Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware possibly blocking internet connection?


  • Please log in to reply
8 replies to this topic

#1 Teoh

Teoh

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 28 June 2016 - 01:52 PM

Recently today my connection dropped suddenly and i had not recently downloaded anything. 

 

I reset my router and connection several times and ran some troubleshooting but nothing was coming up. 

I decided to run Malwarebytes just in case i had been infected and as this was running bitdefender prompted me an adware agent.qxf file had been detected and deleted. After the Malwarebytes scan nothing came up. I then went into safe mode and re-ran Malwarebytes which picked up several registry key files, three of which i recognized called BrowserAir which i had run into before when i had a big adware problem. These were cleaned off and i restarted my computer, doing another scan once i was out of safe mode. This didnt pick up anything however i still could not access the internet. Something interesting is that the network item on my toolbar is showing up clear whereas it should normally have an error symbol although it does say there is no internet access on the network and sharing center. 

 

I then booted my computer up in safe mode with networking and noticed i could access the internet. I then downloaded rkill and Adwcleaner which i both ran in safe mode and out of safe mode. Adwcleaner picked up a few files which i have in a log (im not sure if its allowed to be posted in this thread) but i still cannot access the internet.

 

Other devices in the house work on the network. I use a network plug normally and i have also tried a direct wired connection from the router to my pc however this has made no difference.

 

I would appreciate any help on the situation, thanks!

 

 

 



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 29 June 2016 - 05:40 PM

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


#3 Teoh

Teoh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 02 July 2016 - 08:11 AM

Scan & Clean With Ads Fix 
The scan went fine taking a few hours. Once this was finished my internet connection was restored however bitdefender's firewall was set offline and it would not allow me to re-enable it (I'll look into this myself later). Also, I was wondering if there is a way to view the files it has deleted as there were 60+.

Although it seems the internet is fixed i carried on with the scans you listed:

 

Reset Host File

 

-|x| RstHosts v2.0 - Rapport créé le 02/07/2016 à 11:18:52
-|x| Système d'exploitation : Windows 10 Home  (64 bits)
-|x| Nom d'utilisateur : Andy - ANDY-PC (Administrateur)
 
-|x|- Informations -|x|-
 
Emplacement : C:\Windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 14/07/2009 - 03:34:48
Date de modification : 02/07/2016 - 11:18:43
Date de dernier accès : 02/07/2016 - 11:18:43
 
-|x|- Contenu du fichier -|x|-
 
# Fichier Hosts créé par RstHosts
 
127.0.0.1       localhost
::1             localhost
 
-|x|- E.O.F - C:\RstHosts.txt - 601 bytes -|x|-
 
  •  

 

 

Pre_Scan

 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_29.06.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 11:25:57
 
Updated 29/06/2016 | 13.25 by g3n-h@ckm@n
 
[Andy (Administrator)] - [ANDY-PC]
SID = S-1-5-21-746638254-1591000439-4165129800-1000
 
Boot: SafeMode with network
System : Windows 10 Home (64 bits) Core 
ProcessorNameString : Intel® Core™ i7-4770K CPU @ 3.50GHz
Identifier : Intel64 Family 6 Model 60 Stepping 3
CoreTemp : 29.8 Celsius - Max : 105 Celsius
 
Memory RAM = Total (MB) : 8326 | Free (MB) : 7543
Pagefile = Total (MB) : 16714 | Free (MB) : 16058
Virtual = Total (MB) : 4194 | Free (MB) : 4002
 
¤¤¤¤¤¤¤¤¤¤ # Components of starting up
 
 
¤¤¤¤¤¤¤¤¤¤¤ # Drives
 
F:\-> [Fixed] | [] | Total : 229.97 Go | Free : 122.42 Go -> NTFS [ATA]
E:\-> [CDROM] | [Audio CD]
D:\-> [Fixed] | [Andy Data Drive] | Total : 701.1 Go | Free : 472.17 Go -> NTFS [ATA]
C:\-> [Fixed] | [] | Total : 232.88 Go | Free : 79.63 Go -> NTFS (SSD) [ATA]
 
¤¤¤¤¤¤¤¤¤¤ # Windows updates
 
No detected update !!! 
 
