Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pretty harsh case of adware here


  • Please log in to reply
24 replies to this topic

#1 jbiafra

jbiafra

  • Members
  • 38 posts
  • OFFLINE
  •  

Posted 07 December 2015 - 12:28 AM

I'm getting nonstop ads on chrome. They're so bad that I had to use firefox to use this forum. I use chrome for pretty much everything, and I don't want the problem to spread to my other browsers. I used MBAM and adaware and a few other cleaning programs to try to resolve the problem. I deleted something like 45 PUP items when I used MBAM. It actually screwed up my chrome shortcuts and I had to delete them. The problem is still there. I use an online alarm clock to wake up, and because of this problem, I can't use that page on chrome. I want to fix this before it gets too late, but I think I'm going to have to go to bed before this is resolved. Some of the ads say "by adsupply" on them. Sometimes clicking a link will take me to an ad page instead of the page I wanted to see.


Edited by Orange Blossom, 07 December 2015 - 12:40 AM.
Moved to AII from Windows 7. ~ OB


BC AdBot (Login to Remove)

 


#2 jbiafra

jbiafra
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  

Posted 07 December 2015 - 12:34 AM

Actually, the majority of the ads seem to be gone. I do still get the "by adsupply" thing on some pages, though, and the alarm clock site I use still won't load the time (on chrome).

 

Edit: Since this topic was moved by a moderator, I will point out that I'm using Windows 7.


Edited by jbiafra, 07 December 2015 - 12:44 AM.


#3 Batzz

Batzz

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 07 December 2015 - 05:07 PM

Hi this is Batzz. Im here to assist you as much as a I can. As it appears google chrome was infected with malicious items, have you attempted to restore all settings to default and disable any unrecognized add-ons in the add-ons window of chrome. As to counter the other, I recommend using adblock plus in chrome saves you a lot of pain and trouble.



#4 jbiafra

jbiafra
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  

Posted 07 December 2015 - 11:12 PM

I'm now having the same problem with Firefox and it is interfering with my ability to post here. Chrome seems to be working now. Need some tech support please.



#5 Batzz

Batzz

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 08 December 2015 - 12:30 AM

Hello Batzz Here agian. Can you please perform the following actions, if you have not already perform another scan with Malwarebyes and post the log here, and i will attempt to assist you further, if malwarebytes is unable to load, right click the shortcut and hit open file location and run malwarebytes chameleon. Post all the text from the log please so i can do my best to help out.



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:54 AM

Posted 08 December 2015 - 07:26 AM

Hi there,

There are some tools we can run first that specializes in adware. They might get more things than MBAM alone.

:step1: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

:step2: AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Please let me know if there are any issues.

Regards,
Alex

#7 jbiafra

jbiafra
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  

Posted 08 December 2015 - 08:15 AM

Batzz, MBAM didn't get everything again.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/8/2015
Scan Time: 7:22 AM
Logfile: report.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.08.02
Rootkit Database: v2015.12.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 302619
Time Elapsed: 15 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 1
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\privoxy.exe, 5212, , [8022208235563cfac042c8ab7291f10f]
 
Modules: 1
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\mgwz.dll, , [8022208235563cfac042c8ab7291f10f], 
 
Registry Keys: 3
PUP.Optional.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PrivoxyService, , [8022208235563cfac042c8ab7291f10f], 
PUP.Optional.Privoxy.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IT Viewer Schedualer, , [d9c9544e335801358780268057ab8a76], 
PUP.Optional.Privoxy, HKLM\SOFTWARE\SECUREWEBCHANNEL, , [c2e082208cff11258dc225d7ad569868], 
 
Registry Values: 3
PUP.Optional.Privoxy, HKLM\SOFTWARE\SECUREWEBCHANNEL|Channel, split24banner4, , [c2e082208cff11258dc225d7ad569868]
PUP.Optional.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE|ImagePath, "C:\Program Files\IT Viewer\privoxy.exe" --service, , [861c475b6a2154e213f0175c758ec53b]
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-2417875657-1565034140-1920036798-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, , [5a48a2009eed3df96a9beff0f01333cd]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer, , [8022208235563cfac042c8ab7291f10f], 
 
