Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

very annoying adware takeover

This is a discussion on very annoying adware takeover within the Resolved HJT Threads forums, part of the Tech Support Forum category. I believe I picked up an ad generating virus from h tt p://www.watch-tvseries.net and now every webpage I open is


 
 
Thread Tools Search this Thread
Old 06-29-2015, 08:28 PM   #1
Registered Member
 
Join Date: Jan 2009
Posts: 55
OS: xp



I believe I picked up an ad generating virus from http://www.watch-tvseries.net and now every webpage I open is being bombarded by popup ads, pop up videos, text underline ads, etc... and the performance of my pc has become very sluggish, clearly this bug is hard at work, slowing everything down, even the keystrokes to type this sentence is jerky and halting. Thank you for any help. Kenny

Here are the dds results as requested:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.60.2
Run by Kenny1 at 23:13:11 on 2015-06-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.467 [GMT -4:00]
.
AV: AVG update module *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\RTHDCPL.EXE
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\windows\System32\alg.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uURLSearchHooks: <No Name>: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - c:\program files\gamingwonderland\bar\1.bin\gtSrcAs.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.5.19.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GoogleChromeAutoLaunch_67A54F460EFA6F77BAA20180B37DE769] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [FIREBOX] c:\program files\presonus\1394audiodriver_firebox\FIREBOX Control.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [LXDJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDJtime.dll,[email protected]
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\kenny1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpointp\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349218727062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{95EF673B-C0FE-4AD2-BA8D-7BC7036CBD45} : DHCPNameServer = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: dimsntfy - <no file>
Notify: LBTWlgn - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.130\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kenny1\application data\mozilla\firefox\profiles\p01uk47g.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\documents and settings\kenny1\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\kenny1\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\kenny1\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\kenny1\local settings\application data\google\update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\kenny1\local settings\application data\torch\plugins\video\vlc\npvlc.dll
FF - plugin: c:\program files\gamingwonderland\bar\1.bin\NPgtStub.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-9-2 190944]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-9-2 290272]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 169440]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-8 35808]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2013-6-28 16504]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 132576]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-6-17 213472]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 29664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-9-2 206816]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 213984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2015-6-16 3461072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2015-6-16 312816]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2013-6-7 12808]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2013-1-3 44296]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2013-1-3 12808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 btwsecfl;Bluetooth USB Security Filter;c:\windows\system32\drivers\btwsecfl.sys [2013-1-23 93480]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [2011-6-17 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [2011-6-17 24576]
S3 RFDisplay;RFDisplay;c:\windows\system32\drivers\RFDisplay.sys [2011-11-3 8192]
S3 RFMirror;RFMirror;c:\windows\system32\drivers\RFMirror.sys [2011-11-3 8192]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2009-11-25 47360]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2009-11-25 47360]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2009-11-25 28032]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2011-6-17 23288]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-10-5 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 GamingWonderlandService;GamingWonderlandService;c:\progra~1\gaming~2\bar\1.bin\gtbarsvc.exe [2014-6-14 88648]
S4 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2009-7-17 3576320]
S4 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2014-6-24 603760]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S4 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\kenny1\local settings\application data\torch\update\TorchCrashHandler.exe [2015-5-6 1217032]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs4\Dreamweaver.exe","%1"
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
ShellExec: Documents.exe: open=c:\documents and settings\kenny1\local settings\application data\torch\application\torch.exe "%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2015-06-28 19:58:18 -------- d-----w- c:\documents and settings\all users\application data\12041351797570653857
2015-06-28 19:58:17 -------- d-----w- c:\program files\CuTThhePricoe
2015-06-28 19:57:14 -------- d-----w- c:\documents and settings\all users\application data\nochedcngpnijmhmnfhgobkpdbholfad
2015-06-28 19:56:11 -------- d-----w- c:\documents and settings\all users\application data\{ff79b904-861e-75d8-ff79-9b904861e412}
2015-06-18 22:35:30 -------- d-----w- C:\epingsoft
2015-06-13 13:56:35 -------- d-----w- c:\documents and settings\all users\application data\Avg_Update_0615av
.
==================== Find3M ====================
.
2015-06-23 23:25:16 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-06-23 23:25:16 142512 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-13 00:52:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2015-05-19 13:57:02 213472 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2015-05-14 12:49:12 29664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2015-05-12 18:46:06 213984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-05-12 18:45:04 190944 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2015-05-07 12:52:08 290272 ----a-w- c:\windows\system32\drivers\avglogx.sys
2015-04-23 12:39:34 66085672 ----a-w- C:\Documents
2015-04-15 12:05:06 206816 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 23:19:43.48 ===============
Attached Files
File Type: txt attach.txt (13.7 KB, 41 views)
kenny1 is offline  
Sponsored Links
Advertisement
 