Microsoft : +
 
 
¤¤¤¤¤¤¤¤¤¤ # Sessions
 
C:\Windows\system32\config\systemprofile
C:\WINDOWS\ServiceProfiles\LocalService
C:\WINDOWS\ServiceProfiles\NetworkService
C:\Users\Andy
C:\Users\kim
C:\Users\slefr
C:\Users\DefaultAppPool
 
Registry saved , to restore :  Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [02.07.2016 @ 11_21_24])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore
 
¤¤¤¤¤¤¤¤¤¤ # Browsers
 
IE : 11.0.10586.420     (© Microsoft Corporation.)
GC : 51.0.2704.103     (Copyright 2015 Google Inc.)
 
¤¤¤¤¤¤¤¤¤¤ # FlashPlayer
 
ActiveX : 22.0.0.192
 
���������� # Security
 
AS : Windows Defender Disabled
AM : Malwarebytes Anti-Malware   (2.3.173.0)     []
FW : Bitdefender Firewall Disabled
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
FW: Windows FireWall Service [Auto(2)] = Running
 
¤¤¤¤¤¤¤¤¤¤ # Stopped processes
 
2036 | [Owner : Andy |Parent : 436] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe
1624 | [Owner : Andy |Parent : 572] - (.Microsoft Corporation - Windows Explorer.) - (10.0.10586.420) = C:\Windows\explorer.exe
460 | [Owner : Andy |Parent : 1624] - (.Microsoft Corporation - CTF Loader.) - (10.0.10586.0) = C:\Windows\System32\ctfmon.exe
2312 | [Owner : Andy |Parent : 792] - (.Microsoft Corporation - Microsoft Help and Support.) - (10.0.10586.0) = C:\Windows\HelpPane.exe
2392 | [Owner : Andy |Parent : 792] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10586.0) = C:\Windows\System32\ApplicationFrameHost.exe
2852 | [Owner : Andy |Parent : 1624] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2860 | [Owner : Andy |Parent : 2852] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2824 | [Owner : Andy |Parent : 792] - (.Microsoft Corporation - Windows Explorer.) - (10.0.10586.420) = C:\Windows\explorer.exe
2660 | [Owner : Andy |Parent : 2824] - (. - .) - (2.0.0.0) = C:\Users\Andy\Downloads\rsthosts_2.0.exe
2612 | [Owner : Andy |Parent : 2660] - (.Microsoft Corporation - Notepad.) - (10.0.10586.0) = C:\Windows\SysWOW64\notepad.exe
 
¤¤¤¤¤¤¤¤¤¤ # Winlogon user
 
 
¤¤¤¤¤¤¤¤¤¤ # Winlogon machine
 
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe, -> C:\Windows\SYSWOW64\userinit.exe,
 
¤¤¤¤¤¤¤¤¤¤ # SafeBoot
 
Safeboot Keys are O.K
 
Alternate shell is OK !
 
 
 
¤¤¤¤¤¤¤¤¤¤ # IFEO
 
 
¤¤¤¤¤¤¤¤¤¤ # Mountpoints2
 
 
 
¤¤¤¤¤¤¤¤¤¤ # Windows
 
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
 
¤¤¤¤¤¤¤¤¤¤ # Security center
 
 
 
 
¤¤¤¤¤¤¤¤¤¤ # Services
 
 
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] :  -> 0
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Iphlpsvc]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 0 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2
 
¤¤¤¤¤¤¤¤¤¤ # Internet Explorer
 
 
¤¤¤¤¤¤¤¤¤¤ # reparsepoint
 
 
 
