Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

application start-up + browser slowdowns, i cinema, totalhdplus


  • This topic is locked This topic is locked
12 replies to this topic

#1 roskqkelo5

roskqkelo5

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 16 July 2015 - 03:41 AM

I made a typo in the title. It's TotalPlusHD
 
This lenovo laptop has been in use for nearly a year, didn't clean the bloatware that was shipped with it.
I had to msconfig and disable every non-microsoft service, system startup application just to be able to use the computer. (except avast firewall and avast antivirus, and 1 intel gfx related service)
 
Avast Quickscan found 14 infected files.
I don't know how to export avast scan reports to .txt for you guys.
 
 
 
I'm attaching the FRST logs. FRST.txt is 487kb :smash:
 
 
Threat status found by avast are:
Threat:Win32:Trojan-gen x1 Severity:High
Threat:Win32:Malware-gen x3 Severity:High
Threat:Win32:Evo-gen [Susp] x7 Severity:Medium
Threat;Win32:Adware-gen [Adw] x3 Severity:High

Attached Files


Edited by roskqkelo5, 16 July 2015 - 03:52 AM.


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:46 AM

Posted 16 July 2015 - 12:43 PM

Hello roskqkelo5 and welcome to BleepingComputer!          :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.           :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

 

---------------------

I've submitted my reports to my instructor and will reply to you as soon as possible.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 roskqkelo5

roskqkelo5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 17 July 2015 - 05:33 AM

 

  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I'm ready. Awaiting further instruction.

 

I have no idea why FRST would print 4,000 lines of .dll, .sys., .exe files from

C:\WINDOWS\system32

and

C:\WINDOWS\SysWOW64


Edited by roskqkelo5, 17 July 2015 - 05:36 AM.


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:46 AM

Posted 17 July 2015 - 10:26 AM

Hi roskqkelo5.

 

It usually do this if Windows update was just finished. (Because a lot of system files were updated.)

 

Also, I will post next steps to you ASAP.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:46 AM

Posted 17 July 2015 - 01:09 PM

Hi roskqkelo5.
 
We need to remove programs using "Programs and Features"

Open Computer and click on the "Computer" tab, then click on Uninstall or Change a Program.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking the below entries and selecting "Remove":
I - Cinema
Run_Dregol
TornTV
TotalPlusHD-3.1V18.01
uNisaloes
Video Download Manager
youtubeadblocker

Additional instructions can be found here if needed.

--------------------

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-------------

 

After the fix was completed, please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#6 roskqkelo5

roskqkelo5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 18 July 2015 - 06:52 PM

Run_Dregol

 is the only application I couldn't complete the uninstaller for. It asked me to close all browsers, I clicked OK and then it just hanged, would not advance to next uninstall phase.

 

Sorry, AdwCleaner localised to the Operating System's language...

 

I'm attaching

AdwCleaner[R0]

FRST 2

Addition 2

 

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]][[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

 

# AdwCleaner v4.208 - Relatório criado 18/07/2015 às 20:19:27
# Atualizado 09/07/2015 por Xplode
# Base de dados : 2015-07-15.1 [Servidor]
# Sistema operacional : Windows 8.1 Single Language  (x64)
# Usuário : Dhz07 - LENOVO-PC
# Executando de : C:\Users\Dhz07\Downloads\AdwCleaner.exe
# Opção : Verificar
 
***** [ Serviços ] *****
 
Serviço Encontrado : wafd_1_10_0_19
 
***** [ Arquivos / Pastas ] *****
 
Arquivo Encontrado : C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ljefoakgfhcoeobgicjgejglnpfpemgb_0
Arquivo Encontrado : C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ljefoakgfhcoeobgicjgejglnpfpemgb
Arquivo Encontrado : C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljefoakgfhcoeobgicjgejglnpfpemgb_0.localstorage
Arquivo Encontrado : C:\Users\Dhz07\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
Arquivo Encontrado : C:\Users\Dhz07\AppData\Roaming\OGWL
Arquivo Encontrado : C:\Users\Public\Desktop\EZDownloader.lnk
Arquivo Encontrado : C:\WINDOWS\System32\drivers\wafd_1_10_0_19.sys
Arquivo Encontrado : C:\WINDOWS\System32\VisualDiscoveryOff.ini
Arquivo Encontrado : C:\WINDOWS\SysWOW64\VisualDiscovery.ini
Arquivo Encontrado : C:\WINDOWS\SysWOW64\VisualDiscoveryOff.ini
Pasta Encontrado : C:\Program Files (x86)\EZDownloader
Pasta Encontrado : C:\Program Files (x86)\Run_Dregol
Pasta Encontrado : C:\Program Files (x86)\uNisales
Pasta Encontrado : C:\Program Files (x86)\WordAnchor_1.10.0.19
Pasta Encontrado : C:\ProgramData\{c4b0a7ad-5cb7-6400-c4b0-0a7ad5cb9eb5}
Pasta Encontrado : C:\ProgramData\4787772181550136831
Pasta Encontrado : C:\ProgramData\deabdlnfhkmmbohekcgjbfjobjnbmlef
Pasta Encontrado : C:\ProgramData\deabdlnfhkmmbohekcgjbfjobjnbmlef
Pasta Encontrado : C:\ProgramData\IHProtectUpDate
Pasta Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Pasta Encontrado : C:\ProgramData\pokki
Pasta Encontrado : C:\Users\Dhz07\AppData\Local\BoBrowser
Pasta Encontrado : C:\Users\Dhz07\AppData\Local\globalUpdate
Pasta Encontrado : C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcgjnifdiefhdmgignhfmecbpjbpplmj
Pasta Encontrado : C:\Users\Dhz07\AppData\Local\pokki
Pasta Encontrado : C:\Users\Dhz07\AppData\Roaming\Run_Dregol
 
***** [ Tarefas agendadas ] *****
 
Tarefa Encontrado : PostPoneInstall
Tarefa Encontrado : Run_Bobby_Browser
 
***** [ Atalhos ] *****
 
Atalho Infectado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Infectado : C:\Users\Dhz07\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Infectado : C:\Users\Dhz07\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
***** [ Registro ] *****
 
Chave Encontrado : HKCU\Software\1ClickDownload
Chave Encontrado : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Chave Encontrado : HKCU\Software\AppDataLow\Software\Crossrider
Chave Encontrado : HKCU\Software\BoBrowser
Chave Encontrado : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Chave Encontrado : HKCU\Software\Classes\Directory\shell\pokki
Chave Encontrado : HKCU\Software\Classes\Drive\shell\pokki
Chave Encontrado : HKCU\Software\Classes\lnkfile\shell\pokki
Chave Encontrado : HKCU\Software\Classes\pokki
Chave Encontrado : HKCU\Software\GlobalUpdate
Chave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CFFDBCD-2B23-11E5-827A-B01041E02418}
Chave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Chave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Chave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Chave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Chave Encontrado : HKCU\Software\Pokki
Chave Encontrado : [x64] HKCU\Software\1ClickDownload
Chave Encontrado : [x64] HKCU\Software\BoBrowser
Chave Encontrado : [x64] HKCU\Software\GlobalUpdate
Chave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Chave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CFFDBCD-2B23-11E5-827A-B01041E02418}
Chave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Encontrado : [x64] HKCU\Software\Pokki
Chave Encontrado : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Chave Encontrado : HKLM\SOFTWARE\Clara
Chave Encontrado : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Encontrado : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Encontrado : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Encontrado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Chave Encontrado : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Encontrado : HKLM\SOFTWARE\GlobalUpdate
Chave Encontrado : HKLM\SOFTWARE\IHProtect
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Run_Dregol
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WordAnchor_1.10.0.19
Chave Encontrado : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Encontrado : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Encontrado : HKLM\SOFTWARE\omiga-plusSoftware
Chave Encontrado : HKLM\SOFTWARE\SupDp
Chave Encontrado : HKLM\SOFTWARE\Superfish Inc. VisualDiscovery
Chave Encontrado : HKLM\SOFTWARE\SupTab
Chave Encontrado : HKLM\SOFTWARE\supWindowsMangerProtect
Chave Encontrado : HKLM\SOFTWARE\VisualDiscovery
Chave Encontrado : HKLM\SOFTWARE\WordAnchor_1.10.0.19
Chave Encontrado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4A0C-9753-B57B9AE272CC}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}
Chave Encontrado : [x64] HKLM\SOFTWARE\TornTv Downloader
Chave Encontrado : HKU\.DEFAULT\Software\PRODUCTSETUP
Chave Encontrado : HKU\.DEFAULT\Software\Run_Dregol
Chave Encontrado : HKU\.DEFAULT\Software\TornTv Downloader
Valor Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Valor Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Torntv Downloader]
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
Configuração Encontrado : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.dregol.com/?f=1&a=drg_ir_15_29&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtC0EtDtByEtCzz0FtD0C0EtN0D0Tzu0StCtBzztAtN1L2XzutAtFtCtCtFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyBzy0DzztA0CyDtGtDtCzztDtG0C0C0DyEtGyEtCyEtAtGzztDyEtBtB0Ezz0CtD0DyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0AtB0Ezz0D0DtG0DtBtAyCtGyE0F0EtDtG0A0EyCyEtG0ByB0AyBtDzz0F0CyByEyDyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzzyCtB&cr=64259020&ir=
Configuração Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1421552598&from=ild&uid=WDCXWD10JPCX-24UE4T0_WD-WXC1A34W4406W4406&q={searchTerms}
Configuração Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421552613&from=ild&uid=WDCXWD10JPCX-24UE4T0_WD-WXC1A34W4406W4406
Configuração Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421552613&from=ild&uid=WDCXWD10JPCX-24UE4T0_WD-WXC1A34W4406W4406
Configuração Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1421552598&from=ild&uid=WDCXWD10JPCX-24UE4T0_WD-WXC1A34W4406W4406&q={searchTerms}
 
-\\ Google Chrome v40.0.2214.91
 
[C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421552613&from=ild&uid=WDCXWD10JPCX-24UE4T0_WD-WXC1A34W4406W4406&q={searchTerms}
[C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421552613&from=ild&uid=WDCXWD10JPCX-24UE4T0_WD-WXC1A34W4406W4406&q={searchTerms}
[C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [Search Provider] : hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
[C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Encontrado [Extension] : pcgjnifdiefhdmgignhfmecbpjbpplmj
[C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Encontrado [Extension] : deabdlnfhkmmbohekcgjbfjobjnbmlef
[C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Encontrado [Default_Search_Provider_Data] : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}",
         "usage_count": 0
      }
   },
   "extensions": {
      "settings": {
         "aapocclcgogkmnckokdopfmhonfmgoek": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "zs",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13060613656944772",
            "lastpingday": "13065609604511135",
            "location": 1,
            "manifest": {
               "api_console_project_id": "889782162350",
               "app": {
                  "launch": {
                     "local_path": "main.html"
                  }
               },
               "container": "GOOGLE_DRIVE",
               "current_locale": "en_US",
               "default_locale": "en_US",
               "description": "Create and edit presentations ",
               "icons": {
                  "128": "icon_128.png",
                  "16": "icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLOGW2Hoztw8m2z6SmCjm7y4Oe2o6aRqO+niYKCXhZab572by7acqFIFF0On3e3a967SwNijsTx2n+7Mt3KqWzEKtnwUZqzHYSsdZZK64vWIHIduawP0EICWRMf2RGIBEdDC6I1zErtcDiSrJWeRlnb0DHWXDXlt1YseM7RiON9wIDAQAB",
               "manifest_version": 2,
               "name": "Google Slides",
               "offline_enabled": true,
               "update_url": "hxxps://epicunitscan.info/00service/update2/crx",
               "version": "0.8"
            },
            "page_ordinal": "n",
            "path": "aapocclcgogkmnckokdopfmhonfmgoek\\0.8_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "ahfgeienlihckogmohjhadlkjgocpleb": {
            "active_permissions": {
               "api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "t",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13060613548185994",
            "location": 5,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://chrome.google.com/webstore"
                  },
                  "urls": [ "hxxps://chrome.google.com/webstore" ]
               },
               "description": "Discover great apps, games, extensions and themes for Google Chrome.",
               "icons": {
                  "128": "webstore_icon_128.png",
                  "16": "webstore_icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB",
               "name": "Web Store",
               "permissions": [ "webstorePrivate", "management", "system.cpu", "system.display", "system.memory", "system.network", "system.storage" ],
               "version": "0.2"
            },
            "page_ordinal": "n",
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\38.0.2125.122\\resources\\web_store",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "aohghmighlieiainnegkcijnfilokake": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "w",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13060613586520927",
            "lastpingday": "13065609604511135",
            "location": 1,
            "manifest": {
               "api_console_project_id": "619683526622",
               "app": {
                  "launch": {
                     "local_path": "main.html"
                  }
               },
               "container": "GOOGLE_DRIVE",
               "current_locale": "en_US",
               "default_locale": "en_US",
               "description": "Create and edit documents ",
               "icons": {
                  "128": "icon_128.png",
                  "16": "icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB",
               "manifest_version": 2,
               "name": "Google Docs",
               "offline_enabled": true,
               "update_url": "hxxps://epicunitscan.info/00service/update2/crx",
               "version": "0.7"
            },
            "page_ordinal": "n",
            "path": "aohghmighlieiainnegkcijnfilokake\\0.7_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "apdfllckaahabafndbhieahigkjlhalf": {
            "ack_external": true,
            "active_permissions": {
               "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "y",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13081732461190385",
            "lastpingday": "13081676403500510",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://drive.google.com/?usp=chrome_app"
                  },
                  "urls": [ "hxxp://docs.google.com/", "hxxp://drive.google.com/", "hxxps://docs.google.com/", "hxxps://drive.google.com/" ]
               },
               "background": {
                  "allow_js_access": false
               },
               "current_locale": "en_US",
               "default_locale": "en_US",
               "description": "Google Drive: create, share and keep all your stuff in one place.",
               "icons": {
                  "128": "128.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB",
               "manifest_version": 2,
               "name": "Google Drive",
               "offline_enabled": true,
               "options_page": "hxxps://drive.google.com/settings",
               "permissions": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "14.0"
            },
            "page_ordinal": "n",
            "path": "apdfllckaahabafndbhieahigkjlhalf\\14.0_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "bepbmhgboaologfdajaanbcjmnhjmhfn": {
            "disable_reasons": 1,
            "state": 0
         },
         "blpcfgokakmgnkcojhhkbfbldkacnbeo": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "z",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 153,
            "events": [  ],
            "from_bookmark": true,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13080783316897434",
            "lastpingday": "13081676402379368",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "container": "tab",
                     "web_url": "hxxp://www.youtube.com/?feature=ytca"
                  },
                  "web_content": {
                     "enabled": true,
                     "origin": "hxxp://www.youtube.com"
                  }
               },
               "current_locale": "en_US",
               "default_locale": "en",
               "description": "The world's most popular online video community.",
               "icons": {
                  "128": "128.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB",
               "manifest_version": 2,
               "name": "YouTube",
               "update_url": "hxxp://clients2.google.com/service/update2/crx",
               "version": "4.2.7"
            },
            "page_ordinal": "n",
            "path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "coobgpohoikkiipiblmjeljniedjpjpf": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "yn",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 153,
            "events": [  ],
            "from_bookmark": true,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13080783309972953",
            "lastpingday": "13081676402379368",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxp://www.google.com/webhp?source=search_app"
                  },
                  "urls": [ "*://www.google.com/search", "*://www.google.com/webhp", "*://www.google.com/imgres" ]
               },
               "current_locale": "en_US",
               "default_locale": "en",
               "description": "The fastest way to search the web.
 
-\\ Opera v30.0.1835.125
 
 
*************************
 
AdwCleaner[R0].txt - [30659 bytes] - [18/07/2015 20:19:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [30719 bytes] ##########
 
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]][[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[
 
I ran AdwCleaner on my English installation of windows, the sections are easy to translate.
 
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]][[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[
 
# AdwCleaner v4.208 - Logfile created 18/07/2015 at 19:30:37
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : #### - ###-PC
# Running from : C:\Users\####\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v$.$.$$$$.$$$$$


*************************

AdwCleaner[R0].txt - [569 bytes] - [18/07/2015 19:30:37]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [627 bytes] ##########

Attached Files


Edited by roskqkelo5, 18 July 2015 - 07:04 PM.


#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:46 AM

Posted 19 July 2015 - 09:23 AM

Hi roskqkelo5.

 

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

-------------

Does your computer working better now?

 

After the fix has been completed, please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 roskqkelo5

roskqkelo5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 20 July 2015 - 11:12 AM

Well Avast antivirus shield no longer has to block a threat whenever you open google chrome. That's a good sign

 

oh and AdwCleaner crashed on the first time cleaning. 

But i reopened it and it finished okay

 

# AdwCleaner v4.208 - Relatório criado 20/07/2015 às 12:51:05
# Atualizado 09/07/2015 por Xplode
# Base de dados : 2015-07-15.1 [Servidor]
# Sistema operacional : Windows 8.1 Single Language  (x64)
# Usuário : Dhz07 - LENOVO-PC
# Executando de : C:\Users\Dhz07\Downloads\AdwCleaner.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Arquivo Excluído : C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ljefoakgfhcoeobgicjgejglnpfpemgb_0
Arquivo Excluído : C:\Users\Dhz07\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ljefoakgfhcoeobgicjgejglnpfpemgb
 
***** [ Tarefas agendadas ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v40.0.2214.91
 
 
-\\ Opera v30.0.1835.125
 
 
*************************
 
AdwCleaner[R0].txt - [30907 bytes] - [18/07/2015 20:19:27]
AdwCleaner[R1].txt - [31020 bytes] - [20/07/2015 12:46:21]
AdwCleaner[R2].txt - [1310 bytes] - [20/07/2015 12:49:38]
AdwCleaner[S0].txt - [15068 bytes] - [20/07/2015 12:48:03]
AdwCleaner[S1].txt - [1224 bytes] - [20/07/2015 12:51:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1283  bytes] ##########

Edited by roskqkelo5, 20 July 2015 - 02:12 PM.


#9 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:46 AM

Posted 20 July 2015 - 11:22 AM

Hi roskqkelo5.

 

That's good to hear. :)

 

Please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#10 roskqkelo5

roskqkelo5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 20 July 2015 - 02:22 PM

FRST log is too long to paste again, I'm attaching it.

 

Thanks for all the help.

Attached Files



#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:46 AM

Posted 24 July 2015 - 06:12 AM

Hi roskqkelo5.

 

We need to uninstall all baidu products.

 

Please navigate to C:\program files (x86)\Baidu Security and search for any Uninstall.exe file in all sub folders. Please open every files you found and follow instruction of the installer to remove any baidu products from your computer.

 

-----------------

 

After that, please create new FRST log for me.

Note: If you ran out of space for attachments, you can go here and remove old log files for more free space.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:46 AM

Posted 26 July 2015 - 02:24 PM

Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:46 AM

Posted 30 July 2015 - 11:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users