Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Russian popups and ads in browsers


  • Please log in to reply
15 replies to this topic

#1 HTKclap

HTKclap

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 17 June 2015 - 08:03 PM

Hi! Windows 8.1 64 bit, Avira Antivirus and MalwareBytes installed.

Every time I open some pages on my browsers, random ads popout and redirects to others pages. This occours when i'm using Steam and League of Legends too.

 

My Malwarebytes is giving me a warning about owpawuk.ru every time whose these ads popups (example: http://i.gyazo.com/1f4c8379007ea2894269d2b5407da94f.png)

 

Here some log from last scan on Malwarebytes:

 

Scan Date: 16/06/2015
Scan Time: 22:05:26
Logfile: scan.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.16.06
Rootkit Database: v2015.06.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Carlos

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337246
Time Elapsed: 39 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

And here from last scan in Adwcleaner (in pt-br):

 

# AdwCleaner v4.206 - Relatório criado 17/06/2015 às 21:56:14
# Atualizado 01/06/2015 por Xplode
# Base de dados : 2015-06-17.1 [Servidor]
# Sistema operacional : Windows 8.1 Pro  (x64)
# Usuário : Carlos - KARDIA_KINGDOM
# Executando de : C:\Users\Carlos\Downloads\AdwCleaner.exe
# Opção : Verificar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Tarefas agendadas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 pt-BR)


*************************

AdwCleaner[R0].txt - [747 bytes] - [08/06/2015 23:51:50]
AdwCleaner[R1].txt - [878 bytes] - [13/06/2015 20:13:36]
AdwCleaner[R2].txt - [991 bytes] - [13/06/2015 21:22:41]
AdwCleaner[R3].txt - [800 bytes] - [17/06/2015 21:56:14]
AdwCleaner[S0].txt - [810 bytes] - [08/06/2015 23:53:05]
AdwCleaner[S1].txt - [934 bytes] - [13/06/2015 20:15:12]
AdwCleaner[S2].txt - [1047 bytes] - [13/06/2015 21:23:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1033 bytes] ##########
 


Edited by HTKclap, 17 June 2015 - 08:08 PM.


BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 17 June 2015 - 08:44 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 HTKclap

HTKclap
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 22 June 2015 - 05:47 PM

escan log:
 
19 jun 2015 19:59:03 [13b4] - **********************************************************
19 jun 2015 19:59:03 [13b4] - eScan AntiVírus & Spyware Toolkit utilitário.
19 jun 2015 19:59:03 [13b4] - Copyright © 2003-2006,  MicroWorld Technologies Inc.
19 jun 2015 19:59:03 [13b4] - **********************************************************
19 jun 2015 19:59:03 [13b4] - Source: C:\Users\Carlos\Downloads\mwav.exe
19 jun 2015 19:59:03 [13b4] - Versão 14.0.189 (C:\USERS\CARLOS\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
19 jun 2015 19:59:03 [13b4] - Ficheiro de Registo: C:\Users\Carlos\AppData\Local\Temp\LOG\MWAV.LOG
19 jun 2015 19:59:03 [13b4] - MWAV Registered: TRUE
19 jun 2015 19:59:03 [13b4] - User Account: Carlos (Administrator Mode)
19 jun 2015 19:59:03 [13b4] - OS Type: Windows Workstation [InstallType: Client]
19 jun 2015 19:59:03 [13b4] - OS: Windows 8.1 64-Bit [OS Install Date: 08 Jun 2015 23:22:45]
19 jun 2015 19:59:03 [13b4] - Ver: Professional Build 9200
19 jun 2015 19:59:03 [13b4] - System Up Time: 37 Minutes, 8 Seconds


19 jun 2015 19:59:03 [13b4] - Parent Process Name : C:\Users\Carlos\AppData\Local\Temp\mexe.com
19 jun 2015 19:59:03 [13b4] - Windows Root  Folder: C:\Windows
19 jun 2015 19:59:03 [13b4] - Windows Sys32 Folder: C:\Windows\system32
19 jun 2015 19:59:03 [13b4] - DHCP NameServer: 94.102.63.85 8.8.8.8
19 jun 2015 19:59:03 [13b4] - Interface0 DHCPNameServer: 94.102.63.85 8.8.8.8
19 jun 2015 19:59:03 [13b4] - Local Fixed Drives: c:\,d:\,e:\
19 jun 2015 19:59:03 [13b4] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
19 jun 2015 19:59:03 [13b4] - [CREATED ZIP FILE: C:\Users\Carlos\AppData\Local\Temp\pinfect.zip]
19 jun 2015 19:59:03 [13b4] - Opções dadas da Linha de Comandos: /xsign
19 jun 2015 19:59:37 [13b4] - Última Data dos ficheiros em MWAV: Sat Jun 20 01:13:47 2015.
19 jun 2015 19:59:37 [13b4] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Carlos\AppData\Local\Temp\LOG\ESCANDB.LOG]
19 jun 2015 19:59:40 [13b4] - Loaded/Created FileScan Cache Database...
19 jun 2015 19:59:40 [13b4] - Loading AV Library [DB]...
19 jun 2015 19:59:52 [13b4] - ArchiveScan: DISABLED
19 jun 2015 19:59:52 [13b4] - AV Library Loaded [DB-DIRECT].
19 jun 2015 19:59:52 [13b4] - MWAV doing self scanning...
19 jun 2015 19:59:53 [13b4] - MWAV files are clean.
19 jun 2015 19:59:57 [13b4] - ArchiveScan: DISABLED
19 jun 2015 19:59:57 [13b4] - Data da Base de Dados de Vírus: 19 Jun 2015
19 jun 2015 19:59:57 [13b4] - Contador da Base de Dados de Vírus: 5733448
19 jun 2015 19:59:57 [13b4] - Sign Version: 7.61133 [519885]
 
19 jun 2015 20:00:21 [13b4] - **********************************************************
19 jun 2015 20:00:21 [13b4] - eScan AntiVírus & Spyware Toolkit utilitário.
19 jun 2015 20:00:21 [13b4] - Copyright © 2003-2006,  MicroWorld Technologies Inc.
19 jun 2015 20:00:21 [13b4] -
19 jun 2015 20:00:21 [13b4] - Suporte: support@escanav.com
19 jun 2015 20:00:21 [13b4] - Internet: http://www.escanav.com
19 jun 2015 20:00:21 [13b4] - **********************************************************
19 jun 2015 20:00:21 [13b4] - Versão 14.0.189[DB] (C:\USERS\CARLOS\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
19 jun 2015 20:00:21 [13b4] - Ficheiro de Registo: C:\Users\Carlos\AppData\Local\Temp\LOG\MWAV.LOG
19 jun 2015 20:00:21 [13b4] - User Account: Carlos (Administrator Mode)
19 jun 2015 20:00:21 [13b4] - Parent Process Name : C:\Users\Carlos\AppData\Local\Temp\mexe.com
19 jun 2015 20:00:21 [13b4] - Windows Root  Folder: C:\Windows
19 jun 2015 20:00:21 [13b4] - Windows Sys32 Folder: C:\Windows\system32
19 jun 2015 20:00:21 [13b4] - OS: Windows 8.1 64-Bit [OS Install Date: 08 Jun 2015 23:22:45]
19 jun 2015 20:00:21 [13b4] - Ver: Professional Build 9200
19 jun 2015 20:00:21 [13b4] - Última Data dos ficheiros em MWAV: Sat Jun 20 01:13:47 2015.
19 jun 2015 20:00:21 [13b4] - Priority: NORMAL
 
19 jun 2015 20:00:22 [0d24] - Opções Selecionadas pelo Utilizador:
19 jun 2015 20:00:22 [0d24] - Verificação de Memória: Ativo
19 jun 2015 20:00:22 [0d24] - Verificar registo: Ativo
19 jun 2015 20:00:22 [0d24] - Verificar Pasta de Arranque: Ativo
19 jun 2015 20:00:22 [0d24] - Verificar Pasta do Sistema: Ativo
19 jun 2015 20:00:22 [0d24] - Verificar Serviços: Ativo
19 jun 2015 20:00:22 [0d24] - Analisar Spyware: Ativo
19 jun 2015 20:00:22 [0d24] - Analisar Archives: Desativado
19 jun 2015 20:00:22 [0d24] - Verificar Unidade: Ativo
19 jun 2015 20:00:22 [0d24] - Verificar Todas as Unidades:Desativado
19 jun 2015 20:00:22 [0d24] - Unidade Selecionada = C:\
19 jun 2015 20:00:22 [0d24] - Verificar Pasta: Desativado
19 jun 2015 20:00:22 [0d24] - SCAN: All_Files [ANSI]
19 jun 2015 20:00:22 [0d24] - MWAV Mode( B): Scan and Clean files (for viruses, adware and spyware)
 
19 jun 2015 20:00:22 [0d24] - A analisar DNS Records...
19 jun 2015 20:00:22 [0d24] - A analisar Master Boot Record (User)...
19 jun 2015 20:00:22 [0d24] - A analisar Logical Boot Records...
19 jun 2015 20:00:25 [0d24] - ***** Procurar por Processos Rootkit Ocultos *****
19 jun 2015 20:00:26 [0d24] - ***** Procurar por Serviços Rootkit Ocultos *****
 
19 jun 2015 20:00:30 [0d24] - ***** A analisar os ficheiros em Memória *****
 
19 jun 2015 20:00:48 [0d24] - ***** A analisar ficheiros do registo *****
 
19 jun 2015 20:00:52 [0d24] - ***** A analisar as Pastas de Arranque *****
 
19 jun 2015 20:01:16 [0d24] - ***** A analisar os ficheiros de Serviço *****
19 jun 2015 20:01:29 [0d24] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
19 jun 2015 20:01:34 [0d24] - ***** A analisar o registo e o Sistema de ficheiros contra Adware/Spyware *****
19 jun 2015 20:01:35 [0d24] - A carregar a base de dados de Spyware a partir da nova base de dados externa [Nome: C:\Users\Carlos\AppData\Local\Temp\spydb.avs, Tamanho: 464724]...
19 jun 2015 20:01:35 [0d24] - Indexed Spyware Databases Successfully Created...
 
