Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

View previous topic View next topic Go down

Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Sun 19 Oct 2014, 9:46 am

Hello!
I went through the new users' guide and followed all instructions - I ran the AdwCleaner, Malwarebytes, and Security Check. But I am still getting strange ads and pop-up tabs whenever I click on ANYTHING! It's scary... please help!

Here are my various logs...

AdwCleaner:
# AdwCleaner v4.000 - Report created 18/10/2014 at 14:35:55
# DB v2014-10-17.9
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Avery - DIMITRI
# Running from : C:\Users\Avery\Desktop\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : d0e87c27

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Avery\AppData\Local\blekkotb_031
Folder Deleted : C:\ProgramData\BlockIt Ad remover
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Avery\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Avery\AppData\Local\Conduit
Folder Deleted : C:\Users\Avery\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Avery\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Avery\AppData\LocalLow\Download and Sa
Folder Deleted : C:\ProgramData\NextCoup
Folder Deleted : C:\Program Files (x86)\NextCoup
Folder Deleted : C:\Users\Avery\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Avery\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\Avery\AppData\Roaming\Strongvault
Folder Deleted : C:\Program Files (x86)\sw-booster
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Avery\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\GoSaVe
Folder Deleted : C:\Program Files (x86)\GoSaVe
Folder Deleted : C:\ProgramData\JOniCOupoN
Folder Deleted : C:\Program Files (x86)\JOniCOupoN
Folder Deleted : C:\ProgramData\JonioCoupon
Folder Deleted : C:\ProgramData\RegularDeeals
Folder Deleted : C:\Program Files (x86)\RegularDeeals
Folder Deleted : C:\Users\Avery\AppData\Roaming\Mozilla\Firefox\Profiles\r7bskuue.default-1366047309412\Extensions\qe2uc@p.net
Folder Deleted : C:\Users\Avery\AppData\Roaming\Mozilla\Firefox\Profiles\r7bskuue.default-1366047309412\Extensions\YRuGy@zsx.org
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcehffaobddeodcoieengkgknkpelkig
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcehffaobddeodcoieengkgknkpelkig
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcehffaobddeodcoieengkgknkpelkig
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcehffaobddeodcoieengkgknkpelkig
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcehffaobddeodcoieengkgknkpelkig
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcehffaobddeodcoieengkgknkpelkig
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcehffaobddeodcoieengkgknkpelkig
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcehffaobddeodcoieengkgknkpelkig
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcehffaobddeodcoieengkgknkpelkig
File Deleted : C:\END
File Deleted : C:\Users\Avery\AppData\Roaming\Mozilla\Firefox\Profiles\r7bskuue.default-1366047309412\searchplugins\Conduit.xml
File Deleted : C:\Users\Avery\AppData\Roaming\Mozilla\Firefox\Profiles\r7bskuue.default-1366047309412\searchplugins\WebSearch.xml
File Deleted : C:\Users\Avery\AppData\Roaming\Mozilla\Firefox\Profiles\r7bskuue.default-1366047309412\user.js
File Deleted : C:\Users\Avery\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage
File Deleted : C:\Users\Avery\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage-journal
File Deleted : C:\Users\Avery\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Avery\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : SW-Booster-S-792098896

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-792098896
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3292584
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0dcfb42c-d07f-4f59-9c9f-f94ae7404399}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222182204}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7ca56836-a714-4d80-a5e7-fa23592cf8b2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b1cde001-2abe-4a1e-b61b-c0948fd8788b}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{df88bd48-5eeb-41d9-919c-35f5401b8fc5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{f4c0f545-0ce6-40c2-ab71-7b5565dc7f4b}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1cde001-2abe-4a1e-b61b-c0948fd8788b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b1cde001-2abe-4a1e-b61b-c0948fd8788b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f4c0f545-0ce6-40c2-ab71-7b5565dc7f4b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b1cde001-2abe-4a1e-b61b-c0948fd8788b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f4c0f545-0ce6-40c2-ab71-7b5565dc7f4b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0dcfb42c-d07f-4f59-9c9f-f94ae7404399}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7ca56836-a714-4d80-a5e7-fa23592cf8b2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b1cde001-2abe-4a1e-b61b-c0948fd8788b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{df88bd48-5eeb-41d9-919c-35f5401b8fc5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f4c0f545-0ce6-40c2-ab71-7b5565dc7f4b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0dcfb42c-d07f-4f59-9c9f-f94ae7404399}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7ca56836-a714-4d80-a5e7-fa23592cf8b2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{b1cde001-2abe-4a1e-b61b-c0948fd8788b}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{df88bd48-5eeb-41d9-919c-35f5401b8fc5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{f4c0f545-0ce6-40c2-ab71-7b5565dc7f4b}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1cde001-2abe-4a1e-b61b-c0948fd8788b}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\ViewPassword
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\SW-Booster
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sw-boo~1\assist~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (en-US)

[r7bskuue.default-1366047309412] - Line Deleted : user_pref("CT3292584_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1366084809518,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3292584&octid=CT3292584&SearchSource=61&CUI=UN21470212234550904&UM=2&UP=SP9452DDA5-5801-4593-B7D0-3D145BDA5C57");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V1 Customized Web Search");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3292584&SearchSource=2&CUI=UN21470212234550904&UM=2&q=");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3292584");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V1 Customized Web Search");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchandfly.info/?pid=3925&r=2014/09/23&hid=6039844556688528524&lg=EN&cc=US&unqvl=62&l=1&q=");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.searchandfly.info/?pid=3925&r=2014/09/23&hid=6039844556688528524&lg=EN&cc=US&unqvl=62");
[r7bskuue.default-1366047309412] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchandfly.info/?pid=3925&r=2014/09/23&hid=6039844556688528524&lg=EN&cc=US&unqvl=62&l=1&q=");

-\\ Google Chrome v37.0.2062.120


*************************

AdwCleaner[R0].txt - [16632 octets] - [18/10/2014 14:34:04]
AdwCleaner[S0].txt - [15136 octets] - [18/10/2014 14:35:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15197 octets] ##########



Malwarebytes:


- -
2014/10/18 15:05:04 -0700 mbam-log-2014-10-18 (15-05-01).xml yes
- 2.00.2.1012 v2014.10.18.06 v2014.10.17.01 free disabled disabled disabled - Windows 7 x64 Avery NTFS - threat completed 364366 0 0 2 0 0 5 47 0 - enabled enabled enabled enabled disabled disabled enabled enabled enabled - -HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}PUP.Optional.Multiplugsuccess2806d145e597290d32496d3146bc1ae6 -HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}PUP.Optional.Multiplugsuccess2806d145e597290d32496d3146bc1ae6 -C:\Users\Avery\AppData\Local\Temp\ct3285873PUP.Optional.Conduit.Asuccessef3f49cdfa82181ed91f8d5f2fd3956b -C:\Users\Avery\AppData\Local\Temp\CT3292584PUP.Optional.Conduit.Asuccessfa34ca4cc4b80f27ad4b39b37e8440c0 -C:\Users\Avery\AppData\Local\Temp\CT3292584\xpiPUP.Optional.Conduit.Asuccessfa34ca4cc4b80f27ad4b39b37e8440c0 -C:\Users\Avery\AppData\Local\Temp\CT3292584\xpi\defaultsPUP.Optional.Conduit.Asuccessfa34ca4cc4b80f27ad4b39b37e8440c0 -C:\Users\Avery\AppData\Local\Temp\CT3292584\xpi\defaults\preferencesPUP.Optional.Conduit.Asuccessfa34ca4cc4b80f27ad4b39b37e8440c0 -C:\$RECYCLE.BIN\S-1-5-21-1476328317-1806480840-1377834331-1000\$RENR842.exePUP.Optional.OneClickDownloader.Asuccess7eb00214bac2f0466478b4727a879e62 -C:\Windows\SysWOW64\setup.exePUP.Optional.MultiPlugsuccess89a5fc1a95e70a2cded7d6f7758c03fd -C:\Users\Avery\AppData\Local\Temp\0kycV45F.exe.partPUP.Optional.InstalleRexsuccessaa846da9413b3df90dbfca8388798d73 -C:\Users\Avery\AppData\Local\Temp\dlLogic.exePUP.Optional.Conduit.Asuccessfa34ab6bbac2e94dcf10b191768a3fc1 -C:\Users\Avery\AppData\Local\Temp\nsnA6B.exePUP.Optional.Conduit.Asuccessb27c1600cab20f276acdcdca1ee30af6 -C:\Users\Avery\AppData\Local\Temp\nso102F.exePUP.Optional.Conduit.Asuccessb07ee0360d6fac8adc4977bc5ca55ea2 -C:\Users\Avery\AppData\Local\Temp\nso19F5.exePUP.Optional.Conduit.Asuccess161870a605775bdbe2434de615ece11f -C:\Users\Avery\AppData\Local\Temp\nso4A29.exePUP.Optional.Conduit.Asuccess6ec0f12594e839fd64c167ccca37738d -C:\Users\Avery\AppData\Local\Temp\w2HOERgd.exe.partPUP.Optional.Somotosuccessdd519b7b9ae257df859e4801818460a0 -C:\Users\Avery\AppData\Local\Temp\nsc3F8E.exePUP.Optional.Conduit.Asuccesse8468591ceae4aec73c483147e833dc3 -C:\Users\Avery\AppData\Local\Temp\checktbexist.exePUP.Optional.Conduit.Asuccessfb33878f1b613ef83adbd54afd039769 -C:\Users\Avery\AppData\Local\Temp\setup.exePUP.Optional.Amonetizesuccessce6072a40e6e55e1753b3604ff02c040 -C:\Users\Avery\AppData\Local\Temp\SKeGCul9.exe.partPUP.Optional.Somotosuccess4fdfec2afd7f45f1e63d81c8df267888 -C:\Users\Avery\AppData\Local\Temp\SPStub.exePUP.Optional.SearchProtect.Asuccess1b13bd59c8b45fd739e85b3b0ff2d62a -C:\Users\Avery\AppData\Local\Temp\mconduitinstaller.exePUP.Optional.Conduit.Asuccessa38b82943844ec4ac9e27ac40bf55da3 -C:\Users\Avery\AppData\Local\Temp\nstEB19.exePUP.Optional.Conduit.Asuccessb07ebb5bfa82ff3769ce4e4931d0e818 -C:\Users\Avery\AppData\Local\Temp\nsv851C.exePUP.Optional.Conduit.Asuccess0e20a472c2ba90a64ed7979c936e44bc -C:\Users\Avery\AppData\Local\Temp\nsx3D3.exePUP.Optional.Conduit.Asuccess200e34e285f79c9a48ef4255b64bba46 -C:\Users\Avery\AppData\Local\Temp\nsyFD99.exePUP.Optional.Conduit.Asuccessa6886fa7b5c7f343ce57c66d956c6e92 -C:\Users\Avery\AppData\Local\Temp\o1PZKtMg.exe.partPUP.Optional.InstallRexsuccessab83997d2a5220165eaef1cbfc0534cc -C:\Users\Avery\AppData\Local\Temp\nsdAA6F.exePUP.Optional.Conduit.Asuccess15190115b0cc78be1e199cfbde23837d -C:\Users\Avery\AppData\Local\Temp\nsdC85B.exePUP.Optional.Conduit.Asuccessc16d68aee59768ce45f2aceb32cf4ab6 -C:\Users\Avery\AppData\Local\Temp\nsiFF14.exePUP.Optional.Conduit.Asuccessc7670c0ac1bbd066ae891186d13058a8 -C:\Users\Avery\AppData\Local\Temp\083B3F\temp\extIE_setup.exePUP.Optional.MultiPlugsuccess2e00b95d0d6f2d09d765cbff09f81fe1 -C:\Users\Avery\AppData\Local\Temp\083B3F\temp\hpds_setup.exePUP.Optional.MultiPlug.Asuccess31fd19fddca0ea4c43ed20bd847dd12f -C:\Users\Avery\AppData\Local\Temp\083B3F\temp\setupespl.exePUP.Optional.MultiPlugsuccess3df1a5714d2fac8a3efe7d4da35e8b75 -C:\Users\Avery\AppData\Local\Temp\083B3F\temp\usetup.exeTrojan.Downloadersuccess5bd3ec2aec9049ed7fc86c31ee144db3 -C:\Users\Avery\AppData\Local\Temp\nsn49C8\SpSetup.exePUP.Optional.SearchProtect.Asuccessd45ad93d5b2182b490c79a074fb2f60a -C:\Users\Avery\AppData\Local\Temp\nsn7F2A\SpSetup.exePUP.Optional.SearchProtect.Asuccess6ac4c5513a421620d582435ec63b1be5 -C:\Users\Avery\AppData\Local\Temp\n7486\CEInstaller-b07e5de2.exePUP.Optional.ContentExplorer.Asuccessa688090db7c5290d2cc5621fbb4634cc -C:\Users\Avery\AppData\Local\Temp\n7486\s7486.exePUP.Optional.BundleInstaller.Asuccessae808f87f587c175ec28d86f5da37888 -C:\Users\Avery\AppData\Local\Temp\n7486\searchprotect_2805-feafc00c.exePUP.Optional.SearchProtect.Asuccessec42799de498b18545dc21756998ae52 -C:\Users\Avery\AppData\Local\Temp\n7486\ViewPassword_1030-8002.exePUP.Optional.ViewPassWord.Asuccess4ce24dc914685ed87e713b52ba48fa06 -C:\Users\Avery\AppData\Local\Temp\ct3285873\ctbe.exePUP.Optional.Conduit.Asuccess29051df97b01e35331a1011dbb45e21e -C:\Users\Avery\AppData\Local\Temp\ct3285873\ffLogic.exePUP.Optional.Conduit.Asuccessc06e8d896a125dd9065bdd54a8590bf5 -C:\Users\Avery\AppData\Local\Temp\ct3285873\ieLogic.exePUP.Optional.Conduit.Asuccess9b9343d3e39972c4421f46eb6f92926e -C:\Users\Avery\AppData\Local\Temp\ct3285873\statisticsStub.exePUP.Optional.Conduit.Asuccess72bc00167c00270ff4f1e536bd44fe02 -C:\Users\Avery\AppData\Local\Temp\CT3292584\spff.exePUP.Optional.Conduit.Asuccess2608d6401a623204de835ad705fcd42c -C:\Users\Avery\AppData\Local\Temp\nsh7902\SpSetup.exePUP.Optional.SearchProtect.Asuccessb27cf2245d1fbc7ad483a9f838c91de3 -C:\Users\Avery\AppData\Local\Temp\ct3285873\chromeid.txtPUP.Optional.Conduit.Asuccessef3f49cdfa82181ed91f8d5f2fd3956b -C:\Users\Avery\AppData\Local\Temp\ct3285873\setup.ini.txtPUP.Optional.Conduit.Asuccessef3f49cdfa82181ed91f8d5f2fd3956b -C:\Users\Avery\AppData\Local\Temp\ct3285873\stub.exePUP.Optional.Conduit.Asuccessef3f49cdfa82181ed91f8d5f2fd3956b -C:\Users\Avery\AppData\Local\Temp\CT3292584\conduit.xmlPUP.Optional.Conduit.Asuccessfa34ca4cc4b80f27ad4b39b37e8440c0 -C:\Users\Avery\AppData\Local\Temp\CT3292584\CT3292584.xpiPUP.Optional.Conduit.Asuccessfa34ca4cc4b80f27ad4b39b37e8440c0 -C:\Users\Avery\AppData\Local\Temp\CT3292584\version.txtPUP.Optional.Conduit.Asuccessfa34ca4cc4b80f27ad4b39b37e8440c0 -C:\Users\Avery\AppData\Local\Temp\CT3292584\xpi\install.rdfPUP.Optional.Conduit.Asuccessfa34ca4cc4b80f27ad4b39b37e8440c0 -C:\Users\Avery\AppData\Local\Temp\CT3292584\xpi\defaults\preferences\defaults.jsPUP.Optional.Conduit.Asuccessfa34ca4cc4b80f27ad4b39b37e8440c0



