Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected by speedbit search


  • This topic is locked This topic is locked
21 replies to this topic

#1 datwin-bordo

datwin-bordo

  • Banned
  • 60 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 11 June 2017 - 01:13 PM

Hello all,
 
Datwin-bordo is back,
 
and hello Aura, you known french language, we have disinfected and takes conversations on Geeks2Go forums on April 2017,
 
and now, 40 days later,
my parents goes to computer repair services in a shop to repair my Archos PC Stick, zalman VE-350, usb keys (wintobootic, frama asso/salix, multibootables sardu/yumi, sandisk connect, virtualbox portable of Cubuntu live Toshiba drive...),
 
and 7 days ago my compaq desktop pc, after installed Cubuntu in dualboot with my Toshiba usb key, says on linux live "error to create boot menu" on cubuntu's installs ends, then this compaq pc crashes with alarm, 2 days later my parents reanimated my compaq desktop, and now the desktop comeback,
 
then 2 days ago i installs on my Compaq desktop and Acer Win 7 Laptop now on Thursday may 23th's evening the "CyberLink MediaSuite 15" trial free released on may 23th, and then the others trials versions which are the Avanquest and Solvusoft trials versions,
whichs now installed Registry First Aid and Smart Privacy Cleaner, which are two Avanquest rogus scarewares and now the Solvusoft rogues, and Advanced SystemProtector, excited of this, i go
to execute adsfix and start scans, wichs scans and repair for time of two days,
 
and now theses logs:
win 10 compaq: http://www.cjoint.com/doc/17_05/GEyuD3yFovO_AdsFix-24-05-2017-22-02-36.txt
win 7 acer notebook: http://www.cjoint.com/doc/17_05/GEzeUb53yGO_AdsFix-24-05-2017-18-40-19.txt
 
translation in french for Aura:
Quote

"Bonjour à tous,

voila depuis le 10 mai sur ma tour et mon notebook,

1) j'ai défragmenté le disque C:/

2) grace à ma clé usb bootable Cubuntu Live Toshiba commandée sur Amazon, j'ai dans la partie live lancée l'installation de Cubuntu pour faire un dualboot windows 10-cubuntu, l'installation à réussi, mais ensuite à sa fin il y à marqué "erreur de création du Grub Syslinux", me privant de booter sur Cubuntu dans mon dual boot, donc je n'ai accés automatiquement qu'à windows 10 à chaque reboot,
du coup ma tour avait ensuite plantée avec des signaux sonores, 5 jours plus tard ma tour refonctionne à nouveau

3) cette clé usb toshiba ainsi que autres périphériques et mon 3ème pc partent chez l'informaticien ce week-end, d'après ce qui est décidé

4) hier, j'ai essayé le tout nouveau shareware CyberLink Media Suite 15 Ultra sorti hier en fin de matinée, mais son installeur m'as installé advanced systemprotector, registry firts aid platinum 11, smart privacy cleaner et supersonic pc,
du coup mon explorer/bureau étant en feu, j'ai lancé adsfix le soir de mardi 23 mai qui à tourné 24 heures, et fini son travail sur ma tour, voici son rapport:
{C}http://www.cjoint.com/c/GEyuD3yFovO{C}

mais déja mon triple boot "windows 10-acronis recovery environnement-cubuntu" va prendre un coup,
mais quand à WannaCry, une solution pour s'en protéger et vérifier maintenant si il y en à des traces
 
voici enfin le rapport adsfix de mon notebook Windows 7, à vous relire:
http://www.cjoint.com/c/GEzeUb53yGO
"
 and the june 1st, i burned raspbian img to a 64 gb sd card, and then this card converted to a 10 mb partition, it's normal ?, and i can film with my camera with this card ?,

after makes bootables my sd:
-the sdxc 512 gb converted into "windows 7 password reset disk" -> the bug of this card after makes this card into "windows 7 password reset disk" is: suspiciout to takes videos/photos with my camera with this card
-the sdxc 64 gb converted into raspbian os for my future raspberry pi -> the bug of this card after makes this card into "raspbian" is: the 64 gb transformed to 10 MB partition + impossibility to takes videos/photos with my camera with this card
-the sd 4 go converted into win 10 installation with win usb -> the bug of this card after makes this card into windows installer is: suspicions to boot error & to takes videos/photos with my camera with this card

 

and ota and ots complicated, i tried first time ota on compaq desktop machine and complicated because pastes/makes/creates fix is first way, sorry of this, i launched ots by oldtimer on compaq desktop and all checked and it's scan actually,

i wait help
Thanks...
Cordially...


Edited by hamluis, 11 June 2017 - 01:18 PM.
Moved from MRL to AII - Hamluis.


BC AdBot (Login to Remove)

 


#2 datwin-bordo

datwin-bordo
  • Topic Starter

  • Banned
  • 60 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 12 June 2017 - 06:53 AM

And now the OTS log:
http://www.cjoint.com/c/GFmlX1RNJcg

And now the roguekiller log:
http://www.cjoint.com/c/GFmlZn0tXAg


Edited by hamluis, 12 June 2017 - 07:00 AM.
Moved from AII to MRL, log - Hamluis.


#3 datwin-bordo

datwin-bordo
  • Topic Starter

  • Banned
  • 60 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 12 June 2017 - 10:22 AM

And now the logs of frst & addition of my two pc:

 

 
 
 
 
i ran also spyhunter by enigma software on my compaq desktop pc, detected 3313 threats and i then cleaned this
 
Thanks...

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:25 AM

Posted 15 June 2017 - 08:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 10060 (Build 2599) - Speedbit Ltd.)
Java™ 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.) <- This is an old version.
---

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4848440 2017-04-26] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll => Pas de fichier
BHO-x32: Pas de nom -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> Pas de fichier
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  Pas de fichier
FF HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => non trouvé(e)
FF HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files (x86)\Keepvid\KeepVid Pro (FR)\BrowserPlugin\kvallmytube@keepvid.com_xpi => non trouvé(e)
CHR HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cfmjkokphadmhbenfjjecfbhbbonbjcb] - hxxps://clients2.google.com/service/update2/crx
U2 agp440; pas de ImagePath
U3 aswbdisk; pas de ImagePath
U0 Compbatt; pas de ImagePath
U3 DfSdkS; pas de ImagePath
U2 ERSvc; pas de ImagePath
U2 IAStorDataMgrsvc; pas de ImagePath
S0 MB3SwissArmy; system32\drivers\MB3SwissArmy.sys [X]
U2 NIHardwareService; pas de ImagePath
U2 NVSvc; pas de ImagePath
U2 Parvdm; pas de ImagePath
U2 srService; pas de ImagePath
CustomCLSID: HKU\S-1-5-21-1766228302-1366166313-1596766668-1001_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1FA2AEDE-9468-D082-883E-D3EE85889A47} => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1766228302-1366166313-1596766668-1001_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {5510AB83-9468-D082-D53B-61A485889A47} => Pas de fichier
Task: C:\WINDOWS\Tasks\Launch 1395.job => C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Launch 1509.job => C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [135]
AlternateDataStreams: C:\ProgramData\Temp:CD060F93 [175]
AlternateDataStreams: C:\Users\Jean-Marie\Downloads\Cameyo.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Downloads\ccsetup529 (1).exe.weqgfaf.partial:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Downloads\ccsetup529.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Downloads\DriverMax_v9.28.0.167.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Downloads\free_partition_manager.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Downloads\processclose_2_08.01.17.1.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Downloads\rcsetup153 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Downloads\rcsetup153.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Downloads\TeamViewer_v12.1.11706.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Documents\BD_3DAdvisor_7510_Generic_BD_CDT140213-01.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Documents\CyberLink_PresenterLinkPlus_Downloader.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Documents\CyberLink_VideoMeetingPlus_Downloader.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Documents\DTPro800-0634.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Documents\isotousb_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Documents\ReflectDL.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Documents\TeamViewer_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Documents\tuxboot-0.8.2.exe:BDU [0]
FirewallRules: [{35A4F2C6-3CB6-42D6-9E7C-E94254A26500}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{032CCD89-1A2F-4738-B5DB-3FE06A9A1D05}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

===

This fix if for your Compaq computer only.
If you have any issues with the other computer please start a new topic.
Post the FRST and Addition.txt files.

Explain your issues. When done post the link to this topic. I will expedite the matter.

#5 datwin-bordo

datwin-bordo
  • Topic Starter

  • Banned
  • 60 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 15 June 2017 - 11:50 PM

Since yesterday the frst correction actually today continues to infinite loop, it's a bug,
I can restart pc or close correction ?, because don't work correctly/turns in infinite loop

For actuals others bugs:

1) the cubuntu-windows dualboot:
and 1 month ago my compaq desktop pc, after installed Cubuntu in dualboot with my Toshiba usb key, says on linux live "error to create boot menu" on cubuntu's installs ends, makes impossible to start grub menu of dualboot then computer boot, makes impossible to start cubuntu on my dualboot, then this compaq pc crashes with alarm, 2 days later my parents reanimated my compaq desktop, and now the desktop comeback,
I see then the 900 gb partition of c:/ (windows) reduced of 20 gb, the cubuntu is 5 or 20 gb,

2) fixit registry optimizer is present on startup/desktop, but no appears on program lists, fix-it registry optimizer is mzlicious scareware

3) i have yesterday posted on malwaretips for the other pc (acer win 7) and my sd cards, in the follow topic:
https://malwaretips.com/threads/infection-on-windows-7-acer-starter-laptop-sd-cards-problems.72649/

#6 datwin-bordo

datwin-bordo
  • Topic Starter

  • Banned
  • 60 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 16 June 2017 - 05:52 AM

I have executed this frst fix, and blocked, but this fix created a fixlog, not completed but this fixlog is under this/my actual reply:

After you are read this fixlog, we continue the dual-boot/grub/cubuntu/win 10 tuneup/troubleshoot and the disinfection,

When edge opens it's crash, i try to change default browser with opera, palemoon or firefox, few hours/days later the default returns automatically to edge

Sorry,

Thanks...

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:25 AM

Posted 16 June 2017 - 08:39 AM




Set defaul browser.

method: Start -> Settings -> System -> Default Apps -> Set Defaults by App, click on Firefox or Edge, then click "Set this program as default".

After that Windows 10 should remembered your setting and used the browser you selected.

===

As for the problem created the installation of cubuntu unless you have a restore point that you can use to remove that installation I cannot help you on that matter.
This is not malware and not my forte.

I suggest you start a new topic in the Linux & Unix Forumn.
https://www.bleepingcomputer.com/forums/f/11/linux-unix/

See what help you can get on removing the partition or possibly correct the cubuntu problem.

#8 datwin-bordo

datwin-bordo
  • Topic Starter

  • Banned
  • 60 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 16 June 2017 - 12:43 PM

I have multiple times tried this method to/for makes firefox/palemoon/opera to default, but few hours/days laterit's back automatically to edge without consentment, it's because of system's bugs/virus/adwares ?

And i post for cubuntu-win 10 dualboot on linux/unix section

Thanks...

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:25 AM

Posted 17 June 2017 - 07:19 AM


I think you should reinstall Edge.

Follow the instructions on this page.

How To Reinstall Microsoft Edge In Windows 10
http://www.intowindows.com/how-to-reinstall-microsoft-edge-in-windows-10/

#10 datwin-bordo

datwin-bordo
  • Topic Starter

  • Banned
  • 60 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 18 June 2017 - 05:52 AM

i tried to follow method to reinstall edge, but on "Microsoft.MicrosoftEdge_8wekyb3d8bbwe" folder deletion step, i tried to delete that folder but impossible because that folder opened by a unknown program, i don't know the program,

 

thanks...



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:25 AM

Posted 18 June 2017 - 07:53 AM

Boot to Safe Mode and delete the folder.

#12 datwin-bordo

datwin-bordo
  • Topic Starter

  • Banned
  • 60 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 18 June 2017 - 08:41 AM

I had deleted the folder in afe mode and followed the method/steps to reinstall edge with powershell and restarted the computer

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:25 AM

Posted 18 June 2017 - 01:15 PM

Is the problem solved?

#14 datwin-bordo

datwin-bordo
  • Topic Starter

  • Banned
  • 60 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 18 June 2017 - 01:31 PM

The edge is maybe resolved,

But the problem with cubuntu dualboot no resolved

I replaced avg to comodo

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:25 AM

Posted 18 June 2017 - 01:35 PM

But the problem with cubuntu dualboot no resolved

Wait for a reply on the new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users