Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wonderlandads.com popups


  • Please log in to reply
20 replies to this topic

#1 anakinnsky

anakinnsky

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 30 December 2015 - 04:57 PM

I'm repeatingly facing with wonderlandads.com pop-ups when I clink on links atall sites;  could anyone help me? 



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:20 PM

Posted 30 December 2015 - 05:03 PM

As seen here: http://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=user_activity&mid=238664 you started multiple topics in the past and you stop replying.

Personally, I won't be getting involved in time wasting topics.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:20 AM

Posted 30 December 2015 - 05:22 PM

:welcome:

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 01 January 2016 - 06:11 AM

Hi Broni;  

 

You're right, it's absolutely my fault about nonreplying to topics after my problems solved. Sorry for that. 

 

Hi Jo; 

 

Thanks for your help;  here is Securtiy Check results; 

 

 

 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (47.0.2526.106) 
 Google Chrome (47.0.2526.80) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 


#5 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 01 January 2016 - 02:21 PM

2. MalwareBytes couldn't find anything.



#6 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 01 January 2016 - 02:27 PM

3. Here is the log for Adwcleaner; 

 

 

# AdwCleaner v5.027 - Logfile created 01/01/2016 at 21:25:24
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : pc - PC-BILGISAYAR
# Running from : C:\Users\pc\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Windows\SysWOW64\lavasofttcpservice.dll
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [874 bytes] ##########


#7 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 01 January 2016 - 02:30 PM

And here is the last step, log for the Mini Toolbox

 

iniToolBox by Farbar  Version: 02-11-2015
Ran by pc (administrator) on 01-01-2016 at 21:28:44
Running from "C:\Users\pc\Desktop"
XargraX Windows 7 Premier™ XargraX Edition  Service Pack 1 (X64)
Model: HP Compaq dx7500 Microtower Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Yapάandβmas͍
 
DNS z£`ڮbelleȩ baࠡrιla temizlendi.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
Intel® 82567V-2 Gigabit Network Connection = Yerel Ağ Bağlantısı (Connected)
 
 
# ----------------------------------
# IPv4 Yapάandβmas͍
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# IPv4 yapάandβmasήή sonu
 
 
 
Windows IP Yapάandβmas͍
 
   Ana Bilgisayar Ad͠ . . . . . . . : pc-Bilgisayar
   Birincil DNS Soneki . . . . . . . : 
   Dg­ T²`. . . . . . . . . . .  : Karma
   IP Yծlendirme Etkin . . . . . .  : Hayβ
   WINS Proxy Etkin . . . . . . . .  : Hayβ
 
Ethernet baȤa࠴βΣ͠Yerel AǠBaȬantγͺ
 
   BaȬantιa պg`DNS Soneki .  . . : 
   AǍklama  . . . . . . . . . . . . : Intel® 82567V-2 Gigabit Network Connection
   Fiziksel Adres. . . . . . . . . . : 00-24-81-86-56-6D
   Dhcp Etkin. . . . . . . . . . . . : Evet
   Otomatik Yapάandβma Etkin. . .  : Evet
   BaȬant͠Yerel IPv6 Adresi . . . . . : fe80::c83e:e386:9ea8:16eb%11(Tercih Edilen) 
   IPv4 Adresi. . . . . . . . . . . : 192.168.1.4(Tercih Edilen) 
   Alt AǠMaskesi. . . . . . . . . . : 255.255.255.0
   Kira SaȬanan. . . . . . . . . .  : 01 Ocak 2016 Cuma 21:26:20
   Kira Bitiࠩ . . . . . . . . . . . : 04 Ocak 2016 Pazartesi 21:26:20
   Varsayάan AǠGeȩdi. . . . . . . : 192.168.1.1
   DHCP Sunucusu . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234890369
   DHCPv6 ٳtemcisi DUID'si. . . . . . . . : 00-01-00-01-19-10-3F-AE-00-24-81-86-56-6D
   DNS Sunucusu. . . . . . . . . . . : 46.101.178.39
                                       8.8.8.8
   Tcpip ºerinden NetBIOS. . . . . . . . : Etkin
 
Tunnel baȤa࠴βΣ͠isatap.{CE3A1D02-6595-4F8B-AE61-AE04843FAEE0}:
 
   Medya Durumu  . . . . . . . . . . : Medya BaȬantγ͠kesildi
   BaȬantιa պg`DNS Soneki .  . . : 
   AǍklama  . . . . . . . . . . . . : Microsoft ISATAP BaȤa࠴βΣγ͍
   Fiziksel Adres. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   Dhcp Etkin. . . . . . . . . . . . : Hayβ
   Otomatik Yapάandβma Etkin. . .  : Evet
 
Tunnel baȤa࠴βΣ͠Teredo Tunneling Pseudo-Interface:
 
   Medya Durumu  . . . . . . . . . . : Medya BaȬantγ͠kesildi
   BaȬantιa պg`DNS Soneki .  . . : 
   AǍklama  . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Fiziksel Adres. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   Dhcp Etkin. . . . . . . . . . . . : Hayβ
   Otomatik Yapάandβma Etkin. . .  : Evet
Sunucu:  UnKnown
Address:  46.101.178.39
 
 
google.com [173.194.116.96] yoklanιor32 bayt veri ile:
ٳtek zaman aߍmήa uȲadͮ
173.194.116.96 cevabͺ bayt=32 s²e=53ms TTL=50
 
173.194.116.96 iȩn Ping istatistiȩ:
    Paket: Giden = 2, Gelen = 1, Kaybolan = 1 (%50 kayΰ),
Mili saniye t²®den yaklaߍk tur s²eleri:
    En Az = 53ms, En ok = 53ms, Ortalama = 53ms
Sunucu:  UnKnown
Address:  46.101.178.39
 
 
yahoo.com [206.190.36.45] yoklanιor32 bayt veri ile:
206.190.36.45 cevabͺ bayt=32 s²e=311ms TTL=44
206.190.36.45 cevabͺ bayt=32 s²e=218ms TTL=44
 
206.190.36.45 iȩn Ping istatistiȩ:
    Paket: Giden = 2, Gelen = 2, Kaybolan = 0 (%0 kayΰ),
Mili saniye t²®den yaklaߍk tur s²eleri:
    En Az = 218ms, En ok = 311ms, Ortalama = 264ms
 
127.0.0.1 yoklanιor 32 bayt veri ile:
127.0.0.1 cevabͺ bayt=32 s²e<1ms TTL=128
127.0.0.1 cevabͺ bayt=32 s²e<1ms TTL=128
 
127.0.0.1 iȩn Ping istatistiȩ:
    Paket: Giden = 2, Gelen = 2, Kaybolan = 0 (%0 kayΰ),
Mili saniye t²®den yaklaߍk tur s²eleri:
    En Az = 0ms, En ok = 0ms, Ortalama = 0ms
===========================================================================
Arabirim Listesi
 11...00 24 81 86 56 6d ......Intel® 82567V-2 Gigabit Network Connection
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP BaȤa࠴βΣγ͍
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Yol Tablosu
===========================================================================
Etkin Yollar:
        AǠHedefi       AǠMaskesi        AǠGeȩdi        Arabirim   ڬǁt
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    276
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    276
===========================================================================
S²ekli Yollar:
  Yok
 
IPv6 Yol Tablosu
===========================================================================
Etkin Yollar:
 Metrik AǠHedef AǠ     Geȩdi
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::c83e:e386:9ea8:16eb/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
S²ekli Yollar:
  Yok
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/01/2016 09:28:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2016 08:02:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2016 04:31:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2016 02:09:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2016 12:27:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2016 01:29:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2015 05:24:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2015 03:18:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2015 02:32:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/30/2015 11:36:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (01/01/2016 09:25:24 PM) (Source: Service Control Manager) (User: )
Description: Windows Search hizmeti beklenmedik şekilde sona erdi.  Bu durum 1 defa oluştu.  30000 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.
 
Error: (01/01/2016 09:25:24 PM) (Source: Service Control Manager) (User: )
Description: Machine Debug Manager hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.
 
Error: (01/01/2016 09:25:24 PM) (Source: Service Control Manager) (User: )
Description: Intel® PROSet Monitoring Service hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.
 
Error: (01/01/2016 09:25:23 PM) (Source: Service Control Manager) (User: )
Description: COMODO Dragon Update Service hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.
 
Error: (01/01/2016 09:25:23 PM) (Source: Service Control Manager) (User: )
Description: AVG Service hizmeti beklenmedik şekilde sona erdi.  Bu durum 1 defa oluştu.  0 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.
 
Error: (01/01/2016 09:25:23 PM) (Source: Service Control Manager) (User: )
Description: Yazdırma Biriktiricisi hizmeti beklenmedik şekilde sona erdi.  Bu durum 1 defa oluştu.  60000 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.
 
Error: (01/01/2016 09:25:23 PM) (Source: Service Control Manager) (User: )
Description: AMD External Events Utility hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.
 
Error: (01/01/2016 02:07:58 PM) (Source: EventLog) (User: )
Description: 14:06:53, ‎01.‎01.‎2016 tarihinde gerçekleşen önceki sistem kapanışı beklenmiyordu.
 
Error: (12/31/2015 02:50:23 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/31/2015 02:50:06 PM) (Source: EventLog) (User: )
Description: 14:48:52, ‎31.‎12.‎2015 tarihinde gerçekleşen önceki sistem kapanışı beklenmiyordu.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-09-16 20:41:13.210
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-16 20:41:13.194
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-12 08:35:30.779
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-12 08:35:30.776
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-12 08:35:30.774
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-12 08:35:30.760
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-12 08:35:30.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-12 08:35:30.756
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-10 23:37:20.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-10 23:37:20.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
AIMP2 (HKLM-x32\...\AIMP2) (Version:  - )
AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies)
AVG Zen (HKLM\...\{4BB3F53A-125D-4CD0-8448-620E9898CF96}) (Version: 1.22.1 - AVG Technologies) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.8.0.29626 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
DriverPack Solution Updater (HKCU\...\DRPSu Updater) (Version: 0.0.25 - DriverPack Solution)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
FMW 1 (HKLM\...\{BCA7CC8C-745B-4340-B3A8-BC79A8498107}) (Version: 1.32.2 - AVG Technologies) Hidden
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Network Connections 16.8.45.1 (HKLM\...\PROSetDX) (Version: 16.8.45.1 - Intel)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Nero 8 Micro (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.13.0 - UpdatePack.nl)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.0.6 - Shark007)
WinRAR arşiv yöneticisi (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 34%
Total physical RAM: 4095.18 MB
Available physical RAM: 2669.64 MB
Total Virtual: 8188.55 MB
Available Virtual: 6571.48 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:97.56 GB) (Free:13.71 GB) NTFS
2 Drive d: () (Fixed) (Total:195.31 GB) (Free:31.68 GB) NTFS
3 Drive e: () (Fixed) (Total:172.79 GB) (Free:59.48 GB) NTFS
 
========================= Users: ========================================
 
\\PC-BILGISAYAR Kullanc Hesaplar
 
Administrator            Guest                    pc                       
Komut baŸaryla tamamland.
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
10-12-2015 23:24:15 Installed AVG 2016
10-12-2015 23:24:44 Installed AVG
18-12-2015 20:18:19 Zamanlanan Denetim Noktası
25-12-2015 17:54:45 Removed AVG
25-12-2015 17:55:53 Removed AVG 2016
25-12-2015 18:11:58 Windows Update
01-01-2016 02:10:39 Windows Update
 
**** End of log ****

Edited by anakinnsky, 01 January 2016 - 02:31 PM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:20 AM

Posted 01 January 2016 - 03:07 PM

Hello,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


:step3: Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

---


:step4: How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 02 January 2016 - 12:46 PM

Here is the log for Rkill; 

 

Rkill 2.8.3 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/02/2016 07:44:23 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Possibly Patched Files.
 
 * C:\Windows\Explorer.EXE
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * Güvenlik Merkezi (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\UxTheme.dll : 332.288 : 02/20/2012 10:48 PM : 8bf20c54ffb37cfb960f708ffa813fa7 [NoSig]
 +-> C:\Windows\SysWOW64\uxtheme.dll : 245.760 : 07/14/2009 03:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332.288 : 07/14/2009 03:41 AM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245.760 : 07/14/2009 03:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
 
 * C:\Windows\explorer.exe : 2.983.424 : 02/20/2012 07:59 PM : cdf9e6ffb9e6f0d5a7b2b21d250a445a [NoSig]
 +-> C:\Windows\SysWOW64\explorer.exe : 2.727.936 : 02/20/2012 09:23 PM : 9d267c63d5de604c38ff2078d7c784c2 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe : 2.872.320 : 11/21/2010 05:24 AM : ac4c51eb24aa95b77f705ab159189e24 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe : 2.871.808 : 11/12/2011 04:28 PM : 332feab1435662fc6c672e25beb37be3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe : 2.871.808 : 11/12/2011 04:28 PM : 3b69712041f3d63605529bd66dc00c48 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe : 2.616.320 : 11/21/2010 05:24 AM : 40d777b7a95e00593eb1568c68514493 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe : 2.616.320 : 11/12/2011 04:28 PM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe : 2.616.320 : 11/12/2011 04:28 PM : 0fb9c74046656d1579a64660ad67b746 [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 01/02/2016 07:45:05 PM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)


#10 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 02 January 2016 - 01:23 PM

2. Here is the log for MBAM

 

 
www.malwarebytes.org
 
Scan Date: 02.01.2016
Scan Time: 20:04
Logfile: levent.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.02.05
Rootkit Database: v2015.12.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: pc
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368585
Time Elapsed: 11 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 47
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\css, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\html, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\bg, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ca, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\cs, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\da, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\de, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\el, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en_GB, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es_419, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\et, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fi, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fil, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fr, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hi, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hr, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hu, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\id, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\it, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ja, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ko, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lt, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lv, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nb, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nl, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pl, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_BR, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_PT, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ro, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ru, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sk, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sl, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sr, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sv, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\th, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\tr, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\uk, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\vi, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_CN, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_TW, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_metadata, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, Quarantined, [48950e260792bc7abf1636926a9afd03], 
 
Files: 56
PUP.Optional.APNToolBar, C:\Users\pc\AppData\Local\Temp\AskPIP_FF_.exe, Quarantined, [09d4cd671f7a7cba196779b59d648878], 
PUP.Optional.Conduit, C:\prefs.js, Quarantined, [ba23ae863e5bb77f47f08c3d956fff01], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\manifest.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\craw_background.js, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\craw_window.js, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\css\craw_window.css, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\html\craw_window.html, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\flapper.gif, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\icon_128.png, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\icon_16.png, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button.png, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_close.png, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_hover.png, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_maximize.png, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_pressed.png, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\bg\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ca\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\cs\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\da\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\de\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\el\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en_GB\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es_419\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\et\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fi\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fil\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fr\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hi\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hr\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hu\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\id\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\it\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ja\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ko\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lt\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lv\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nb\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nl\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pl\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_BR\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_PT\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ro\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ru\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sk\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sl\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sr\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sv\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\th\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\tr\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\uk\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\vi\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_CN\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_TW\messages.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
PUP.Optional.HijackModifiedExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_metadata\verified_contents.json, Quarantined, [48950e260792bc7abf1636926a9afd03], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 02 January 2016 - 01:25 PM

3. And here are the Farbar log; 

 

Farbar Service Scanner Version: 10-06-2014
Ran by pc (administrator) on 02-01-2016 at 20:24:41
Running from "C:\Users\pc\Downloads"
XargraX Windows 7 Premier™ XargraX Edition  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#12 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 02 January 2016 - 01:28 PM

4. I didn't restart my computer after Farbar scan but I'm still having wonderlandads.com pop-ups. 



#13 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:20 AM

Posted 02 January 2016 - 01:58 PM

Please check if you get those popups with every browser (Internet explorer, Chrome)!
Which one shows those popups and which one doesn't?

---

Uninstall Chrome

restart the pc

Re-install Chrome but enable only plugins/addons that you really need!

---

Please go to one of the below sites to scan the following file(s):
Virus Total (Recommended)
jotti.org
VirScan
click on Browse, and upload the following file(s) for analysis:

C:\Windows\Explorer.EXE

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

---

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here:
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/


---

restart the pc

---

Please check again, if you get those popups with every browser!
Which one shows those popups and which one doesn't?

Edited by Jo*, 02 January 2016 - 01:58 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 04 January 2016 - 02:20 PM

Hi Jo; 

 

I'm getting same popups both at Chrome and Internet Explorer

 

1 I had uninstalled and re-installed Chrome; 

 

2 Here you can find my Virus total result link; (I couldn't find a report file but detectin ratio was 0 /55

 

https://www.virustotal.com/tr/file/eeac9f330740d08ad1edad6d46366e29c1d49aeb9fce029810b0b61816820121/analysis/1451934472/

 

 

 



#15 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 04 January 2016 - 02:28 PM

3. I had also run TFC and restart computer. 

 

 

But I still get same popups both in Chrome and Explorer






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users