Mbam Protection Log:


-



Security Check (Checkup):
Results of screen317's Security Check version 0.99.89
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox 27.0.1 Firefox out of Date!
Google Chrome 37.0.2062.103
Google Chrome 37.0.2062.120
Google Chrome update.dll..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by Superdave on Mon 20 Oct 2014, 8:22 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please run MBAM again to see if it comes up clean.

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.


*************************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Go to Microsoft Windows Update and get all critical updates.
----------
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Tue 21 Oct 2014, 1:35 am

Hello SuperDave,

Thank you for helping me out - I'd be lost without you guys!
I just performed the Malwarebytes scan again, and this time the scan came up clean. Should I still go through the process you outlined above? I have downloaded Anti-Rootkit and JRT if you think we should proceed with these steps.

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by Superdave on Tue 21 Oct 2014, 6:26 am

Yes please. I want to make sure we cover all the bases.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Tue 21 Oct 2014, 4:44 pm

I ran the Malwarebytes Anti-Rootkit scan and it said my PC was clean and there was no scan log.

Then I ran the JRT scan and it also said the PC is clean. But I am still getting those frightening pop-up ads on all browsers. I didn't update the Java or Windows update because it seems my PC is still at risk. Should I still run the updates?

Here is the log for JRT btw:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Home Premium x64
Ran by Avery on Mon 10/20/2014 at 22:30:04.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0BE5F27C-A535-4283-BB70-FF85DA8D514B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{96468BD4-B1C9-40ED-AEEC-E91322B37019}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\Avery\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\Avery\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Avery\AppData\Roaming\mozilla\firefox\profiles\r7bskuue.default-1366047309412\prefs.js

user_pref("extensions.JDKpmyNEkenAkwwP.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
user_pref("extensions.a3336bkW6T2xSo0z.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
user_pref("extensions.tlVu81X0ha92WhHK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
Emptied folder: C:\Users\Avery\AppData\Roaming\mozilla\firefox\profiles\r7bskuue.default-1366047309412\minidumps [100 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/20/2014 at 22:33:29.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by Superdave on Wed 22 Oct 2014, 8:59 am

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Thu 23 Oct 2014, 3:43 am

I did the ESETScan but no log came up at the end. It just said the scan was finished and no threats were found. I made sure to select "scan archives."
So far, the weird ads are not coming up anymore. But I wonder if it's an intermittent problem?

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by Superdave on Thu 23 Oct 2014, 5:11 am

Ok, let's give it a few days to see they stay away. Please report back in two or three days and we'll take it from there.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Fri 24 Oct 2014, 3:53 am

So far so good, but I will let you know if anything acts up in the next few days.
Thank you so much for your help!

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Sat 25 Oct 2014, 3:55 pm

Help! It's happening again. The ads are popping up on pages and opening up strange tabs all over the place. I ran Malwarebytes again but the scan came up clean. Here's the log:


-

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Sat 25 Oct 2014, 3:56 pm



-

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by Superdave on Sun 26 Oct 2014, 4:07 am

Please run AdwCleaner and Junkware removal tool again.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Mon 27 Oct 2014, 3:23 pm

Done! My PC automatically rebooted after AdwareCleaner but it did not reboot after JRT so I manually rebooted it. Here are the logs:

AdwareCleaner:
# AdwCleaner v4.001 - Report created 24/10/2014 at 22:19:41
# DB v2014-10-23.2
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Avery - DIMITRI
# Running from : C:\Users\Avery\Downloads\adwcleaner_4.001.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Avery\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Avery\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v27.0.1 (en-US)


-\\ Google Chrome v37.0.2062.120


*************************

AdwCleaner[R0].txt - [16632 octets] - [18/10/2014 14:34:04]
AdwCleaner[R1].txt - [1156 octets] - [24/10/2014 22:01:25]
AdwCleaner[S0].txt - [15322 octets] - [18/10/2014 14:35:55]
AdwCleaner[S1].txt - [1075 octets] - [24/10/2014 22:19:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1135 octets] ##########


JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Avery on Sun 10/26/2014 at 21:15:00.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Avery\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Avery\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Avery\AppData\Roaming\mozilla\firefox\profiles\r7bskuue.default-1366047309412\extensions\staged
Successfully deleted the following from C:\Users\Avery\AppData\Roaming\mozilla\firefox\profiles\r7bskuue.default-1366047309412\prefs.js

user_pref("extensions.JDKpmyNEkenAkwwP.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
user_pref("extensions.a3336bkW6T2xSo0z.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
user_pref("extensions.tlVu81X0ha92WhHK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/26/2014 at 21:18:47.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by Superdave on Tue 28 Oct 2014, 3:22 am

Are the ads gone?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Tue 28 Oct 2014, 10:35 am

Yes, still getting ads. A lot of them are embedded in webpages, labeled "Ad by Supreme AdBlocker."
I'm also getting this pop-up warning:

"The page at f.ukqrxl.com says:

WARNING!!!
Your Java Version is Outdated, Have Security Risks,
Please Update Now!"

I just updated my Java, so I'm guessing it's just another ad.
Should I run another scan?

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by Superdave on Tue 28 Oct 2014, 12:51 pm

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Wed 29 Oct 2014, 3:43 am

Here's the log:

ComboFix 14-10-27.01 - Avery 10/28/2014 8:04.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2409 [GMT -7:00]
Running from: c:\users\Avery\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\fa.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\fa.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\manifest.json
c:\users\Avery\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
c:\users\Avery\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\background.html
c:\users\Avery\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\content.js
c:\users\Avery\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\fa.js
c:\users\Avery\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\lsdb.js
c:\users\Avery\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\manifest.json
c:\users\Avery\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
c:\users\Avery\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\background.html
c:\users\Avery\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\content.js
c:\users\Avery\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\fa.js
c:\users\Avery\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\lsdb.js
c:\users\Avery\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\manifest.json
c:\users\Avery\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage-journal
c:\users\Avery\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage
c:\users\Avery\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Avery\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F0AA27E-8CEF-4F91-AFBB-E3CF5F25520B}.xps
c:\users\Avery\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9AE4BA99-6DE2-49F9-99C2-68186DB5280C}.xps
c:\users\Avery\AppData\Local\nsg44C7.tmp
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\fa.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\fa.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\fa.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\fa.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdkggchpnimbckiodcealjepgoapcelf\1.0\manifest.json
.
c:\windows\SysWow64\drivers\ntfs.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2014-09-28 to 2014-10-28 )))))))))))))))))))))))))))))))
.
.
2014-10-27 23:30 . 2014-10-27 23:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-27 23:29 . 2014-10-27 23:29 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-27 12:30 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-22 04:20 . 2014-10-22 04:20 -------- d-----w- c:\program files (x86)\ESET
2014-10-21 05:55 . 2014-10-21 05:55 4 ----a-w- c:\users\Avery\AppData\Roaming\appdataFr2.bin
2014-10-21 05:29 . 2014-10-21 05:29 -------- d-----w- c:\windows\ERUNT
2014-10-21 04:35 . 2014-10-21 05:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-20 13:44 . 2014-01-24 18:17 30752 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2014-10-20 13:44 . 2014-10-20 18:08 -------- d-----w- c:\programdata\iolo
2014-10-20 13:44 . 2014-10-20 13:44 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2014-10-20 13:44 . 2014-10-20 13:44 -------- d-----w- c:\users\Avery\AppData\Roaming\iolo
2014-10-18 21:54 . 2014-10-28 14:57 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-18 21:54 . 2014-10-25 02:26 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-18 21:54 . 2014-10-01 18:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-18 21:54 . 2014-10-01 18:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-18 21:54 . 2014-10-01 18:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-18 21:32 . 2014-10-25 05:19 -------- d-----w- C:\AdwCleaner
2014-10-17 03:29 . 2014-10-10 01:53 276480 ----a-w- c:\windows\system32\generaltel.dll
2014-10-17 03:29 . 2014-10-10 01:53 504320 ----a-w- c:\windows\system32\aepdu.dll
2014-10-17 03:29 . 2014-10-10 01:47 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-10-17 03:28 . 2014-09-15 00:44 3195392 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 02:02 . 2014-09-20 04:58 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CB06234-631F-4FF2-A0EA-935889852816}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-20 13:41 . 2011-10-18 03:42 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-09-27 15:39 . 2012-03-30 22:44 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-27 15:39 . 2011-10-18 03:54 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-22 06:42 . 2011-10-09 04:59 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-20 04:58 . 2012-02-11 20:12 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-04 01:57 . 2014-08-04 01:57 0 ---ha-w- c:\users\Avery\AppData\Local\BITF784.tmp
2010-07-08 18:37 . 2010-07-08 18:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"EnergyUtility"="c:\program files (x86)\Lenovo\EnergyCut\utilty.exe" [2007-04-28 1581056]
"EnergyCut"="c:\program files (x86)\Lenovo\EnergyCut\EnergyCut.exe" [2007-03-10 1167360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]
.
c:\users\Avery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Avery\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-13 02:55 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Avery\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 413720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{40FC86C4-47A0-4677-812B-2BF85FC1DDFE}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{9B818169-2464-4512-960F-383174DBDDB0}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{9B818169-2464-4512-960F-383174DBDDB0}\2656C6B696E6E2037326E2765756374737: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{9B818169-2464-4512-960F-383174DBDDB0}\2656C6B696E6E2339323: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{9B818169-2464-4512-960F-383174DBDDB0}\2656C6B696E6E2469316: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{9B818169-2464-4512-960F-383174DBDDB0}\34861647561657E4F69627: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{9B818169-2464-4512-960F-383174DBDDB0}\3516D63757E676027416C6168797023502530213336313: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Avery\AppData\Roaming\Mozilla\Firefox\Profiles\r7bskuue.default-1366047309412\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-{37476589-E48E-439E-A706-56189E2ED4C4}_is1 - c:\programdata\BlockIt Ad remover\BlockIt Ad remover.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-28 08:26:00
ComboFix-quarantined-files.txt 2014-10-28 15:25
ComboFix2.txt 2013-02-03 17:24
.
Pre-Run: 47,846,068,224 bytes free
Post-Run: 49,027,743,744 bytes free
.
- - End Of File - - C3B22FF0C9412B5DF00539F29B49516E
A36C5E4F47E84449FF07ED3517B43A31

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Wed 29 Oct 2014, 3:46 am

By the way, still getting the ads and they seem to be getting more aggressive. Something called "setup" downloaded by itself out of nowhere!

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by Superdave on Wed 29 Oct 2014, 9:05 am

Please download Farbar Service Scanner to the desktop and run it on the computer with the issue.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Make sure FRST is run under administrator privileges.
Make sure that the Whitelist section is checked.Otherwise, the log will be very long.
You Security programs may prevent the tool from running. If this happens, disable the security program until the scan is completed.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

  • Press "Scan".





  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Wed 29 Oct 2014, 1:56 pm

Hmm it was kind of a quick scan. Did I miss something? Here's the log:

Farbar Service Scanner Version: 21-07-2014
Ran by Avery (administrator) on 28-10-2014 at 19:55:42
Running from "C:\Users\Avery\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by Superdave on Thu 30 Oct 2014, 5:17 am

Did you follow the instructions and clicked the proper boxes?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Thu 30 Oct 2014, 5:46 am

Yes, I did follow the instructions. However, the FRST did not have the whitelist options to check. It only had "Internet" has an option which was already checked, so I left it as is. Perhaps this was the version that is not compatible with my PC, but there was only one download link provided. I'm not sure where to find the other different version.

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by Superdave on Thu 30 Oct 2014, 6:31 am

Could you please post a screenshot of one of those ads?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by mooglechan on Thu 30 Oct 2014, 5:26 pm

Can't do a screenshot because the ads aren't popping up right now, I think they're hiding again. I did, however do a scan with HiJackThis and this is what it says:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 23:22:18, on 10/29/2014
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
C:\Users\Avery\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
G:\Stuff\SmitfraudFix\Policies.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Run: [EnergyCut] C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Startup: Dropbox.lnk = Avery\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Se&nd to OneNote - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{40FC86C4-47A0-4677-812B-2BF85FC1DDFE}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B818169-2464-4512-960F-383174DBDDB0}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{40FC86C4-47A0-4677-812B-2BF85FC1DDFE}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{40FC86C4-47A0-4677-812B-2BF85FC1DDFE}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9290 bytes

mooglechan

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2009-12-21
Operating System : Windows Vista

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by Superdave on Fri 31 Oct 2014, 6:21 am

Ok, I'll waiting until you send me a screenshot of one of those ads.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Help! I used AdwCleaner, MalwareBytes, and Security Check but still getting ads.

Post by Sponsored content Today at 11:23 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum