Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help remove virus


  • Please log in to reply
7 replies to this topic

#1 nodonutnocop

nodonutnocop

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 04 July 2015 - 05:18 PM

I keep running AdwCleaner, and it finds one problem in the registry and removes it, but the same exact thing keeps coming back each time I run the adwcleaner. Here is the log. Ho do I PERMANENTLY GET RID OF THIS? Thanks!

 

 

 

# AdwCleaner v4.206 - Logfile created 16/06/2015 at 16:40:35
# Updated 01/06/2015 by Xplode
# Database : 2015-06-16.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Alec - BEPA
# Running from : C:\Users\Alec\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.124
 
 
*************************
 
AdwCleaner[R0].txt - [822 bytes] - [15/06/2015 22:39:20]
AdwCleaner[R1].txt - [938 bytes] - [16/06/2015 16:38:49]
AdwCleaner[S0].txt - [887 bytes] - [15/06/2015 22:41:31]
AdwCleaner[S1].txt - [866 bytes] - [16/06/2015 16:40:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [924  bytes] ##########
# AdwCleaner v4.207 - Logfile created 04/07/2015 at 15:00:26
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Alec - BEPA
# Running from : C:\Users\Alec\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****

Edited by Chris Cosgrove, 04 July 2015 - 05:32 PM.
Moved from Win 8 to 'am I infected?'


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,986 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:11 PM

Posted 04 July 2015 - 06:03 PM

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 nodonutnocop

nodonutnocop
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 05 July 2015 - 12:55 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.0 (07.04.2015:2)
OS: Windows 8.1 x64
Ran by Alec on Sat 07/04/2015 at 22:49:42.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Alec\AppData\Roaming\sp_data.sys
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Alec\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Alec\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Alec\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Alec\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/04/2015 at 22:53:49.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 buddy215

buddy215

  • BC Advisor
  • 12,986 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:11 PM

Posted 05 July 2015 - 06:00 AM

What were the results of the other two scans?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 nodonutnocop

nodonutnocop
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 05 July 2015 - 01:11 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/4/2015
Scan Time: 10:03 PM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.04.04
Rootkit Database: v2015.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alec
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349359
Time Elapsed: 32 min, 34 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.RocketFuel, C:\Users\Alec\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe, Quarantined, [2e9685581d6db18581e4d4da689ddd23], 
PUP.Optional.BundleInstaller.A, C:\Users\Alec\Downloads\Installation.exe, Quarantined, [09bb5d80bbcf37ff5e0cdd789f63dd23], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET didn't find any problems.


#6 buddy215

buddy215

  • BC Advisor
  • 12,986 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:11 PM

Posted 05 July 2015 - 02:39 PM

Okay...

After running CCleaner...post the three lists mentioned below using CCleaner:

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 nodonutnocop

nodonutnocop
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 05 July 2015 - 11:10 PM

Yes HKCU:Run Akamai NetSession Interface Akamai Technologies, Inc. "C:\Users\Alec\AppData\Local\Akamai\netsession_win.exe"
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Adobe Reader Speed Launcher "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Yes HKLM:Run ASUSPRP ASUSTek Computer Inc. "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
Yes HKLM:Run ASUSWebStorage ASUS Cloud Corporation C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
Yes HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\WINDOWS\system32\hkcmd.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\WINDOWS\system32\igfxtray.exe"
Yes HKLM:Run Persistence Intel Corporation "C:\WINDOWS\system32\igfxpers.exe"
Yes HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
Yes HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run WsmUpdater Web Solution Mart "C:\Program Files (x86)\Web Solution Mart\Windows 8 Codecs Pack\Updater.exe"
 
Yes Task ASUS InstantOn Config C:\Program Files\ASUS\P4G\InsOnCfg.exe
Yes Task ASUS Live Update1 ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe -critical
Yes Task ASUS Live Update2 ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe -check
Yes Task ASUS P4G ASUS C:\Program Files\ASUS\P4G\BatteryLife.exe
Yes Task ASUS Smart Gesture Launcher AsusTek C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Yes Task ASUS Splendid ACMON ASUS C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
Yes Task ASUS Splendid ColorU ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
Yes Task ASUS USB Charger Plus ASUSTek Computer Inc. "C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
Yes Task AsusVibeSchedule ASUSTeK Computer Inc. "C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe" /start
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No Task Optimize Start Menu Cache Files-S-1-5-21-621194974-1816355638-2871821998-1001
 
Adobe Reader XI (11.0.11) Adobe Systems Incorporated 5/14/2015 185 MB 11.0.11
Akamai NetSession Interface Akamai Technologies, Inc 10/2/2014
Alcor Micro USB Card Reader Alcor Micro Corp. 2/19/2014 2.62 MB 3.4.117.01527
ASUS Live Update ASUS 2/19/2014 8.49 MB 3.2.6
ASUS Power4Gear Hybrid ASUS 2/19/2014 10.7 MB 3.0.2
ASUS Smart Gesture ASUS 2/19/2014 49.2 MB 2.2.7
ASUS Splendid Video Enhancement Technology ASUS 2/19/2014 14.8 MB 2.01.0021
ASUS USB Charger Plus ASUS 2/19/2014 8.77 MB 2.1.5
ASUS WebStorage Sync Agent ASUS Cloud Corporation 7/10/2014 1.1.18.159
ASUSDVD CyberLink Corp. 2/19/2014 147 MB 10.0.5710.52
AsusVibe2.0 ASUSTEK 7/10/2014 2.0.12.311
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 2/19/2014 2.1.0.7
ATK Package ASUS 2/19/2014 14.1 MB 1.0.0031
CCleaner Piriform 7/4/2015 5.07
CyberLink LabelPrint 2.5 CyberLink Corp. 7/3/2014 51.2 MB 2.5.5415
ESET Online Scanner v3 7/4/2015
ETDWare PS/2-X64 11.5.13.9_WHQL ELAN Microelectronic Corp. 10/2/2014 11.5.13.9
Free Screen Capture Free Picture Solutions 11/1/2014 3.72 MB 1.0.0
Google Chrome Google Inc. 7/3/2014 43.0.2357.130
Gpg4win (2.2.1) The Gpg4win Project 7/17/2014 2.2.1
Intel® Management Engine Components Intel Corporation 2/19/2014 8.1.0.1252
Intel® Processor Graphics Intel Corporation 7/10/2014 10.18.10.3308
Intel® SDK for OpenCL - CPU Only Runtime Package Intel Corporation 2/19/2014 2.0.0.37149
Java 8 Update 40 Oracle Corporation 3/12/2015 76.9 MB 8.0.400
Lagarith lossless video codec (Remove Only) 7/13/2014
Malwarebytes Anti-Malware version 2.1.8.1057 Malwarebytes Corporation 7/4/2015 64.6 MB 2.1.8.1057
Microsoft Expression Encoder 4 Screen Capture Codec Microsoft Corporation 7/13/2014 675 KB 4.0.1653.0
Microsoft Office Microsoft Corporation 5/1/2013 297 MB 15.0.4454.1510
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 5/1/2013 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 7/13/2014 4.84 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 7/3/2014 10.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 7/13/2014 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2/19/2014 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 2/19/2014 11.1 MB 10.0.40219
MyBitCast 2.0 ASUS 7/10/2014 2.0
Ralink RT2860 Wireless LAN Card Ralink 2/19/2014 1.2.0.41
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 7/10/2014 6.0.1.6804
Shared C Run-time for x64 McAfee 5/1/2013 2.78 MB 10.0.0
Skype™ 7.5 Skype Technologies S.A. 6/26/2015 49.9 MB 7.5.102
Unity Web Player Unity Technologies ApS 10/25/2014 12.0 MB 4.5.5f1
WildTangent Games WildTangent 7/10/2014 1.0.0.0
Windows 8 Codecs Pack 1.0.0 Web Solution Mart 7/13/2014 40.7 MB 1.0.0
Windows Driver Package - ASUS (ATP) Mouse  (10/31/2013 1.0.0.191) ASUS 7/10/2014 10/31/2013 1.0.0.191
Windows Live Essentials Microsoft Corporation 5/1/2013 16.4.3505.0912
WinFlash ASUS 2/19/2014 881 KB 2.41.1
 


#8 buddy215

buddy215

  • BC Advisor
  • 12,986 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:11 PM

Posted 06 July 2015 - 06:35 AM

Disable these Windows Startups: (Use CCleaner by clicking on each item to highlight and then choosing on the right to Disable, Remove or Uninstall)

Yes HKCU:Run Akamai NetSession Interface Akamai Technologies, Inc. "C:\Users\Alec\AppData\Local\Akamai\netsession_win.exe"
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Adobe Reader Speed Launcher "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\WINDOWS\system32\igfxtray.exe"
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run WsmUpdater Web Solution Mart "C:\Program Files (x86)\Web Solution Mart\Windows 8 Codecs Pack\Updater.exe"
 
Disable these Tasks:
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

 

Uninstall these programs:

ESET Online Scanner v3 7/4/2015

Java 8 Update 40 Oracle Corporation 3/12/2015 76.9 MB 8.0.400 (Old Java is a malware magnet....most users don't need Java)

Unity Web Player Unity Technologies ApS 10/25/2014 12.0 MB 4.5.5f1


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users