¤¤¤¤¤¤¤¤¤¤ # Offsets
 
 
¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry
 
 
Deleted : HKU\S-1-5-21-746638254-1591000439-4165129800-1000\Software\srac
 
Moved to quarantine successfully : C:\Users\Andy\AppData\Roaming\config_data.dat
Moved to quarantine successfully  : D:\setup.exe
Moved to quarantine successfully  : D:\ToolboxVersion.dat
Will be moved in quarantine at reboot  : D:\msdownld.tmp
 
¤¤¤¤¤¤¤¤¤¤ # ADS
 
 
Prefetch -> cleaned
 
 
D:\ : Vaccinated (Vaccin created by Pre_Scan)
F:\ : Vaccinated (Vaccin created by Pre_Scan)
 
���������� | Hidden files
 
~ [Drive D:] : Hidden : 20 | Restored : 20
~ [Drive F:] : Hidden : 1465 | Restored : 1269
~ [Drive C:] : Hidden : 7 | Restored : 7
~ [Program Files] : Hidden : 11 | Restored : 11
~ [Users] : Hidden : 3 | Restored : 3
~ [Pictures] : Hidden : 1 | Restored : 1
~ [Documents] : Hidden : 16 | Restored : 16
~ [Searches] : Hidden : 2 | Restored : 2
~ [Windows] : Hidden : 50 | Restored : 46
~ [AppData] : Hidden : 27 | Restored : 27
 
 
¤¤¤¤¤¤¤¤¤¤ # Drives
 
 Disk: 0   Size=238G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    07-NTFS    238G   Yes   No         2,048  488,390,017
 
¤¤¤¤¤¤¤¤¤¤
 
Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] :  -> 1
 
End : 11:47:45
 
 
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 194
 

 

 

 

9-Lab Scan.

 

  • 9-lab Removal Tool 1.0.0.39 BETA
    9-lab.com
     
    Database version: 128.39590
     
    Windows 8 (Version 6.2, Build 0, 64-bit Edition)
    Internet Explorer 9.11.10586.0
    Andy :: ANDY-PC
     
    02-Jul-16 12:38:52 PM
    9lab-log-2016-07-02 (12-38-52).txt
     
    Scan type: Full
    Objects scanned: 87809
    Time Elapsed: 21 m 56 s
     
    Registry Keys detected: 2
    Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gupdatem]
    Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gupdate]
     
     
    Registry Values detected: 1
    Risk.Path [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command (Default)]
     
     
    Files detected: 4
    [9CEF63FDE7A3A91A747CEB26D00FCED3] Malware.Win32.Gen.sm [C:\Pre_Scan\smss.exe]
    [7AB6407BCA223152A743C2DE03198BB4] Malware.Win32.Gen.3969.sm!ff [C:\Program Files (x86)\AMD\CNext\CCCSlim\CCCInstall.exe]
    [0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.486E.sm!ff [C:\Users\Andy\Downloads\rsthosts_2.0.exe]
    [09754DB5A2379FDD8759ADB49F5EEC5B] Malware.Win32.Gen.0975.sm!ff [C:\Users\Andy\OneDrive\Kingston yellow usb back up\unInstaller.exe]
     

    I chose to ignore my usb back up file and Amd file.

     
    Edit: Windows icon in bottom left corner will not open when left clicking, loading circle can be seen when . When opening calculator it opens for a split second then closes.

Edited by Teoh, 02 July 2016 - 01:21 PM.


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 04 July 2016 - 01:31 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#5 Teoh

Teoh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 24 July 2016 - 09:45 AM

Sorry for the late response.

 

Here are the log files as follows:

 

Adware Cleaner Scan.

 

# AdwCleaner v5.201 - Logfile created 24/07/2016 at 14:45:45

# Updated 30/06/2016 by ToolsLib

# Database : 2016-07-21.2 [Server]

# Operating system : Windows 10 Home  (X64)

# Username : Andy - ANDY-PC

# Running from : C:\Users\Andy\Downloads\adwcleaner_5.201.exe

# Option : Clean

# Support : https://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd

[-] Folder Deleted : C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj

 

***** [ Files ] *****

 

[-] File Deleted : C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj

 

***** [ DLLs ] *****

 

 

***** [ WMI ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmnlcjabgnpnenekpadlanbbkooimhnj

[-] [C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

 

*************************

 

:: "Tracing" keys deleted

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C1].txt - [4527 bytes] - [28/06/2016 19:22:13]

C:\AdwCleaner\AdwCleaner[C2].txt - [1563 bytes] - [28/06/2016 20:37:20]

C:\AdwCleaner\AdwCleaner[C3].txt - [1623 bytes] - [24/07/2016 14:45:45]

C:\AdwCleaner\AdwCleaner[S1].txt - [4640 bytes] - [28/06/2016 17:52:26]

C:\AdwCleaner\AdwCleaner[S2].txt - [4301 bytes] - [28/06/2016 19:20:57]

C:\AdwCleaner\AdwCleaner[S3].txt - [1383 bytes] - [28/06/2016 20:36:39]

C:\AdwCleaner\AdwCleaner[S4].txt - [1273 bytes] - [28/06/2016 21:29:23]

C:\AdwCleaner\AdwCleaner[S5].txt - [1602 bytes] - [29/06/2016 10:18:46]

C:\AdwCleaner\AdwCleaner[S6].txt - [2015 bytes] - [24/07/2016 14:43:10]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2134 bytes] ##########

 

JRT Scan.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.7 (07.03.2016)

Operating System: Windows 10 Home x64 

Ran by Andy (Administrator) on 24-Jul-16 at 14:56:00.41

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 13 

 

Successfully deleted: C:\ProgramData\1461615686.bdinstall.bin (File) 

Successfully deleted: C:\ProgramData\1461694105.bdinstall.bin (File) 

Successfully deleted: C:\ProgramData\1465906554.bdinstall.bin (File) 

Successfully deleted: C:\ProgramData\1465906567.bdinstall.bin (File) 

Successfully deleted: C:\Users\Andy\AppData\Roaming\speedrunnerslog.txt (File) 

Successfully deleted: C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CFXMVU9 (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCV0ROAO (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZCMIZ7H (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF5C1HB0 (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CFXMVU9 (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCV0ROAO (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZCMIZ7H (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF5C1HB0 (Temporary Internet Files Folder) 

 

 

 

Registry: 1 

 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_D9C6B67A63EF2C294D4A204374B6A795 (Registry Value) 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 24-Jul-16 at 14:58:27.39

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Adware Removal Tool Scan.

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 

 

Adware Removal Tool 5.1

Time: 2016_07_24_15_03_38

OS: Windows 10 Home - x64 Bit

Account Name: Andy

Adware Definition: 07232016

Elapsed time: 04:58

Scan Status:- Automatic Done

 

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\

 

File Found : Adware.Youndoo : C:\Users\Andy\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage

File Found : Adware.Youndoo : C:\Users\Andy\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal

File Found : Adware.Youndoo : C:\Users\Andy\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage

File Found : Adware.Youndoo : C:\Users\Andy\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal

File Found : Adware.Youndoo : C:\Users\Andy\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage

File Found : Adware.Youndoo : C:\Users\Andy\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal

File Found : Adware.Youndoo : C:\Users\Andy\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage

File Found : Adware.Youndoo : C:\Users\Andy\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal

File Found : Adware.Youndoo : C:\Users\Andy\Appdata\Local\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage

File Found : Adware.Youndoo : C:\Users\Andy\Appdata\Local\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal

File Found : Adware.Youndoo : C:\Users\Andy\Appdata\Local\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage

File Found : Adware.Youndoo : C:\Users\Andy\Appdata\Local\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal

File Found : PUP.Fast Start : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 

 

Adware Removal Tool 5.1

Time: 2016_07_24_15_03_38

OS: Windows 10 Home - x64 Bit

Account Name: Andy

Adware Definition: 07232016

Elapsed time: 04:58

Repair Status:- Automatic Done

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

 

[-] Deleted ->> File ->> C:\Users\Andy\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage

 

[-] Deleted ->> File ->> C:\Users\Andy\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal

 

[-] Deleted ->> File ->> C:\Users\Andy\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage

 

[-] Deleted ->> File ->> C:\Users\Andy\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal

 

[-] Deleted ->> File ->> C:\Users\Andy\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage

 

[-] Deleted ->> File ->> C:\Users\Andy\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal

 

[-] Deleted ->> File ->> C:\Users\Andy\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage

 

[-] Deleted ->> File ->> C:\Users\Andy\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal

 

[-] Deleted ->> File ->> C:\Users\Andy\Appdata\Local\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage

 

[-] Deleted ->> File ->> C:\Users\Andy\Appdata\Local\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal

 

[-] Deleted ->> File ->> C:\Users\Andy\Appdata\Local\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage

 

[-] Deleted ->> File ->> C:\Users\Andy\Appdata\Local\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal

 

[-] Deleted ->> File ->> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk

 

ZHP Scan.

~ ZHPCleaner v2016.7.21.87 by Nicolas Coolman (2016/07/21)

~ Run by Andy (Administrator)  (24/07/2016 15:37:20)

~ Site : http://www.nicolascoolman.com

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : Version OK

~ Type : Repair

~ Report : C:\Users\Andy\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\Andy\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Boot Mode : Normal (Normal boot)

Windows 10 Home, 64-bit  (Build 10586)

 

 

---\\  Services (0)

~ No malicious or unnecessary items found.

 

 

---\\  Browser internet (0)

~ No malicious or unnecessary items found.

 

 

---\\  Hosts file (0)

~ No malicious or unnecessary items found.

 

 

---\\  Scheduled automatic tasks. (0)

~ No malicious or unnecessary items found.

 

 

---\\  Explorer ( File, Folder) (20)

MOVED file: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.gameofthronesmmo.com_0.localstorage-journal    =>.Superfluous.IronSourceLtd

MOVED folder: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>PUP.Optional.DomaIQ

MOVED folder: C:\Windows\Installer\MSI52E2.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI71E2.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI7AA0.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI80AF.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI84EE.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI89D8.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI8B11.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI8D16.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI8E40.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI8F2B.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI9306.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI93F1.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI9598.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI96F1.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI9B76.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI9C81.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSIA733.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSIB639.tmp-  =>Empty

 

 

---\\  Registry ( Key, Value, Data) (3)

DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\soundcloud.com []  =>PUP.Optional.SoundCloud

DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\soundcloud.com [576]  =>PUP.Optional.SoundCloud

DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect

 

 

---\\  Summary of the elements found (4)

https://www.nicolascoolman.info/2016/05/02/superfluous-ironsourceltd/  =>.Superfluous.IronSourceLtd

http://www.nicolascoolman.fr/?p=679  =>PUP.Optional.DomaIQ

http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.SoundCloud

https://www.nicolascoolman.info/2016/04/22/heuristic-suspect/  =>Heuristic.Suspect

 

 

---\\  Other deletions. (22)

~ Registry Keys Tracing deleted (22)

~ Remove the old reports ZHPCleaner. (0)

 

 

---\\ Result of repair

~ Repair carried out successfully

~ Browser not found (Mozilla Firefox)

~ Browser not found (Opera Software)

 

 

---\\ Statistics

~ Items scanned : 273

~ Items found : 0

~ Items cancelled : 0

~ Items repaired : 23

 

 

~ End of clean in 00h00mn08s

~====================

ZHPCleaner-[R]-24072016-15_37_28.txt

ZHPCleaner-[S]-24072016-15_34_01.txt

 

Zemana Scan

 

 

Zemana AntiMalware 2.21.2.139 (Installed)

 

-------------------------------------------------------

Scan Result            : Completed

Scan Date              : 2016-7-24

Operating System       : Windows 10 64-bit

Processor              : 8X Intel® Core™ i7-4770K CPU @ 3.50GHz

BIOS Mode              : Legacy

CUID                   : 1299F5C684D82E1A3DB34B

Scan Type              : Deep Scan

Duration               : 4m 46s

Scanned Objects        : 326459

Detected Objects       : 5

Excluded Objects       : 0

Read Level             : SCSI

Auto Upload            : Enabled

Detect All Extensions  : Disabled

Scan Documents         : Disabled

Domain Info            : WORKGROUP,0,2

 

Detected Objects

-------------------------------------------------------

 

Internet Explorer Shortcut

Status             : Scanned

Object             : "

MD5                : -

Publisher          : -

Size               : -

Version            : -

Detection          : Suspicious Browser Setting

Cleaning Action    : Repair

Related Objects    :

                Browser Setting - Internet Explorer Shortcut

 

Hosts File

Status             : Scanned

Object             : %systemroot%\system32\drivers\etc\hosts

MD5                : F666B6456726DB927939D86012073291

Publisher          : -

Size               : 89

Version            : -

Detection          : Hosts Hijack

Cleaning Action    : Repair

Related Objects    :

                Hosts file - Hosts file is hidden

                File - %systemroot%\system32\drivers\etc\hosts

 

Pre_Scan.exe

Status             : Scanned

Object             : %userprofile%\desktop\pre_scan.exe

MD5                : B36DEEDBC94478BCE47AC137D42350DE

Publisher          : g3n-h@ckm@n

Size               : 3453968

Version            : 29.6.2016.1

Detection          : Malware:Win32/Zelion!Eeek

Cleaning Action    : Quarantine

Related Objects    :

                File - %userprofile%\desktop\pre_scan.exe

 

MSIF48C.tmp

Status             : Scanned

Object             : %systemroot%\installer\msif48c.tmp

MD5                : 5E1199DCF674CC477E249311D2C2AC45

Publisher          : APN LLC

Size               : 109968

Version            : 1.0.0.1

Detection          : PUA:Win32/AskToolbar.Gen

Cleaning Action    : Quarantine

Related Objects    :

                File - %systemroot%\installer\msif48c.tmp

 

Pre_Scan.exe

Status             : Scanned

Object             : %homedrive%\pre_scan\pre_scan.exe

MD5                : B36DEEDBC94478BCE47AC137D42350DE

Publisher          : g3n-h@ckm@n

Size               : 3453968

Version            : 29.6.2016.1

Detection          : Malware:Win32/Zelion!Eeek

Cleaning Action    : Quarantine

Related Objects    :

                File - %homedrive%\pre_scan\pre_scan.exe

 

 

Cleaning Result

-------------------------------------------------------

Cleaned               : 5

Reported as safe      : 0

Failed                : 0



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 24 July 2016 - 10:08 AM

How are things running now?



#7 Teoh

Teoh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 25 July 2016 - 05:31 AM

The internet connection is fine now (Thanks  :) ) however I cannot access the start button or any windows programs e.g. Windows Media player, Calculator.

Additionally, I cannot activate the bit defender firewall.



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 AM

Posted 25 July 2016 - 06:24 PM

Install (use the direct download) the Tweaking.com - Windows all in one repair tool. Then boot Windows into Safe Mode, (Make Certain To Run This Program As Administrator) then run through the Prescan on step 2 tab. Then skip to step 5 and create  a system restore point. Then go to the repair tab...         

Notice create a registry backup is ticked by default, so no need to do so in step 5...

Now run the program, with the boxes ticked in the picture below.RR7xtBS.png

Click Image Below For Better Resolution.

 

4egYyDC.png

May want to save picture or write down what boxes need ticked, since you will run this in Safe Mode.

Important: Make certain to reboot twice after running this tool!!



#9 Teoh

Teoh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 27 July 2016 - 06:47 AM

Everything is running fine now. The windows repair tool fixed the tool bar and Bitdefender's repair program fixed the firewall issues. Thank you so much, I really appreciate all the help you've given me. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users