 
19 jun 2015 20:01:44 [0d24] - ***** A analisar ficheiros do registo *****
 
19 jun 2015 20:01:45 [0d24] - ***** A analisar a Pasta System32 *****
 
 
19 jun 2015 20:04:15 [0d24] - ***** A analisar a Unidade C:\ *****
19 jun 2015 20:08:18 [0d24] - A analisar o ficheiro C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
19 jun 2015 20:08:18 [0d24] - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
19 jun 2015 20:08:18 [0d24] - A analisar o ficheiro C:\System Volume Information\{811d0ea2-12bd-11e5-8260-6cf049f1aa58}{3808876b-c176-4e48-b7ae-04046e6cc752}
19 jun 2015 20:08:18 [0d24] - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{811d0ea2-12bd-11e5-8260-6cf049f1aa58}{3808876b-c176-4e48-b7ae-04046e6cc752}
19 jun 2015 20:08:18 [0d24] - A analisar o ficheiro C:\System Volume Information\{811d19d0-12bd-11e5-8260-6cf049f1aa58}{3808876b-c176-4e48-b7ae-04046e6cc752}
19 jun 2015 20:08:18 [0d24] - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{811d19d0-12bd-11e5-8260-6cf049f1aa58}{3808876b-c176-4e48-b7ae-04046e6cc752}
19 jun 2015 20:08:18 [0d24] - A analisar o ficheiro C:\System Volume Information\{c7aebc64-1162-11e5-8256-6cf049f1aa58}{3808876b-c176-4e48-b7ae-04046e6cc752}
19 jun 2015 20:08:18 [0d24] - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{c7aebc64-1162-11e5-8256-6cf049f1aa58}{3808876b-c176-4e48-b7ae-04046e6cc752}
19 jun 2015 20:12:31 [0d24] - ScanFile (C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe) took 5704 ms
19 jun 2015 20:18:07 [0d24] - ScanFile (C:\Windows\Setup\SCRIPTS\KMSAuto Net.exe) took 21453 ms
19 jun 2015 20:18:07 [0d24] - Análise de C:\Windows\Setup\SCRIPTS\KMSAuto Net.exe Timed out!!!
19 jun 2015 20:18:07 [0d24] - ERROR(3)!!! ScanFile fails for C:\Windows\Setup\SCRIPTS\KMSAuto Net.exe
19 jun 2015 20:19:40 [0d24] - ScanFile (C:\Windows\SoftwareDistribution\Download\c1aa4c5e3a46441f6551ab5ade4baeea\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74\comctl32.dll) took 8657 ms
19 jun 2015 20:20:09 [0d24] - ScanFile (C:\Windows\SoftwareDistribution\Download\cbf6fc445b60e0fa9ee6a8c05ab6b94b\wow64_microsoft-windows-i..tup-ie-ieui-windows_31bf3856ad364e35_6.3.9600.17801_none_85f0e7e05abaf53f\ieui.dll) took 9453 ms
19 jun 2015 20:28:23 [0d24] - ScanFile (C:\Windows\Speech\Common\en-US\sapisvr.exe.mui) took 13610 ms
19 jun 2015 20:29:48 [0d24] - ScanFile (C:\Windows\System32\accessibilitycpl.dll) took 76437 ms
19 jun 2015 20:29:48 [0d24] - Análise de C:\Windows\System32\accessibilitycpl.dll Timed out!!!
19 jun 2015 20:29:48 [0d24] - ERROR(3)!!! ScanFile fails for C:\Windows\System32\accessibilitycpl.dll
19 jun 2015 20:29:56 [0d24] - ScanFile (C:\Windows\System32\ACCTRES.dll) took 7656 ms
19 jun 2015 20:30:30 [0d24] - ScanFile (C:\Windows\System32\acledit.dll) took 33578 ms
19 jun 2015 20:30:30 [0d24] - Análise de C:\Windows\System32\acledit.dll Timed out!!!
19 jun 2015 20:30:30 [0d24] - ERROR(3)!!! ScanFile fails for C:\Windows\System32\acledit.dll
19 jun 2015 20:30:55 [0d24] - ScanFile (C:\Windows\System32\aclui.dll) took 25625 ms
19 jun 2015 20:30:55 [0d24] - Análise de C:\Windows\System32\aclui.dll Timed out!!!
19 jun 2015 20:30:55 [0d24] - ERROR(3)!!! ScanFile fails for C:\Windows\System32\aclui.dll
19 jun 2015 20:53:21 [0d24] - ScanFile (C:\Windows\WinSxS\Backup\wow64_microsoft-windows-directcomposition_31bf3856ad364e35_6.3.9600.17042_none_98b0ceba49fc6c8e_dcomp.dll_a2e93a7d) took 5031 ms
19 jun 2015 21:06:33 [0d24] - ScanFile (C:\Windows\WinSxS\Temp\PendingDeletes\$$DeleteMe.apphelp.dll.01d0a656b6555ae9.0019) took 11500 ms
19 jun 2015 21:06:42 [0d24] - ScanFile (C:\Windows\WinSxS\Temp\PendingDeletes\$$DeleteMe.comctl32.dll.01d0a656b6981ce9.001b) took 7984 ms
 
19 jun 2015 21:14:08 [0d24] - ***** A analisar vírus ITW específicos *****
 
19 jun 2015 21:14:09 [0d24] - ***** Ana´lise concluída. *****
 
19 jun 2015 21:14:09 [0d24] - Total de Objetos Analisados: 242616
19 jun 2015 21:14:09 [0d24] - Total de Objetos Críticos Encontrados: 0
19 jun 2015 21:14:09 [0d24] - Total de ficheiros Desinfetados: 0
19 jun 2015 21:14:09 [0d24] - Total de Objetos Renomeados: 0
19 jun 2015 21:14:09 [0d24] - Total de ficheiros Eliminados: 0
19 jun 2015 21:14:09 [0d24] - Total de Erros: 0
19 jun 2015 21:14:09 [0d24] - Tempo Decorrido: 01:13:38
19 jun 2015 21:14:09 [0d24] - Data da Base de Dados de Vírus: 19 Jun 2015
19 jun 2015 21:14:09 [0d24] - Contador da Base de Dados de Vírus: 5733448
19 jun 2015 21:14:09 [0d24] - Sign Version: 7.61133 [519885]
 
19 jun 2015 21:14:09 [0d24] - Análise Concluída.
 

============================================================================

Zemana log:

Zemana AntiMalware 2.15.2.721 (Instalado)

-------------------------------------------------------
Resultado da Verificação: Finalizado
Data da Verificação : 2015/6/22
Sistema Operacional : Windows 8.1 64-bit
Processador : 1X AMD Sempron™ 140 Processor
Modo da BIOS : Legacy
CUID : 008EEFA0181047497C3386
Tipo da Verificação : Verificação Profunda
Duração : 31m 9s
Objetos Verificados : 206597
Objetos Detectados : 2
Objetos Excluídos : 0
Nível da Leitura : SCSI
Envio Automático : Sim
Incluir Todas Extensões : Não
Verificar Documentos : Sim
Informações do Domínio : WORKGROUP,1,2
Objetos Detectados
-------------------------------------------------------

Firefox Search
Status : Verificado
Objeto : MercadoLivre - http://pmstrk.mercadolivre.com.br
MD5 : -
Editor : -
Tamanho : -
Versão : -
Detecção : Configuração do Navegador Suspeita
Ação da Limpeza : Reparar
Traços :
Configuração do Navegador - Firefox Search

Firefox Search
Status : Verificado
Objeto : BuscaPé - http://busca.buscape.com.br
MD5 : -
Editor : -
Tamanho : -
Versão : -
Detecção : Configuração do Navegador Suspeita
Ação da Limpeza : Reparar
Traços :
Configuração do Navegador - Firefox Search

Resultados da Limpeza
-------------------------------------------------------
Limpos : 2
Relatados como seguros : 0
Falhas : 0

Edited by HTKclap, 22 June 2015 - 05:51 PM.


#4 HTKclap

HTKclap
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 22 June 2015 - 05:52 PM

(continuing from the other post)

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.7 (06.21.2015:2)
OS: Windows 8.1 Pro x64
Ran by Carlos on 22/06/2015 at 19:31:01,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/06/2015 at 19:33:32,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


===

ADWCleaner log:

# AdwCleaner v4.207 - Relatório criado 22/06/2015 às 19:36:09
# Atualizado 21/06/2015 por Xplode
# Base de dados : 2015-06-21.2 [Servidor]
# Sistema operacional : Windows 8.1 Pro (x64)
# Usuário : Carlos - KARDIA_KINGDOM
# Executando de : C:\Users\Carlos\Downloads\AdwCleaner(1).exe
# Opção : Verificar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Tarefas agendadas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 pt-BR)


*************************

AdwCleaner[R0].txt - [747 bytes] - [08/06/2015 23:51:50]
AdwCleaner[R1].txt - [878 bytes] - [13/06/2015 20:13:36]
AdwCleaner[R2].txt - [991 bytes] - [13/06/2015 21:22:41]
AdwCleaner[R3].txt - [1112 bytes] - [17/06/2015 21:56:14]
AdwCleaner[R4].txt - [862 bytes] - [22/06/2015 19:36:09]
AdwCleaner[S0].txt - [810 bytes] - [08/06/2015 23:53:05]
AdwCleaner[S1].txt - [934 bytes] - [13/06/2015 20:15:12]
AdwCleaner[S2].txt - [1047 bytes] - [13/06/2015 21:23:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1095 bytes] ##########

Edited by HTKclap, 22 June 2015 - 05:53 PM.


#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 22 June 2015 - 10:47 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#6 HTKclap

HTKclap
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 10 July 2015 - 09:21 PM

The Adware Removal Tool isn't available so, I've proceeded from 2nd step:

~ ZHPCleaner v2015.7.7.291 by Nicolas Coolman (2015\07\07)
~ Run by Carlos (Administrator)  (08/07/2015 23:53:47)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Carlos\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Carlos\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 8.1, 64-bit  (Build 9600)


---\\  Serviços (0)
~ Nenhum ítem malicioso foi encontrado.


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso foi encontrado.


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (21)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (40)
MOVIDO arquivo: C:\ProgramData\KMSAutoS (PUP.Windows)
MOVIDO arquivo: C:\Windows\Installer\MSI1360.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI409D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4979.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI503D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI54B8.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI5A85.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI5D32.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI5DA3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI5F79.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI6140.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI623B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI6361.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI6374.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI651B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI7038.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI7412.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI75D8.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI7BF4.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI7E18.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI86E3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8C33.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8EF3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI916F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI93C7.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9577.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI972E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI982D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI98EE.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI99F3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA9F6.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIAD91.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIAF92.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB070.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB437.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIBA04.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICF75.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDC8C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF7B6.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFA57.tmp- (Empty)


---\\  Registro ( Chaves, Valores, Dados ) (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Google Chrome)
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 1020
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 40


End of clean at 23:54:00
===================
ZHPCleaner-[R]-08072015-23_54_00.txt
ZHPCleaner-[S]-08072015-23_52_43.txt


 Results of screen317's Security Check version 1.005  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus    
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
 Adobe Flash Player     18.0.0.194  
 Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````


MiniToolBox by Farbar  Version: 01-07-2015
Ran by Carlos (administrator) on 09-07-2015 at 00:06:52
Running from "C:\Users\Carlos\Downloads"
Microsoft Windows 8.1 Pro  (X64)
Model: M61PME-S2P Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configura��o de IP do Windows

Libera��o do Cache do DNS Resolver bem-sucedida.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Ethernet (Connected)


# ----------------------------------
# Configura��o de IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# Final da configura��o IPv4



Configura��o de IP do Windows

   Nome do host. . . . . . . . . . . . . . . . : Kardia_Kingdom
   Sufixo DNS prim�rio . . . . . . . . . . . . :
   Tipo de n�. . . . . . . . . . . . . . . . . : h�brido
   Roteamento de IP ativado. . . . . . . . . . : n�o
   Proxy WINS ativado. . . . . . . . . . . . . : n�o

Adaptador Ethernet Ethernet:

   Sufixo DNS espec�fico de conex�o. . . . . . :
   Descri��o . . . . . . . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Endere�o F�sico . . . . . . . . . . . . . . : 6C-F0-49-F1-AA-58
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura��o Autom�tica Habilitada. . . . . : Sim
   Endere�o IPv6 de link local . . . . . . . . : fe80::183d:4b28:d5e:aa10%3(Preferencial)
   Endere�o IPv4. . . . . . . .  . . . . . . . : 192.168.0.4(Preferencial)
   M�scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
   Concess�o Obtida. . . . . . . . . . . . . . : quinta-feira, 9 de julho de 2015 00:01:21
   Concess�o Expira. . . . . . . . . . . . . . : quinta-feira, 9 de julho de 2015 01:01:51
   Gateway Padr�o. . . . . . . . . . . . . . . : 192.168.0.1
   Servidor DHCP . . . . . . . . . . . . . . . : 192.168.0.1
   IAID de DHCPv6. . . . . . . . . . . . . . . : 57471049
   DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-1D-08-02-CE-6C-F0-49-F1-AA-58
   Servidores DNS. . . . . . . . . . . . . . . : 93.158.212.35
                                                 8.8.8.8
   NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado

Adaptador de t�nel isatap.{9583437E-E5C6-4F89-A0C4-EE8F29943A84}:

   Estado da m�dia. . . . . . . . . . . . . .  : m�dia desconectada
   Sufixo DNS espec�fico de conex�o. . . . . . :
   Descri��o . . . . . . . . . . . . . . . . . : Microsoft ISATAP Adapter
   Endere�o F�sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : N�o
   Configura��o Autom�tica Habilitada. . . . . : Sim

Adaptador de t�nel Teredo Tunneling Pseudo-Interface:

   Sufixo DNS espec�fico de conex�o. . . . . . :
   Descri��o . . . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Endere�o F�sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : N�o
   Configura��o Autom�tica Habilitada. . . . . : Sim
   Endere�o IPv6 . . . . . . . . . . : 2001:0:9d38:90d7:205b:d66:3f57:fffb(Preferencial)
   Endere�o IPv6 de link local . . . . . . . . : fe80::205b:d66:3f57:fffb%5(Preferencial)
   Gateway Padr�o. . . . . . . . . . . . . . . : ::
   IAID de DHCPv6. . . . . . . . . . . . . . . : 134217728
   DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-1D-08-02-CE-6C-F0-49-F1-AA-58
   NetBIOS em Tcpip. . . . . . . . . . . . . . : Desabilitado
Servidor:  UnKnown
Address:  93.158.212.35


Disparando google.com [173.194.118.102] com 32 bytes de dados:
Resposta de 173.194.118.102: bytes=32 tempo=30ms TTL=55
Resposta de 173.194.118.102: bytes=32 tempo=27ms TTL=55

Estat�sticas do Ping para 173.194.118.102:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n�mero redondo de vezes em milissegundos:
    M�nimo = 27ms, M�ximo = 30ms, M�dia = 28ms
Servidor:  UnKnown
Address:  93.158.212.35


Disparando yahoo.com [98.139.183.24] com 32 bytes de dados:
Resposta de 98.139.183.24: bytes=32 tempo=162ms TTL=51
Resposta de 98.139.183.24: bytes=32 tempo=152ms TTL=52

Estat�sticas do Ping para 98.139.183.24:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n�mero redondo de vezes em milissegundos:
    M�nimo = 152ms, M�ximo = 162ms, M�dia = 157ms

Disparando 127.0.0.1 com 32 bytes de dados:
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128

Estat�sticas do Ping para 127.0.0.1:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n�mero redondo de vezes em milissegundos:
    M�nimo = 0ms, M�ximo = 0ms, M�dia = 0ms
===========================================================================
Lista de interfaces
  3...6c f0 49 f1 aa 58 ......NVIDIA nForce Networking Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

Tabela de rotas IPv4
===========================================================================
Rotas ativas:
Endere�o de rede          M�scara   Ender. gateway       Interface   Custo
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.4     20
        127.0.0.0        255.0.0.0      No v�nculo         127.0.0.1    306
        127.0.0.1  255.255.255.255      No v�nculo         127.0.0.1    306
  127.255.255.255  255.255.255.255      No v�nculo         127.0.0.1    306
      192.168.0.0    255.255.255.0      No v�nculo       192.168.0.4    276
      192.168.0.4  255.255.255.255      No v�nculo       192.168.0.4    276
    192.168.0.255  255.255.255.255      No v�nculo       192.168.0.4    276
        224.0.0.0        240.0.0.0      No v�nculo         127.0.0.1    306
        224.0.0.0        240.0.0.0      No v�nculo       192.168.0.4    276
  255.255.255.255  255.255.255.255      No v�nculo         127.0.0.1    306
  255.255.255.255  255.255.255.255      No v�nculo       192.168.0.4    276
===========================================================================
Rotas persistentes:
  Nenhuma

Tabela de rotas IPv6
===========================================================================
Rotas ativas:
 Se destino de rede de m�trica      Gateway
  5    306 ::/0                     No v�nculo
  1    306 ::1/128                  No v�nculo
  5    306 2001::/32                No v�nculo
  5    306 2001:0:9d38:90d7:205b:d66:3f57:fffb/128
                                    No v�nculo
  3    276 fe80::/64                No v�nculo
  5    306 fe80::/64                No v�nculo
  3    276 fe80::183d:4b28:d5e:aa10/128
                                    No v�nculo
  5    306 fe80::205b:d66:3f57:fffb/128
                                    No v�nculo
  1    306 ff00::/8                 No v�nculo
  3    276 ff00::/8                 No v�nculo
  5    306 ff00::/8                 No v�nculo
===========================================================================
Rotas persistentes:
  Nenhuma
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/08/2015 11:57:57 PM) (Source: VSS) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.


Operation:
   Instantiating VSS server

Error: (07/08/2015 11:57:57 PM) (Source: VSS) (User: )
Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} e nome IVssCoordinatorEx2. [0x8007045b, A system shutdown is in progress.
]


Operation:
   Instantiating VSS server

Error: (07/08/2015 11:57:57 PM) (Source: VSS) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT).  hr = 0x8007045b, A system shutdown is in progress.
.


Operation:
   Initialize For Backup

Error: (07/08/2015 11:55:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/07/2015 10:40:31 PM) (Source: Application Hang) (User: )
Description: O programa LiveComm.exe versão 17.5.9600.20905 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID do Processo: 1d90

Hora de Início: 01d0b91e58d9151b

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe

ID do Relatório: 4ce2b03c-2512-11e5-8268-6cf049f1aa58

Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe

ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/06/2015 09:45:22 PM) (Source: Application Hang) (User: )
Description: O programa LiveComm.exe versão 17.5.9600.20905 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID do Processo: 19d4

Hora de Início: 01d0b84d78ef823f

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe

ID do Relatório: 6eb68993-2441-11e5-8268-6cf049f1aa58

Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe

ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/05/2015 10:56:12 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/05/2015 09:19:50 PM) (Source: Application Error) (User: )
Description: Nome do aplicativo com falha: Skype.exe, versão: 7.5.0.102, carimbo de data/hora: 0x556dd64c
Nome do módulo com falha: Skype.exe, versão: 7.5.0.102, carimbo de data/hora: 0x556dd64c
Código de exceção: 0xc000041d
Deslocamento da falha: 0x01a1042c
ID do processo com falha: 0x2148
Hora de início do aplicativo com falha: 0xSkype.exe0
Caminho do aplicativo com falha: Skype.exe1
Caminho do módulo com falha: Skype.exe2
ID do Relatório: Skype.exe3
Nome completo do pacote com falha: Skype.exe4
ID do aplicativo relativo ao pacote com falha: Skype.exe5

Error: (07/05/2015 09:19:41 PM) (Source: Application Error) (User: )
Description: Nome do aplicativo com falha: Skype.exe, versão: 7.5.0.102, carimbo de data/hora: 0x556dd64c
Nome do módulo com falha: Skype.exe, versão: 7.5.0.102, carimbo de data/hora: 0x556dd64c
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000d4d1f
ID do processo com falha: 0x2148
Hora de início do aplicativo com falha: 0xSkype.exe0
Caminho do aplicativo com falha: Skype.exe1
Caminho do módulo com falha: Skype.exe2
ID do Relatório: Skype.exe3
Nome completo do pacote com falha: Skype.exe4
ID do aplicativo relativo ao pacote com falha: Skype.exe5

Error: (07/04/2015 00:56:06 AM) (Source: Application Hang) (User: )
Description: O programa LiveComm.exe versão 17.5.9600.20905 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID do Processo: 17a4

Hora de Início: 01d0b60c9e5468ea

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe

ID do Relatório: 939f982c-2200-11e5-8268-6cf049f1aa58

Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe

ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (07/08/2015 11:57:50 PM) (Source: Service Control Manager) (User: )
Description: O serviço Windows Update não foi desligado corretamente após receber um controle de pré-desligamento.

Error: (07/06/2015 09:55:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x8024200d: Update for Windows 8.1 for x64-based Systems (KB3000850).

Error: (07/06/2015 01:26:13 AM) (Source: DCOM) (User: KARDIA_KINGDOM)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/06/2015 01:26:13 AM) (Source: DCOM) (User: KARDIA_KINGDOM)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/04/2015 01:00:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x8024200d: Update for Windows 8.1 for x64-based Systems (KB3000850).

Error: (07/02/2015 10:16:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80240055: Update for Windows 8.1 for x64-based Systems (KB3000850).

Error: (07/02/2015 09:08:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x8024200d: Update for Windows 8.1 for x64-based Systems (KB3000850).

Error: (07/02/2015 00:45:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x8024200d: Update for Windows 8.1 for x64-based Systems (KB3000850).

Error: (07/01/2015 11:58:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80240055: Update for Windows 8.1 for x64-based Systems (KB3000850).

Error: (07/01/2015 01:11:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x8024200d: Update for Windows 8.1 for x64-based Systems (KB3000850).


Microsoft Office Sessions:
=========================
Error: (07/08/2015 11:57:57 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007045b, A system shutdown is in progress.


Operation:
   Instantiating VSS server

Error: (07/08/2015 11:57:57 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007045b, A system shutdown is in progress.


Operation:
   Instantiating VSS server

Error: (07/08/2015 11:57:57 PM) (Source: VSS)(User: )
Description: OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)0x8007045b, A system shutdown is in progress.


