Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

flashdisk shortcut virus and a rundll that might be corrupt


  • Please log in to reply
16 replies to this topic

#1 tehbiglebowski

tehbiglebowski

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 23 June 2015 - 06:15 PM

Hello , im having trouble with my flash drive..this is how it is..

 

When i open up my flashdrive instead of seeing my files i see a shortcut...i googled that and tunrs out i my usb caught the shortcut virus...followed online instructions but managed nothing...tried to unhide the hidden files and look up for the autorun.inf , nothing...tried the autorunexterminator to find the autorun.inf...still nothing...had the pc scanned by windows defender , malwarebytes , emisoft emergency kit  and superantispyware...found a couple of bad stuff but i every time i plugged the flash drive in the shortcut was still there....

 

Only time i saw a difference was with emisofts program when i scanned the usb drive...

 

Emsisoft Emergency Kit - Version 10.0
Last update: 23/6/2015 5:49:27 μμ
User account: dios-pc\Διονύσης

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, F:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: On

Scan start:    23/6/2015 11:30:16 μμ
F:\ \vusenmrjicjdbzgdikjypfydxbdsjnaoeagj.pbj     detected: Gen:Variant.Lodbak.1 ( B )

Scanned    60240
Found    1

Scan end:    23/6/2015 11:30:53 μμ
Scan time:    0:00:37

F:\ \vusenmrjicjdbzgdikjypfydxbdsjnaoeagj.pbj    Deleted Gen:Variant.Lodbak.1 ( B ) 

 

The 1st time i deleted this i thought i was done...but i ended up doin so a couple of times before i realised that the virus was not in the flashdrive...i tried 'open file location' and it opened up a rundll32 in my C/windows/system32....from what i am to understand my rundll is a legitimate one and i think that the virus from the the usb has corrupted it...

 

how am i to fix this...please advise (os windows 8 32bit)


Edited by tehbiglebowski, 23 June 2015 - 07:31 PM.


BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:59 AM

Posted 24 June 2015 - 02:20 PM

Hello  :hello: ,

 

Please download MCShield from the following link:

MCShield -Official download link 
 

  • Double click on MCShield-Setup to install the application.
    Next => I Agree => Next => Install ... per installation click on Run! button.
  • Wait a few seconds to MCShield finish initial HDD scan...
  • Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
  • When all scanning is done, you need to post a logreport that MCShield has created.

Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.

=> Post here AllScanst.txt

MCShield Anti-Malware USB Tool is a lightweight scanner designed to prevent infections transmitted via removable drives (usb, external, camera cards). It's real-time protection is only real-time when you plug-in an external.

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.


Edited by severac, 24 June 2015 - 02:32 PM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 tehbiglebowski

tehbiglebowski
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 25 June 2015 - 05:01 AM

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.6.7.1 / Windows 8.1 <<<


25/6/2015 12:37:18 μμ > Drive C: - scan started (OS ~186 GB, NTFS HDD )...



=> The drive is clean.


25/6/2015 12:37:19 μμ > Drive D: - scan started (Data ~263 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.6.7.1 / Windows 8.1 <<<


25/6/2015 12:43:37 μμ > Drive F: - scan started (SONY_16X ~14819 MB, FAT32 flash drive )...


>>> F:\SONY_16X (16GB).lnk - Malware > Deleted. (15.06.25. 12.43 SONY_16X (16GB).lnk.877194; MD5: 5444e92021b3ddce4ee37e75ab607aa9)

> Resetting attributes: F:\  < Successful.


=> Malicious files   : 1/1 deleted.
=> Hidden folders    : 1/1 unhidden.

____________________________________________

::::: Scan duration: 1sec ::::::::::::::::::
____________________________________________




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.6.7.1 / Windows 8.1 <<<


25/6/2015 12:45:43 μμ > Drive F: - scan started (SONY_16X ~14819 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.6.7.1 / Windows 8.1 <<<


25/6/2015 12:48:13 μμ > Drive F: - scan started (SONY_16X ~14819 MB, FAT32 flash drive )...


>>> F:\SONY_16X (16GB).lnk - Malware > Deleted. (15.06.25. 12.48 SONY_16X (16GB).lnk.517193; MD5: dda8ad26cf7ba349b26a936d2af5e5f8)

> Resetting attributes: F:\  < Successful.


=> Malicious files   : 1/1 deleted.
=> Hidden folders    : 1/1 unhidden.

____________________________________________

::::: Scan duration: 1sec ::::::::::::::::::
____________________________________________




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.6.7.1 / Windows 8.1 <<<


25/6/2015 12:51:40 μμ > Drive F: - scan started (SONY_16X ~14819 MB, FAT32 flash drive )...


>>> F:\SONY_16X (16GB).lnk - Malware > Deleted. (15.06.25. 12.51 SONY_16X (16GB).lnk.707256; MD5: 558b6c8313b2d7fd45f240fdb7c2e64a)

> Resetting attributes: F:\  < Successful.


=> Malicious files   : 1/1 deleted.
=> Hidden folders    : 1/1 unhidden.

____________________________________________

::::: Scan duration: 1sec ::::::::::::::::::
____________________________________________


 



#4 tehbiglebowski

tehbiglebowski
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 25 June 2015 - 05:08 AM

did a couple of scans and the result is the same as b4...the virus is found and deleted but the moment i plug it back it the shortcut comes up again...i think that the virus must be hidden somewhere inside the pc....if this helps any i right-clicked on the shortcut and i clicked on 'open file location' that took me over to a rundll32 exe in my C: (complete path to it C:\Windows\System32 )

is it possible that the virus has corrupted this rundll32 so no matter how many times i delete it from the flash drive it can always recreate itself starting over from the rundll32.exe?



