Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange browser hijacker


  • Please log in to reply
11 replies to this topic

#1 sovitin

sovitin

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 25 December 2015 - 03:28 AM

Ok, so i tried to download a program that was a third party addon for a game and it turned sour. pretty sure i had deleted those files. Now there is something floating around and i can't seem to find it. It only attacks certain websites like this one and a few others, i have ran just about every free and simple removal kit that was suggested here and now i am at a loss. nothing had picked it up and i don't know what else to do at this point. 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,875 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:25 PM

Posted 25 December 2015 - 05:50 AM

Welcome to BC....

 

You don't say exactly which programs you have scanned with. Use the programs below...if it has been a few days since running

any or all of them then run them again after updating each.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Please download MiniToolBox and run it.
Checkmark following boxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 sovitin

sovitin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 25 December 2015 - 02:26 PM

Just to be clear you want both the MTB log and the MBAM log?



#4 buddy215

buddy215

  • BC Advisor
  • 12,875 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:25 PM

Posted 25 December 2015 - 02:29 PM

Yes....both of those logs and the others, please.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 sovitin

sovitin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 25 December 2015 - 03:02 PM

Got it, it will take time, i just finished with the Mbam



#6 sovitin

sovitin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 25 December 2015 - 07:24 PM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by joshia (administrator) on 25-12-2015 at 13:23:38
Running from "C:\Users\joshia\Downloads"
Microsoft Windows 8.1  (X64)
Model: G55VW Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 mfr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 static.a-ads.com
127.0.0.1 atlas.aamedia.ro
127.0.0.1 abcstats.com
127.0.0.1 ad4.abradio.cz
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 ads.activepower.net
127.0.0.1 app.activetrail.com
 
There are 48 entries.
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Connected)
Qualcomm Atheros AR9485WB-EG Wireless Network Adapter = Wi-Fi (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Home
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-85-DE-8B-69-DD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : DC-85-DE-8B-69-DC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : 50-46-5D-E5-2D-C0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dce6:ee9d:87fb:9e76%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, December 25, 2015 1:10:45 PM
   Lease Expires . . . . . . . . . . : Saturday, December 26, 2015 1:10:44 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 357582429
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-1F-46-8E-DC-85-DE-8B-69-DD
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
   Physical Address. . . . . . . . . : DC-85-DE-8B-69-DD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{BEDA368D-741F-4CFA-AF27-EC71DE40B52C}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 13:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2091:3d2a:b52c:b2af(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2091:3d2a:b52c:b2af%8(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-1F-46-8E-DC-85-DE-8B-69-DD
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:400f:802::200e
 216.58.217.14
 
 
Pinging google.com [216.58.217.14] with 32 bytes of data:
Reply from 216.58.217.14: bytes=32 time=14ms TTL=55
Reply from 216.58.217.14: bytes=32 time=10ms TTL=55
 
Ping statistics for 216.58.217.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 14ms, Average = 12ms
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=194ms TTL=52
Reply from 98.138.253.109: bytes=32 time=36ms TTL=52
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 36ms, Maximum = 194ms, Average = 115ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...1e 85 de 8b 69 dd ......Microsoft Wi-Fi Direct Virtual Adapter
  5...dc 85 de 8b 69 dc ......Bluetooth Device (Personal Area Network)
  4...50 46 5d e5 2d c0 ......Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
  3...dc 85 de 8b 69 dd ......Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
  1...........................Software Loopback Interface 1
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.100     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.100    276
    192.168.0.100  255.255.255.255         On-link     192.168.0.100    276
    192.168.0.255  255.255.255.255         On-link     192.168.0.100    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.100    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.100    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:9d38:6ab8:2091:3d2a:b52c:b2af/128
                                    On-link
  4    276 fe80::/64                On-link
  8    306 fe80::/64                On-link
  8    306 fe80::2091:3d2a:b52c:b2af/128
                                    On-link
  4    276 fe80::dce6:ee9d:87fb:9e76/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    276 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
**** End of log ****
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/25/2015
Scan Time: 1:26 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.25.05
Rootkit Database: v2015.12.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: joshia
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413896
Time Elapsed: 24 min, 39 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v5.026 - Logfile created 25/12/2015 at 13:09:27
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : joshia - HOME
# Running from : C:\Users\joshia\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\joshia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\joshia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\S
 
***** [ Web browsers ] *****
 
[-] [C:\Users\joshia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_8ppO11zBlE0vS10r0WO_8Qe-_X9qxFMShdHtP3OE91YH4Gd-YluuNw-YVp5XeWYWoCIFYOsjyyfa1_Odf0JXm00nze4-MArOIApAHsJkl5rMN5nJ02IBBZAZZtTf1N8dkbbQTXWpCMyq
[-] [C:\Users\joshia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP908931E0-9847-4D97-A84B-FACFE5A76F4C&SSPV=
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1561 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64 
Ran by joshia (Administrator) on Fri 12/25/2015 at 13:18:47.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 3 
 
Successfully deleted: C:\Users\joshia\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\joshia\AppData\Roaming\sp_data.sys (File) 
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/25/2015 at 13:21:11.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#7 buddy215

buddy215

  • BC Advisor
  • 12,875 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:25 PM

Posted 25 December 2015 - 08:21 PM

Okay...when Eset finishes and you have posted what it found, if anything,  do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 sovitin

sovitin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 25 December 2015 - 08:23 PM

Eset never found anything. i went thru the scan twice.



#9 sovitin

sovitin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 25 December 2015 - 08:25 PM

No HKCU:Run BitTorrent BitTorrent Inc. "C:\Users\joshia\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run EADM Electronic Arts "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
Yes HKCU:Run Remote Mouse RemoteMouse.net C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
No HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run Steam Valve Corporation "F:\steam\steam.exe" -silent
Yes HKLM:Run ACMON ASUS C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Yes HKLM:Run ASUSWebStorage ASUS Cloud Corporation C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
Yes HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
Yes HKLM:Run HDAudDeck VIA C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
Yes HKLM:Run mcui_exe McAfee, Inc. "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
Yes HKLM:Run ROGNB "C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe"
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes Startup Common AsusVibeLauncher.lnk ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
 
 
 
 
 
 
Yes Task ASUS Live Update ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
Yes Task ASUS P4G ASUS C:\Program Files\ASUS\P4G\BatteryLife.exe
Yes Task ASUS USB Charger Plus ASUSTek Computer Inc. "C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
Yes Task BtTray Qualcomm Atheros C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
Yes Task BtvStack Qualcomm Atheros Commnucations C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse McAfee, Inc. C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe /script=mcnrdhck.lua /periodicRunCount=5
Yes Task Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse McAfee, Inc. C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe /timeout=60000 /script=mcnrdhck.lua /hcmode=postdatupdate /datver=2476.0 /datupdatestatus=0
Yes Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d Intel Corporation C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
Yes Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon Intel Corporation C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
Yes Task McAfee Remediation (Prepare) McAfee, Inc. C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe /prepare
No Task Optimize Start Menu Cache Files-S-1-5-21-1629525133-1994508930-683499572-1002
Yes Task {F642E88F-8D68-4BC2-9E97-7E25D9E2E618} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a "C:\GOG Games\Star Wars - Empire At War Gold\EAWX\swfoc.exe" -d "C:\GOG Games\Star Wars - Empire At War Gold\EAWX" -c LANGUAGE=ENGLISH
 
 
 
dera Microsoft Studios 10/26/2015 2.5.2.34894
Adobe Reader X MUI Adobe Systems Incorporated 8/4/2012 370 MB 10.0.0
Alcor Micro USB Card Reader Alcor Micro Corp. 10/28/2012 2.63 MB 3.8.142.61628
ASUS Calculator ASUSTek COMPUTER INC. 10/26/2015 1.0.0.25
Asus Converter ASUSTeK COMPUTER INC. 10/25/2015 1.0.0.27
ASUS Instant Connect ASUS 10/28/2012 72.3 MB 1.2.8
ASUS InstantOn ASUS 10/28/2012 4.30 MB 3.0.2
ASUS LifeFrame3 ASUS 10/28/2012 37.8 MB 3.1.5
ASUS Live Update ASUS 10/28/2012 6.81 MB 3.1.8
ASUS Power4Gear Hybrid ASUS 10/28/2012 8.09 MB 2.0.4
ASUS ROG Gaming Mouse ASUS 10/28/2012 2.00.018
ASUS Splendid Video Enhancement Technology ASUS 10/28/2012 27.5 MB 1.03.0004
ASUS Tutor ASUS 8/4/2012 26.9 MB 1.0.6
ASUS USB Charger Plus ASUS 10/28/2012 7.18 MB 2.1.4
ASUS WebStorage Sync Agent ASUS Cloud Corporation 10/23/2015 1.1.9.120
ASUSDVD CyberLink Corp. 10/28/2012 188 MB 10.0.4126.52
AsusVibe2.0 ASUSTEK 10/23/2015 2.0.10.168
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 10/28/2012 2.1.0.7
ATK Package ASUS 10/28/2012 13.7 MB 1.0.0022
Battleborn Closed Technical Test 10/31/2015
BitTorrent BitTorrent Inc. 12/12/2015 7.9.5.41373
Call of Duty: Black Ops Treyarch 10/23/2015
Call of Duty: Black Ops - Multiplayer Treyarch 10/23/2015
CCleaner Piriform 12/25/2015 5.13
ESET Online Scanner v3 12/25/2015
ETDWare PS/2-X64 11.5.0.9_WHQL ELAN Microelectronic Corp. 10/23/2015 11.5.0.9
Fresh Paint 10/26/2015
Games Microsoft Corporation 10/25/2015 2.0.139.0
Google Chrome Google Inc. 12/25/2015 47.0.2526.106
Grand Theft Auto V Rockstar Games 11/27/2015 "1.00.0000"
Heroes of the Storm Blizzard Entertainment 10/23/2015
HP AiO Printer Remote 10/26/2015
Intel® Manageability Engine Firmware Recovery Agent Intel Corporation 10/28/2012 57.9 MB 1.0.0.36354
Intel® Management Engine Components Intel Corporation 10/18/2015 8.1.0.1252
Java 8 Update 65 Oracle Corporation 10/26/2015 88.8 MB 8.0.650.17
Left 4 Dead 2 Valve 12/23/2015
Left 4 Dead 2 Beta 12/23/2015
Mail, Calendar, and People 10/26/2015
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 12/25/2015 66.1 MB 2.2.0.1024
Maps Microsoft Corporation 10/25/2015 2.1.3230.2048
Mass Effect™ Electronic Arts 11/24/2015 10.5 GB 1.2.20608.0
Mass Effect™ 2 Electronic Arts 11/24/2015 11.5 GB 1.2.1604.0
Mass Effect™ 3 Electronic Arts 11/24/2015 1.05.0.0
McAfee Internet Security McAfee, Inc. 12/21/2015 14.0.6120
McAfee WebAdvisor McAfee, Inc. 12/2/2015 4.0.207
MechWarrior Online Piranha Games Inc. 12/12/2015
Microsoft Office Microsoft Corporation 8/4/2012 6.26 MB 14.0.6120.5004
Microsoft Solitaire Collection Microsoft Studios 10/26/2015 2.7.1508.1402
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11/24/2015 4.47 MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 11/1/2015 11.5 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10/19/2015 8.85 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 11/1/2015 8.78 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 10/19/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 10/19/2015 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 10/31/2015 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 10/31/2015 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 11/19/2015 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 11/16/2015 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 Microsoft Corporation 12/17/2015 24.2 MB 14.0.23026.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 Microsoft Corporation 12/17/2015 20.5 MB 14.0.23026.0
Minecraft Mojang 10/26/2015 1.22 MB 1.0.3.0
Mordheim: City of the Damned Rogue Factor 12/16/2015
MSN Food & Drink Microsoft Corporation 10/26/2015 3.0.4.336
MSN Health & Fitness Microsoft Corporation 10/26/2015 3.0.4.336
MSN Money Microsoft Corporation 10/26/2015 3.0.4.336
MSN News Microsoft Corporation 10/26/2015 3.0.4.336
MSN Sports Microsoft Corporation 10/26/2015 3.0.4.336
MSN Travel Microsoft Corporation 10/26/2015 3.0.4.336
MSN Weather Microsoft Corporation 10/26/2015 3.0.4.337
Music Microsoft Corporation 10/26/2015 2.6.672.0
NVIDIA 3D Vision Driver 361.43 NVIDIA Corporation 12/23/2015 361.43
NVIDIA GeForce Experience 2.8.1.21 NVIDIA Corporation 12/23/2015 2.8.1.21
NVIDIA Graphics Driver 361.43 NVIDIA Corporation 12/23/2015 361.43
NVIDIA HD Audio Driver 1.3.34.4 NVIDIA Corporation 12/23/2015 1.3.34.4
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 11/1/2015 9.15.0428
OneNote Microsoft Corporation 10/26/2015 16.0.3327.1048
Origin Electronic Arts, Inc. 11/16/2015 9.10.1.1501
PunkBuster Services Even Balance, Inc. 10/23/2015 0.986
Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Communications 10/28/2012 93.5 MB 8.0.0.206
Qualcomm Atheros Client Installation Program Qualcomm Atheros 10/28/2012 10.0
Reader Microsoft Corporation 10/26/2015 6.4.9926.17994
Remote Mouse version 2.70 Remote Mouse 11/2/2015 4.47 MB 2.70
Rockstar Games Social Club Rockstar Games 11/27/2015 1.1.6.8
Shared C Run-time for x64 McAfee 8/4/2012 2.78 MB 10.0.0
Skype Skype 10/26/2015 3.1.0.1016
Skype Click to Call Microsoft Corporation 10/22/2015 9.99 MB 7.5.0.9082
Skype™ 7.13 Skype Technologies S.A. 10/22/2015 75.9 MB 7.13.101
Squad Offworld Industries 12/16/2015
STAR WARS® - Empire At War™ Gold GOG.com 10/29/2015 1.28 MB 2.0.0.3
STAR WARS™ Battlefront™ Electronic Arts 11/19/2015 27.2 GB 1.0.4.22789
StarCraft II Blizzard Entertainment 11/8/2015
Steam Valve Corporation 10/23/2015 2.10.91.91
System Requirements Lab Detection Husdawg, LLC 11/1/2015 675 KB 6.1.6.0
Taptiles Microsoft Studios 10/26/2015 2.4.1412.201
The Elder Scrolls Online Zenimax Online Studios 12/23/2015 1.0.0.0
The World Clock ASUSTeK COMPUTER INC. 10/25/2015 1.0.0.6
Tom Clancy's Rainbow Six: Vegas Ubisoft Montreal 12/5/2015
Tom Clancy's Rainbow Six® Siege Ubisoft Montreal 12/5/2015
Uplay Ubisoft 12/5/2015 13.0
VIA Platform Device Manager VIA Technologies, Inc. 10/28/2012 2.62 MB 1.39
Video Microsoft Corporation 11/6/2015 2.6.446.0
Windows Alarms Microsoft Corporation 10/25/2015 6.3.9654.20335
Windows Calculator Microsoft Corporation 10/25/2015 6.3.9600.20278
Windows Help+Tips Microsoft Corporation 10/25/2015 6.3.9654.20559
Windows Reading List Microsoft Corporation 10/26/2015 6.3.9654.20947
Windows Scan Microsoft Corporation 10/26/2015 6.3.9654.17133
Windows Sound Recorder Microsoft Corporation 10/25/2015 6.3.9600.20280
WinFlash ASUS 10/28/2012 881 KB 2.41.1
Wordament Microsoft Studios 10/26/2015 2.8.4.0
 

