Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Appears That I Am Infected


  • This topic is locked This topic is locked
10 replies to this topic

#1 howlingCup

howlingCup

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 17 November 2015 - 03:30 AM

Mod Edit:  Split from http://www.bleepingcomputer.com/forums/t/593535/skype-softcom-url-blocked-at-startup/ - Hamluis.

 

Hi everyone,

 

It appears to be that I'm also "infected" by this program.

 

The only suspicious thing that I installed recently was an Adobe flash update that popped up on a week ago out of nowhere.

 

Could it be that it wasn't a flash update but a phishing installer?

 

 

P.S: Nod 32 deep scan comes out empty, but I also keep getting this url access attempt each time I turn on my computer.

P.P.s: I have an old skype version that was deprecated long ago, this is because I hated the new UI so I blocked all the attempts from skype to update. You said that that web didn't have anything to do with skype, but still... I found it suspicious.

 

Cheers


Edited by hamluis, 17 November 2015 - 07:26 AM.
PM sent new OP - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:03 PM

Posted 17 November 2015 - 01:54 PM

The usual adware tools didn't find the cause of the problem last month....so, let's see if CCleaner can spot the startup.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Post the three lists mentioned below using CCleaner.

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

After doing the above, run a scan using Emsisoft.

 

 

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Malware Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 howlingCup

howlingCup
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 17 November 2015 - 06:25 PM

I'm afraid I will not be able to run CClean.

 

I have windows 7 pro and I'm pretty sure I've had CClean working previously, but I can't manage to run it right now, and I don't know why.

 

I install it no prob but when I try to run it nothing appears to happen(if I run it as admin I get the usual confirmation popup, but nothing else).

 

Do you want me to install Emisioft or will it be useles without the previous?



#4 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:03 PM

Posted 17 November 2015 - 06:51 PM

That's a first for me....out of probably hundreds of computers I've asked CCleaner to be used on....this is the first that won't work.

If it is in your list of installed programs, try uninstalling using Download Revo Uninstaller Freeware in Advanced mode. If successful,

attempt to install and run one more time. Be sure to use a fresh download for installing and allow it to install in its default location.

 

Yes, please attempt scanning with Emsisoft.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 howlingCup

howlingCup
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 17 November 2015 - 06:53 PM

Okay, after looking a bit more into it I've managed to make it work by renaming CCleaner and running it as admin.

 

 

Here is the first list - Windows Startup-

 

Yes HKCU:Run AdobeBridge
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "D:\Archivos de programas\CClean\rer.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\Adrian\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run Google Update Google Inc. "C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run GoogleChromeAutoLaunch_257F9E5159429344AA5489535C1FAD3E Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
Yes HKCU:Run MusicManager Google Inc. "C:\Users\Adrian\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
Yes HKCU:Run Steam Valve Corporation "D:\Archivos de programas (x86)\Steam\steam.exe" -silent
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run AdobeCS6ServiceManager Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
Yes HKLM:Run egui ESET "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
Yes HKLM:Run GamingMouse D:\Archivos de programas (x86)\Drakonia Configurator\hid.exe
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run Nvtmru "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SwitchBoard Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Yes HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes HKLM:Run VirtualCloneDrive Elaborate Bytes AG "D:\Archivos de programas (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Adrian\AppData\Roaming\Dropbox\bin\Dropbox.exe
 
 
 
Second one - Scheduled tasks -
 
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "D:\Archivos de programas\CClean\rer.exe" $(Arg0)
Yes Task DropboxUpdateTaskUserS-1-5-21-199812834-1161120735-512373414-1000Core1d0c1fdda7b5570 Dropbox, Inc. C:\Users\Adrian\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-199812834-1161120735-512373414-1000UA1d0c1fdda899db1 Dropbox, Inc. C:\Users\Adrian\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task ESET Windows 10 upgrade – Refresh settings ESET C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 7.0\upgrade.exe
Yes Task GoogleUpdateTaskMachineCore1cf8a0af90ac840 Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineCore1d040b83e72f6bc Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineCore1d08e59bbe228c4 Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineCore1d0bfcb43a5eb3c Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA1cf71bece1a4e36 Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d08e59bc00fbd8 Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d0bfcb43c4e560 Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-199812834-1161120735-512373414-1000Core1cf8bdaf91f530 Google Inc. C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-199812834-1161120735-512373414-1000Core1d0413894ed9a5e Google Inc. C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-199812834-1161120735-512373414-1000Core1d08f502119f120 Google Inc. C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-199812834-1161120735-512373414-1000Core1d0bfcdb8da06c5 Google Inc. C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-199812834-1161120735-512373414-1000UA1cf71c0d8a9fe97 Google Inc. C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-199812834-1161120735-512373414-1000UA1d04138950c8c42 Google Inc. C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-199812834-1161120735-512373414-1000UA1d08f5021378baf Google Inc. C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-199812834-1161120735-512373414-1000UA1d0bfcdb8f83d96 Google Inc. C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 Intel Corporation "C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe" --automatic
Yes Task IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon Intel Corporation "C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe" --automatic
Yes Task {006D6B89-8D60-476E-B220-1D2E3767D266} C:\Program Files\CCleaner\CCleaner.exe
Yes Task {050A3795-351D-4B59-87B1-CF85CF2B2A34} Microsoft Corporation C:\Windows\system32\pcalua.exe -a D:\Adrian\Downloads\VirtualBox-4.3.16-95972-Win.exe -d D:\Adrian\Downloads
Yes Task {22D8ED93-85E1-4174-BA49-391A552D3799} C:\Program Files\CCleaner\CCleaner.exe
Yes Task {989E55A0-3098-4589-8430-1B7879117D01} C:\Program Files\CCleaner\CCleaner.exe
 
