Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads by Superba virus


  • Please log in to reply
9 replies to this topic

#1 KingNAMS

KingNAMS

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 31 August 2015 - 12:28 PM

Hey everyone. I've got a computer infected by a virus or two. I cleaned it using my normal methods (AdwCleaner, Malwarebytes, Hitman Pro) and ran the tools till they came back clean. However I am still getting popups when following links. When a pop-up shows up, there is a little banner in the bottom right corner that says "Ads by Superba". This happens both in internet explorer and in chrome. I have searched the registry and there is no reference to "superba" anywhere. The computer is running Windows 8.1 x64. 

 

Any help would be greatly appreciated!



BC AdBot (Login to Remove)

 


m

#2 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 31 August 2015 - 12:55 PM

Hello,
 
please download MiniToolBox by Farbar and save it to your desktop.
 
Run tool as Administrator and make sure that these options are checked :
 
  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
  • List Installed Programs
 
Post log here .


#3 KingNAMS

KingNAMS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 31 August 2015 - 01:41 PM

Thanks Firehouse, here ya go!

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Bill (administrator) on 31-08-2015 at 13:40:11
Running from "C:\Users\Bill\Desktop"
Microsoft Windows 8.1  (X64)
Model: 500-054 Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
 
=========================== Installed Programs ============================
 
4 Elements II (HKLM-x32\...\WTA-79c302d2-8ebd-45f3-ab98-864513cc6036) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Airport Mania (HKLM-x32\...\WTA-7a016b40-46cd-4c12-b428-d60c2ab3d948) (Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{CC6CCF1E-F361-910A-E41D-EB5176F1255C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AVG 2015 (HKLM\...\{6B171EFC-F41F-4055-A4DE-5B9480DA17AA}) (Version: 15.0.4409 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\{ACCD4860-2B38-4301-B7C4-F27F567FE3EA}) (Version: 15.0.6086 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6086 - AVG Technologies)
Azteca (HKLM-x32\...\WTA-3d5cc62d-564b-4187-877d-451dc2fc34e5) (Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-262719cf-fb2d-4859-8cdf-eef4a0a76257) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-6a500582-a765-4afa-afc8-8b6bd7463d27) (Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (HKLM-x32\...\WTA-8cd7432f-b09b-4c01-8f7a-0bc6330f027c) (Version: 2.2.0.98 - WildTangent) Hidden
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-39439500-d2d6-45ed-8f0a-ce2dc211a68d) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-05f0b1f6-928a-46a1-a2b8-12b11bb5b454) (Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (HKLM-x32\...\WTA-cda86914-e282-4f36-a46b-75396a7e0e68) (Version: 3.0.2.32 - WildTangent) Hidden
CutStudio (HKLM-x32\...\{AB84E88F-89CA-4002-A6F4-422C2C8CB1F8}) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-a6456742-da2a-4ab6-98e8-8010d44ea954) (Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Farm Frenzy (HKLM-x32\...\WTA-8408f6a6-c1ba-4f0f-a2ef-03ec419a80f1) (Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-4d73edc1-9c24-4359-bb55-19725b7f6f1b) (Version: 2.2.0.110 - WildTangent) Hidden
GS-24 UsersManual (HKLM-x32\...\{B4DDDD6F-FBA9-493B-8945-E74461BFB62D}) (Version: 1.00.0000 - Roland DG Corporation)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-db28ed1a-11fb-40df-8e9d-1849e0ed0e53) (Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6451.0 - IDT)
Jewel Match 3 (HKLM-x32\...\WTA-5cfd3116-465e-4267-899a-0fef923634a6) (Version: 2.2.0.98 - WildTangent) Hidden
Lexmark 3600-4600 Series (HKLM\...\Lexmark 3600-4600 Series) (Version:  - Lexmark International, Inc.)
Luxor Evolved (HKLM-x32\...\WTA-daacd66b-8044-4443-a8cd-c2be2b807e26) (Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-26dc6563-5c96-4cf3-b6f1-a32f55d02d05) (Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-d0d10c58-8419-4e0b-bf77-8b2be2dd7358) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-c4fa22d7-f21e-4f00-98cd-c6f3cf9c9589) (Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (HKLM-x32\...\WTA-8c522dc3-1c7d-43ea-b009-91b475415b7c) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-fa0eb01b-e9fa-4d4a-840c-36c4c964ee69) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-a51fe418-8478-4b59-a3e6-29e792c9f508) (Version: 2.2.0.97 - WildTangent) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.48.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Roads of Rome 3 (HKLM-x32\...\WTA-1612355d-d530-49ed-8808-e9bd8a17f8e4) (Version: 2.2.0.98 - WildTangent) Hidden
Roland CAMM-1 DRIVER [GS-24] (HKLM-x32\...\{E529C70D-D817-47BE-96FC-E4D16D5160AB}) (Version: 1.20.0000 - Roland DG Corporation)
Roland OnSupport (HKLM-x32\...\{5A9C1329-6CE4-4377-B1D5-8BD4F3DB45F5}) (Version: 2.3.0.0 - Roland DG Corporation)
Royal Envoy 2 Collector's Edition (HKLM-x32\...\WTA-cd553432-97a8-455e-9263-ff327e41c82e) (Version: 3.0.2.32 - WildTangent) Hidden
ScreenConnect Client (e8de2262402a94fb) (HKLM-x32\...\{0D7FD2F3-B616-4039-9A45-36914FDCB7C1}) (Version: 5.3.9074.5646 - Elsinore Technologies, Inc.)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM-x32\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SQL Server 2008 R2 SP2 Common Files (HKLM-x32\...\{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Common Files (HKLM-x32\...\{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM-x32\...\{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM-x32\...\{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM-x32\...\{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM-x32\...\{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{93998800-1608-403F-9A51-420A77D23C25}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
StockStitch v6  -  for Windows versions: 7, 8, Vista, or XP (HKLM-x32\...\StockStitch v6_is1) (Version: 6.0.0.0 - Dalco Athletic Lettering)
Tales of Lagoona (HKLM-x32\...\WTA-0f7a76d0-bcfd-4297-9ef8-c6e751e848c2) (Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-09eaa014-6323-4019-b6c1-099e8efe1eba) (Version: 3.0.2.32 - WildTangent) Hidden
VectorCut (HKLM-x32\...\{3F96797B-4DB4-4657-B4AB-7005F214FB42}) (Version:  - Stahls)
VectorCut (HKLM-x32\...\{CFBF50F1-DA17-407A-A9C7-2BF339CB4AC0}) (Version: 1.6.0 - VectorX Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wilcom EmbroideryStudio e3.0 (HKLM-x32\...\{0491518C-2978-468A-9B53-CD488DBBEDB9}) (Version: 17.0.112.7385 - Wilcom) Hidden
Wilcom EmbroideryStudio e3.0 (HKLM-x32\...\{97D3B141-2E37-459F-859D-D446492FA512}) (Version: 17.0.157.7422 - Wilcom)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (HKLM-x32\...\WTA-50a18f2e-aa56-4142-a03a-a7d79ab706c2) (Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-7128fe4b-15ef-4236-92c3-ab622a0efb77) (Version: 2.2.0.98 - WildTangent) Hidden
 
**** End of log ****


#4 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 01 September 2015 - 03:33 AM

Download AdwCleaner by Xplode and save it to your desktop.
 
Run tool as Administrator, accept terms of usage, and wait while database is updating.
 
After it's done with updating, click Scan button and wait while it's scanning.
 
All found items remove by clicking on Cleaning button, and allow tool to restart.
 
After restart will make a log which you will attach or paste in your reply.
 
Download JRT by Malwarebytes and save it to your desktop.
 
Run tool as Administrator,accept disclaimer by pressing Y, and wait while it's scanning system.
 
Tool will automatically scan and remove all found items, if tool requires restart, allow it to do so.
 
Attach log here.
 
Download Malwarebytes and install it on your system (Run setup as Administrator).
 
At the end of installation, uncheck "Enable free trial of Malwarebytes Premium", then click Finish.
 
Make sure you have latest definitions by clicking on Update Now,then under Scan choose Threat Scan.
 
After scanning is done, click on Remove if malware is found,tool will ask for restart , allow it to do so.
 
Attach MBAM log here (you can find it in History > Application Logs).


#5 KingNAMS

KingNAMS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 01 September 2015 - 02:18 PM

Here ya go!

 

AdwCleaner:

# AdwCleaner v5.005 - Logfile created 01/09/2015 at 09:24:49
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Bill - EMBROIDERY
# Running from : C:\Users\Bill\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\fchk32
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\ONESOFTPERDAY
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
[!] Key Not Deleted : [x64] HKCU\Software\DAILYPCCLEAN
[!] Key Not Deleted : [x64] HKCU\Software\ONESOFTPERDAY
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\Compete
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.com
[-] [C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=M0D8E1DD8-AF26-4898-A29F-0EAF5C7AA997&SearchSource=55&CUI=&UM=8&UP=SP893FE00A-9217-4AA6-8C55-B293FF8F4EA6&D=080615&SSPV=
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2701 bytes] ##########
 
 
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 8.1 x64
Ran by Bill on Tue 09/01/2015 at  9:29:51.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Bill\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\Bill\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Bill\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Bill\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Bill\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Bill\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/01/2015 at  9:34:00.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
MBAM:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/1/2015
Scan Time: 9:35 AM
Logfile: mbam Scan Log.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.01.03
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Bill
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404206
Time Elapsed: 18 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.WombatUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\SERVICE1291.EXE, Quarantined, [0cab6dbd16758babdb38d5e71fe545bb], 
PUP.Optional.FlashBeat, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GDAQIZHHFD1, Delete-on-Reboot, [595e4dddbdce2f0720d2414cb0543dc3], 
PUP.Optional.OutBrowse, HKU\S-1-5-21-3461029221-597833216-3065874669-1001\SOFTWARE\OB, Quarantined, [199eda508cff5cda827e049ff50f7e82], 
 
Registry Values: 12
PUP.Optional.WombatUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\Service1291.exe|{a53dd3e5-0283-4ab3-b77c-7bd1bc7550c6}.sdb, 130834342271211006, Quarantined, [0cab6dbd16758babdb38d5e71fe545bb]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3461029221-597833216-3065874669-1001\SOFTWARE\OB|monitype12, 8/6/15 16:28:34, Quarantined, [199eda508cff5cda827e049ff50f7e82]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3461029221-597833216-3065874669-1001\SOFTWARE\OB|monitype20, 8/6/15 16:28:36, Quarantined, [ebcc2208e1aa142222ded4cf996b4cb4]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3461029221-597833216-3065874669-1001\SOFTWARE\OB|monitype22, 8/6/15 16:28:36, Quarantined, [645367c3f19a162023dd297a58aca060]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3461029221-597833216-3065874669-1001\SOFTWARE\OB|monitype26, 8/6/15 16:28:36, Quarantined, [80370327d4b774c29d634a5937cd2ad6]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3461029221-597833216-3065874669-1001\SOFTWARE\OB|monitype42, 8/6/15 16:28:36, Quarantined, [16a195959deeff37a957c1e27e86cd33]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3461029221-597833216-3065874669-1001\SOFTWARE\OB|monitype6, 8/6/15 16:28:40, Quarantined, [1d9a38f2b9d28caa3ac6673c0cf849b7]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3461029221-597833216-3065874669-1001\SOFTWARE\OB|monitype4, 8/6/15 16:29:4, Quarantined, [5f58a2882f5ce0560bf5ffa444c03ec2]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3461029221-597833216-3065874669-1001\SOFTWARE\OB|monitype25, 8/6/15 16:29:25, Quarantined, [31868b9f8efd4de97b856f340bf9ec14]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3461029221-597833216-3065874669-1001\SOFTWARE\OB|monitype10, 8/6/15 16:29:34, Quarantined, [06b199913b5078bed12f634050b48b75]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3461029221-597833216-3065874669-1001\SOFTWARE\OB|monitype15, 8/6/15 16:29:34, Quarantined, [981f42e81378092db44c2b78d62e13ed]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3461029221-597833216-3065874669-1001\SOFTWARE\OB|monitype41, 8/6/15 16:29:34, Quarantined, [5760b476b7d44cea936d9b08e12351af]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 16
Trojan.Agent, C:\Users\Bill\AppData\Local\Temp\OdHkT.tmp, Quarantined, [6a4d35f50784f541f8bedae88180a45c], 
PUP.Optional.Amonetize, C:\Windows\Temp\tmp52ED.tmp, Quarantined, [30874ddd7c0f082ed2b9ac163ec37b85], 
PUP.Optional.Linkury, C:\Windows\Temp\tmp54.tmp, Quarantined, [af08b1795b30a78f758b4a7e2cd510f0], 
PUP.Optional.Linkury, C:\Windows\Temp\tmp5E2.tmp, Quarantined, [b700a78306852016b54b1dabdd24c838], 
PUP.Optional.Linkury, C:\Windows\Temp\tmp74.tmp, Quarantined, [5e59141645464aec0af62e9a6c95ae52], 
PUP.Optional.Linkury, C:\Windows\Temp\tmp8549.tmp, Quarantined, [c9eeb674afdc79bd56aae1e712efaf51], 
PUP.Optional.Amonetize, C:\Windows\Temp\tmp99EE.tmp, Quarantined, [9c1ba28806851a1cd3b8f4cea25f12ee], 
Trojan.Downloader, C:\Windows\Temp\tmpAEDE.tmp, Quarantined, [585fc664385361d59424b30fae53b848], 
Trojan.Downloader, C:\Windows\Temp\tmpAF1E.tmp, Quarantined, [0cabef3b226949edab0d15ad669b46ba], 
PUP.Optional.Linkury, C:\Windows\Temp\RarSFX1\uou.exe, Quarantined, [43744fdbff8cee486b95a32527dae51b], 
Trojan.Autoit, C:\Users\Bill\Downloads\AdwCleaner.exe, Quarantined, [a0172901cac1ab8b60739bc4aa565fa1], 
PUP.Optional.DownLoadAdmin, C:\Users\Bill\Downloads\FlashPlayer_Updater.zip, Quarantined, [1d9ae7430883ff37be1b2d9d1fe236ca], 
PUP.Optional.FlashBeat, C:\Windows\System32\Tasks\GDAQIZHHFD1, Quarantined, [01b6ec3efb900e2880358706fe067987], 
PUP.Optional.FlashBeat, C:\Windows\Tasks\GDAQIZHHFD1.job, Quarantined, [793eaa80f695c2746f64d2bb0bf92fd1], 
PUP.Optional.WombatUpdater, C:\Windows\apppatch\Custom\{a53dd3e5-0283-4ab3-b77c-7bd1bc7550c6}.sdb, Quarantined, [d9de71b9038842f40a084f6d26decd33], 
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\noca\bifx\fea.dat, Quarantined, [635463c70784c175cce28d0a2fd6a15f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 01 September 2015 - 02:51 PM

How is the situation now ?



#7 KingNAMS

KingNAMS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 01 September 2015 - 03:05 PM

Still getting the pop-up ads unfortunately.

 



#8 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 02 September 2015 - 12:19 AM

Scan with Norton Power Eraser
 
CAUTION: NPE uses aggressive methods to detect and remove malware,so do not touch any of settings !
 
Download NPE by Symantec and save it to your desktop.
 
Run the tool as Administrator,accept license agreement,and click  Scan button. 
 
Program will ask you to reboot to continue scanning (includes rootkit scan),so allow it to restart.
 
After restart program will automatically launch itself and start scanning. Scanning takes 5-10 minutes,so be patient !
 
If malware is detected,make sure that Create restore point option is checked,then click Fix button. After that,click on Restart now to complete removal.
 
Scan with Malwarebytes AntiRootkit
 
Please download MBAR and save it to your desktop.
 
Run tool as Administrator, tool will extract itself, and then launch.
 
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
 
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
 
Program will ask you to restart, allow it to do so.
 
Note: If you're experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue.

 

Attach log here.



#9 KingNAMS

KingNAMS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 02 September 2015 - 02:32 PM

I ran both tools. NPE found 4 items, 3 exe files it labeled as "bad" and 1 dll it said was unknown. I told it to remove all 4 but it looks like it only deleted the 3 exe files. MBAR came back with no malware detected. I tried to past the log file from NPE but it may be too big. It freezes my Chrome tab every time I try to paste it in the reply section. Is there a way I can attach the file instead of copying and pasting? Thanks so much for your help!

 

Kyle



#10 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 02 September 2015 - 03:06 PM

Log isn't necessary. Reset your browser settings after that,if you still get popups,try to reinstall browser .






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users