Latest Date of files inside MWAV: Thu Jun 11 12:26:07 2015.
11 Jun 2015 08:59:35 [0c1c] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\babypinkpaw\AppData\Local\Temp\LOG\ESCANDB.LOG]
11 Jun 2015 08:59:35 [0c1c] - Loaded/Created FileScan Cache Database...
11 Jun 2015 08:59:35 [0c1c] - Loading AV Library [DB]...
11 Jun 2015 08:59:44 [0c1c] - ArchiveScan: DISABLED
11 Jun 2015 08:59:44 [0c1c] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
11 Jun 2015 08:59:44 [0c1c] - MWAV doing self scanning...
11 Jun 2015 08:59:44 [0c1c] - MWAV files are clean.
11 Jun 2015 09:00:10 [0c1c] - ArchiveScan: DISABLED
11 Jun 2015 09:00:10 [0c1c] - Virus Database Date: 11 Jun 2015
11 Jun 2015 09:00:10 [0c1c] - Virus Database Count: 5753514
11 Jun 2015 09:00:10 [0c1c] - Sign Version: 7.61003 [519755]
 
11 Jun 2015 09:02:00 [0c1c] - **********************************************************
11 Jun 2015 09:02:00 [0c1c] - MWAV - eScanAV AntiVirus Toolkit.
11 Jun 2015 09:02:00 [0c1c] - Copyright © MicroWorld Technologies
11 Jun 2015 09:02:00 [0c1c] - 
11 Jun 2015 09:02:00 [0c1c] - Support: support@escanav.com
11 Jun 2015 09:02:00 [0c1c] - Web: http://www.escanav.com
11 Jun 2015 09:02:00 [0c1c] - **********************************************************
11 Jun 2015 09:02:00 [0c1c] - Version 14.0.188[DB] (C:\USERS\BABYPINKPAW\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
11 Jun 2015 09:02:00 [0c1c] - Log File: C:\Users\babypinkpaw\AppData\Local\Temp\LOG\MWAV.LOG
11 Jun 2015 09:02:00 [0c1c] - User Account: babypinkpaw (Administrator Mode)
11 Jun 2015 09:02:00 [0c1c] - Parent Process Name : C:\Users\babypinkpaw\AppData\Local\Temp\mexe.com
11 Jun 2015 09:02:00 [0c1c] - Windows Root  Folder: C:\Windows
11 Jun 2015 09:02:00 [0c1c] - Windows Sys32 Folder: C:\Windows\system32
11 Jun 2015 09:02:00 [0c1c] - OS: Windows 7 64-Bit [OS Install Date: 03 Nov 2013 02:08:15]
11 Jun 2015 09:02:00 [0c1c] - Ver: Professional Service Pack 1 (Build 7601)
11 Jun 2015 09:02:00 [0c1c] - Latest Date of files inside MWAV: Thu Jun 11 12:26:07 2015.
11 Jun 2015 09:02:00 [0c1c] - Priority: NORMAL
 
11 Jun 2015 09:02:00 [1188] - Options Selected by User:
11 Jun 2015 09:02:00 [1188] - Memory Check: Enabled
11 Jun 2015 09:02:00 [1188] - Registry Check: Enabled
11 Jun 2015 09:02:00 [1188] - StartUp Folder Check: Enabled
11 Jun 2015 09:02:00 [1188] - System Folder Check: Enabled
11 Jun 2015 09:02:00 [1188] - Services Check: Enabled
11 Jun 2015 09:02:00 [1188] - Scan Spyware: Enabled
11 Jun 2015 09:02:00 [1188] - Scan Archives: Disabled
11 Jun 2015 09:02:00 [1188] - Drive Check: Enabled
11 Jun 2015 09:02:00 [1188] - All Drive Check :Disabled
11 Jun 2015 09:02:00 [1188] - Drive Selected = C:\
11 Jun 2015 09:02:00 [1188] - Folder Check: Disabled
11 Jun 2015 09:02:00 [1188] - SCAN: All_Files [ANSI]
11 Jun 2015 09:02:00 [1188] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
11 Jun 2015 09:02:00 [1188] - Scanning DNS Records...
11 Jun 2015 09:02:00 [1188] - Scanning Master Boot Record (User)...
11 Jun 2015 09:02:00 [1188] - Scanning Logical Boot Records...
11 Jun 2015 09:02:01 [1188] - ***** Scanning For Hidden Rootkit Processes *****
11 Jun 2015 09:02:01 [1188] - ***** Scanning For Hidden Rootkit Services *****
11 Jun 2015 09:02:06 [1188] - Name: Nhmon (HIDDEN)
11 Jun 2015 09:02:06 [1188] - Display Name: Nhmon
11 Jun 2015 09:02:06 [1188] - Image Path: system32\DRIVERS\Nhmon.sys
11 Jun 2015 09:02:06 [1188] - Group: System Reserved
11 Jun 2015 09:02:06 [1188] - Start: 0
 
11 Jun 2015 09:02:06 [1188] - Service Name: Nhmon
11 Jun 2015 09:02:06 [1188] - Service Image: system32\DRIVERS\Nhmon.sys
 
11 Jun 2015 09:02:06 [1188] - ***** Scanning Memory Files *****
 
11 Jun 2015 09:02:15 [1188] - ***** Scanning Registry Files *****
 
11 Jun 2015 09:02:20 [1188] - ***** Scanning StartUp Folders *****
11 Jun 2015 09:03:00 [1058] - ScanFile (C:\Users\babypinkpaw\AppData\Roaming\KuGou8\cef\7311394880104059808\flash_1\flash.dll) took 6521 ms
11 Jun 2015 09:03:02 [1064] - ScanFile (C:\Users\babypinkpaw\AppData\Roaming\KuGou8\cef\292064717441103144_f1.mp3) took 8268 ms
11 Jun 2015 09:03:09 [0f24] - ScanFile (C:\Users\babypinkpaw\AppData\Roaming\IQIYI Video\PluginConfig\apk\LStyle_1\iqiyi_986.apk) took 16505 ms
11 Jun 2015 09:03:10 [0a6c] - ScanFile (C:\Users\babypinkpaw\AppData\Roaming\IQIYI Video\PluginConfig\apk\LStyle_0\iqiyi_985.apk) took 16802 ms
11 Jun 2015 09:03:15 [1670] - ScanFile (C:\Users\babypinkpaw\AppData\Roaming\KuGou8\Upgrade\KuGoo3Up7686.mp3) took 12885 ms
11 Jun 2015 09:03:15 [10b4] - ScanFile (C:\Users\babypinkpaw\AppData\Roaming\KuGou8\Upgrade\KuGoo3Up7690.mp3) took 13510 ms
11 Jun 2015 09:03:26 [1058] - ScanFile (C:\Users\babypinkpaw\AppData\Roaming\KuGou8\Upgrade\KuGoo3Up7680.mp3) took 23868 ms
11 Jun 2015 09:03:26 [1058] - Scanning of C:\Users\babypinkpaw\AppData\Roaming\KuGou8\Upgrade\KuGoo3Up7680.mp3 Timed out!!!
11 Jun 2015 09:03:27 [0404] - ScanFile (C:\Users\babypinkpaw\AppData\Roaming\KuGou8\Upgrade\KuGoo3Up7631.mp3) took 24414 ms
11 Jun 2015 09:03:27 [0404] - Scanning of C:\Users\babypinkpaw\AppData\Roaming\KuGou8\Upgrade\KuGoo3Up7631.mp3 Timed out!!!
11 Jun 2015 09:03:39 [0e58] - ScanFile (C:\Users\babypinkpaw\AppData\Roaming\Tencent\QQ\Flash\Temp\Flash.zip) took 9282 ms
 
11 Jun 2015 09:03:56 [1188] - ***** Scanning Service Files *****
11 Jun 2015 09:03:57 [0f24] - Scanning File C:\ProgramData\Tencent\QQDownload\mediaV4.cch
11 Jun 2015 09:04:06 [1188] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\Nhmon].
11 Jun 2015 09:04:06 [1188] - Giving rights© to [HKLM64\SYSTEM\CurrentControlSet\Services\Nhmon].
11 Jun 2015 09:04:09 [1188] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
11 Jun 2015 09:04:14 [1188] - ***** Scanning Registry and File system for Adware/Spyware *****
11 Jun 2015 09:04:14 [1188] - Loading Spyware Signatures from new External Database [Name: C:\Users\BABYPI~1\AppData\Local\Temp\spydb.avs, Size: 464724]...
11 Jun 2015 09:04:14 [1188] - Indexed Spyware Databases Successfully Created...
 
11 Jun 2015 09:04:15 [1188] - Offending Key found: HKCR\protocols\handler\KuGoo !!!
11 Jun 2015 09:04:15 [1188] - Deleting Registry Key: HKCR\protocols\handler\KuGoo
11 Jun 2015 09:05:32 [1188] - Object "IEHelper.dll Spyware/Adware" found in File System! Action Taken: Entries Removed.
 
11 Jun 2015 09:05:33 [1188] - Offending Folder found: C:\Users\babypinkpaw\AppData\Roaming\Microsoft\WinUpdate
11 Jun 2015 09:05:33 [1188] - Deltree of Folder C:\Users\babypinkpaw\AppData\Roaming\Microsoft\WinUpdate...
11 Jun 2015 09:05:33 [1188] - Object "Schoeberl.e Trojan" found in File System! Action Taken: Entries Removed.
 
11 Jun 2015 09:05:33 [1188] - Offending file found: C:\Users\babypinkpaw\AppData\Roaming\Tencent\QQDownload\4281337092\Setting\host.dat
11 Jun 2015 09:05:33 [1188] - System found infected with NaviHelper Spyware/Adware (host.dat)! Action taken: File Deleted.
11 Jun 2015 09:05:33 [1188] - Object "NaviHelper Spyware/Adware" found in File System! Action Taken: File Deleted.
 
11 Jun 2015 09:05:33 [1188] - Offending file found: C:\Users\babypinkpaw\AppData\Roaming\Tencent\QQDownload\884596017\Setting\host.dat
11 Jun 2015 09:05:33 [1188] - System found infected with NaviHelper Spyware/Adware (host.dat)! Action taken: File Deleted.
11 Jun 2015 09:05:33 [1188] - Object "NaviHelper Spyware/Adware" found in File System! Action Taken: File Deleted.
 
11 Jun 2015 09:05:33 [1188] - Offending file found: C:\Users\babypinkpaw\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_fepbnnnkkadjhjahcafoaglimekefifl_0\43
11 Jun 2015 09:05:33 [1188] - System found infected with XPAntivirus (43)! Action taken: File Deleted.
11 Jun 2015 09:05:33 [1188] - Object "XPAntivirus" found in File System! Action Taken: File Deleted.
 
11 Jun 2015 09:05:39 [1188] - Offending file found: C:\Users\babypinkpaw\AppData\Local\Tudou\FeisuTudou\ikuacc\partner.dat
11 Jun 2015 09:05:39 [1188] - System found infected with My Search Spyware/Adware (partner.dat)! Action taken: File Deleted.
11 Jun 2015 09:05:39 [1188] - Object "My Search Spyware/Adware" found in File System! Action Taken: File Deleted.
 
 
11 Jun 2015 09:05:42 [1188] - ***** Scanning Registry Files *****
11 Jun 2015 09:05:42 [1188] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
11 Jun 2015 09:05:42 [1188] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
11 Jun 2015 09:05:42 [1188] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
11 Jun 2015 09:05:42 [1188] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
11 Jun 2015 09:05:42 [1188] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
11 Jun 2015 09:05:42 [1188] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
11 Jun 2015 09:05:42 [1188] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
11 Jun 2015 09:05:42 [1188] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
 
11 Jun 2015 09:05:42 [1188] - ***** Scanning System32 Folders *****
 
 
11 Jun 2015 09:06:38 [1188] - ***** Scanning Drive C:\ *****
11 Jun 2015 09:06:39 [1064] - C:\360SANDBOX\360SandBox.sav not Scanned. Possibly password protected...
11 Jun 2015 09:06:39 [0f24] - C:\Boot\BCD not Scanned. Possibly password protected...
11 Jun 2015 09:09:06 [0e58] - ScanFile (C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroExt\libcef.dll) took 6287 ms
11 Jun 2015 09:10:02 [0a6c] - ScanFile (C:\Program Files (x86)\LuDaShi\ludashi.apk) took 5741 ms
11 Jun 2015 09:10:59 [0e58] - C:\System Volume Information\ISwift3.dat not Scanned. Possibly password protected...
11 Jun 2015 09:10:59 [1058] - C:\System Volume Information\klmeta.dat not Scanned. Possibly password protected...
11 Jun 2015 09:11:02 [0a6c] - Scanning File C:\System Volume Information\{18e440b5-06ec-11e5-b89f-a8bbcf067073}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 Jun 2015 09:11:02 [0404] - Scanning File C:\System Volume Information\{73d96a1a-0cd9-11e5-bdae-a8bbcf067073}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 Jun 2015 09:11:02 [10b4] - C:\System Volume Information\Syscache.hve not Scanned. Possibly password protected...
11 Jun 2015 09:11:02 [1064] - Scanning File C:\System Volume Information\{73d96a40-0cd9-11e5-bdae-a8bbcf067073}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 Jun 2015 09:11:02 [1058] - Scanning File C:\System Volume Information\{18e43fde-06ec-11e5-b89f-a8bbcf067073}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 Jun 2015 09:11:02 [0f24] - Scanning File C:\System Volume Information\{73d969ea-0cd9-11e5-bdae-a8bbcf067073}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 Jun 2015 09:11:02 [0e58] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
11 Jun 2015 09:11:02 [0404] - Scanning File C:\System Volume Information\{73d96bfd-0cd9-11e5-bdae-a8bbcf067073}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 Jun 2015 09:11:02 [0a6c] - Scanning File C:\System Volume Information\{73d96a5c-0cd9-11e5-bdae-a8bbcf067073}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 Jun 2015 09:11:02 [10b4] - Scanning File C:\System Volume Information\{77287cdf-0b49-11e5-bfcd-a8bbcf067073}{3808876b-c176-4e48-b7ae-04046e6cc752}
11 Jun 2015 09:11:04 [1670] - C:\Users\babypinkpaw\AppData\Local\Google\Chrome\User Data\Default\Current Session not Scanned. Possibly password protected...
11 Jun 2015 09:11:11 [1670] - ScanFile (C:\Users\babypinkpaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.18.1_0\scripts\readium-all.js) took 5180 ms
11 Jun 2015 09:11:47 [10b4] - C:\Users\babypinkpaw\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp not Scanned. Possibly password protected...
11 Jun 2015 09:11:47 [0f24] - C:\Users\babypinkpaw\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat not Scanned. Possibly password protected...
11 Jun 2015 09:12:43 [0e58] - C:\Users\babypinkpaw\AppData\Local\Tudou\FeisuTudou\ikuacc\server.dat not Scanned. Possibly password protected...
11 Jun 2015 09:12:43 [1670] - C:\Users\babypinkpaw\AppData\Local\Tudou\FeisuTudou\ikuacc\ikuacc.dat not Scanned. Possibly password protected...
11 Jun 2015 09:12:43 [1064] - C:\Users\babypinkpaw\AppData\Local\Tudou\FeisuTudou\ikuacc\ikucmc.dat not Scanned. Possibly password protected...
11 Jun 2015 09:12:43 [1058] - C:\Users\babypinkpaw\AppData\Local\Tudou\FeisuTudou\ikuacc\user.dat not Scanned. Possibly password protected...
11 Jun 2015 09:12:55 [0a6c] - ScanFile (C:\Users\babypinkpaw\AppData\LocalLow\SogouPY\USBDT\MobAssHelper.exe) took 6302 ms
11 Jun 2015 09:13:26 [0f24] - ScanFile (C:\Users\Public\SogouInput\USBDT\sogou_mtool_usbdtup_2.3.0.19532.exe) took 6007 ms
11 Jun 2015 09:15:49 [10b4] - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat not Scanned. Possibly password protected...
11 Jun 2015 09:15:49 [1058] - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat not Scanned. Possibly password protected...
11 Jun 2015 09:15:49 [0a6c] - C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\edf13628869f011d79d6bacc9da3200863ba37d2.HomeGroupClassifier\6316b77d07775b8f056cd9b3a5ca8e19\grouping\db.mdb not Scanned. Possibly password protected...
11 Jun 2015 09:15:50 [1058] - C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\edf13628869f011d79d6bacc9da3200863ba37d2.HomeGroupClassifier\6316b77d07775b8f056cd9b3a5ca8e19\grouping\tmp.edb not Scanned. Possibly password protected...
11 Jun 2015 09:17:23 [1064] - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected...
11 Jun 2015 09:17:23 [0404] - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected...
11 Jun 2015 09:17:49 [10b4] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\modinf64.inf_amd64_neutral_fcdb3555b4516253\igdfcl32.dll) took 7379 ms
11 Jun 2015 09:29:25 [1670] - ScanFile (C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll) took 6287 ms
11 Jun 2015 09:29:28 [0e58] - ScanFile (C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_10.2.9200.16721_none_ecbb10ae5303a0e9\ieframe.dll) took 6490 ms
11 Jun 2015 09:29:29 [0a6c] - ScanFile (C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_10.2.9200.20848_none_d5e3fb426cb202a4\ieframe.dll) took 7004 ms
11 Jun 2015 09:29:44 [1058] - ScanFile (C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.22736_none_745a5b85b34626f3\wmp.dll) took 5741 ms
11 Jun 2015 09:31:39 [1670] - ScanFile (C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe) took 5943 ms
 
11 Jun 2015 09:32:33 [1188] - ***** Checking for specific ITW Viruses *****
 
11 Jun 2015 09:32:33 [1188] - ***** Scanning complete. *****
 
11 Jun 2015 09:32:33 [1188] - Total Objects Scanned: 195054
11 Jun 2015 09:32:33 [1188] - Total Critical Objects: 6
11 Jun 2015 09:32:33 [1188] - Total Disinfected Objects: 0
11 Jun 2015 09:32:33 [1188] - Total Objects Renamed: 0
11 Jun 2015 09:32:33 [1188] - Total Deleted Objects: 6
11 Jun 2015 09:32:33 [1188] - Total Errors: 0
11 Jun 2015 09:32:33 [1188] - Time Elapsed: 00:30:08
11 Jun 2015 09:32:33 [1188] - Virus Database Date: 11 Jun 2015
11 Jun 2015 09:32:33 [1188] - Virus Database Count: 5753514
11 Jun 2015 09:32:33 [1188] - Sign Version: 7.61003 [519755]
 
11 Jun 2015 09:32:33 [1188] - Scan Completed.


#6 agreycat

agreycat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 June 2015 - 09:31 AM

Step 2 completed, the log file from zamana:

 

Zemana AntiMalware 2.15.2.721 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/11
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i7-3520M CPU @ 2.90GHz
BIOS Mode              : Legacy
CUID                   : 00A84C0A76F1874D9F2B20
Scan Type              : Deep Scan
Duration               : 33m 59s
Scanned Objects        : 146680
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------
 
Wireless Network Connection
Status             : Scanned
Object             : Wireless Network Connection 140.207.198.6
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : DNS Hijack
Cleaning Action    : Repair
Traces             :
                DNS Server - Wireless Network Connection : 140.207.198.6
 
IEBox.exe
Status             : Scanned
Object             : %programfiles%\kugou\kgmusic\iebox.exe
MD5                : 39285FA78987BE583F175C9FA15956FE
Publisher          : GuangZhou KuGou Computer Technology Co.,Ltd.
Size               : 13336
Version            : -
Detection          : Malware:Win32/Quarand!Mlee
Cleaning Action    : Quarantine
Traces             :
                File - %programfiles%\kugou\kgmusic\iebox.exe
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0


#7 agreycat

agreycat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 June 2015 - 09:45 AM

Step 3 completed, the log file from JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 7 Ultimate x64
Ran by babypinkpaw on Thu 06/11/2015 at 10:34:26.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\ProtectBaiduPlayer
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-12C9-4305-82F9-43058F20E8D2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0F4BF955-A127-41B7-A998-369904AA2578}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-12C9-4305-82F9-43058F20E8D2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4BF955-A127-41B7-A998-369904AA2578}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00000000-12C9-4305-82F9-43058F20E8D2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0F4BF955-A127-41B7-A998-369904AA2578}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\ProgramData\1433465674.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1433465846.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1433628049.bdinstall.bin
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\baidu
Successfully deleted: [Folder] C:\Program Files (x86)\tencent
Successfully deleted: [Folder] C:\ProgramData\baidu
Successfully deleted: [Folder] C:\ProgramData\tencent
Successfully deleted: [Folder] C:\Users\babypinkpaw\appdata\local\tencent
Successfully deleted: [Folder] C:\Users\babypinkpaw\appdata\locallow\tencent
Successfully deleted: [Folder] C:\Users\babypinkpaw\AppData\Roaming\tencent
 
 
 
~~~ Chrome
 
 
[C:\Users\babypinkpaw\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\babypinkpaw\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\babypinkpaw\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\babypinkpaw\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/11/2015 at 10:42:06.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 agreycat

agreycat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 June 2015 - 09:57 AM

Finished step 4! Am I safe now? :unsure:  The log from AdwCleaner:

 

# AdwCleaner v4.206 - Logfile created 11/06/2015 at 10:49:09
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : babypinkpaw - BABYPINKPAW-PC
# Running from : C:\Users\babypinkpaw\Desktop\adwcleaner_4.206.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\IQIYI Video
Folder Deleted : C:\Users\Public\Documents\tencent
Folder Deleted : C:\Program Files (x86)\Common Files\tencent
Folder Deleted : C:\Users\babypinkpaw\AppData\Roaming\IQIYI Video
Folder Deleted : C:\Users\babypinkpaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Users\babypinkpaw\AppData\Roaming\DAFD6SDFE.DLL
File Deleted : C:\Users\babypinkpaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\???PPS??.LNK
File Deleted : C:\Users\babypinkpaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\???PPS??.LNK
File Deleted : C:\Users\babypinkpaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\???PPS??.LNK
File Deleted : C:\Users\babypinkpaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???PPS??.LNK
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Deleted : HKLM\SOFTWARE\CLASSES\METNSD
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4DFC-959F-233651CC4D7F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{FF8B53A5-A5EF-400D-BF2A-93A0C5B7953C}C:\program files (x86)\tencent\qqdownload\qqdownload.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{4BD5DD33-05B1-431B-B022-6FC8545BF3B8}C:\program files (x86)\tencent\qqdownload\qqdownload.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{3D69BDF8-1862-4857-8E49-EE10989C2C59}C:\program files (x86)\tencent\qqdownload\qdautoupdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{8E9247A5-21C5-4316-9005-E5821D858DAD}C:\program files (x86)\tencent\qqdownload\qdautoupdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{5B39356B-F44B-4C59-82D2-81A2EEBC74E7}C:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{9B6FFB33-2619-4189-840D-A248C50BC025}C:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQIYI Video
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.81
 
[C:\Users\babypinkpaw\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\babypinkpaw\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [6699 bytes] - [11/06/2015 10:47:58]
AdwCleaner[S0].txt - [6706 bytes] - [11/06/2015 10:49:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6765  bytes] ##########


#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 PM

Posted 11 June 2015 - 05:53 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#10 agreycat

agreycat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 June 2015 - 06:19 PM

Adware Removal Tool log

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 

 
Adware Removal Tool v3.9
Time: 2015_06_11_19_04_53
OS: Windows 7 - 64 Bit
Account Name: babypinkpaw
U0L0S11
 
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
 
\\ Finished


#11 agreycat

agreycat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 June 2015 - 07:09 PM

after runing zhpcleaner and reboot, my laptop is blackscreened, everything i see is the open text file of the scan log from zhpcleaner. what can i do now?

#12 agreycat

agreycat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 June 2015 - 07:11 PM

i am now replying from my phone, can't use my laptop :(

#13 agreycat

agreycat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 June 2015 - 08:13 PM

I restored my computer to the point before zemana scan and now I can login into my desktop normally again. What should I do now? should I repeat scans with eScanAV, Zemana, Junkware removal tool and Adware cleaner?



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 PM

Posted 11 June 2015 - 09:25 PM

Yes, please repeat and skip zhp cleaner. :)



#15 agreycat

agreycat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 June 2015 - 09:53 PM

Will do it tomorrow :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users