Operation:
   Initialize For Backup

Error: (07/08/2015 11:55:29 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (07/07/2015 10:40:31 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.209051d9001d0b91e58d9151b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe4ce2b03c-2512-11e5-8268-6cf049f1aa58microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (07/06/2015 09:45:22 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.2090519d401d0b84d78ef823f4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe6eb68993-2441-11e5-8268-6cf049f1aa58microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (07/05/2015 10:56:12 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (07/05/2015 09:19:50 PM) (Source: Application Error)(User: )
Description: Skype.exe7.5.0.102556dd64cSkype.exe7.5.0.102556dd64cc000041d01a1042c214801d0b781072d9435C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exeb6aba919-2374-11e5-8268-6cf049f1aa58

Error: (07/05/2015 09:19:41 PM) (Source: Application Error)(User: )
Description: Skype.exe7.5.0.102556dd64cSkype.exe7.5.0.102556dd64cc0000005000d4d1f214801d0b781072d9435C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exeb136bca2-2374-11e5-8268-6cf049f1aa58

Error: (07/04/2015 00:56:06 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.2090517a401d0b60c9e5468ea4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe939f982c-2200-11e5-8268-6cf049f1aa58microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


=========================== Installed Programs ============================

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Aplicativo Itaú (HKLM-x32\...\{21E81FB2-C9F3-4F6E-B475-C03B8D4F0CA4}) (Version: 1.0.49 - Banco Itaú)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{A4D3E7B8-410D-443A-B6AB-F32CDD4BD28C}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Gyazo 3.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
League of Legends (HKLM-x32\...\{BCCDE721-9F4D-4396-9592-92DD865D965E}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Malwarebytes Anti-Malware versão 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pt-BR)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unepic (HKLM-x32\...\Steam App 233980) (Version:  - Francisco Téllez de Meneses)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.15.721 - Zemana Ltd.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 1983.55 MB
Available physical RAM: 1052.91 MB
Total Virtual: 3263.55 MB
Available Virtual: 1994.23 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:97.56 GB) (Free:72.1 GB) NTFS
3 Drive d: () (Fixed) (Total:390.62 GB) (Free:385.89 GB) NTFS
4 Drive e: () (Fixed) (Total:443.23 GB) (Free:441.2 GB) NTFS

========================= Users: ========================================

Contas de usu rio para \\KARDIA_KINGDOM

Administrator            Carlos                   Guest                    
Comando conclu¡do com ˆxito.


**** End of log ****
 



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 11 July 2015 - 05:47 PM

Anymore issues?



#8 HTKclap

HTKclap
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 11 July 2015 - 06:48 PM

The problem wasn't resolved yet. The popups are showing here...

#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 12 July 2015 - 03:06 PM

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

 

 

7RdkPsQ.png

Now go to the scanner tab and select Full Scan.



Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt


#10 HTKclap

HTKclap
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 13 July 2015 - 12:38 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da verificação: 13/07/2015
Hora da verificação: 00:51
Arquivo de registro: 01malware.txt
Administrador: Sim

Versão: 2.1.8.1057
Banco de dados de malware: v2015.07.12.04
Banco de dados de rootkit: v2015.07.10.01
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado

Sistema operacional: Windows 8.1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Carlos

Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 329721
Tempo decorrido: 16 min, 10 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de registro: 0
(Nenhum item malicioso detectado)

Valores de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 0
(Nenhum item malicioso detectado)

Setores físicos: 0
(Nenhum item malicioso detectado)


(end)

 

========================

 

9-lab Removal Tool 1.0.0.36 BETA
9-lab.com

Database version: 0.0

Windows 8.1 (Version 6.3, Build 0, 64-bit Edition)
Internet Explorer 9.11.9600.17842
Carlos :: KARDIA_KINGDOM

13/07/2015 01:13:24
9lab-log-2015-07-13 (01-13-24).txt

Scan type: Full
Objects scanned: 40928
Time Elapsed: 34 m 36 s
 

========================

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.12.04
  rootkit: v2015.07.10.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17842
Carlos :: KARDIA_KINGDOM [administrator]

13/07/2015 01:56:20
mbar-log-2015-07-13 (01-56-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 330308
Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17842

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 2079907840, free: 779915264

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17842

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 2079907840, free: 768806912

Downloaded database version: v2015.07.12.04
Canceled update
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17842

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 2079907840, free: 791957504

Downloaded database version: v2015.07.12.04
Downloaded database version: v2015.07.10.01
Downloaded database version: v2015.07.01.02
=======================================
Initializing...
------------ Kernel report ------------
     07/13/2015 01:55:06
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\nvstor.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\??\C:\Windows\System32\drivers\zamguard64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\fdc.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\parport.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\flpydisk.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\??\C:\Windows\SysWOW64\speedfan.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\mslldp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.07.12.04
  rootkit: v2015.07.10.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001f7ecc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001f7e65200, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001f7ecc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001f7920e50, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe001f7920060, DeviceName: \Device\00000022\, DriverName: \Driver\nvstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D4B51452

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 204595200

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 204802048  Numsec = 819200000

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1024002048  Numsec = 929517568

Disk Size: 1000203804160 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 15 July 2015 - 08:08 PM

9-Lab tool was not updated prior to scanning. Please update then run a full scan,

 

 

9-lab Removal Tool 1.0.0.36 BETA
9-lab.com

Database version: 0.0



#12 HTKclap

HTKclap
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 22 July 2015 - 09:10 PM

9-lab Removal Tool 1.0.0.36 BETA
9-lab.com

Database version: 110.32823

Windows 8.1 (Version 6.3, Build 0, 64-bit Edition)
Internet Explorer 9.11.9600.17905
Carlos :: KARDIA_KINGDOM