#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:59 AM

Posted 25 June 2015 - 05:11 AM

We will see.

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  Report IE Proxy Settings

§  Reset IE Proxy Settings

§  Report FF Proxy Settings

§  Reset FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices

§  List Users, Partitions and Memory size.

§  List Minidump Files

§  List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#6 tehbiglebowski

tehbiglebowski
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 25 June 2015 - 05:24 AM

MiniToolBox by Farbar  Version: 22-06-2015
Ran by Διονύσης (administrator) on 25-06-2015 at 13:15:22
Running from "C:\Users\Διονύσης\Downloads"
Microsoft Windows 8.1 με Bing  (X64)
Model: X553MA Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Qualcomm Atheros AR9485 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface=" 礛* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface=" 礛* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : dios-pc
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home

Wireless LAN adapter 礛* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 12-E2-30-CD-94-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 Wireless Network Adapter
   Physical Address. . . . . . . . . : 40-E2-30-CD-94-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::41c0:f023:44e7:a5ed%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : ᨫ, 24 妬 2015 12:08:51
   Lease Expires . . . . . . . . . . : , 26 妬 2015 12:20:12
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 71361072
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-5C-31-76-08-62-66-16-EF-E1
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : BN14.COM
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 08-62-66-16-EF-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:48d:1f72:3f57:fdfd(Preferred)
   Link-local IPv6 Address . . . . . : fe80::48d:1f72:3f57:fdfd%7(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 402653184
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-5C-31-76-08-62-66-16-EF-E1
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  Broadcom.Home
Address:  192.168.2.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  62.38.2.177
      62.38.2.178
      62.38.2.182
      62.38.2.183
      62.38.2.187
      62.38.2.148
      62.38.2.152
      62.38.2.153
      62.38.2.157
      62.38.2.158
      62.38.2.162
      62.38.2.163
      62.38.2.167
      62.38.2.168
      62.38.2.172
      62.38.2.173


Pinging google.com [62.38.2.177] with 32 bytes of data:
Reply from 62.38.2.177: bytes=32 time=25ms TTL=60
Reply from 62.38.2.177: bytes=32 time=26ms TTL=60

Ping statistics for 62.38.2.177:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 25ms, Maximum = 26ms, Average = 25ms
Server:  Broadcom.Home
Address:  192.168.2.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=207ms TTL=43
Reply from 98.138.253.109: bytes=32 time=201ms TTL=43

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 201ms, Maximum = 207ms, Average = 204ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...12 e2 30 cd 94 0b ......Microsoft Wi-Fi Direct Virtual Adapter
  4...40 e2 30 cd 94 0b ......Qualcomm Atheros AR9485 Wireless Network Adapter
  3...08 62 66 16 ef e1 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.2    281
      192.168.2.2  255.255.255.255         On-link       192.168.2.2    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.2    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  7    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  7    306 2001::/32                On-link
  7    306 2001:0:5ef5:79fd:48d:1f72:3f57:fdfd/128
                                    On-link
  4    281 fe80::/64                On-link
  7    306 fe80::/64                On-link
  7    306 fe80::48d:1f72:3f57:fdfd/128
                                    On-link
  4    281 fe80::41c0:f023:44e7:a5ed/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
  7    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/24/2015 04:13:56 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/23/2015 05:13:48 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/22/2015 04:13:55 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/22/2015 10:01:55 AM) (Source: Adobe Reader) (User: )
Description:

Error: (06/22/2015 09:52:20 AM) (Source: Adobe Reader) (User: )
Description:

Error: (06/22/2015 09:45:39 AM) (Source: Adobe Reader) (User: )
Description:

Error: (06/21/2015 04:20:43 PM) (Source: Application Error) (User: )
Description: Όνομα ελαττωματικής εφαρμογής: plugin-container.exe, έκδοση 38.0.5.5623, χρονική σήμανση: 0x5563c49a
Όνομα ελαττωματικής λειτουργικής μονάδας: mozalloc.dll, έκδοση: 38.0.5.5623, χρονική σήμανση: 0x5563b229
Κωδικός εξαίρεσης: 0x80000003
Μετατόπιση σφάλματος: 0x00001aa1
Αναγνωριστικό ελαττωματικής διεργασίας: 0x1554
Χρόνος έναρξης ελαττωματικής εφαρμογής: 0xplugin-container.exe0
Διαδρομή ελαττωματικής εφαρμογής: plugin-container.exe1
Διαδρομή ελαττωματικής λειτουργικής μονάδας:plugin-container.exe2
Αναγνωριστικό αναφοράς: plugin-container.exe3
Πλήρες όνομα ελαττωματικού πακέτου: plugin-container.exe4
Αναγνωριστικό εφαρμογής που σχετίζεται με το ελαττωματικό πακέτο: plugin-container.exe5

Error: (06/21/2015 04:13:54 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/20/2015 04:13:55 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/19/2015 07:53:09 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161


System errors:
=============
Error: (06/25/2015 00:20:29 PM) (Source: DCOM) (User: dios-pc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/25/2015 03:08:32 AM) (Source: DCOM) (User: dios-pc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/24/2015 04:33:58 PM) (Source: DCOM) (User: dios-pc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/24/2015 04:33:28 PM) (Source: DCOM) (User: dios-pc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/24/2015 04:22:36 PM) (Source: Service Control Manager) (User: )
Description: Η λειτουργία της υπηρεσίας Υπηρεσία του Windows Defender τερματίστηκε αναπάντεχα. Αυτό συνέβη 9 φορά(ές).

Error: (06/24/2015 00:50:29 PM) (Source: Service Control Manager) (User: )
Description: Η λειτουργία της υπηρεσίας Υπηρεσία του Windows Defender τερματίστηκε αναπάντεχα. Αυτό συνέβη 8 φορά(ές).

Error: (06/24/2015 00:50:25 PM) (Source: Service Control Manager) (User: )
Description: Η λειτουργία της υπηρεσίας Υπηρεσία του Windows Defender τερματίστηκε αναπάντεχα. Αυτό συνέβη 7 φορά(ές).

Error: (06/24/2015 00:45:51 PM) (Source: Service Control Manager) (User: )
Description: Η λειτουργία της υπηρεσίας Υπηρεσία του Windows Defender τερματίστηκε αναπάντεχα. Αυτό συνέβη 6 φορά(ές).

Error: (06/24/2015 00:45:46 PM) (Source: Service Control Manager) (User: )
Description: Η λειτουργία της υπηρεσίας Υπηρεσία του Windows Defender τερματίστηκε αναπάντεχα. Αυτό συνέβη 5 φορά(ές).

Error: (06/24/2015 00:11:43 PM) (Source: Service Control Manager) (User: )
Description: Η λειτουργία της υπηρεσίας Υπηρεσία του Windows Defender τερματίστηκε αναπάντεχα. Αυτό συνέβη 4 φορά(ές).


Microsoft Office Sessions:
=========================
Error: (06/24/2015 04:13:56 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/23/2015 05:13:48 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/22/2015 04:13:55 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/22/2015 10:01:55 AM) (Source: Adobe Reader)(User: )
Description:

Error: (06/22/2015 09:52:20 AM) (Source: Adobe Reader)(User: )
Description:

Error: (06/22/2015 09:45:39 AM) (Source: Adobe Reader)(User: )
Description:

Error: (06/21/2015 04:20:43 PM) (Source: Application Error)(User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa1155401d0ac21693c79bbC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll50e68885-1818-11e5-8271-08626616efe1

Error: (06/21/2015 04:13:54 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/20/2015 04:13:55 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/19/2015 07:53:09 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161


CodeIntegrity Errors:
===================================
  Date: 2015-06-22 12:19:13.628
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-22 12:19:11.784
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-22 12:19:09.878
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-22 12:19:07.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-22 12:19:05.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-22 12:19:03.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-22 12:19:01.649
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-22 10:17:28.525
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-22 10:17:26.072
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-22 10:17:22.728
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.39745 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Command & Conquer Gold Edition Stand Alone v1.06c revision 3 (HKLM-x32\...\{931CFA8E-3CE1-4A96-97D7-32B21A7A8DAA}_is1) (Version:  - Westwood Studios)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office 365 - el-gr (HKLM\...\O365HomePremRetail - el-gr) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{db012557-340e-4a46-adae-81a6b0f6a1e9}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{e6edaf4d-f9a1-4023-be00-d6189343feb9}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 el) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 el)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0408-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version:  - "Pokemon Showdown")
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7283 - Realtek Semiconductor Corp.)
Red Alert 3.03p-Iran (HKLM-x32\...\{9BCC0F2C-63C1-4569-BEE6-E3A3A377C0F8}_is1) (Version: 3.03p-Iran - FunkyFr3sh)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.14 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinDS PRO 2015.05.06 (HKLM\...\{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1) (Version: 2015.05.06 - WinDS PRO Central)
WinDS PRO Apps 2015.05.06 (HKLM\...\{92C4C953-5CE1-4DC3-97D5-BBD1A63EF706}_is1) (Version: 2015.05.06 - WinDS PRO Central)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 3982.62 MB
Available physical RAM: 2646.22 MB
Total Pagefile: 4686.62 MB
Available Pagefile: 3263.68 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.93 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:149.5 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:263.35 GB) (Free:255.03 GB) NTFS
4 Drive f: (SONY_16X) (Removable) (Total:14.47 GB) (Free:14.47 GB) FAT32

========================= Users: ========================================

¦¨ ©£¦ε User   \\DIOS-PC

Administrator            Guest                    ƒ ¦¤η©                
† ¤«¦Άγ ¦Ά¦΅Ά¨ι΅ £ § «¬®ε.

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================


**** End of log ****
 



#7 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:59 AM

Posted 25 June 2015 - 05:36 AM

ESET Online Scanner

§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.

§  Disable all your antivirus and antimalware software - see how to do that here.

§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.

§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.

§  Select Enable detection of potentially unwanted applications.

§  Click Advanced Settings, then place a checkmark in the following:

o    Remove found threats

o    Scan archives

o    Scan for potentially unsafe applications

o    Enable Anti-Stealth technology

§  Click Start to begin scanning.

§  ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.

§  When the scan is done, click List threats (only available if ESET Online Scanner found something).

§  Click Export, then save the file to your desktop, post log here.

§  Click Back, then Finish to exit ESET Online Scanner.

 

------

 

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  Click on Scan button.

§  When the scan has finished click on Clean button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[S1].txt as well.

 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#8 tehbiglebowski

tehbiglebowski
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 25 June 2015 - 07:32 AM

ESET report

C:\Users\Διονύσης\Documents\spsetup128.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Διονύσης\Downloads\Unlocker1.9.2.exe    a variant of Win32/Toolbar.Babylon.E potentially unwanted application    deleted - quarantined
Operating memory    a variant of Win32/Bundpil.CS worm   
 

 

ADWCleaner

# AdwCleaner v4.207 - Logfile created 25/06/2015 at 15:20:09
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 8.1 Connected  (x64)
# Username : Διονύσης - DIOS-PC
# Running from : C:\Users\Διονύσης\Downloads\adwcleaner_4.207.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\prefs.js
File Found : C:\Users\Διονύσης\AppData\Roaming\ICARE.LOG
File Found : C:\Windows\Reimage.ini
Folder Found : C:\Program Files (x86)\DiigiCOupon
Folder Found : C:\Program Files (x86)\GroeeaatSavee4U
Folder Found : C:\Program Files (x86)\PricEMeinus
Folder Found : C:\Program Files (x86)\SalEPloUs
Folder Found : C:\Program Files (x86)\SaolePlusu
Folder Found : C:\ProgramData\{e3975e71-3acd-08b6-e397-75e713ac79c4}
Folder Found : C:\ProgramData\2fa8e60a000040d3
Folder Found : C:\ProgramData\8748990675208796195
Folder Found : C:\ProgramData\a45bdbe400007a54
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\Διονύσης\AppData\Local\Babylon
Folder Found : C:\Users\Διονύσης\AppData\Roaming\Babylon

***** [ Scheduled tasks ] *****

Task Found : update-sys
Task Found : update-S-1-5-21-2437631083-193744784-987872454-1001
Task Found : update-sys
Task Found : update-S-1-5-21-2437631083-193744784-987872454-1001
Task Found : update-sys

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Found : HKLM\SOFTWARE\41cb567b-4014-e881-b138-0687d820aab9
Key Found : HKLM\SOFTWARE\AIM Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{10F67E56-58A9-4A52-A48A-A28A75FF9FBB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A63C49A5-6CC1-4579-A883-AE6B3E91108D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Found : HKLM\SOFTWARE\SpeedBit
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : [x64] HKLM\SOFTWARE\Reimage

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.5 (x86 el)

[p4kesy8d.default-1433602033512] - Line Found : user_pref("extensions.eJk5AX3N2NbdDH2B.scode", "(function(){try{if(window.location.href.indexOf(\"rjk5qdrEqdw7qTnFqjg7qdwErdw\")>-1){return;}}catch(e){}try{var d=[[\"search.asistents.com\",\"cryptogma[...]

