Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser infected with worm


  • Please log in to reply
13 replies to this topic

#1 pigfoot

pigfoot

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:08:23 AM

Posted 11 September 2015 - 03:04 PM

I am thinkingWindows-Warning-Error-Virus.jpg my browsers have been infected with a worm or virus because when I was surfing the net and went to a link a popup saying something I was infected with some worm and I have to call microsoft.  I cleared the page but am afraid it installed something now on this PC.  I took a screenshot of what it kinda looked like as I could not find the exact popup on google.

 

 

 



BC AdBot (Login to Remove)

 


m

#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:23 PM

Posted 11 September 2015 - 03:50 PM

Hello, 

 

That is fake BSOD adware. 

 

rKill.exehttp://www.bleepingcomputer.com/download/rkill/dl/10/

iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

§  Double-click on the Rkill desktop icon to run the tool.

§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.

§  black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

§  If not, delete the file, then download and use the one provided in Link 2.

§  Do not reboot until instructed.

§  If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from Safe Mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

-------

 

Kaspersky Virus Removal Tool

Please download Kaspersky Virus Removal Tool from here.

§  Right click on KVRT.exe and select Run as Administrator.

§  Read the EULA, then select Accept.

§  Wait for Kaspersky Virus Removal Tool to initialize.

§  In the main screen, select Change parameters, place a checkmark in System drive, then click OK.

§  Click Start scan.

§  Wait for Kaspersky Virus Removal Tool to complete scanning.

§  When the scan is finished, select Neutralize all for all detected objects.

§  Close Kaspersky Virus Removal Tool when done.

Informe me if something is detected.

-----

 

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.

NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.


If you already have MBAM 2.0 installed:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

----------

 

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  In EULA window click I agree.

§  In Options uncheck Reset Winsock settings.

§  Click on Scan button.

§  When the scan has finished click on Cleaning button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[C1].txt as well.

------

 

Please download Junkware Removal Tool  to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, 8 or 10; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

--------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:08:23 AM

Posted 14 September 2015 - 02:14 AM

I did the rkill today and here it is:

 

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/14/2015 02:11:27 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Reparse Point/Junctions Found (Most likely legitimate)!
 



#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:23 PM

Posted 14 September 2015 - 11:44 AM

Post other logs.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#5 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:08:23 AM

Posted 14 September 2015 - 03:16 PM

I did the Kapersky scan today and it found some items. I cant see how to copy and paste the results or where the log file is so I had to put a snapshot of the results which dont show much..

 

 

report2_zps6po1sz25.jpg

 

 

 

report_zpsnkdzntmw.jpg



#6 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:23 PM

Posted 14 September 2015 - 03:19 PM

Ok, continue and post all logs. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#7 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:08:23 AM

Posted 15 September 2015 - 02:58 AM

I scanned with Malware bytes  and it came up with some stuff...does not look good with BACKDOOR ACCESS?  Also  I forgot to mentions my browsers seem to take forever to load the pages//especially with FLASH.  Also my CPU looks like a  lot of times it shoots up to 100% and seems like I hear a program running even though you see nothing unfamiliar in TASK MANAGER.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/15/2015
Scan Time: 1:46:55 AM
Logfile: log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.15.02
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Ken

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 391118
Time Elapsed: 30 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUM.Bad.Proxy, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:27811, Quarantined, [2d015ed2533861d5d9592e41bb4849b7]

Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[a38bc46c206bde58a02e2b3a22e3728e]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[121c121e721941f59e2e392c49bc51af]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[929c1b156823d363735a085d7e879967]

Folders: 3
PUP.Optional.SetSearchSettings, C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\etfywvr3.default\extensions\{e48eb377-9675-4f2b-be40-b8ba3e0d933c}, Quarantined, [220c7eb2721970c69cae9e82ff04857b],
Backdoor.0Access, C:\WINDOWS\$NtUninstallKB24270$\2559493696, Quarantined, [b777ce628dfec670c2452bd60ff13dc3],
Backdoor.0Access, C:\WINDOWS\$NtUninstallKB41265$\2559493696, Quarantined, [30fec16f7318e2540700fb0651af43bd],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#8 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:08:23 AM

Posted 15 September 2015 - 03:36 AM

Here is the next scan-

 

# AdwCleaner v5.007 - Logfile created 15/09/2015 at 03:31:48
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Ken - KEN-RW9IJ6PKV6S
# Running from : C:\Documents and Settings\Ken\My Documents\emoticons\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{22100E7A-A16E-4964-9B42-673974340A86}
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{69941CEC-6C47-48DB-A9BD-B8C04FADBEE4}
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
[-] Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Burn4Free
[-] Folder Deleted : C:\Documents and Settings\Ken\Application Data\Yahoo!\Companion
[-] Folder Deleted : C:\Program Files\Burn4Free

***** [ Files ] *****

[-] File Deleted : C:\Documents and Settings\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk
[-] File Deleted : C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nkcpopggjcjkiicpenikeogioednjeac_0.localstorage
[-] File Deleted : C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FLVPlayer.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKU\.DEFAULT\Software\AskToolbar
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\Burn4Free
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applian FLV Player2.0.24
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Applian FLV Player2.0.24

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : binkiland.com
[-] [C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://binkiland.com/?f=7&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzutDtD0CtD0AzzyB0E0ByCyCtDtDyCyByBtN0D0Tzu0StCtCtAyBtN1L2XzutAtFzztFtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtAyC0EyCyByDzytGyBtBzzyEtG0BtD0EzztG0E0EyByCtGyDzy0C0Bzy0FtDyB0E0EyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0EyB0B0C0A0EtG0CtB0CzztGyEtBtAtAtG0ByD0AyBtGtCtA0D0A0FtCyC0BtByCyBtB2Q&cr=1612777799&ir=

*************************


*************************

C:\AdwCleaner[S1].txt - [336 bytes] - [19/08/2013 18:48:10]
C:\AdwCleaner[S2].txt - [8528 bytes] - [19/08/2013 18:50:00]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [4129 bytes] ##########
 



#9 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:08:23 AM

Posted 15 September 2015 - 04:26 AM

I tried running JUNKWARE TOOL but it looks like it will not do a complete scan.  When I click to run the program I get a black DOS box and I click any key..then it says it is creating a restore point..then it goes and says  CHECKING  startup..this lasts  about 20 seconds and then the black box vanishes and no logs come up on screen or anywhere I can find.



#10 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:23 PM

Posted 15 September 2015 - 12:14 PM

ESET Online Scanner

§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.

§  Disable all your antivirus and antimalware software - see how to do that here.

§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.

§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.

§  Select Enable detection of potentially unwanted applications.

§  Click Advanced Settings, then place a checkmark in the following:

o    Remove found threats

o    Scan archives

o    Scan for potentially unsafe applications

o    Enable Anti-Stealth technology

§  Click Start to begin scanning.

§  ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.

§  When the scan is done, click List threats (only available if ESET Online Scanner found something).

§  Click Export, then save the file to your desktop.

§  Click Back, then Finish to exit ESET Online Scanner.

------------

 

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Malware Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#11 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:08:23 AM

Posted 16 September 2015 - 02:18 AM

C:\Documents and Settings\Ken\Application Data\uTorrent\uTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting - quarantined
C:\Documents and Settings\Ken\Application Data\uTorrent\updates\3.3.2_30180.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting - quarantined
C:\Documents and Settings\Ken\Application Data\uTorrent\updates\3.4.2_32691.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting - quarantined
C:\Documents and Settings\Ken\My Documents\camvis-dec\spsetup128.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\System Volume Information\_restore{044962D1-CD14-48D4-9CF9-0C7C72112733}\RP724\A0147410.exe    a variant of Win32/OpenCandy.C potentially unsafe application    deleted - quarantined
F:\FAM-GIR\utorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting - quarantined
G:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\fybide90.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    cleaned by deleting - quarantined
G:\Documents and Settings\Ken\Local Settings\Temp\jar_cache1211437665104775698.tmp    a variant of Java/TrojanDownloader.Agent.NAN trojan    cleaned by deleting - quarantined
G:\Documents and Settings\Ken\Local Settings\Temp\jar_cache560337547848487529.tmp    a variant of Java/Exploit.CVE-2009-3867.B trojan    cleaned by deleting - quarantined
G:\Documents and Settings\Ken\Local Settings\Temp\jar_cache6751532512531480102.tmp    a variant of Java/Exploit.CVE-2009-3867.B trojan    cleaned by deleting - quarantined
G:\Documents and Settings\Ken\Local Settings\Temp\setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    cleaned by deleting - quarantined
G:\Documents and Settings\Ken\Local Settings\Temp\is1598539481\1478380_Setup.DAT    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
G:\Program Files\Ask.com\GenericAskToolbar.dll    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    cleaned by deleting - quarantined
G:\Program Files\Ask.com\precache.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    cleaned by deleting - quarantined
G:\Program Files\Ask.com\SaUpdate.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    cleaned by deleting - quarantined
G:\Program Files\Ask.com\UpdateTask.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    cleaned by deleting - quarantined
G:\Program Files\Ask.com\Updater\Updater.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    cleaned by deleting - quarantined
G:\Program Files\Best Anonymous Browser\Profiles\Firefox\My Documents\Downloads\FLVPlayerSetup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
G:\Program Files\Best Anonymous Browser\Profiles\Firefox\My Documents\Downloads\Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
G:\RECYCLER\S-1-5-21-1801674531-842925246-839522115-1004\Dc74.zip    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
G:\WINDOWS\Installer\11eb5a.msi    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined
 

 

 

Emsisoft Emergency Kit - Version 10.0
Last update: 9/16/2015 1:55:18 AM
User account: KEN-RW9IJ6PKV6S\Ken

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    9/16/2015 1:58:13 AM
Key: HKEY_USERS\S-1-5-21-329068152-688789844-839522115-1004\SOFTWARE\DISKCLEANER     detected: WinClear (A)
Value: HKEY_USERS\S-1-5-21-329068152-688789844-839522115-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER     detected: Application.AdSend (A)

Scanned    74130
Found    3

Scan end:    9/16/2015 2:06:00 AM
Scan time:    0:07:47

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER    Quarantined Application.AdSend (A)
Value: HKEY_USERS\S-1-5-21-329068152-688789844-839522115-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)
Key: HKEY_USERS\S-1-5-21-329068152-688789844-839522115-1004\SOFTWARE\DISKCLEANER    Quarantined WinClear (A)

Quarantined    3
 



#12 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:23 PM

Posted 16 September 2015 - 02:24 AM

Do you still have problems?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#13 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:08:23 AM

Posted 16 September 2015 - 02:24 PM

It still seems it takes too long to load web pages.

#14 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:23 PM

Posted 16 September 2015 - 05:42 PM

You can get an expert opinion by asking for help in the Virus, Trojan, Spyware, and Malware Removal Logs forum. You will need to follow instructions in the Preparation Guide.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

Start with step 6 and link this topic so they can know what we have done already. They can use tools which are not allowed here. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users