Edited by sovitin, 25 December 2015 - 08:36 PM.


#10 buddy215

buddy215

  • BC Advisor
  • 12,875 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:25 PM

Posted 25 December 2015 - 09:30 PM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes HKCU:Run Steam Valve Corporation "F:\steam\steam.exe" -silent

Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Yes HKLM:Run ASUSWebStorage ASUS Cloud Corporation C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
Disable these Tasks:

Yes Task ASUS Live Update ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task {F642E88F-8D68-4BC2-9E97-7E25D9E2E618} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a "C:\GOG Games\Star Wars - Empire At War Gold\EAWX\swfoc.exe" -d "C:\GOG Games\Star Wars - Empire At War Gold\EAWX" -c LANGUAGE=ENGLISH
 
Uninstall These programs:
Adobe Reader X MUI Adobe Systems Incorporated 8/4/2012 370 MB 10.0.0 (Or Update...old Adobe products are malware magnets)
BitTorrent BitTorrent Inc. 12/12/2015 7.9.5.41373 (Or Keep it..but be aware downloading free stuff like movies, music and pirated software is very risky and may be illegal)
ESET Online Scanner v3 12/25/2015
McAfee WebAdvisor McAfee, Inc. 12/2/2015 4.0.207
Skype Click to Call Microsoft Corporation 10/22/2015 9.99 MB 7.5.0.9082
 
Reset Host File:
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:
  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 sovitin

sovitin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 25 December 2015 - 09:46 PM

OK i have done all three steps, what would be the next? the MBAM still continues to block unwanted programs will it always be there then?

 

 It is still happening. 


Edited by sovitin, 25 December 2015 - 09:53 PM.


#12 buddy215

buddy215

  • BC Advisor
  • 12,875 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:25 PM

Posted 25 December 2015 - 10:07 PM

You will need to start a new topic in the Malware Removal Forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users