Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware: AntiAdBlocker on Chrome, multiple files in Control Panel,ProgramFiles


  • Please log in to reply
9 replies to this topic

#1 jonasty4

jonasty4

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 13 August 2015 - 09:34 PM

I've been trying to rid my computer of a nasty malware infection and I have finally turned to professional help.  Unwanted programs tilted: RelayRise, SystemEnterprise, SegmentAssister seemed to have dumped immovable crap everywhere which results in crazy pop-ups and extension modifications in Chrome amongst other things.  Please help!  Thanks!



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:36 AM

Posted 14 August 2015 - 04:45 PM


In many cases these issues are the result of unwanted toolbars, add-ons/plug-ins, and browser extensions which come bundled with other free software (often without the knowledge or consent of the user). They can be the source of various issues and problems to include adware, pop-up ads, browser hijacking which may change your home page/search engine/search settings, and cause user profile corruption.

As such they are generally classified as Potentially Unwanted Programs (PUPs) and many of them can be removed from within its program group Uninstall shortcut in Start Menu > All Programs or by using Programs and Features (Add/Remove Programs) in Control Panel, so always check there first. With most adware/junkware it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In most cases, using the uninstaller of the adware not only removes it more effectively, but it also restores many changed configuration settings.

Alternatively, you can use a third-party utility like Revo Uninstaller Free or Portable and follow these instructions for using it. Revo will do a more thorough job of searching for and removing related registry entries, files and folders.

After uninstallation, then you can run specialized tools like Malwarebytes Anti-Malware, AdwCleaner and JRT (Junkware Removal Tool) to fix any remaining entries they may find. These tools typically search for and remove related registry entries, files and folders wherever they hide...to include those within the AppData folder and elsewhere.

Scroll through the list and remove anything else (newly installed programs) you do not recognize. To view the most recently installed programs, click on the “Installed On” column to sort all programs by installation date.

The next place to check is your browser extensions and add-ons/plug-ins.To reset your browser settings to default:To reset the browser home page if it was changed, please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:36 AM

Posted 14 August 2015 - 04:52 PM

Only after doing the above...continue as follows:

Please download the following tools to your desktop and use them in the order listed. They will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved on the %systemdrive% (usually C:\).
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.
.
4. As a final step, download Malwarebytes Anti-Malware 2.0, install and perform a THREAT SCAN following these instructions.
  • If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
  • When finished, post the complete log in your next reply to include the top portion which shows database version and your operating system.
  • Refer to this topic for instructions on how to save/export a Scan log...How do I access and save logs from Malwarebytes Anti-Malware?.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 jonasty4

jonasty4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 23 August 2015 - 05:21 PM

Rkill
 
Rkill 2.8.1 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/23/2015 02:17:59 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Jonas\AppData\Local\Temp\ocr119C.tmp\bin\rubyw.exe (PID: 3580) [UP-HEUR]
 * C:\Users\Jonas\AppData\Local\Temp\ocr119C.tmp\bin\rubyw.exe (PID: 3580) [T-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Adware Cleaner
 
# AdwCleaner v5.003 - Logfile created 23/08/2015 at 14:29:27
# Updated 20/08/2015 by Xplode
# Database : 2015-08-23.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jonas - JONAS-PC
# Running from : C:\Users\Jonas\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-591623505-4134307422-2065310892-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\nzr9n268.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://searchy.easylifeapp.com/");
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1004 bytes] ##########
 
 
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 7 Home Premium x64
Ran by Jonas on Sun 08/23/2015 at 14:33:22.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_Jonas
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-591623505-4134307422-2065310892-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Jonas\AppData\Roaming\appdataFr2.bin
Successfully deleted: [File] C:\Users\Jonas\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\Jonas\AppData\Roaming\appdataFr3.bin
Successfully deleted: [File] C:\Users\Jonas\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{21EB0D76-4EED-4FFB-A98C-77ABC1383054}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{2C3C26FC-F577-4E61-B591-E89768816BF3}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{304FFFB1-E009-497E-BF9E-491344FD3C2D}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{49F62CEF-FC12-4F37-8DB3-13A359BBEFC3}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{50B5490C-C158-45D1-B250-7009F26D2CEE}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{5F22CBE0-302F-4DB8-81E0-095288057E27}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{67681C84-AD2C-45BC-A5AB-D96FBADD2264}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{69D799A6-1A16-426F-B0FD-FCD92619DA16}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{7559FCDB-7836-4E23-AFE0-91989D1A50CB}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{77247D91-34FE-4D89-9C9C-102B9F4ACF8C}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{8247FE1F-714C-44FC-AA54-F4F52DCDE2F8}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{8EC374FF-8F90-407E-92A4-7FAF9328743A}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{96526FAA-81D7-4640-BD41-8C9DD1F1B901}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{98510F12-A4F7-4D7F-99FE-7AB9C9596AA9}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{A52DC1AF-D735-4695-9844-59E28C00347F}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{A61B5E9B-5892-4FF8-8766-7516C31A546B}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{A76B20C1-D928-4F73-AC09-B9435BC66B8C}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{AB425EE9-97C0-4F28-B365-95839E4069DB}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{B2B322CC-D396-4C4C-8193-3C54809B411E}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{B3D79725-2888-4705-A4E6-F07E68C2F738}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{C83AB526-19DD-4791-A13A-2EF7DF8566CA}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{D345D816-9E03-4DC7-B8A0-AB46B3D63650}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{D9B09289-222D-49F7-AE33-C8C834CA92EF}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{DC472443-8AA2-4703-85B7-AAF925AC8B8C}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{E065580F-12EC-4B2F-9C3D-E6C9D4DEDDD9}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{E6804FF1-99FB-4E7F-B715-CF5B0EAF3529}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{EAD651D6-01D3-4C37-9C5F-FDE6079839A9}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{F6D0B1B5-2840-426E-8D1F-41732B96CE11}
Successfully deleted: [Empty Folder] C:\Users\Jonas\Appdata\Local\{FE430DBF-1A8E-49AA-BC07-B8B1D69A56AB}
Successfully deleted: [Folder] C:\ProgramData\best buy pc app
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Jonas\Appdata\Local\best buy pc app
Successfully deleted: [Folder] C:\Users\Jonas\AppData\Roaming\productdata
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\nzr9n268.default\extensions\staged
Successfully deleted the following from C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\nzr9n268.default\prefs.js
 
user_pref(extensions.7Lz4zUT1k5A4dJmF.scode, (function(){try{if(window.location.href.indexOf(\qdCHqdU4pjs9qTk6pdn7rdwGqa\)>-1){return;}}catch(e){}try{var d=[[\www.viracu
user_pref(extensions.VZiWEsRqm4ICp8RW.scode, (function(){try{if(window.location.href.indexOf(\qdCHqdU4pjs9qTk6pdn7rdwGqa\)>-1){return;}}catch(e){}try{var d=[[\www.viracu
user_pref(extensions.o8UyeK2GQSxf6sPZ.scode, (function(){try{if(window.location.href.indexOf(\qdCHqdU4pjs9qTk6pdn7rdwGqa\)>-1){return;}}catch(e){}try{var d=[[\www.viracu
user_pref(browser.startup.homepage, hxxp://searchy.easylifeapp.com/);
Emptied folder: C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\nzr9n268.default\minidumps [122 files]
 
 
 
~~~ Chrome
 
 
[C:\Users\Jonas\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Jonas\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Jonas\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Jonas\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/23/2015 at 14:41:32.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Malwarebytes
 
Logfile: malwarebytes.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.23.05
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jonas
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 423349
Time Elapsed: 35 min, 6 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{478472F9-9E09-492A-BDAB-42EE595EF1AD}, Quarantined, [81c0c8447714e25468d48aa2946fa45c], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 23
PUP.Optional.SuperOptimizer.A, C:\Users\Jonas\AppData\Local\Temp\supoptsetup.exe, Quarantined, [95acde2e0289340248d45053a25f1ee2], 
PUP.Optional.ServiceRNDM.A, C:\Users\Jonas\AppData\Local\Temp\4DFF.exe, Quarantined, [1b266aa2c5c65cda2352daeaff0259a7], 
PUP.Optional.ServiceRNDM.A, C:\Users\Jonas\AppData\Local\Temp\8EA7.exe, Quarantined, [9fa231dbc3c8f442383decd8b05144bc], 
PUP.Optional.Babylon.A, C:\Users\Jonas\AppData\Local\Temp\DeltaTB.exe, Quarantined, [9aa7ca427912c1754018796d1ee2ee12], 
PUP.Optional.InstallCore, C:\Users\Jonas\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe, Quarantined, [0041e9235635043297e05fb00cf5cc34], 
PUP.Optional.MultiPlug, C:\Users\Jonas\AppData\Local\Temp\3990.exe, Quarantined, [063ba5672665e0564d5dff9641c0a25e], 
PUP.Optional.ServiceRNDM.A, C:\Users\Jonas\AppData\Local\Temp\3BF7.exe, Quarantined, [65dc48c4593252e4660f9f2510f1e51b], 
PUP.Optional.Babylon.A, C:\Users\Jonas\AppData\Local\Temp\02C1C019-BAB0-7891-9D73-09B9A17C2F0A\Latest\BExternal.dll, Quarantined, [52ef0c0074176ec8c070968e1be5ff01], 
PUP.Optional.MultiPlug.PLY, C:\Users\Jonas\AppData\Local\Temp\PLUXYL.tmp\bubit.dll, Quarantined, [132e37d549426bcba0c2e9e7fd041ce4], 
PUP.Optional.MultiPlug.PLY, C:\Users\Jonas\AppData\Local\Temp\WYFTMK.tmp\bubit.dll, Quarantined, [44fdcd3fd9b28ea89fc33f911ce5a957], 
PUP.Optional.MultiPlug.PLY, C:\Users\Jonas\AppData\Local\Temp\MQKDMW.tmp\bubit.dll, Quarantined, [a8993ad20e7db28487db339df30eb54b], 
PUP.Optional.SuperOptimizer.A, C:\Users\Jonas\AppData\Local\Temp\11f931aa\108652.ftf, Quarantined, [96ab8983a9e2b77fe1dab2f11ae7a65a], 
PUP.Optional.MultiPlug.PLY, C:\Users\Jonas\AppData\Local\Temp\XTBHSQ.tmp\bubit.dll, Quarantined, [6ed322eae1aa43f363ff26aa29d8a35d], 
PUP.Optional.Installcore, C:\Users\Jonas\AppData\Local\Temp\is357113909\136676877_stp\HomePageDLL.dll, Quarantined, [8bb637d58ffc64d251ab25e4c34243bd], 
PUP.Optional.Multiplug.A, C:\Windows\Temp\tmp9nnfue\jUDYTKIWOgFIc5N.exe, Quarantined, [c08113f9ef9cb97d6aafd7a3788953ad], 
PUP.Optional.MultiPlug.BHO.F, C:\Windows\Temp\tmpbyqwe7\c8HchWuPsSbrwf.dll, Quarantined, [0a37917b94f7b3832e68e0f17f8237c9], 
PUP.Optional.MultiPlug.BHO.F, C:\Windows\Temp\tmpbyqwe7\c8HchWuPsSbrwf.x64.dll, Quarantined, [61e09c704a41320490cfb819d52cf60a], 
PUP.Optional.Multiplug.A, C:\Windows\Temp\tmpbyqwe7\YwRQ5eEW2x9lOKW.exe, Quarantined, [7ac7729ab5d695a1fd1c42388f72c937], 
PUP.Optional.MultiPlug.A, C:\Windows\Temp\tmpszakgj\dbghelp.dll, Quarantined, [53eefa12addeea4c2fb85f70ee13b14f], 
PUP.Optional.MultiPlug.A, C:\Windows\Temp\tmp_qpb_q\dbghelp.dll, Quarantined, [e45dc4487a1185b1e60128a727dabc44], 
PUP.Optional.Babylon.A, C:\Users\Jonas\Downloads\Unlocker1.9.2.exe, Quarantined, [0041c54778134ee83523e30337c950b0], 
PUP.Optional.OpenCandy, C:\Users\Jonas\Downloads\veetle-0.9.19.exe, Quarantined, [83be68a4860585b17401dda182838779], 
PUP.Optional.InstallCore, C:\Users\Jonas\Downloads\ZipOpenerSetup.exe, Quarantined, [ab9612fa49424aec96e11bf40af760a0], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 

Edited by jonasty4, 23 August 2015 - 05:21 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:36 AM

Posted 23 August 2015 - 05:29 PM

Now perform a scan with emsisoft_emergency_kit.pnglogo.png

Please download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click on EmsisoftEmergencyKit.exe to install and create a shortcut on the desktop.
  • Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually C:\) as shown here.
  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
    rxYDlQ1.png
    .
  • When asked to run an online update, click Yes.
    dQaKPnk.png
    .
  • When the update is finished, click the Back to Security Status link in the left corner.
  • On the main screen click the Scan PC button.
  • Select Smart Scan, then click the Scan button.
  • When the scan is finished, click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
    g5ojhHp.png
    .
  • Click the View Report button and in the Reports window double-click on the most recent log. Logs are named as follows: a2scan_Date-Time.txt (YYMODY) and saved to C:\EEK\bin\Reports\.
  • Alternatively you can click Export and save the log to your Desktop, then open by double-clicking on it.
  • Copy and paste the contents of that logfile in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 jonasty4

jonasty4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 23 August 2015 - 06:15 PM

Dumb question, i try to paste the contents from the log file and get: You have posted a message with more emoticons than this community allows. Please reduce the number of emoticons you've added to the message



#7 jonasty4

jonasty4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 23 August 2015 - 06:21 PM

Emsisoft Emergency Kit - Version 10.0
Last update: 8/23/2015 6:51:34 PM
User account: Jonas-PC\Jonas

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:	8/23/2015 6:54:36 PM
C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdateHelper.dll 	detected: Gen:Variant.Zusy.154683 (B)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} 	detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-591623505-4134307422-2065310892-1000\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} 	detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} 	detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-591623505-4134307422-2065310892-1000\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} 	detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-591623505-4134307422-2065310892-1000\SOFTWARE\WEBAPP 	detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} 	detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-591623505-4134307422-2065310892-1000\SOFTWARE\PARTYGAMING 	detected: Application.Win32.CasOnline (A)
Value: HKEY_USERS\S-1-5-21-591623505-4134307422-2065310892-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR 	detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-591623505-4134307422-2065310892-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS 	detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} 	detected: Application.AdFix (A)
C:\Users\Jonas\AppData\Local\Temp\208fec58\373670.ftf 	detected: Gen:Packer.PESpin.A.euqcaCSAoroi (B)
C:\Users\Jonas\AppData\Local\Temp\34D0\temp\DataClamp.xyz.exe 	detected: Gen:Variant.Adware.Kazy.554588 (B)
C:\Users\Jonas\AppData\Local\Temp\3620.exe 	detected: Adware.MPLug.HH (B)
C:\Users\Jonas\AppData\Local\Temp\FE20\temp\Justified-S03E11-HDTV-XviD-AFG.exe 	detected: Adware.MPLug.HH (B)
C:\Windows\TEMP\tmpph6lk_\chrome.dll 	detected: Application.Agent.KI (B)
C:\Windows\TEMP\tmpph6lk_\GoogleUpdateHelper.dll 	detected: Gen:Variant.Adware.Mikey.21357 (B)

Scanned	112955
Found	17

Scan end:	8/23/2015 7:09:48 PM
Scan time:	0:15:12

C:\Windows\TEMP\tmpph6lk_\GoogleUpdateHelper.dll	Quarantined Gen:Variant.Adware.Mikey.21357 (B)
C:\Windows\TEMP\tmpph6lk_\chrome.dll	Quarantined Application.Agent.KI (B)
C:\Users\Jonas\AppData\Local\Temp\FE20\temp\Justified-S03E11-HDTV-XviD-AFG.exe	Quarantined Adware.MPLug.HH (B)
C:\Users\Jonas\AppData\Local\Temp\3620.exe	Quarantined Adware.MPLug.HH (B)
C:\Users\Jonas\AppData\Local\Temp\34D0\temp\DataClamp.xyz.exe	Quarantined Gen:Variant.Adware.Kazy.554588 (B)
C:\Users\Jonas\AppData\Local\Temp\208fec58\373670.ftf	Quarantined Gen:Packer.PESpin.A.euqcaCSAoroi (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}	Quarantined Application.AdFix (A)
Value: HKEY_USERS\S-1-5-21-591623505-4134307422-2065310892-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS	Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-591623505-4134307422-2065310892-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR	Quarantined Setting.DisableTaskMgr (A)
Key: HKEY_USERS\S-1-5-21-591623505-4134307422-2065310892-1000\SOFTWARE\PARTYGAMING	Quarantined Application.Win32.CasOnline (A)
Key: HKEY_USERS\S-1-5-21-591623505-4134307422-2065310892-1000\SOFTWARE\WEBAPP	Quarantined Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-591623505-4134307422-2065310892-1000\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}	Quarantined Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}	Quarantined Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-591623505-4134307422-2065310892-1000\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}	Quarantined Application.Toolbar (A)

Quarantined	14


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:36 AM

Posted 23 August 2015 - 07:24 PM

How is your computer running now? Are there any more signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 jonasty4

jonasty4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 28 August 2015 - 07:03 AM

Was working fine until a restart and now issues have returned.



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:36 AM

Posted 28 August 2015 - 04:21 PM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Enable detection of potentially unwanted applications
    • Enable detection of potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • Please be patient as the scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
ESET Online Scanner FAQs

-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. ESET's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.

 
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users