Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Snap.do, sidecubes and xifs. Help! :(


  • This topic is locked This topic is locked
12 replies to this topic

#1 xSINderellax

xSINderellax

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 07 June 2016 - 08:43 AM

Here are the logs from FRST :)

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:43 AM

Posted 07 June 2016 - 09:15 AM

Hello
  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.
1.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • 2.
    ZN3USrZ.png Emsisoft Emergency Kit
    • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
    • Save EmsisoftEmergencyKit.exe to your Desktop.
    • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
      dQVDkTW.png
    • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
    • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
    • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
      yEgPemv.png
    • Choose Yes, then wait for EEK to finish updating.
    • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
    • Wait for the scan to finish.
      RUeRoi4.png
    • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
    • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
    • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
      P7FSALs.png
    • Please Copy and Paste the contents of the scan log in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 xSINderellax

xSINderellax
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 07 June 2016 - 02:41 PM

Firstly here is the adwcleaner log:

 

# AdwCleaner v5.119 - Logfile created 07/06/2016 at 20:35:28
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : User - SIN
# Running from : C:\Users\User\Favorites\Desktop\adwcleaner_5.119.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\xifs
[#] Folder Deleted : C:\ProgramData\Application Data\xifs
 
***** [ Files ] *****
 
[-] File Deleted : C:\Windows\SysWOW64\findit.xml
[-] File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ixhgbrg4.default\searchplugins\findit.xml
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Value Deleted : HKCU\Environment [SNF]
[-] Value Deleted : HKCU\Environment [SNP]
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\XIFS.EXE
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\xifs.exe
[-] Key Deleted : HKCU\Software\mtxifs
[-] Key Deleted : HKLM\SOFTWARE\mtxifs
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [9681 bytes] - [02/06/2016 21:16:22]
C:\AdwCleaner\AdwCleaner[C2].txt - [2646 bytes] - [06/06/2016 13:21:40]
C:\AdwCleaner\AdwCleaner[C3].txt - [2402 bytes] - [06/06/2016 15:35:06]
C:\AdwCleaner\AdwCleaner[C4].txt - [1955 bytes] - [07/06/2016 20:35:29]
C:\AdwCleaner\AdwCleaner[S1].txt - [10578 bytes] - [02/06/2016 21:13:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [2522 bytes] - [06/06/2016 12:27:48]
C:\AdwCleaner\AdwCleaner[S3].txt - [2603 bytes] - [06/06/2016 13:20:32]
C:\AdwCleaner\AdwCleaner[S4].txt - [2212 bytes] - [06/06/2016 15:32:56]
C:\AdwCleaner\AdwCleaner[S5].txt - [10779 bytes] - [06/06/2016 15:39:31]
C:\AdwCleaner\AdwCleaner[S6].txt - [2617 bytes] - [07/06/2016 20:03:55]
C:\AdwCleaner\AdwCleaner[S7].txt - [2599 bytes] - [07/06/2016 20:19:51]
C:\AdwCleaner\AdwCleaner[S8].txt - [2672 bytes] - [07/06/2016 20:24:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2614 bytes] ##########
 
 
 
 
 
 
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
And here is the EEK log:
 
Emsisoft Emergency Kit - Version 11.0
Scan log
 
Date Scan Method Objects Scanned Objects Detected Duration Type
07/06/2016 21:09:32 Malware 86193 28 0:22:32 Manual scan
 

Edited by xSINderellax, 07 June 2016 - 03:41 PM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:43 AM

Posted 08 June 2016 - 07:47 AM

How is the computer running now?

Please run FRST as you did the first time you ran it. Make sure the addition.txt is checked. Please post the new FRST.txt and addition.txt.


Edited by fireman4it, 08 June 2016 - 07:48 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 xSINderellax

xSINderellax
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 08 June 2016 - 11:55 AM

I seem to still be getting the sidecubes when i load a new tab :/

 

 

Attached Files



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:43 AM

Posted 10 June 2016 - 11:36 AM

Hello, Can you please post the new Addition.txt that was made when you ran FRST?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 xSINderellax

xSINderellax
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 10 June 2016 - 04:16 PM

There isn't one... There is only the one from the first time i ran it :/ Shall i run it again and see if it gives one?



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:43 AM

Posted 10 June 2016 - 05:02 PM

Yes run it again. Make sure before you run it the Addition.txt box has a check in it.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 xSINderellax

xSINderellax
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 10 June 2016 - 08:07 PM

Oh sorry, my mistake.

Attached Files



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:43 AM

Posted 13 June 2016 - 12:08 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Let me know how the machine is running after this fix.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 xSINderellax

xSINderellax
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 13 June 2016 - 12:55 PM

New tabs are bringing up my google homepage thingy with my most visited sites! No more sidecubes it seems! THANK YOU <3 

Attached Files



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:43 AM

Posted 13 June 2016 - 01:23 PM

Let's check for any leftovers.
 
ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by fireman4it, 13 June 2016 - 01:23 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:43 AM

Posted 21 June 2016 - 04:23 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users