Old 06-30-2015, 12:38 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Kenny,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

STEP 1

Please download AdwCleaner on to your desktop.
Close all open programs and internet browsers.
Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
Click on Scan.
After the scan is complete click on "Cleaning"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

=====================================================

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.[/LIST]
__________________
tekir06 is offline  
Old 06-30-2015, 05:09 AM   #3
Registered Member
 
Join Date: Jan 2009
Posts: 55
OS: xp



Hi Tolga, thank you for your help! Just for your information, last night I thought I had solved the problem. I saw at the bottom of all the ads and popups the name of the ad website hosting them in a link, I think it was called cut the price (?). Anyway, last night I found it in add/remove programs and removed it. I also found it in extensions in chrome and I removed it from there also. Then I thought the problem was solved, but this morning (before I saw your reply) cut the price had reinstalled itself as an extension in chrome and I removed it again. Then I read your reply, saying don't remove or uninstall anything... but it was too late. When I ran adwcleaner cut the price did not show up. I hope I did not make the problem worse by removing it? Anyway, here is the text generated by adwcleaner:

# AdwCleaner v4.207 - Logfile created 30/06/2015 at 07:54:06
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Kenny1 - STRINGERSTUDIOS
# Running from : C:\Documents and Settings\Kenny1\Desktop\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : GamingWonderlandService
[#] Service Deleted : torchcrashhandler

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\torchcrashhandler
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\{ff79b904-861e-75d8-ff79-9b904861e412}
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\TidyNetwork
Folder Deleted : C:\Program Files\Applian Technologies
Folder Deleted : C:\Program Files\CuTThhePricoe
Folder Deleted : C:\Program Files\Re-markit-soft
Folder Deleted : C:\Program Files\GamingWonderland
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Documents and Settings\Kenny1\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Kenny1\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Kenny1\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\Kenny1\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Kenny1\Local Settings\Application Data\TidyNetwork
Folder Deleted : C:\Documents and Settings\Kenny1\Local Settings\Application Data\torch
Folder Deleted : C:\Documents and Settings\Kenny1\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Kenny1\Application Data\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\Kenny1\Application Data\ProgSense
Folder Deleted : C:\Documents and Settings\Kenny1\Start Menu\Programs\torch
Folder Deleted : C:\Documents and Settings\Kenny1\Application Data\Mozilla\Firefox\Profiles\g5hhr5ez.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Folder Deleted : C:\Documents and Settings\Kenny1\Application Data\Mozilla\Firefox\Profiles\p01uk47g.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Folder Deleted : C:\Documents and Settings\Kenny1\Application Data\Mozilla\Firefox\Profiles\g5hhr5ez.default\Extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Kenny1\Application Data\Mozilla\Firefox\Profiles\p01uk47g.default\Extensions\[email protected]
[!] Folder Deleted : C:\Documents and Settings\Kenny1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
[!] Folder Deleted : C:\Documents and Settings\Kenny1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\Documents and Settings\All Users\Application Data\nochedcngpnijmhmnfhgobkpdbholfad
File Deleted : C:\Documents and Settings\Kenny1\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage
File Deleted : C:\Documents and Settings\Kenny1\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal
File Deleted : C:\Documents and Settings\Kenny1\daemonprocess.txt
File Deleted : C:\Documents and Settings\Kenny1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
File Deleted : C:\Documents and Settings\Kenny1\Application Data\GDIPFONTCACHEV1.DAT
File Deleted : C:\Documents and Settings\Kenny1\Start Menu\Programs\Torch.lnk
File Deleted : C:\Documents and Settings\Kenny1\Desktop\\Torch.lnk
File Deleted : C:\Documents and Settings\Kenny1\Application Data\Mozilla\Firefox\Profiles\g5hhr5ez.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\TorchVLC
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@GamingWonderland.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.Radio
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderland.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AB5D199E-9659-47A2-930B-FC3B69061353}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8625CB7-85FE-4936-92A4-B2A7C925209E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A8625CB7-85FE-4936-92A4-B2A7C925209E}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\iVIDI Plugin
Key Deleted : HKCU\Software\Re_Markit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\ProgSense
Key Deleted : HKCU\Software\TidyNetwork
Key Deleted : HKCU\Software\GamingWonderland
Key Deleted : HKCU\Software\AppDataLow\Software\TidyNetwork
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\GamingWonderland
Key Deleted : HKU\.DEFAULT\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GamingWonderlandbar Uninstall Internet Explorer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GamingWonderlandbar Uninstall Firefox
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ValueApps
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\GamingWonderlandbar Uninstall Internet Explorer