-\\ Google Chrome v43.0.2357.130

[C:\Users\Διονύσης\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Διονύσης\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : ","homepage_changed":true,"homepage_is_newtabpage":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"0E8409C9D43CCCDBF3D8050E54C964D69D922A9BA714092E41F2A733CA12787C"},"default_search_provider":{"keyword":"3445EAE184BB49DC520710E459F706F8050CBE5049E6AFB1458751AA47301542","name":"45B13F0A5DEEB5965F711E67FC6763E2992EDA46DC7B43F2AAAA37AD73077D96","search_url":"9C65E7DAAF82C073FC94813012967CC638679929138C2B0CA7EF6C75E61707C5"},"default_search_provider_data":{"template_url_data":"68DA0782EEE5A461FEC122B5754640CF2D5B4D481194D1A8D89A36EB5527F8DD"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"BDBC8EB5937A01CD2C2D9CDBAADFFB65F0B8B60ED0C85199F88CF53E4B597897","apdfllckaahabafndbhieahigkjlhalf":"B89C05592D8BCA1E3909CDA8ABB5EF8FD37EA82980BDB57896FEC6884B68728D","bepbmhgboaologfdajaanbcjmnhjmhfn":"FE73D70383FA2B2DC016D281CC60F8F30920A299C6E767F3EF7A69853B2BBC91","blpcfgokakmgnkcojhhkbfbldkacnbeo":"E3A71FA30563C7C51D6E0DDBAEAC53550C19912FF2F7E5627DFF874E5F50A2E4","bpimjanmknifnoiajikmhmhmlihdccbd":"4EEF6D349E5C73D0ED14D4AAB94C8E2ACFB2A491C081B8E97B91319A5EFEB5D9","coobgpohoikkiipiblmjeljniedjpjpf":"7620F78AF38009D0461EE4C1F7FA39D0C05EA28CFA11BDEC3049955A82CB64EE","dlggapfljcnbmajohkhhapaoajopbncm":"26A25EDE44DA951922280ED65D8626772C2CFD2882C5AEDD338464DD4DBEE0B4","eemcgdkfndhakfknompkggombfjjjeno":"676B1A01974AA6B2C8224596C19C8C23A1022F928D9AEEFF4A123F27B45811A9","ehloibeiaffhibffchiobihgcainmcep":"12A3D2A5EB20274BDDAA536DCCF7B6A17852970DAA959CF5F0076BC6A52FD142","ennkphjdgehloodpbhlhldgbnhmacadg":"61D46D8132F1D1DFB4BF91112270296B4DB47B105AD14E3D4E961D7BB32E11B5","geklbcigmpeljogplgbgnakkbajkkmbb":"033CB37F9F9DF11E2C5F27626CE69E4DB3B28B690996B469C831C4EDDFFE210F","gfdkimpbcpahaombhbimeihdjnejgicl":"A775C9AF7D62A13AAA1DC38B48F2C770AD4EED3A6911B2DCF314A2005D18F636","ggnjbdfgigejghknieofeahaknkjafim":"E9C31B4CA846F27E2EF64AE3690FEF4622CA043AEF22EA82BEB58CCEB2C14A64","ginepjojjbmfbfiibfdebddmbkjmgfle":"E9F3FCDAB9130B205A55FF24036786E7C272961E0D51AB361C5D4E6D50F53099","hfagnfagnhedmheikppbkclglbeigeie":"715F18579CBC38CF72817973E1B9EA76114A6E996C11A8FEC6077678C5BEE4E7","ibgbdgngjflpkahkoabmiijlaggkinaj":"ABC70FBA5761C8FE2ADAEC5AE19BAA12C44B8D1D091A1704A43906C5D8E82C50","imcbnnnoghiihopefblgehihofbfbmei":"EAA613EC1A6C94F09DAA8A03D8CA63FC80A898A19E24DA8916674AD692EBB1BD","kmendfapggjehodndflmmgagdbamhnfd":"09B96F78C2D8C463D3DE1AB4FCA051BF598820F88B5088F521709A913B5EA498","lccekmodgklaepjeofjdjpbminllajkg":"DA60A2EEB67D679E1861216BE0BA3933A7884ABCAA1A79A19FEFE05A56A00C02","lojpenhmoajbiciapkjkiekmobleogjc":"96CA23F19FA3E88ECCA8EF10EE4FA577357EF71123F1A021FC875EE7E14D30B8","mfehgcgbbipciphmccgaenjidiccnmng":"D836EFBFF11489DC957E7F533FB29C9D96DD64FF00E86A1986BDAA25F35C9EBE","mfffpogegjflfpflabcdkioaeobkgjik":"8817CD564F7766DD19611C7426684911C0B6A1ACE7A239FD3A308C4C19B9F98E","mgndgikekgjfcpckkfioiadnlibdjbkf":"CFBA37055F5A3247E66669575A073FA281A80C757DC04134C988043076EE64E5","mhjfbmdgcfjbbpaeojofohoefgiehjai":"7456DACAAA876981B91D485FD357F6423DE25ACF48087755D52DB04E1F2CA12A","mmebmmnpohfhoknnlpohjaembcipocaa":"1D71DF55646A0D4AFB483F9B92FCB8A106179E5B597CA7B1FB14425BE6EDA54E","nbpagnldghgfoolbancepceaanlmhfmd":"C8B39147C4580EDA2C35E7E08B9FC930D0DD739F37C7D7631ED244745BE3A696","neajdppkdcdipfabeoofebfddakdcjhd":"D695845C5A6CDD73329AC93D633F1511E8C8B348FAE84567626A148C66F6ABCE","nkeimhogjdpnpccoofpliimaahmaaome":"E635A9BBF2FEB8446CF87FA05661245A93D30C1D1496808C20814C5DAAB596AB","nmmhkkegccagdldgiimedpiccmgmieda":"5C1EAAE011142700D343053961B9581A85DEAB854D37668BD37B0946F18ABD6E","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"D7C71E806231DEAE31F4AC758FF35F675332B19CB7F8B134A6D6983DD90F57B3","pjkljhegncpnkpknbcohdijeoejaedia":"B1053074F8696F0DE19284B59775B568164EB6FE367CAE3A50266F9E43EB1A04"}},"google":{"services":{"last_username":"02BC4384EE4981EF8DF00E814BFEA35FAA5FB3754C6C677C0A7ADA2A9A914EE3","username":"7AD991EE2C56B6A61B8838CBEBEADF34755E2ABE280232440DA009FC49882136"}},"homepage":"639EC3A6AF0DF30F04B2878B4A2AD33A6C1FD55A486DB278B4110A5E548ED243","homepage_is_newtabpage":"1AFE16460F03CE152CB25E1950276FF337335B77088B80CFC0DFD92D722C09D5","pinned_tabs":"434132484FE1FD4D94263BB38F56503F2D8A3AFC2713BEB19F441A8700B9DFC3","prefs":{"preference_reset_time":"BD7A73954B9DA73010F6E867211ABEB3A2F8E9163E75D72A85CB1EC8592C5DB4"},"profile":{"reset_prompt_memento":"99227BAFBC0AEDD4F6468F80FA3016D720C588E91FFF18CE29B439344C5FAA9A"},"safebrowsing":{"incidents_sent":"C98F2583A641EF20D4E70676D47FBB172BC174721F36309EE60EFDEEF72831B4"},"search_provider_overrides":"1588F15213E1B5845FBC87C6AC05DC4D006539DBF7802F53123B10FEDAE98DA5","session":{"restore_on_startup":"58CE539447AACA1E36B1F9C7362AA11F3934707E2E1EFD98902A6CAFEEB50516","startup_urls":"DA12BA3C98C560F00F5C8661D84793DB8202987E17C1FB192593C2D48E16A7E7"},"software_reporter":{"prompt_reason":"CDC3249D87566D20D70E61523288CFB7E8E6C61FCBB4E4DC1E5B37926A38A4C3","prompt_seed":"1B945B4087090442E9F3B40DEF06D6A66CB9607FFC8B7B2A04A54F98987795AD","prompt_version":"03F0F8219861937F04E11F168FF8B90B243B812C055B018DE6F6B3B65622FA04"},"sync":{"remaining_rollback_tries":"634C6631486C46962B37A79417C9BF420FCC3CD3BF1C8B808685799555635EE5"}},"super_mac":"BA526305DA4252697E2E80C0C3E885968973887C55E027EB0A2AC73A30EBBE60"},"safebrowsing":{"incidents_sent":{"2":{"chrome.dll":"3774509266","chrome_child.dll":"3743713718"},"6":{"script_request_incident":"42"}}},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.istartsurf.com/?type=hppp&ts=1432319891&z=4790efe29ff94e282ed2e96gfz1c7o4ceg7t1b5t7e&from=smt&uid=ST500LT012-1DG142_W3PD8QKMXXXXW3PD8QKM
[C:\Users\Διονύσης\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : DA12BA3C98C560F00F5C8661D84793DB8202987E17C1FB192593C2D48E16A7E7"},"software_reporter":{"prompt_reason":"CDC3249D87566D20D70E61523288CFB7E8E6C61FCBB4E4DC1E5B37926A38A4C3","prompt_seed":"1B945B4087090442E9F3B40DEF06D6A66CB9607FFC8B7B2A04A54F98987795AD","prompt_version":"03F0F8219861937F04E11F168FF8B90B243B812C055B018DE6F6B3B65622FA04"},"sync":{"remaining_rollback_tries":"634C6631486C46962B37A79417C9BF420FCC3CD3BF1C8B808685799555635EE5"}},"super_mac":"BA526305DA4252697E2E80C0C3E885968973887C55E027EB0A2AC73A30EBBE60"},"safebrowsing":{"incidents_sent":{"2":{"chrome.dll":"3774509266","chrome_child.dll":"3743713718"},"6":{"script_request_incident":"42"}}},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.istartsurf.com/?type=hppp&ts=1432319891&z=4790efe29ff94e282ed2e96gfz1c7o4ceg7t1b5t7e&from=smt&uid=ST500LT012-1DG142_W3PD8QKMXXXXW3PD8QKM

*************************

AdwCleaner[R0].txt - [10006 bytes] - [25/06/2015 15:20:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10066 bytes] ##########
 



#9 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:59 AM

Posted 25 June 2015 - 07:44 AM

Run again AdwCleaner, but this time after Scan, click Clean. Post me log then.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#10 tehbiglebowski

tehbiglebowski
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 25 June 2015 - 07:52 AM

# AdwCleaner v4.207 - Logfile created 25/06/2015 at 15:47:00
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 8.1 Connected  (x64)
# Username : Διονύσης - DIOS-PC
# Running from : C:\Users\Διονύσης\Downloads\adwcleaner_4.207.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\prefs.js
File Found : C:\Users\Διονύσης\AppData\Roaming\ICARE.LOG
File Found : C:\Windows\Reimage.ini
Folder Found : C:\Program Files (x86)\DiigiCOupon
Folder Found : C:\Program Files (x86)\GroeeaatSavee4U
Folder Found : C:\Program Files (x86)\PricEMeinus
Folder Found : C:\Program Files (x86)\SalEPloUs
Folder Found : C:\Program Files (x86)\SaolePlusu
Folder Found : C:\ProgramData\{e3975e71-3acd-08b6-e397-75e713ac79c4}
Folder Found : C:\ProgramData\2fa8e60a000040d3
Folder Found : C:\ProgramData\8748990675208796195
Folder Found : C:\ProgramData\a45bdbe400007a54
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\Διονύσης\AppData\Local\Babylon
Folder Found : C:\Users\Διονύσης\AppData\Roaming\Babylon

***** [ Scheduled tasks ] *****

Task Found : update-sys
Task Found : update-S-1-5-21-2437631083-193744784-987872454-1001
Task Found : update-sys
Task Found : update-S-1-5-21-2437631083-193744784-987872454-1001
Task Found : update-sys

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Found : HKLM\SOFTWARE\41cb567b-4014-e881-b138-0687d820aab9
Key Found : HKLM\SOFTWARE\AIM Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{10F67E56-58A9-4A52-A48A-A28A75FF9FBB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A63C49A5-6CC1-4579-A883-AE6B3E91108D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Found : HKLM\SOFTWARE\SpeedBit
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : [x64] HKLM\SOFTWARE\Reimage

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.5 (x86 el)

[p4kesy8d.default-1433602033512] - Line Found : user_pref("extensions.eJk5AX3N2NbdDH2B.scode", "(function(){try{if(window.location.href.indexOf(\"rjk5qdrEqdw7qTnFqjg7qdwErdw\")>-1){return;}}catch(e){}try{var d=[[\"search.asistents.com\",\"cryptogma[...]

-\\ Google Chrome v43.0.2357.130

[C:\Users\Διονύσης\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Διονύσης\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : ","homepage_changed":true,"homepage_is_newtabpage":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"0E8409C9D43CCCDBF3D8050E54C964D69D922A9BA714092E41F2A733CA12787C"},"default_search_provider":{"keyword":"3445EAE184BB49DC520710E459F706F8050CBE5049E6AFB1458751AA47301542","name":"45B13F0A5DEEB5965F711E67FC6763E2992EDA46DC7B43F2AAAA37AD73077D96","search_url":"9C65E7DAAF82C073FC94813012967CC638679929138C2B0CA7EF6C75E61707C5"},"default_search_provider_data":{"template_url_data":"68DA0782EEE5A461FEC122B5754640CF2D5B4D481194D1A8D89A36EB5527F8DD"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"BDBC8EB5937A01CD2C2D9CDBAADFFB65F0B8B60ED0C85199F88CF53E4B597897","apdfllckaahabafndbhieahigkjlhalf":"B89C05592D8BCA1E3909CDA8ABB5EF8FD37EA82980BDB57896FEC6884B68728D","bepbmhgboaologfdajaanbcjmnhjmhfn":"FE73D70383FA2B2DC016D281CC60F8F30920A299C6E767F3EF7A69853B2BBC91","blpcfgokakmgnkcojhhkbfbldkacnbeo":"E3A71FA30563C7C51D6E0DDBAEAC53550C19912FF2F7E5627DFF874E5F50A2E4","bpimjanmknifnoiajikmhmhmlihdccbd":"4EEF6D349E5C73D0ED14D4AAB94C8E2ACFB2A491C081B8E97B91319A5EFEB5D9","coobgpohoikkiipiblmjeljniedjpjpf":"7620F78AF38009D0461EE4C1F7FA39D0C05EA28CFA11BDEC3049955A82CB64EE","dlggapfljcnbmajohkhhapaoajopbncm":"26A25EDE44DA951922280ED65D8626772C2CFD2882C5AEDD338464DD4DBEE0B4","eemcgdkfndhakfknompkggombfjjjeno":"676B1A01974AA6B2C8224596C19C8C23A1022F928D9AEEFF4A123F27B45811A9","ehloibeiaffhibffchiobihgcainmcep":"12A3D2A5EB20274BDDAA536DCCF7B6A17852970DAA959CF5F0076BC6A52FD142","ennkphjdgehloodpbhlhldgbnhmacadg":"61D46D8132F1D1DFB4BF91112270296B4DB47B105AD14E3D4E961D7BB32E11B5","geklbcigmpeljogplgbgnakkbajkkmbb":"033CB37F9F9DF11E2C5F27626CE69E4DB3B28B690996B469C831C4EDDFFE210F","gfdkimpbcpahaombhbimeihdjnejgicl":"A775C9AF7D62A13AAA1DC38B48F2C770AD4EED3A6911B2DCF314A2005D18F636","ggnjbdfgigejghknieofeahaknkjafim":"E9C31B4CA846F27E2EF64AE3690FEF4622CA043AEF22EA82BEB58CCEB2C14A64","ginepjojjbmfbfiibfdebddmbkjmgfle":"E9F3FCDAB9130B205A55FF24036786E7C272961E0D51AB361C5D4E6D50F53099","hfagnfagnhedmheikppbkclglbeigeie":"715F18579CBC38CF72817973E1B9EA76114A6E996C11A8FEC6077678C5BEE4E7","ibgbdgngjflpkahkoabmiijlaggkinaj":"ABC70FBA5761C8FE2ADAEC5AE19BAA12C44B8D1D091A1704A43906C5D8E82C50","imcbnnnoghiihopefblgehihofbfbmei":"EAA613EC1A6C94F09DAA8A03D8CA63FC80A898A19E24DA8916674AD692EBB1BD","kmendfapggjehodndflmmgagdbamhnfd":"09B96F78C2D8C463D3DE1AB4FCA051BF598820F88B5088F521709A913B5EA498","lccekmodgklaepjeofjdjpbminllajkg":"DA60A2EEB67D679E1861216BE0BA3933A7884ABCAA1A79A19FEFE05A56A00C02","lojpenhmoajbiciapkjkiekmobleogjc":"96CA23F19FA3E88ECCA8EF10EE4FA577357EF71123F1A021FC875EE7E14D30B8","mfehgcgbbipciphmccgaenjidiccnmng":"D836EFBFF11489DC957E7F533FB29C9D96DD64FF00E86A1986BDAA25F35C9EBE","mfffpogegjflfpflabcdkioaeobkgjik":"8817CD564F7766DD19611C7426684911C0B6A1ACE7A239FD3A308C4C19B9F98E","mgndgikekgjfcpckkfioiadnlibdjbkf":"CFBA37055F5A3247E66669575A073FA281A80C757DC04134C988043076EE64E5","mhjfbmdgcfjbbpaeojofohoefgiehjai":"7456DACAAA876981B91D485FD357F6423DE25ACF48087755D52DB04E1F2CA12A","mmebmmnpohfhoknnlpohjaembcipocaa":"1D71DF55646A0D4AFB483F9B92FCB8A106179E5B597CA7B1FB14425BE6EDA54E","nbpagnldghgfoolbancepceaanlmhfmd":"C8B39147C4580EDA2C35E7E08B9FC930D0DD739F37C7D7631ED244745BE3A696","neajdppkdcdipfabeoofebfddakdcjhd":"D695845C5A6CDD73329AC93D633F1511E8C8B348FAE84567626A148C66F6ABCE","nkeimhogjdpnpccoofpliimaahmaaome":"E635A9BBF2FEB8446CF87FA05661245A93D30C1D1496808C20814C5DAAB596AB","nmmhkkegccagdldgiimedpiccmgmieda":"5C1EAAE011142700D343053961B9581A85DEAB854D37668BD37B0946F18ABD6E","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"D7C71E806231DEAE31F4AC758FF35F675332B19CB7F8B134A6D6983DD90F57B3","pjkljhegncpnkpknbcohdijeoejaedia":"B1053074F8696F0DE19284B59775B568164EB6FE367CAE3A50266F9E43EB1A04"}},"google":{"services":{"last_username":"02BC4384EE4981EF8DF00E814BFEA35FAA5FB3754C6C677C0A7ADA2A9A914EE3","username":"7AD991EE2C56B6A61B8838CBEBEADF34755E2ABE280232440DA009FC49882136"}},"homepage":"639EC3A6AF0DF30F04B2878B4A2AD33A6C1FD55A486DB278B4110A5E548ED243","homepage_is_newtabpage":"1AFE16460F03CE152CB25E1950276FF337335B77088B80CFC0DFD92D722C09D5","pinned_tabs":"434132484FE1FD4D94263BB38F56503F2D8A3AFC2713BEB19F441A8700B9DFC3","prefs":{"preference_reset_time":"BD7A73954B9DA73010F6E867211ABEB3A2F8E9163E75D72A85CB1EC8592C5DB4"},"profile":{"reset_prompt_memento":"99227BAFBC0AEDD4F6468F80FA3016D720C588E91FFF18CE29B439344C5FAA9A"},"safebrowsing":{"incidents_sent":"C98F2583A641EF20D4E70676D47FBB172BC174721F36309EE60EFDEEF72831B4"},"search_provider_overrides":"1588F15213E1B5845FBC87C6AC05DC4D006539DBF7802F53123B10FEDAE98DA5","session":{"restore_on_startup":"58CE539447AACA1E36B1F9C7362AA11F3934707E2E1EFD98902A6CAFEEB50516","startup_urls":"DA12BA3C98C560F00F5C8661D84793DB8202987E17C1FB192593C2D48E16A7E7"},"software_reporter":{"prompt_reason":"CDC3249D87566D20D70E61523288CFB7E8E6C61FCBB4E4DC1E5B37926A38A4C3","prompt_seed":"1B945B4087090442E9F3B40DEF06D6A66CB9607FFC8B7B2A04A54F98987795AD","prompt_version":"03F0F8219861937F04E11F168FF8B90B243B812C055B018DE6F6B3B65622FA04"},"sync":{"remaining_rollback_tries":"634C6631486C46962B37A79417C9BF420FCC3CD3BF1C8B808685799555635EE5"}},"super_mac":"BA526305DA4252697E2E80C0C3E885968973887C55E027EB0A2AC73A30EBBE60"},"safebrowsing":{"incidents_sent":{"2":{"chrome.dll":"3774509266","chrome_child.dll":"3743713718"},"6":{"script_request_incident":"42"}}},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.istartsurf.com/?type=hppp&ts=1432319891&z=4790efe29ff94e282ed2e96gfz1c7o4ceg7t1b5t7e&from=smt&uid=ST500LT012-1DG142_W3PD8QKMXXXXW3PD8QKM
[C:\Users\Διονύσης\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : DA12BA3C98C560F00F5C8661D84793DB8202987E17C1FB192593C2D48E16A7E7"},"software_reporter":{"prompt_reason":"CDC3249D87566D20D70E61523288CFB7E8E6C61FCBB4E4DC1E5B37926A38A4C3","prompt_seed":"1B945B4087090442E9F3B40DEF06D6A66CB9607FFC8B7B2A04A54F98987795AD","prompt_version":"03F0F8219861937F04E11F168FF8B90B243B812C055B018DE6F6B3B65622FA04"},"sync":{"remaining_rollback_tries":"634C6631486C46962B37A79417C9BF420FCC3CD3BF1C8B808685799555635EE5"}},"super_mac":"BA526305DA4252697E2E80C0C3E885968973887C55E027EB0A2AC73A30EBBE60"},"safebrowsing":{"incidents_sent":{"2":{"chrome.dll":"3774509266","chrome_child.dll":"3743713718"},"6":{"script_request_incident":"42"}}},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.istartsurf.com/?type=hppp&ts=1432319891&z=4790efe29ff94e282ed2e96gfz1c7o4ceg7t1b5t7e&from=smt&uid=ST500LT012-1DG142_W3PD8QKMXXXXW3PD8QKM

*************************

AdwCleaner[R0].txt - [10174 bytes] - [25/06/2015 15:20:09]
AdwCleaner[R1].txt - [10066 bytes] - [25/06/2015 15:47:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [10126 bytes] ##########
 



#11 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:59 AM

Posted 25 June 2015 - 07:56 AM

After you do a Scan, you have to click on Clean. Try again. But this time, after Scan is done, press Clean to remove threats (second button).

 

scan-results.jpg


Edited by severac, 25 June 2015 - 07:57 AM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#12 tehbiglebowski

tehbiglebowski
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 25 June 2015 - 08:22 AM

run scan..got the results...clicked on cleaning but still the same...uninstalelled it reinstalled it but its doin the same...not sure whats wrong


all of the results ive posted from the adwcleaner are after i clicked the cleaning button...



#13 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:59 AM

Posted 25 June 2015 - 08:29 AM

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.

 

§  Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

 

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

 

------

 

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#14 tehbiglebowski

tehbiglebowski
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 25 June 2015 - 03:03 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 25/6/2015
Scan Time: 6:52:20 μμ
Logfile: MBAM report.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.25.04
Rootkit Database: v2015.06.22.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: I?I?I?I½II?I·I?

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 646540
Time Elapsed: 3 hr, 51 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.AppDataFR.A, C:\Users\I?I?I?I½II?I·I?\AppData\Roaming\appdataFr25.bin, Quarantined, [ca1e76487c0e5fd74c783abaa45f07f9],

Physical Sectors: 0
(No malicious items detected)


(end)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.1.4 (06.25.2015:1)
OS: Windows 8.1 Connected x64
Ran by ƒ ¦¤η© on £ 25/06/2015 at 22:51:24,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Failed to delete: [Task] C:\Windows\system32\tasks\update-sys
Successfully deleted: [Task] C:\Windows\system32\tasks\update-S-1-5-21-2437631083-193744784-987872454-1001
Successfully deleted: [Task] C:\Windows\tasks\update-S-1-5-21-2437631083-193744784-987872454-1001.job
Successfully deleted: [Task] C:\Windows\tasks\update-sys.job



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP



~~~ Files

Successfully deleted: [File] C:\Users\ƒ ¦¤η©\AppData\Roaming\sp_data.sys
Successfully deleted: [File] C:\Program Files\AC468AWK.exe
Successfully deleted: [File] C:\Program Files\E2GUIWUM.exe
Successfully deleted: [File] C:\Program Files\ESGUIWUW.exe
Successfully deleted: [File] C:\Program Files\UIWKYMA2.exe



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\babylon
Successfully deleted: [Folder] C:\Users\ƒ ¦¤η©\appdata\local\babylon
Successfully deleted: [Folder] C:\Users\ƒ ¦¤η©\AppData\Roaming\babylon
Successfully deleted: [Folder] C:\ProgramData\2fa8e60a000040d3
Successfully deleted: [Folder] C:\ProgramData\8748990675208796195
Successfully deleted: [Folder] C:\ProgramData\a45bdbe400007a54



~~~ FireFox




~~~ Chrome


[C:\Users\ƒ ¦¤η©\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\ƒ ¦¤η©\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\ƒ ¦¤η©\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\ƒ ¦¤η©\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on £ 25/06/2015 at 23:00:40,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#15 tehbiglebowski

tehbiglebowski
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 25 June 2015 - 03:24 PM

still getting the bloody shortcut..wtffffffffffff

only time i dont see it is when i scan and clear the flashdrive....this is one really well hidden virus wtfffffffffffffffff






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users