Files: 16
Backdoor.Agent.WD, C:\Users\User\AppData\Local\Temp\GPUpd5666548C0.exe, , [f2b06a38b8d338fe596d2df1da267d83], 
PUP.Optional.Privoxy.PrxySvrRST, C:\Windows\System32\Tasks\IT Viewer Schedualer, , [257d188aa1ea053138cd4660e31f857b], 
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\privoxy.exe, , [8022208235563cfac042c8ab7291f10f], 
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\astask.exe, , [8022208235563cfac042c8ab7291f10f], 
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\checkproxy.exe, , [8022208235563cfac042c8ab7291f10f], 
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\config.txt, , [8022208235563cfac042c8ab7291f10f], 
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\default.action, , [8022208235563cfac042c8ab7291f10f], 
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\default.filter, , [8022208235563cfac042c8ab7291f10f], 
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\mgwz.dll, , [8022208235563cfac042c8ab7291f10f], 
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\privoxy.log, , [8022208235563cfac042c8ab7291f10f], 
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\tschromium.exe, , [8022208235563cfac042c8ab7291f10f], 
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\tschromium64.exe, , [8022208235563cfac042c8ab7291f10f], 
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\tsnet.dll, , [8022208235563cfac042c8ab7291f10f], 
PUP.Optional.PrxySvrRST, C:\Program Files\IT Viewer\tsnet64.dll, , [8022208235563cfac042c8ab7291f10f], 
PUP.Optional.UTop, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage, , [1e841290dead3cfaf9f2d7ded231f10f], 
PUP.Optional.UTop, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, , [445e5949bdce38fe509bddd848bb51af], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
I'll do what Alex suggested now.


#8 jbiafra

jbiafra
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  

Posted 08 December 2015 - 08:17 AM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by User (administrator) on 08-12-2015 at 08:15:16
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Model: OptiPlex 745 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
NETGEAR WNDA4100 N900 Wireless Dual Band USB Adapter = Wireless Network Connection 4 (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection 5 (Media disconnected)
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 56 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 57 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 58 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 59 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 60 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 61 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/08/2015 08:08:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: WNDA4100.EXE, version: 1.2.0.10, time stamp: 0x50ecd160
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7b00
Exception code: 0xe06d7363
Fault offset: 0x0000812f
Faulting process id: 0xb34
Faulting application start time: 0xWNDA4100.EXE0
Faulting application path: WNDA4100.EXE1
Faulting module path: WNDA4100.EXE2
Report Id: WNDA4100.EXE3
 
Error: (12/08/2015 05:19:56 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 41.0.2.5765, time stamp: 0x561ef9f1
Faulting module name: mozglue.dll, version: 41.0.2.5765, time stamp: 0x561ee53f
Exception code: 0x80000003
Fault offset: 0x0000ec91
Faulting process id: 0x1c98
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (12/07/2015 12:11:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: WNDA4100.EXE, version: 1.2.0.10, time stamp: 0x50ecd160
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7b00
Exception code: 0xe06d7363
Fault offset: 0x0000812f
Faulting process id: 0x468
Faulting application start time: 0xWNDA4100.EXE0
Faulting application path: WNDA4100.EXE1
Faulting module path: WNDA4100.EXE2
Report Id: WNDA4100.EXE3
 
Error: (12/06/2015 11:47:10 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
 
Error: (12/06/2015 11:47:10 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
 
Error: (12/06/2015 11:45:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: WNDA4100.EXE, version: 1.2.0.10, time stamp: 0x50ecd160
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7b00
Exception code: 0xe06d7363
Fault offset: 0x0000812f
Faulting process id: 0xba8
Faulting application start time: 0xWNDA4100.EXE0
Faulting application path: WNDA4100.EXE1
Faulting module path: WNDA4100.EXE2
Report Id: WNDA4100.EXE3
 
Error: (12/06/2015 04:19:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: WNDA4100.EXE, version: 1.2.0.10, time stamp: 0x50ecd160
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7b00
Exception code: 0xe06d7363
Fault offset: 0x0000812f
Faulting process id: 0x9d0
Faulting application start time: 0xWNDA4100.EXE0
Faulting application path: WNDA4100.EXE1
Faulting module path: WNDA4100.EXE2
Report Id: WNDA4100.EXE3
 
Error: (12/06/2015 01:22:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: WNDA4100.EXE, version: 1.2.0.10, time stamp: 0x50ecd160
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7b00
Exception code: 0xe06d7363
Fault offset: 0x0000812f
Faulting process id: 0xc84
Faulting application start time: 0xWNDA4100.EXE0
Faulting application path: WNDA4100.EXE1
Faulting module path: WNDA4100.EXE2
Report Id: WNDA4100.EXE3
 
Error: (12/06/2015 02:40:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: WNDA4100.EXE, version: 1.2.0.10, time stamp: 0x50ecd160
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7b00
Exception code: 0xe06d7363
Fault offset: 0x0000812f
Faulting process id: 0xafc
Faulting application start time: 0xWNDA4100.EXE0
Faulting application path: WNDA4100.EXE1
Faulting module path: WNDA4100.EXE2
Report Id: WNDA4100.EXE3
 
Error: (12/06/2015 02:34:49 AM) (Source: MsiInstaller) (User: User-PC)
Description: Product: Apple Software Update -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer, location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer
 
 
System errors:
=============
Error: (12/08/2015 08:09:34 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (12/08/2015 08:06:55 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater18.9.0 service failed to start due to the following error: 
%%2
 
Error: (12/08/2015 08:04:53 AM) (Source: Service Control Manager) (User: )
Description: The Privoxy (PrivoxyService) service terminated with service-specific error %%1067.
 
Error: (12/07/2015 10:55:53 PM) (Source: Service Control Manager) (User: )
Description: The Privoxy (PrivoxyService) service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/07/2015 12:13:03 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (12/07/2015 12:10:19 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater18.9.0 service failed to start due to the following error: 
%%2
 
Error: (12/06/2015 11:47:46 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (12/06/2015 11:44:08 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater18.9.0 service failed to start due to the following error: 
%%2
 
Error: (12/06/2015 07:28:54 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer TOSHABA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D2718AF-44DE-4B96-8D48-E09A90E.
The master browser is stopping or an election is being forced.
 
Error: (12/06/2015 04:20:50 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (12/08/2015 08:08:15 AM) (Source: Application Error)(User: )
Description: WNDA4100.EXE1.2.0.1050ecd160KERNELBASE.dll6.1.7601.18847554d7b00e06d73630000812fb3401d131b96f32b382C:\Program Files\NETGEAR\WNDA4100\WNDA4100.EXEC:\Windows\system32\KERNELBASE.dllbd604dfe-9dac-11e5-9e26-001aa0e9d18e
 
Error: (12/08/2015 05:19:56 AM) (Source: Application Error)(User: )
Description: plugin-container.exe41.0.2.5765561ef9f1mozglue.dll41.0.2.5765561ee53f800000030000ec911c9801d1319f378666c0C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozglue.dll3a59ad20-9d95-11e5-829c-001aa0e9d18e
 
Error: (12/07/2015 12:11:36 AM) (Source: Application Error)(User: )
Description: WNDA4100.EXE1.2.0.1050ecd160KERNELBASE.dll6.1.7601.18847554d7b00e06d73630000812f46801d130adb2185cfcC:\Program Files\NETGEAR\WNDA4100\WNDA4100.EXEC:\Windows\system32\KERNELBASE.dllfc996c9c-9ca0-11e5-829c-001aa0e9d18e
 
Error: (12/06/2015 11:47:10 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/06/2015 11:47:10 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/06/2015 11:45:41 PM) (Source: Application Error)(User: )
Description: WNDA4100.EXE1.2.0.1050ecd160KERNELBASE.dll6.1.7601.18847554d7b00e06d73630000812fba801d130a9f3093023C:\Program Files\NETGEAR\WNDA4100\WNDA4100.EXEC:\Windows\system32\KERNELBASE.dll5dc9282a-9c9d-11e5-871c-001aa0e9d18e
 
Error: (12/06/2015 04:19:33 PM) (Source: Application Error)(User: )
Description: WNDA4100.EXE1.2.0.1050ecd160KERNELBASE.dll6.1.7601.18847554d7b00e06d73630000812f9d001d1306bb7d83fbeC:\Program Files\NETGEAR\WNDA4100\WNDA4100.EXEC:\Windows\system32\KERNELBASE.dll0b31c889-9c5f-11e5-8d9f-001aa0e9d18e
 
Error: (12/06/2015 01:22:38 PM) (Source: Application Error)(User: )
Description: WNDA4100.EXE1.2.0.1050ecd160KERNELBASE.dll6.1.7601.18847554d7b00e06d73630000812fc8401d13052f097410fC:\Program Files\NETGEAR\WNDA4100\WNDA4100.EXEC:\Windows\system32\KERNELBASE.dll54192103-9c46-11e5-b3c7-001aa0e9d18e
 
Error: (12/06/2015 02:40:37 AM) (Source: Application Error)(User: )
Description: WNDA4100.EXE1.2.0.1050ecd160KERNELBASE.dll6.1.7601.18847554d7b00e06d73630000812fafc01d12ff93c59db21C:\Program Files\NETGEAR\WNDA4100\WNDA4100.EXEC:\Windows\system32\KERNELBASE.dlla3d5a61e-9bec-11e5-a347-001aa0e9d18e
 
Error: (12/06/2015 02:34:49 AM) (Source: MsiInstaller)(User: User-PC)
Description: Product: Apple Software Update -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer, location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer (NULL)(NULL)(NULL)(NULL)(NULL)
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 9.21 (HKLM\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Ad-Aware Antivirus (HKLM\...\{CB2AEF35-F448-4259-B7C0-7D1F8517EBA2}_AdAwareUpdater) (Version: 11.9.662.8718 - Lavasoft)
AdAwareInstaller (HKLM\...\{2EEA66A1-AD06-4E4A-9787-526CA5A5C978}) (Version: 11.9.662.8718 - Lavasoft) Hidden
AdAwareUpdater (HKLM\...\{CB2AEF35-F448-4259-B7C0-7D1F8517EBA2}) (Version: 11.9.662.8718 - Lavasoft) Hidden
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AntimalwareEngine (HKLM\...\{6E5FAEC8-C3C1-44E8-B8DE-CE3F9568BF85}) (Version: 3.0.98.0 - Lavasoft) Hidden
Armageddon (HKLM\...\{E163BB62-2840-4C55-9A8E-5C5B9E9FF86C}) (Version:  - )
Baldur's Gate -  The Original Saga (HKLM\...\GOGPACKBALDURSGATE1_is1) (Version: 2.0.0.20 - GOG.com)
Black & White® 2 (HKLM\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Doomsday (HKLM\...\{69464949-AD9C-4C98-933F-C32FFC86F3C8}) (Version:  - )
Europa Universalis III (HKLM\...\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}) (Version:  - )
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
Google Chrome (HKLM\...\{38764777-9FDB-35BC-A8DB-FA324E5EAC4A}) (Version: 47.0.2526.73 - Google, Inc.)
Google Drive (HKLM\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hearts of Iron 2 (HKLM\...\{98786147-80E3-41A5-A80C-1F3C028558CF}) (Version:  - )
In Nomine 3.2 (HKLM\...\In Nomine_is1) (Version:  - GamersGate)
Inquisit 4 Web Player (HKLM\...\{FBB69BDD-AE2D-4E69-BE47-704EBC5B3FC0}) (Version: 4.0.9.0 - Millisecond Software)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.25.18 - Oracle Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: 7.36 - mIRC Co. Ltd.)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (HKLM\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR WNDA4100 Genie (HKLM\...\{422FB885-2E3D-4F0C-8C47-BF4336B5318B}) (Version: 1.2.0.10 - NETGEAR) Hidden
NETGEAR WNDA4100 Genie (HKLM\...\InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}) (Version: 1.2.0.10 - NETGEAR)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 5.2 - Power Software Ltd)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roller Coaster Tycoon 3 Platinum  - CarlesNeo ! (HKLM\...\Roller Coaster Tycoon 3 Platinum  - CarlesNeo !) (Version:  - )
Supreme Ruler 2020 Gold 6.8.1 (HKLM\...\Supreme Ruler 2020 Gold_is1) (Version:  - BattleGoat Studios)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 51%
Total physical RAM: 3317.61 MB
Available physical RAM: 1610.98 MB
Total Virtual: 6631.48 MB
Available Virtual: 5026.93 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:74.29 GB) (Free:13.47 GB) NTFS
3 Drive d: (BW2) (CDROM) (Total:3.38 GB) (Free:0 GB) UDF
 
========================= Users: ========================================
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
06-12-2015 07:29:43 Revo Uninstaller's restore point - Microsoft Silverlight
06-12-2015 07:30:23 Removed Microsoft Silverlight
06-12-2015 07:34:14 Revo Uninstaller's restore point - Apple Software Update
06-12-2015 21:13:51 Malwarebytes Anti-Rootkit Restore Point
 
**** End of log ****


#9 jbiafra

jbiafra
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  

Posted 08 December 2015 - 08:22 AM

# AdwCleaner v5.024 - Logfile created 08/12/2015 at 08:18:36
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : vToolbarUpdater18.9.0
 
***** [ Folders ] *****
 
Folder Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Folder Found : C:\Users\User\AppData\Roaming\SecureSearch
Folder Found : C:\Users\User\AppData\Roaming\Interstat
 
***** [ Files ] *****
 
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage-journal
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage-journal
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.plyrics.com_0.localstorage
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.plyrics.com_0.localstorage-journal
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_gameranger.en.softonic.com_0.localstorage
File Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_gameranger.en.softonic.com_0.localstorage-journal
File Found : C:\Users\User\AppData\LocalLow\SkwConfig.bin
File Found : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
File Found : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\xVidly.lnk
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : DSite
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\onekit
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\Interstat
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\SecureWeb
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKU\.DEFAULT\Software\Yahoo\Companion
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}
 
***** [ Web browsers ] *****
 
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bmkckgpgekmanipelfidlhmkfcjicion
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : flpcjncodpafbgdpnkljologafpionhb
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [4915 bytes] ##########


#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:54 AM

Posted 08 December 2015 - 08:26 AM

Hi there,

Please re-run AdwCleaner and choose Cleaning for all detections. After that click on Logfile and post the cleaning log here.

After that please run this.

:step1: Junkware Removal Tool by Malwarebytes Corporation

Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
===

:step2: Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
Regards,
Alex

Edited by Alexstrasza, 08 December 2015 - 08:26 AM.


#11 jbiafra

jbiafra
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  

Posted 08 December 2015 - 08:35 AM

# AdwCleaner v5.024 - Logfile created 08/12/2015 at 08:29:14
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : vToolbarUpdater18.9.0
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
[-] Folder Deleted : C:\Users\User\AppData\Roaming\SecureSearch
[-] Folder Deleted : C:\Users\User\AppData\Roaming\Interstat
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage-journal
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage-journal
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.plyrics.com_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.plyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_gameranger.en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_gameranger.en.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\User\AppData\LocalLow\SkwConfig.bin
[-] File Deleted : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[-] File Deleted : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\xVidly.lnk
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : DSite
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Bitberry
[-] Key Deleted : HKCU\Software\onekit
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\Interstat
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\SecureWeb
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmkckgpgekmanipelfidlhmkfcjicion
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [5289 bytes] ##########


#12 jbiafra

jbiafra
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  

Posted 08 December 2015 - 08:47 AM

JRT doesn't seem to work on my PC. It flashes on and then disappears. It's always done this. Should I continue on to try Emisoft Kit?



#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:54 AM

Posted 08 December 2015 - 08:52 AM

Please continue with Emsisoft Emergency Kit :)

#14 jbiafra

jbiafra
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  

Posted 08 December 2015 - 09:27 AM

Emsisoft Emergency Kit - Version 10.0
Last update: 12/8/2015 9:13:01 AM
User account: User-PC\User
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 12/8/2015 9:13:52 AM
C:\Users\User\AppData\Local\adawarebp detected: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\8BA5CD9129705784F8B198C6A5C96EEA detected: Application.Win32.InstallSave (A)
C:\Users\User\AppData\Local\Temp\67CF.tmp.exe detected: Trojan.GenericKD.2909525 (B)
C:\Users\User\AppData\Local\Temp\CF38.tmp.exe detected: Trojan.GenericKD.2909525 (B)
C:\Users\User\AppData\Roaming\Security Menager\Security Menager.exe detected: Trojan.GenericKD.2909525 (B)
 
Scanned 83442
Found 5
 
Scan end: 12/8/2015 9:25:05 AM
Scan time: 0:11:13
 
C:\Users\User\AppData\Roaming\Security Menager\Security Menager.exe Quarantined Trojan.GenericKD.2909525 (B)
C:\Users\User\AppData\Local\Temp\CF38.tmp.exe Quarantined Trojan.GenericKD.2909525 (B)
C:\Users\User\AppData\Local\Temp\67CF.tmp.exe Quarantined Trojan.GenericKD.2909525 (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\8BA5CD9129705784F8B198C6A5C96EEA Quarantined Application.Win32.InstallSave (A)
C:\Users\User\AppData\Local\adawarebp Quarantined Application.AppInstall (A)
 
Quarantined 5


#15 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:54 AM

Posted 08 December 2015 - 09:30 AM

Hi there,

Please rescan with MBAM and remember to choose Quarantine for all detections.

The following scan can take quite some time, so please be patient.

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users