And the third list - Installed -
 
7-Zip 9.20 (x64 edition) Igor Pavlov 18/01/2014 4,53 MB 9.20.00.0
AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome Dejobaan Games, LLC 21/02/2014
Adobe After Effects CS6 Adobe Systems Incorporated 02/02/2015 2,24 GB 11
Adobe AIR Adobe Systems Incorporated 02/02/2015 3.1.0.4880
Adobe Flash Player 19 NPAPI Adobe Systems Incorporated 10/11/2015 5,04 MB 19.0.0.245
Adobe Help Manager Adobe Systems Incorporated 02/02/2015 4.0.244
Adobe Photoshop CS6 Adobe Systems Incorporated 26/09/2013 1,75 GB 13.0
Adobe Photoshop Lightroom 5 64-bit Adobe 28/09/2013 958 MB 5.0.1
Adobe Premiere Pro CS6 Adobe Systems Incorporated 02/02/2015 2,67 GB 6.0
Adobe Reader XI (11.0.13) - Español Adobe Systems Incorporated 17/10/2015 189 MB 11.0.13
Android Studio Google Inc. 24/04/2015 1.0
Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 10/09/2013 2,22 MB 1.10.1.0
Asmedia ASM106x SATA Host Controller Driver Asmedia Technology 10/09/2013 96,0 KB 1.3.1.000
Audacity 2.0.5 Audacity Team 16/12/2013 45,5 MB 2.0.5
Audiosurf Dylan Fitterer 11/09/2013
AutoHotkey 1.1.22.02 Lexikos 16/06/2015 1.1.22.02
Battle.net Blizzard Entertainment 05/12/2013
BioShock 2K Boston 14/07/2014
BIT.TRIP RUNNER Gaijin Games 04/10/2014
Blender Blender Foundation 25/02/2015 2.73a
Borderlands 2 Gearbox Software 23/06/2014
Broadcom NetLink Controller Broadcom Corporation 10/09/2013 508 KB 14.8.5.1
CCleaner Piriform 18/11/2015 5.11
Chrome Remote Desktop Host Google Inc. 03/11/2015 18,1 MB 47.0.2526.18
CLIPS Gary Riley 14/10/2013 8,48 MB 1.0.0
Counter-Strike: Global Offensive Valve 20/03/2014
CPUID CPU-Z 1.72.1 12/07/2015 3,75 MB
DARK SOULS™ II FromSoftware, Inc 20/12/2014
devkitProUpdater 1.5.4 devkitPro 08/02/2015 1.5.4
Drakonia Configurator 19/10/2013 12,7 MB
Dropbox Dropbox, Inc. 10/11/2015 3.10.11
Dustforce Hitbox Team 25/05/2014
Entity Framework Designer para Visual Studio 2012 - ESN Microsoft Corporation 05/02/2015 30,4 MB 11.1.20702.00
ESET NOD32 Antivirus ESET, spol s r. o. 19/10/2013 38,6 MB 7.0.302.0
Fallout: New Vegas Obsidian Entertainment 21/06/2015
FormatFactory 3.6.0.0 Format Factory 17/03/2015 3.6.0.0
FTL: Faster Than Light Subset Games 19/09/2013
Git version 1.9.4-preview20140815 The Git Development Community 24/09/2014 100 MB 1.9.4-preview20140815
Google Chrome Google Inc. 10/09/2013 46.0.2490.86
Google Earth Pro Google 12/07/2015 104 MB 7.1.5.1557
Google Talk Plugin Google 22/04/2015 15,0 MB 5.41.2.0
Gtk# for .Net 2.12.25 Xamarin, Inc. 26/02/2015 69,1 MB 2.12.25
Hammerwatch 19/05/2014
Hearthstone Blizzard Entertainment 19/05/2014
Hotline Miami Dennaton Games 21/01/2014
Hotline Miami 2: Wrong Number Dennaton Games 20/03/2015
Hotline Miami 2: Wrong Number Digital Comic Dennaton Games 02/03/2015
IIS 8.0 Express Microsoft Corporation 05/02/2015 34,9 MB 8.0.1557
IIS Express Application Compatibility Database for x64 05/02/2015
IIS Express Application Compatibility Database for x86 05/02/2015
ImageMagick 6.8.9-9 Q16 (64-bit) (2014-10-15) ImageMagick Studio LLC 31/10/2014 53,5 MB 6.8.9
Intel® Management Engine Components Intel Corporation 10/09/2013 8.1.0.1281
Intel® Processor Graphics Intel Corporation 01/05/2015 10.18.10.4176
Intel® Update Manager Intel Corporation 12/10/2015 22,4 MB 3.1.1228
Intel® USB 3.0 eXtensible Host Controller Driver Intel Corporation 10/09/2013 1.0.4.220
Intel® Driver Update Utility Intel 01/05/2015 6,91 MB 2.0.0.29
Intel® Hardware Accelerated Execution Manager Intel Corporation 24/04/2015 606 KB 1.1.1
Java 7 Update 67 Oracle 11/09/2013 118 MB 7.0.670
Java SE Development Kit 7 Update 40 (64-bit) Oracle 17/09/2013 226 MB 1.7.0.400
Java SE Development Kit 7 Update 51 (64-bit) Oracle 07/03/2014 226 MB 1.7.0.510
KCP-0.5.4.0 Haruhichan.com 11/09/2013 52,8 MB 0.5.4.0
Keep Talking and Nobody Explodes Steel Crate Games 19/10/2015 474 MB 1.0
LAME v3.99.3 (for Windows) 03/11/2014 1,52 MB
LG United Mobile Driver LG Electronics 07/03/2014 6,58 MB 3.10.1.0
LIMBO Playdead 19/09/2013
LUFTRAUSERS Vlambeer 11/09/2014
Magicka Arrowhead Game Studios 16/05/2015
Mark of the Ninja Klei Entertainment 19/09/2013
MediaCoder x64 0.8.29.5603 Mediatronic 06/04/2014 0.8.29.5603
Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 05/02/2015 83,5 MB 4.0.30319
Microsoft .NET Framework 4.5 Microsoft Corporation 24/09/2014 38,8 MB 4.5.50709
Microsoft .NET Framework 4.5 Multi-Targeting Pack Microsoft Corporation 05/02/2015 41,8 MB 4.5.50709
Microsoft .NET Framework 4.5 SDK Microsoft Corporation 05/02/2015 18,5 MB 4.5.50709
Microsoft .NET Framework 4.5 SDK - Paquete de idioma ESN Microsoft Corporation 05/02/2015 3,57 MB 4.5.50709
Microsoft ASP.NET MVC 3 Microsoft Corporation 05/02/2015 592 KB 3.0.20105.0
Microsoft ASP.NET MVC 3 - ESN Microsoft Corporation 05/02/2015 228 KB 3.0.20105.0
Microsoft ASP.NET Web Pages Microsoft Corporation 05/02/2015 1,14 MB 1.0.20105.0
Microsoft ASP.NET Web Pages - ESN Microsoft Corporation 05/02/2015 380 KB 1.0.20105.0
Microsoft Camera Codec Pack Microsoft Corporation 08/07/2014 43,9 MB 6.3.9723.0
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 23/03/2014 31,3 MB 3.5.95.0
Microsoft Games for Windows Marketplace Microsoft Corporation 30/11/2013 6,03 MB 3.5.50.0
Microsoft Help Viewer 1.0 Microsoft Corporation 05/12/2014 3,97 MB 1.0.30319
Microsoft Help Viewer 2.0 Microsoft Corporation 05/02/2015 12,1 MB 2.0.50727
Microsoft Silverlight Microsoft Corporation 05/02/2015 35,4 MB 5.1.10411.0
Microsoft Silverlight 4 SDK - Español Microsoft Corporation 05/02/2015 52,3 MB 4.0.60310.0
Microsoft Silverlight 5 SDK - ESN Microsoft Corporation 05/02/2015 77,3 MB 5.0.61118.0
Microsoft SQL Server 2012 Data-Tier App Framework Microsoft Corporation 05/02/2015 23,5 MB 11.0.2316.0
Microsoft SQL Server 2012 Express LocalDB Microsoft Corporation 05/02/2015 158 MB 11.0.2100.60
Microsoft SQL Server 2012 Management Objects Microsoft Corporation 05/02/2015 25,0 MB 11.0.2100.60
Microsoft SQL Server 2012 Management Objects (x64) Microsoft Corporation 05/02/2015 15,5 MB 11.0.2100.60
Microsoft SQL Server 2012 Native Client Microsoft Corporation 05/02/2015 7,96 MB 11.0.2100.60
Microsoft SQL Server 2012 Transact-SQL Compiler Service Microsoft Corporation 05/02/2015 90,5 MB 11.0.2100.60
Microsoft SQL Server 2012 Transact-SQL ScriptDom Microsoft Corporation 05/02/2015 4,59 MB 11.0.2100.60
Microsoft SQL Server Compact 3.5 SP2 ESN Microsoft Corporation 05/12/2014 3,68 MB 3.5.8080.0
Microsoft SQL Server Compact 3.5 SP2 x64 ESN Microsoft Corporation 05/12/2014 4,80 MB 3.5.8080.0
Microsoft SQL Server Compact 4.0 SP1 x64 ESN Microsoft Corporation 05/02/2015 20,6 MB 4.0.8876.1
Microsoft SQL Server Data Tools - ESN (11.1.20627.00) Microsoft Corporation 05/02/2015 16,4 MB 11.1.20627.00
Microsoft SQL Server Data Tools Build Utilities - ESN (11.1.20627.00) Microsoft Corporation 05/02/2015 1,40 MB 11.1.20627.00
Microsoft SQL Server System CLR Types Microsoft Corporation 05/02/2015 2,55 MB 10.50.1600.1
Microsoft SQL Server System CLR Types (x64) Microsoft Corporation 05/02/2015 840 KB 10.50.1600.1
Microsoft System CLR Types para SQL Server 2012 Microsoft Corporation 05/02/2015 1,13 MB 11.0.2100.60
Microsoft System CLR Types para SQL Server 2012 (x64) Microsoft Corporation 05/02/2015 1,37 MB 11.0.2100.60
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 26/09/2013 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 16/02/2014 3,00 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 26/09/2013 788 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 26/10/2013 786 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 24/06/2014 1,41 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11/09/2013 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 26/09/2013 596 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 26/10/2013 598 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 25/10/2013 13,8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 25/10/2013 11,1 MB 10.0.40219
Microsoft Visual C++ 2010 Express - ESN Microsoft Corporation 05/12/2014 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 20/05/2015 20,5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Corporation 26/10/2013 17,3 MB 11.0.60610.1
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 03/11/2014 20,5 MB 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 03/11/2014 17,1 MB 12.0.21005.1
Microsoft Visual Studio 2010 Express Prerequisites x64 - ESN Microsoft Corporation 05/12/2014 4,31 MB 10.0.30319
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 05/02/2015 10.0.31125
Microsoft Web Deploy dbSqlPackage Provider - ESN Microsoft Corporation 05/02/2015 780 KB 10.3.20225.0
Microsoft Web Platform Installer 4.0 Microsoft Corporation 05/02/2015 4,13 MB 4.0.1622
Microsoft XNA Framework Redistributable 3.1 Microsoft Corporation 27/09/2013 7,55 MB 3.1.10527.0
Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 09/07/2014 8,03 MB 4.0.20823.0
Mozilla Firefox 30.0 (x86 es-ES) Mozilla 31/10/2014 111 MB 30.0
Mozilla Maintenance Service Mozilla 31/10/2014 341 KB 30.0
Music Manager Google, Inc. 03/11/2014
Nexus Mod Manager Black Tree Gaming 17/01/2014 14,9 MB 0.46.0
Nitro Reader 3 Nitro 23/09/2014 111 MB 3.5.6.5
Node.js Joyent, Inc. and other Node contributors 26/09/2013 14,0 MB 0.10.19
NoMachine NoMachine 09/11/2013 96,5 MB 4.0.362
NVIDIA Controlador de 3D Vision 352.86 NVIDIA Corporation 20/05/2015 352.86
NVIDIA Controlador de audio HD 1.3.34.3 NVIDIA Corporation 20/05/2015 1.3.34.3
NVIDIA Controlador de gráficos 352.86 NVIDIA Corporation 20/05/2015 352.86
NVIDIA Controlador de la controladora 3D Vision 352.65 NVIDIA Corporation 20/05/2015 352.65
NVIDIA GeForce Experience 2.5.12.11 NVIDIA Corporation 06/08/2015 2.5.12.11
NVIDIA Software del sistema PhysX 9.15.0428 NVIDIA Corporation 20/05/2015 9.15.0428
NX Client for Windows 3.5.0-9 NoMachine 13/01/2015 3.5.0-9
OpenAL 04/10/2014
OpenOffice 4.1.1 Apache Software Foundation 27/10/2014 312 MB 4.11.9775
Oracle VM VirtualBox 4.3.16 Oracle Corporation 24/09/2014 156 MB 4.3.16
Pando Media Booster Pando Networks Inc. 16/02/2014 5,46 MB 2.6.0.7
Paquete de idioma de Microsoft .NET Framework 4.5 ESN Microsoft Corporation 24/09/2014 2,93 MB 4.5.50709
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN Microsoft Corporation 05/02/2015 10.0.31125
Paquete de idioma de Visor de Ayuda de Microsoft 2.0 - ESN Microsoft Corporation 05/02/2015 1,95 MB 2.0.50727
Paquete de idioma del Visor de Ayuda de Microsoft 3.0 - ESN Microsoft Corporation 05/12/2014 1,95 MB 1.0.30319
PAYDAY 2 OVERKILL - a Starbreeze Studio. 01/03/2015
PlanetSide 2 Sony Online Entertainment 06/05/2015
PlanetSide 2 Daybreak Games 05/05/2015
PunkBuster Services Even Balance, Inc. 19/10/2013 0.993
Python 2.7 py2exe-0.6.9 29/11/2014
Python 2.7.5 Python Software Foundation 28/10/2013 52,8 MB 2.7.5150
Python 2.7.8 (Anaconda 2.1.0 32-bit) Continuum Analytics, Inc. 29/11/2014 2.1.0
Python 3.3 pyzmq-2.2.0 Brian E. Granger, Min Ragan-Kelley 27/10/2013 988 KB 2.2.0
Rapture3D 2.4.11 Game Blue Ripple Sound 22/02/2014
REAPER 20/02/2015
Recuva Piriform 06/11/2014 1.51
Requisitos previos para SSDT Microsoft Corporation 05/02/2015 8,12 MB 11.0.2100.60
Resource Hacker Version 3.6.0 24/11/2014 2,15 MB
Servicio de lenguaje T-SQL de Microsoft SQL Server 2012 Microsoft Corporation 05/02/2015 6,21 MB 11.0.2100.60
Skype™ 6.21 Skype Technologies S.A. 01/11/2014 26,9 MB 6.21.104
SourceTree Atlassian 08/09/2015 1.6.20
SpeedFan (remove only) 07/07/2014
Steam Valve Corporation 11/09/2013 35,4 MB 1.0.0.0
Super Hexagon Terry Cavanagh 21/02/2014
Team Fortress 2 Valve 11/09/2013
The Beginner's Guide Everything Unlimited 18/10/2015 1.0.0.0
The Elder Scrolls V: Skyrim Bethesda Game Studios 18/01/2014
The Witcher 3 Wild Hunt Релиз от R.G. Steamgames 20/05/2015 27,4 GB 1.02
To the Moon Freebird Games 21/12/2013
Trine Frozenbyte 05/02/2014
Trine 2 Frozenbyte 08/03/2015
Undertale tobyfox 23/10/2015
Unepic Francisco Téllez de Meneses 30/11/2013
Unity Unity Technologies ApS 27/06/2015 5.1.1f1
Unity Web Player Unity Technologies ApS 27/06/2015 12,0 MB 5.1.1f1
Universe Sandbox Giant Army 11/09/2013
Utilidades línea de comandos de Microsoft SQL Server 2012 Microsoft Corporation 05/02/2015 960 KB 11.0.2100.60
Vagrant HashiCorp 24/09/2014 534 MB 1.6.5
VirtualCloneDrive Elaborate Bytes 18/10/2015 5.4.8.0
VLC media player VideoLAN 06/06/2015 2.2.1
WCF RIA Services V1.0 SP2 Microsoft Corporation 05/02/2015 25,2 MB 4.1.61829.0
Windows Live ID Sign-in Assistant Microsoft Corporation 30/11/2013 10,0 MB 6.500.3165.0
WinRAR 4.00 (64-bit) win.rar GmbH 26/09/2013 4.00.0
World Machine 2 Professional Edition 12/04/2015
ZeroMQ 4.0.1 (x64) Miru 28/10/2013 4.0.1
µTorrent BitTorrent Inc. 22/10/2015 3.4.5.41202
 
 
 
Regarding Emsisoft.. when prompted to detect also PUPS I accepted, so the may be included in the scan.
 
Emsisoft Emergency Kit - Versión 10.0
Última actualización: 18/11/2015 0:49:12
Cuenta de usuario: Adrian-i7\Adrian
 
Configuraciones del análisis:
 
Tipo de análisis: Análisis de programas maliciosos
Objetos: Rootkits, Memoria, Trazas, Archivos
 
Detectar PUP: Activado
Análisis de archivos: Desactivado
Análisis ADS: Activado
Filtrar las extensiones de archivo: Desactivado
Caché avanzada: Activado
Acceso directo al disco: Desactivado
 
Inicio del análisis: 18/11/2015 0:49:56
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVZ.EXE -> DEBUGGER detectado: SecHijack (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER.EXE -> DEBUGGER detectado: SecHijack (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HIJACKTHIS.EXE -> DEBUGGER detectado: SecHijack (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGEDIT.EXE -> DEBUGGER detectado: SecHijack (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSIT.EXE -> DEBUGGER detectado: SecHijack (A)
 
Analizados 78344
Encontrados 5
 
Fin del análisis: 18/11/2015 0:51:02
Duración del análisis: 0:01:06
 
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSIT.EXE -> DEBUGGER En cuarentena SecHijack (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGEDIT.EXE -> DEBUGGER En cuarentena SecHijack (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HIJACKTHIS.EXE -> DEBUGGER En cuarentena SecHijack (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER.EXE -> DEBUGGER En cuarentena SecHijack (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVZ.EXE -> DEBUGGER En cuarentena SecHijack (A)
 
En cuarentena 5
 
 
 


#6 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:03 PM

Posted 17 November 2015 - 07:39 PM

Disable these Windows Startups: Use CCleaner by clicking on each item and then choose Disable on the right

Yes HKCU:Run AdobeBridge
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "D:\Archivos de programas\CClean\rer.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\Adrian\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run Google Update Google Inc. "C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run GoogleChromeAutoLaunch_257F9E5159429344AA5489535C1FAD3E Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
Yes HKCU:Run MusicManager Google Inc. "C:\Users\Adrian\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
Yes HKCU:Run Steam Valve Corporation "D:\Archivos de programas (x86)\Steam\steam.exe" -silent
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run AdobeCS6ServiceManager Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SwitchBoard Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Adrian\AppData\Roaming\Dropbox\bin\Dropbox.exe
 
Disable ALL Scheduled Tasks
 
Uninstall these programs: Use CCleaner by clicking on each item and then choose Uninstall on the right.
Java 7 Update 67 Oracle 11/09/2013 118 MB 7.0.670
Java SE Development Kit 7 Update 40 (64-bit) Oracle 17/09/2013 226 MB 1.7.0.400
Java SE Development Kit 7 Update 51 (64-bit) Oracle 07/03/2014 226 MB 1.7.0.510
 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 howlingCup

howlingCup
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 18 November 2015 - 04:02 AM

Hi, I didn't have enough time to do everything, I've just finished the MBAM scan and still get the pop-up from eset blocking the website at startup.

 

Here is the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 18/11/2015
Scan Time: 9:41
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.18.02
Rootkit Database: v2015.11.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Adrian
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413117
Time Elapsed: 8 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 12
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ADWCLEANER_4.204.EXE, Quarantined, [91e9cbb4acdfc86ed2b6beebda29d22e], 
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ANVIR.EXE, Quarantined, [ccae502f12790432a9e0cfdae41f629e], 
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTOLOGGER.EXE, Quarantined, [51290b74f794043299f18821877c7f81], 
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER64.EXE, Quarantined, [a8d2e996d1ba1b1bb0dbfbae669d9e62], 
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRST.EXE, Quarantined, [7802bac53b509f9729633772907320e0], 
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRST64.EXE, Quarantined, [e1997a05b1dad6605835c8e1a261837d], 
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ADWCLEANER_4.204.EXE, Quarantined, [e6942d52f9920234bbcd5059ef145aa6], 
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ANVIR.EXE, Quarantined, [057568172863d95d2168bdec956e8a76], 
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTOLOGGER.EXE, Quarantined, [1367aed1c2c99a9c602a39709e65a15f], 
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER64.EXE, Quarantined, [6416b1cefd8e290d7d0e971215eeb14f], 
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRST.EXE, Quarantined, [2b4f1e611c6f1125bfcd9d0c09fab34d], 
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRST64.EXE, Quarantined, [641686f9ddaed75fc8c577321be806fa], 
 
Registry Values: 12
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\adwcleaner_4.204.exe|Debugger, svchost.exe, Quarantined, [91e9cbb4acdfc86ed2b6beebda29d22e]
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ANVIR.EXE|Debugger, svchost.exe, Quarantined, [ccae502f12790432a9e0cfdae41f629e]
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTOLOGGER.EXE|Debugger, svchost.exe, Quarantined, [51290b74f794043299f18821877c7f81]
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER64.EXE|Debugger, svchost.exe, Quarantined, [a8d2e996d1ba1b1bb0dbfbae669d9e62]
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRST.EXE|Debugger, svchost.exe, Quarantined, [7802bac53b509f9729633772907320e0]
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRST64.EXE|Debugger, svchost.exe, Quarantined, [e1997a05b1dad6605835c8e1a261837d]
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\adwcleaner_4.204.exe|Debugger, svchost.exe, Quarantined, [e6942d52f9920234bbcd5059ef145aa6]
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ANVIR.EXE|Debugger, svchost.exe, Quarantined, [057568172863d95d2168bdec956e8a76]
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTOLOGGER.EXE|Debugger, svchost.exe, Quarantined, [1367aed1c2c99a9c602a39709e65a15f]
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER64.EXE|Debugger, svchost.exe, Quarantined, [6416b1cefd8e290d7d0e971215eeb14f]
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRST.EXE|Debugger, svchost.exe, Quarantined, [2b4f1e611c6f1125bfcd9d0c09fab34d]
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRST64.EXE|Debugger, svchost.exe, Quarantined, [641686f9ddaed75fc8c577321be806fa]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
PUP.Optional.ChinAd, C:\Users\Public\Documents\Baidu, Quarantined, [b6c4710e4843fe384f4d394e48ba05fb], 
PUP.Optional.ChinAd, C:\Users\Public\Documents\Baidu\Common, Quarantined, [b6c4710e4843fe384f4d394e48ba05fb], 
PUP.Optional.ChinAd, C:\Users\Public\Documents\Baidu\Common\I18N, Quarantined, [b6c4710e4843fe384f4d394e48ba05fb], 
 
Files: 1
PUP.Optional.ChinAd, C:\Users\Public\Documents\Baidu\Common\I18N\conf.db, Quarantined, [b6c4710e4843fe384f4d394e48ba05fb], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
I will continue tonight (GTM+1)


#8 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:03 PM

Posted 18 November 2015 - 06:01 AM

Have you ever installed a program named Anvir Task Manager? If so, was it a recent install?

 

you have uTorrent installed...I suggest you uninstall it. The program comes with adware and if you use it to download pirated/ cracked programs, 

free stuff like movies and music....the downloads will more likely than not be bundled with adware and some of the worse forms of malware.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 howlingCup

howlingCup
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 18 November 2015 - 03:42 PM

I've never installed such program (anvir task manager), or at least I have no knowledge of it.

 

Regarding uTorrent I only use it to download from a reliable source that uses torrent to share media. 

 

I'll keep on with the scan and post the results once I get them. Cheers.

 

 

Edit:

 

# AdwCleaner v5.021 - Registro generado 18/11/2015 en 21:47:42
# Actualizado 14/11/2015 por Xplode
# Base de datos : 2015-11-17.2 [Servidor]
# Sistema operativo : Windows 7 Professional Service Pack 1 (x64)
# Nombre de usuario : Adrian - ADRIAN-I7
# Ejecutado desde : D:\Adrian\Escritorio\AdwCleaner.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
 
***** [ Carpetas ] *****
 
 
***** [ Archivos ] *****
 
[-] Archivo Eliminar : C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_adobe-audition.softonic.com_0.localstorage
[-] Archivo Eliminar : C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_adobe-audition.softonic.com_0.localstorage-journal
[-] Archivo Eliminar : C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
[-] Archivo Eliminar : C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage-journal
[-] Archivo Eliminar : C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] Archivo Eliminar : C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Accesos directos ] *****
 
 
***** [ Tareas programadas ] *****
 
 
***** [ Registro ] *****
 
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner.exe
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegWorks.exe
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSIT.exe
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSITx64.exe
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe
 
***** [ Navegadores Web ] *****
 
 
*************************
 
:: Llaves "Tracing" removidas
:: Winsock Configuración borrada
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2647 bytes] ##########
 
 
 
 
Regarding junkware removal... Its still going on but its getting a lot of "permission denied" messages even though I ran it as admin.

Edited by howlingCup, 18 November 2015 - 03:55 PM.


#10 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:03 PM

Posted 18 November 2015 - 04:19 PM

I think whatever was interfering with CCleaner is doing the same with JRT.

 

There is some things in your logs that I've never seen before. I think it best to have someone else take a look in the Malware Removal Forum.

I do suggest though that you go ahead with removing the programs and disabling the startups and tasks. Then do this:

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:03 PM

Posted 18 November 2015 - 06:31 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/596784/eset-antivirus-keeps-blocking-skype-soft-affiliate-internet-access-on-startup/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log. I also deleted the duplicate logs posted in the Malware Log forum as well.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users