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v31.0 (x86 en-US)


-\\ Google Chrome v43.0.2357.130


*************************

AdwCleaner[R0].txt - [11262 bytes] - [30/06/2015 07:52:04]
AdwCleaner[S0].txt - [11421 bytes] - [30/06/2015 07:54:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11481 bytes] ##########
kenny1 is offline  
Sponsored Links
Advertisement
 
Old 06-30-2015, 06:27 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hi Kenny,

You're welcome

AdwCleaner deleted it again. Do you see again after the AdwCleaner? Please do the Step 2 and attach the logs your next reply.
__________________
tekir06 is offline  
Old 06-30-2015, 06:50 AM   #5
Registered Member
 
Join Date: Jan 2009
Posts: 55
OS: xp



here are the FRST results in attachments as requested.
Attached Files
File Type: txt Addition.txt (41.2 KB, 32 views)
File Type: txt FRST.txt (27.7 KB, 31 views)
kenny1 is offline  
Old 07-01-2015, 12:49 AM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Again Kenny,

Please do the following steps. At the conclusion of these steps, please let me know how the machine is running. We will have more to do, but this will give me an idea of how things are progressing.

========================================================

I see you have P2P software ( emule and Bitcomet) installed on your machine. Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation.

A reference for the risk of these programs is here

I would recommend that you uninstall any P2P Programs, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

=======================================================

STEP 1

We need to uninstall a program.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of program to uninstall:

Torch

========================================================

STEP 2

You appear to have a Developer's build of Chrome installed. Most typical users do not have this build installed.

Why this is not safe:

https://support.google.com/chrome/an...ons&rd=1&hl=en

Please follow the steps outlined below:

Launch Chrome:


Open the Settings Menu in Chrome (upper right hand corner of the browser)
Click the Advanced Sync Settings button
Change the drop down from Sync Everything to Choose what to sync
Uncheck Settings, then click OK

Next, click Start>Control Panel>Programs and features to uninstall Chrome.

When Chrome asks if you want to delete all data, you must place a check in the box.

Then re-install Chrome.

=========================================================

STEP 3

Please do the following:

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start
CreateRestorePoint:
HKU\S-1-5-21-1004336348-484061587-725345543-1004\...\MountPoints2: {61c61047-44c8-11e1-a6ec-001b2492f274} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1004336348-484061587-725345543-1004\...\MountPoints2: {aebaaeaa-1909-11e2-a784-001cbf6c3324} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1004336348-484061587-725345543-1004\...\MountPoints2: {aec18285-9877-11e0-a561-8b87073c5b5f} - "E:\WD SmartWare.exe" autoplay=true
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S2 TorchCrashHandler; C:\Documents and Settings\Kenny1\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1217032 2015-06-24] (TorchMedia Inc.) <==== ATTENTION
2015-06-30 08:22 - 2015-06-30 08:22 - 00001144 _____ C:\Documents and Settings\Kenny1\Start Menu\Programs\Torch.lnk
2015-06-30 08:22 - 2015-06-30 08:22 - 00001138 _____ C:\Documents and Settings\Kenny1\Desktop\\Torch.lnk
2015-06-30 08:22 - 2015-06-30 08:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TorchCrashHandler
2015-06-30 08:19 - 2015-06-30 08:22 - 00000000 ____D C:\Documents and Settings\Kenny1\Local Settings\Application Data\Torch
2015-06-03 11:27 - 2011-06-29 17:24 - 00118272 _____ C:\Documents and Settings\Kenny1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-29 17:24 - 2015-06-03 11:27 - 0118272 _____ () C:\Documents and Settings\Kenny1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Kenny1\Local Settings\Temp\foxy.exe
C:\Documents and Settings\Kenny1\Local Settings\Temp\FreeYouTubeDownload.exe
C:\Documents and Settings\Kenny1\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Kenny1\Local Settings\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-1004336348-484061587-725345543-1004_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Documents and Settings\Kenny1\Local Settings\Application Data\Torch\Application\42.0.0.9806\delegate_execute.exe (The Chromium Authors)
CustomCLSID: HKU\S-1-5-21-1004336348-484061587-725345543-1004_Classes\CLSID\{a8625cb7-85fe-4936-92a4-b2a7c925209e}\InprocServer32 -> C:\Program Files\GamingWonderland\bar\1.bin\gtSrcAs.dll No File
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\Kenny1\Local Settings\Application Data\Torch\Application\torch.exe] => Enabled:Torch
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\Kenny1\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe] => Enabled:hola_plugin.exe
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\Kenny1\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe] => Enabled:hola_plugin_x64.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\FrostWire 5\FrostWire.exe] => Enabled:FrostWire
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe] => Enabled:Video Downloader Ultimate - Win App [VideoDownloaderUltimate.exe]
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Kenny1\Local Settings\Application Data\Torch\Application\torch.exe] => Enabled:Torch
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Kenny1\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe] => Enabled:hola_plugin.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Kenny1\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe] => Enabled:hola_plugin_x64.exe
EmptyTemp:
end
__________________
tekir06 is offline  
Old 07-01-2015, 03:48 AM   #7
Registered Member
 
Join Date: Jan 2009
Posts: 55
OS: xp



Step one, uninstall Torch, check.
Step two, reinstall chrome, check.
Step three, copy text and save as fixlist.txt next to FRST.exe on desktop, check.

Am I supposed to run FRST now?
kenny1 is offline  
Old 07-01-2015, 04:13 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello kenny,

Yes, please do the STEP 3
__________________
tekir06 is offline  
Old 07-01-2015, 04:21 AM   #9
Registered Member
 
Join Date: Jan 2009
Posts: 55
OS: xp



STEP 3

Please do the following:

Open Notepad (Start > All Programs > Accessories > Notepad). - done
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste). - done
Save it as fixlist.txt next to FRST.exe - done

what is next?
kenny1 is offline  
Old 07-01-2015, 05:16 AM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello. I am sorry. I sent instructions missing.
Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 07-01-2015, 06:59 AM   #11
Registered Member
 
Join Date: Jan 2009
Posts: 55
OS: xp



fixlog.txt is attached
Attached Files
File Type: txt Fixlog.txt (9.0 KB, 21 views)
kenny1 is offline  
Old 07-01-2015, 11:05 PM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Kenny,

Thanks for the log.

Please do the following. Then, please tell me How is the machine behaving now? What problems do you still have?

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.1.6.1022.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

=====================================================

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 07-02-2015, 01:37 AM   #13
Registered Member
 
Join Date: Jan 2009
Posts: 55
OS: xp



the Malwarebytes scan log is attached. I haven't seen any more of the crazy ads in the last couple days
Attached Files
File Type: txt scan log 7.2.15.txt (6.9 KB, 25 views)
kenny1 is offline  
Old 07-02-2015, 01:54 AM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Kenny,

Quote:
I haven't seen any more of the crazy ads in the last couple days
I'm glad to hear that.

Your reports are clear. We're done.

Your java is out of date.

Please go to Start > Control Panel > Programs and Features and remove the above Java program(s) installed. Next, download the latest Java, version 8 Update 45 from the following link
Download Free Java Software

========================================================

Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.

  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows XP

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here.

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 07-02-2015, 05:42 AM   #15
Registered Member
 
Join Date: Jan 2009
Posts: 55
OS: xp



I started by removing the existing versions of java from my computer, but when I began the install of java 8 version 45 I received a warning that this version of java may not work with my operating system. I am using xp. Anyway I went ahead and completed the intsall. What is your advice?

Will I have problems now that I have removed older versions of java from my computer?
kenny1 is offline  
Old 07-02-2015, 05:49 AM   #16
Registered Member
 
Join Date: Jan 2009
Posts: 55
OS: xp



I did some more reading and it seems that I require java 7 not 8 for XP, so I am uninstalling 8 and downloading 7. What is your advice?
kenny1 is offline  
Old 07-02-2015, 06:00 AM   #17
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Kenny,

You can manually install java. Please follow the link below and let me know.

manually download and install Java
__________________
tekir06 is offline  
Old 07-02-2015, 06:14 AM   #18
Registered Member
 
Join Date: Jan 2009
Posts: 55
OS: xp



java 7 install failed 4 times. I have been trying to find the correct java for xp, maybe I should not have uninstalled my old versions because now I can not find the correct one for my computer. I will stop now until I receive your advice.
kenny1 is offline  
Old 07-02-2015, 06:15 AM   #19
Registered Member
 
Join Date: Jan 2009
Posts: 55
OS: xp



OK I did not see your reply, I will try that now.
kenny1 is offline  
Old 07-02-2015, 06:16 AM   #20
Registered Member
 
Join Date: Jan 2009
Posts: 55
OS: xp



Tolga, which version of java do I need for my computer, windows xp 32 bit.
kenny1 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
very annoying adware takeover
I've picked up some very aggressive virus that takes over any web page I open with all kinds of popup ads, word underline ads, video ad popups, etc... It is also affecting my laptops performance, which has become sluggish. I believe I picked it up from Watch your favorite TV series online for free...
kenny1 General Computer Security 1 06-29-2015 07:24 PM
Adware Blocker Unchecky acquired by Reason Software
Adware Blocker Unchecky acquired by Reason Software - gHacks Tech News
JMH3143 Computer Security News 0 04-17-2015 06:18 PM
One Year Later: Lookout's War on Android Adware
One Year Later: Lookout's War on Android Adware
JMH3143 Computer Security News 0 07-30-2014 09:56 PM
Increasingly virulent adware threatens Android user privacy
New generations of adware targeting Android smartphones are increasingly violating user privacy by grabbing personal information and using it without permission, a new study shows. Although most adware is designed to collect some user information, the line between legitimate data gathering and...
Glaswegian Computer Security News 0 10-24-2012 01:09 PM
Redirecting and virus problems
My computer is redirecting and im sure i have a virus. When i try to run gmer it shuts my computer down even when only checking sections and c drive. Here is the logs that i could get. Thanks in advance. Timmy This is not the same computer as my previous problems. Thanks timmy DDS...
toliver30471 Resolved HJT Threads 21 02-23-2011 05:09 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:39 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts