Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Two Pop up malware ?


  • Please log in to reply
24 replies to this topic

#1 Pestyone

Pestyone

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 02 July 2016 - 09:02 PM

Keep getting slammed by a Pop up malware( ? )  - www.takearide.xyx ; boost_interprocess - 1 - 844-625-4436 - these idiots expect me to call them to remove some dangerious unknown virus.

 

Not happening .

 

I have used MWB / superanti spyware and hitman pro and then find nothing.

Then I use ADW clearner it finds and deletes the malware ( ? ) but two / three hours later
I get slammed again; so whats this malware about; hope some body out theirs knows how to delete

this crap ! ?    Also have used K Killer and CCleaner and nothing is found

 

What do i keep missing .     Maybe try combo fix next ? ?

 

Also how do i delete safe search nothing so far can remove that crap !

 

Thanks a bunch so need help . . .

 



BC AdBot (Login to Remove)

 


#2 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 02 July 2016 - 09:04 PM

Ops using win 7 HP  / 6 gigs of ram and 64 bit with  i . e .  11 . 0



#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 PM

Posted 04 July 2016 - 02:01 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#4 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 04 July 2016 - 02:51 PM

# AdwCleaner v5.118 - Logfile created 29/05/2016 at 22:55:57
# Updated 23/05/2016 by Xplode
# Database : 2016-05-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Robert - ROBERT-PC
# Running from : C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVDB9KPR\adwcleaner_5.118.exe
# Option : Clean
# Support : hxxp://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
[-] File Deleted : C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Youtube.lnk

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\Robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\Robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key Deleted : HKCU\Software\OMX_Media
[-] Key Deleted : HKCU\Software\SoftSuma
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Restored : HKU\S-1-5-21-4236931218-4029361051-1509103033-1000\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-4236931218-4029361051-1509103033-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-4236931218-4029361051-1509103033-1000\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data Restored : HKU\S-1-5-21-4236931218-4029361051-1509103033-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKU\S-1-5-21-4236931218-4029361051-1509103033-1000\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKU\S-1-5-21-4236931218-4029361051-1509103033-1000\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKU\S-1-5-21-4236931218-4029361051-1509103033-1000\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F61F4F9-F5D3-4030-8DB2-AC3D8AC5B606}
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command []
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\land.pckeeper.software
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pckeeper.software
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\removesafesearch.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\safesear.ch
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com

***** [ Web browsers ] *****

[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\prefs.js] Deleted : user_pref("browser.startup.homepage", "hxxp://www.safesear.ch/?type=20160529-120-ff");
[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\prefs.js] Deleted : user_pref("browser.newtab.url", "hxxp://www.safesear.ch/?type=20160529-120-ff-nt");
[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "SafeSearch");
[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\prefs.js] Deleted : user_pref("browser.search.order.1", "SafeSearch");
[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "SafeSearch");
[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\prefs.js] Deleted : user_pref("keyword.url", "hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=");

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Robert (Administrator) on Mon 07/04/2016 at 15:41:41.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 59

Failed to delete: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ME38F5FL (Temporary Internet Files Folder)
Failed to delete: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ME3JJGEF (Temporary Internet Files Folder)
Failed to delete: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP1COJSJ (Temporary Internet Files Folder)
Failed to delete: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX8WFWQI (Temporary Internet Files Folder)
Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\driver booster 2 (Folder)
Successfully deleted: C:\users\Public\Documents\windows.exe (File)
Successfully deleted: C:\Users\Robert\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Users\Robert\AppData\Roaming\new version available (Folder)
Successfully deleted: C:\Users\Robert\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (Robert) (Task)
Successfully deleted: C:\Windows\system32\Tasks\runTask (Task)
Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OJUJ7T0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5EZM21H2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60DBCLNV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8EJSZVCK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A38UYXJF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GVWWIGIL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCNRI2IR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3USZRUG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLJPY8MG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUKZ60GV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PQSAZRYS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PW40E58D (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVDB9KPR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7NM7G68 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUNY8I6G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y3WBWOQ1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OJUJ7T0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5EZM21H2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60DBCLNV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8EJSZVCK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A38UYXJF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GVWWIGIL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCNRI2IR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3USZRUG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLJPY8MG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUKZ60GV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ME38F5FL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ME3JJGEF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP1COJSJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PQSAZRYS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PW40E58D (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVDB9KPR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7NM7G68 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUNY8I6G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX8WFWQI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y3WBWOQ1 (Temporary Internet Files Folder)

 

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/04/2016 at 15:46:39.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7330 bytes] - [03/04/2016 07:19:21]
C:\AdwCleaner\AdwCleaner[C2].txt - [1455 bytes] - [02/05/2016 14:25:11]
C:\AdwCleaner\AdwCleaner[C3].txt - [1578 bytes] - [05/05/2016 11:44:51]
C:\AdwCleaner\AdwCleaner[C4].txt - [5949 bytes] - [29/05/2016 22:55:57]
C:\AdwCleaner\AdwCleaner[R10].txt - [2065 bytes] - [02/05/2016 17:15:33]
C:\AdwCleaner\AdwCleaner[R11].txt - [2216 bytes] - [11/05/2016 01:37:38]
C:\AdwCleaner\AdwCleaner[R12].txt - [1665 bytes] - [21/05/2016 12:36:55]
C:\AdwCleaner\AdwCleaner[R13].txt - [2451 bytes] - [29/05/2016 22:33:47]
C:\AdwCleaner\AdwCleaner[R14].txt - [1918 bytes] - [29/05/2016 22:37:56]
C:\AdwCleaner\AdwCleaner[S10].txt - [2525 bytes] - [29/05/2016 22:35:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [6731 bytes] - [03/04/2016 07:18:06]
C:\AdwCleaner\AdwCleaner[S2].txt - [923 bytes] - [15/04/2016 13:43:20]
C:\AdwCleaner\AdwCleaner[S3].txt - [1358 bytes] - [02/05/2016 14:22:51]
C:\AdwCleaner\AdwCleaner[S4].txt - [1494 bytes] - [05/05/2016 11:43:29]
C:\AdwCleaner\AdwCleaner[S5].txt - [8488 bytes] - [29/05/2016 22:53:44]
C:\AdwCleaner\AdwCleaner[S7].txt - [2139 bytes] - [02/05/2016 17:16:40]
C:\AdwCleaner\AdwCleaner[S8].txt - [2288 bytes] - [11/05/2016 01:38:29]
C:\AdwCleaner\AdwCleaner[S9].txt - [1725 bytes] - [21/05/2016 12:38:32]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [7049 bytes] ##########
# AdwCleaner v5.201 - Logfile created 04/07/2016 at 15:33:31
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-04.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Robert - ROBERT-PC
# Running from : C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUKZ60GV\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Robert\AppData\Local\PPC-software
[-] Folder Deleted : C:\Users\Robert\Documents\PPC-software

***** [ Files ] *****

[-] File Deleted : C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Youtube.lnk

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\Robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\Robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\BaiduSparkHTML
[-] Key Deleted : HKLM\SOFTWARE\Classes\ioloToolService.ToolManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key Deleted : HKCU\Software\OMX_Media
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\SoftSuma
[-] Key Deleted : HKCU\Software\Tuguu
[-] Key Deleted : HKCU\Software\PPC-softwareLanguage
[-] Key Deleted : HKCU\Software\csastats
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-4236931218-4029361051-1509103033-1000\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-4236931218-4029361051-1509103033-1000\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKU\S-1-5-21-4236931218-4029361051-1509103033-1000\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKU\S-1-5-21-4236931218-4029361051-1509103033-1000\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command []
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\land.pckeeper.software
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pckeeper.software
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\piroga.space
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\safesear.ch

***** [ Web browsers ] *****

[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\prefs.js] Deleted : user_pref("browser.startup.homepage", "hxxp://www.safesear.ch/?type=20160628-185-ff");
[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\prefs.js] Deleted : user_pref("browser.newtab.url", "hxxp://www.safesear.ch/?type=20160628-185-ff-nt");
[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "SafeSearch");
[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\prefs.js] Deleted : user_pref("browser.search.order.1", "SafeSearch");
[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "SafeSearch");
[-] [C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\prefs.js] Deleted : user_pref("keyword.url", "hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=");

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7330 bytes] - [03/04/2016 07:19:21]
C:\AdwCleaner\AdwCleaner[C2].txt - [1455 bytes] - [02/05/2016 14:25:11]
C:\AdwCleaner\AdwCleaner[C3].txt - [1578 bytes] - [05/05/2016 11:44:51]
C:\AdwCleaner\AdwCleaner[C4].txt - [12571 bytes] - [29/05/2016 22:55:57]
C:\AdwCleaner\AdwCleaner[R10].txt - [2065 bytes] - [02/05/2016 17:15:33]
C:\AdwCleaner\AdwCleaner[R11].txt - [2216 bytes] - [11/05/2016 01:37:38]
C:\AdwCleaner\AdwCleaner[R12].txt - [1665 bytes] - [21/05/2016 12:36:55]
C:\AdwCleaner\AdwCleaner[R18].txt - [2390 bytes] - [24/06/2016 18:31:35]
C:\AdwCleaner\AdwCleaner[R20].txt - [2634 bytes] - [25/06/2016 17:57:07]
C:\AdwCleaner\AdwCleaner[R23].txt - [3000 bytes] - [29/06/2016 17:51:01]
C:\AdwCleaner\AdwCleaner[R26].txt - [2194 bytes] - [01/07/2016 17:34:53]
C:\AdwCleaner\AdwCleaner[R27].txt - [2316 bytes] - [02/07/2016 19:41:05]
C:\AdwCleaner\AdwCleaner[S15].txt - [2452 bytes] - [24/06/2016 18:32:28]
C:\AdwCleaner\AdwCleaner[S17].txt - [2696 bytes] - [25/06/2016 17:57:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [6731 bytes] - [03/04/2016 07:18:06]
C:\AdwCleaner\AdwCleaner[S20].txt - [3062 bytes] - [29/06/2016 17:51:27]
C:\AdwCleaner\AdwCleaner[S23].txt - [2260 bytes] - [01/07/2016 17:36:44]
C:\AdwCleaner\AdwCleaner[S24].txt - [2382 bytes] - [02/07/2016 19:42:03]
C:\AdwCleaner\AdwCleaner[S2].txt - [923 bytes] - [15/04/2016 13:43:20]
C:\AdwCleaner\AdwCleaner[S3].txt - [1358 bytes] - [02/05/2016 14:22:51]
C:\AdwCleaner\AdwCleaner[S4].txt - [1494 bytes] - [05/05/2016 11:43:29]
C:\AdwCleaner\AdwCleaner[S5].txt - [17637 bytes] - [29/05/2016 22:53:44]
C:\AdwCleaner\AdwCleaner[S7].txt - [2139 bytes] - [02/05/2016 17:16:40]
C:\AdwCleaner\AdwCleaner[S8].txt - [2288 bytes] - [11/05/2016 01:38:29]
C:\AdwCleaner\AdwCleaner[S9].txt - [1725 bytes] - [21/05/2016 12:38:32]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [14191 bytes] ##########



#5 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 04 July 2016 - 03:04 PM

[-] Deleted ->> File ->> C:\Program Files (x86)\Anvsoft\Any DVD Converter Professional\gnu\qt-faststart.exe
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\mozilla\Firefox\Extensions\ <RegValue:> {jid1-vS7biDmom8YxhA@jetpack} <RegData:> C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\extensions\{jid1-vS7biDmom8YxhA@jetpack} : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla\Firefox\Extensions\ <RegValue:> {jid1-vS7biDmom8YxhA@jetpack} <RegData:> C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\extensions\{jid1-vS7biDmom8YxhA@jetpack} : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\mozilla\Firefox\Extensions\ <RegValue:> {jid1-vS7biDmom8YxhA@jetpack} <RegData:> C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\extensions\{jid1-vS7biDmom8YxhA@jetpack} : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla\Firefox\Extensions\ <RegValue:> {jid1-vS7biDmom8YxhA@jetpack} <RegData:> C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\extensions\{jid1-vS7biDmom8YxhA@jetpack} : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\eaw973gh.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
[-] Deleted ->> Registry Value Name ->> HKEY_LOCAL_MACHINE\SOFTWARE\mozilla\Firefox\Extensions\ <RegValue:> {jid1-vS7biDmom8YxhA@jetpack}
[-] Deleted ->> Registry Value Name ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla\Firefox\Extensions\ <RegValue:> {jid1-vS7biDmom8YxhA@jetpack}
 



#6 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 04 July 2016 - 03:06 PM

Dang so far nothing as removed safesear.com  or  takearide.xyx or boost_interprocess that i can tell but will keep going



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 PM

Posted 04 July 2016 - 03:25 PM

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


#8 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 04 July 2016 - 03:52 PM

Waiting on Zemana scan to finish 



#9 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 04 July 2016 - 04:02 PM

Ok looking better ; looks like Zemana scan just removed - variety . constant  and safe search  so what do i do next ?

 

 

 

Zemana AntiMalware 2.21.2.139 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/7/4
Operating System       : Windows 7 64-bit
Processor              : 2X Intel® Core™ i5-2450M CPU @ 2.50GHz
BIOS Mode              : Legacy
CUID                   : 12C0E59FC8B951E25C85D2
Scan Type              : Deep Scan
Duration               : 44m 31s
Scanned Objects        : 200709
Detected Objects       : 7
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Internet Explorer Shortcut
Status             : Scanned
Object             : http://www.varietyconstant.com/central/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status             : Scanned
Object             : http://www.varietyconstant.com/central/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status             : Scanned
Object             : http://www.varietyconstant.com/central/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Shortcut

Fake Firefox Shortcut
Status             : Scanned
Object             : %appdata%\microsoft\internet explorer\quick launch\user pinned\taskbar\mozilla firefox.lnk
MD5                : 07AB37378DFCA161A515A8D0DCADD7BC
Publisher          : -
Size               : 946
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Firefox Shortcut
                File - %appdata%\microsoft\internet explorer\quick launch\user pinned\taskbar\mozilla firefox.lnk

Fake Firefox Shortcut
Status             : Scanned
Object             : %programdata%\microsoft\windows\start menu\programs\mozilla firefox.lnk
MD5                : A3D8A3A2330FE98A48B10012BB8ED398
Publisher          : -
Size               : 922
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Firefox Shortcut
                File - %programdata%\microsoft\windows\start menu\programs\mozilla firefox.lnk

Fake Firefox Shortcut
Status             : Scanned
Object             : %appdata%\microsoft\internet explorer\quick launch\mozilla firefox.lnk
MD5                : E5A6699DDBFDCAF091939A33238007F2
Publisher          : -
Size               : 934
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Firefox Shortcut
                File - %appdata%\microsoft\internet explorer\quick launch\mozilla firefox.lnk

stflt.sys
Status             : Scanned
Object             : %systemroot%\system32\drivers\stflt.sys
MD5                : B9657A0AFF28C1CB114ACC0CB93EE4BB
Publisher          : Crawler, LLC
Size               : 51496
Version            : 4.0.1.1
Detection          : Win32/Browser.Hijacker.Crawler!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\system32\drivers\stflt.sys

Cleaning Result
-------------------------------------------------------
Cleaned               : 7
Reported as safe      : 0
Failed                : 0



#10 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 04 July 2016 - 04:30 PM

inter process - takearide still attacking me dang it running other scans you asked for



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 PM

Posted 04 July 2016 - 06:23 PM

:thumbup2:



#12 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 04 July 2016 - 06:46 PM

Been waiting on ADs fix scan to finish not even half done yet the slowest scan i have ever used; hope its worth the huge wait ;

can t see if its doing any thing good yet - ho hum fingers tapping annoyed  :  (



#13 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 04 July 2016 - 10:07 PM

Ok enough of ad fix been running for over 3 hours found 50 items; so it post and frozen solid 60 % so deleted it and seems 

like nothing has gotten fixed yet but still here fingers crossed so what now;  still need help  !  ?



#14 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 04 July 2016 - 10:39 PM

more bad news the 9 scan tool is unable to load date base;  need   h e l p  anyone awake their so what now  !  ?



#15 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 04 July 2016 - 10:41 PM

The bad news never stops  - RSTHOST scan is not in english so what now awaited help






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users