22/07/2015 22:07:18
9lab-log-2015-07-22 (22-07-18).txt

Scan type: Full
Objects scanned: 41607
Time Elapsed: 1 h 1 m

Files detected: 31
[3688374325B992DEF12793500307566D] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\hosts]
[0041584E5F66762B1FA9BE8910D0B92B] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\oas_sert.cer]
[3D5FFD53BE77C32CBB147F32423C0A86] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\tap0901.cer]
[7F0C8F7B6F6D22ECD83013F2F26A71AE] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64TAP1\devcon.exe]
[B6AADA0CBED06889053A05B66F146979] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64TAP1\OemWin2k.inf]
[0365C95D5BE2B3D314DCC019380C0E11] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64TAP1\tap0901.cat]
[3C32FF010F869BC184DF71290477384E] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64TAP1\tap0901.sys]
[E7C6F439498FC271BFA5926AA6430CD9] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64TAP2\Delete.cmd]
[7F0C8F7B6F6D22ECD83013F2F26A71AE] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64TAP2\devcon.exe]
[EEFFD10830AF4D9F80E4E4B1DE1079CE] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64TAP2\Install.cmd]
[8DC91F1BF59F58554DC195C9FFCB59EC] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64TAP2\tapoas.cat]
[61243CB103543EE3163BF16DF69BCB54] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64TAP2\tapoas.inf]
[927D0CDB3F96EFC1E98FB1A2C9FB67AD] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64TAP2\tapoas.sys]
[D25567C3C868A53A018A114C903E9932] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64WDV\FakeClient.exe]
[BE566E174EAF5B93B0474593CD8F2715] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64WDV\WdfCoInstaller01009.dll]
[3F0C03E5076C7E6B404F894FF4DC5BB1] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64WDV\WinDivert.dll]
[A94D989905A248AFCA52BC3CBFCB248B] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64WDV\WinDivert.inf]
[A0D15D8727D0780C51628DF46B7268B3] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\driver\x64WDV\WinDivert.sys]
[D1667E5FB0BB342131869FD8AFEB0609] Trojan.FPL.Gen.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\KMSSS.exe]
[F5FD48475D331CB6EFE2701B2F467A3F] Trojan.FPL.Rotbrow.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\KMSSS.log]
[8413E2833DC8C35D3BFDCFC24D8B660C] Trojan.FPL.Rotbrow.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\TunMirror.exe]
[4AA2E87FBA32884CC6FF97B1798E69EB] Trojan.FPL.Rotbrow.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\bin\TunMirror2.exe]
[26B39EADDEA33EF58292F6EE449F478B] Trojan.FPL.Rotbrow.vb [c:\users\carlos\appdata\roaming\ZHP\Quarantine\KMSAutoS\kmsauto.ini]
[92CFB08C8F9525C9987A20EBC4605AC1] Trojan.FPL.Rotbrow.vb [c:\users\carlos\appdata\roaming\ZHP\Trace.txt]
[5B584E0B51AD07A652283E00BAAB1408] Trojan.FPL.Rotbrow.vb [c:\users\carlos\appdata\roaming\ZHP\ZHPCleaner-[R]-08072015-23_54_00.txt]
[6BC51ECEC53DF721565981BF870129F9] Trojan.FPL.Rotbrow.vb [c:\users\carlos\appdata\roaming\ZHP\ZHPCleaner-[S]-08072015-23_52_43.txt]
[AD77E78E5DB23F240F6FE22385FEA780] Trojan.FPL.Rotbrow.vb [c:\users\carlos\appdata\roaming\ZHP\ZHPCleaner.exe]
[19709DA5AE0A8A8912BC14A701E98870] Trojan.FPL.Rotbrow.vb [c:\users\carlos\appdata\roaming\ZHP\ZHPCleaner.txt]
[7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vb [c:\users\carlos\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[D5B4493EE71559D9B102C40AFA111D84] Trojan.FPL.Rotbrow.vb [c:\users\carlos\appdata\roaming\ZHP\ZHPQ_Files.txt]
[E808A6B7751F6F980F97008D1AEB8036] Adware.Win32.VGen.vb!s5 [G:\DTLite4413-0173.exe]

 



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 25 July 2015 - 03:18 PM

Sorry for the delay, how are things now?



#14 HTKclap

HTKclap
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 26 July 2015 - 09:58 PM

Sometimes the popups appear, and there times that don't appear. I don't know why this is happening :/



#15 BlackHawk1

BlackHawk1

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 26 July 2015 - 11:44 PM

If it was my computer I would temporarily disable system restore, run CCleaner, and reboot. Go into CCleaner under the Tools, Startup section and look for "undesirables" in there and disable them if present. Reset the browser(s) you use. Check your browser(s) for any undesirable addons, search engines, and possible homepage changes. Run Malwarebytes, Superantispyware, Adwcleaner, Junkware Removal Tool, and TDSSkiller. You could also download and use Kaspersky Rescue Disk which I highly recommend. Also install Adblock Plus. After all of this you will want to re enable System Restore. I have not come across an issue that hasn't been resolved by the above advice I have given and I have serviced many. It's not often I have to resort to Combofix. If you continue to have issues after all of this then most likely you have not done the disinfection steps properly or the sites you are visiting are serving up the junk you are seeing, BUT popups on those pages should be suppressed buy Adblock Plus. It's much easier for me to do a remote assistance to fix a situation when a person can't do these things themselves. Good luck and let us know how you make out!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users