xlostsoul

Thank you for all your help!

I reset my browser. Seems like the ads aren't popping up anymore.

JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Aug 24 15:38:05 2015 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\Classes\JavaPlugin.10402 Found and removed: SOFTWARE\Classes\JavaPlugin.10512 ------------------------------------ Finished reporting. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Aug 24 15:38:12 2015 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. ------------------------------------ Finished reporting.

FRST and Addition logs attached Addition.txt FRST.txt

C:\Users\Nhu\AppData\Local\Microsoft\Windows\INetCache\IE\OJSQ3CSI\FinalInstaller_dotnet4[1].exe a variant of MSIL/Adware.Imali.A application C:\Users\Nhu\AppData\Local\Microsoft\Windows\INetCache\IE\OJSQ3CSI\runasu[1].exe a variant of Win32/Adware.ConvertAd.WX application C:\Users\Nhu\AppData\Local\Microsoft\Windows\INetCache\IE\OJSQ3CSI\Setup[1].exe a variant of Win32/InstallCore.PO potentially unwanted application C:\Users\Nhu\AppData\Local\Microsoft\Windows\INetCache\IE\OJSQ3CSI\Setup[2].exe a variant of Win32/InstallCore.PL potentially unwanted application C:\Users\Nhu\AppData\Local\Microsoft\Windows\INetCache\IE\OJSQ3CSI\SU_Srv[1].exe Win32/Adware.ConvertAd.UC application C:\Users\Nhu\AppData\Local\Microsoft\Windows\INetCache\IE\UF8DFEBW\policyname[1].exe a variant of Win32/Adware.ConvertAd.WD application C:\Users\Nhu\AppData\Local\Microsoft\Windows\INetCache\IE\XO2B4EUE\Bundle_Solimba_MaxDriverUpdater[1].exe a variant of Win32/Solimba.C potentially unwanted application C:\Users\Nhu\AppData\Local\Microsoft\Windows\INetCache\IE\XO2B4EUE\check[1].exe a variant of Win32/Adware.ConvertAd.XD.gen application C:\Users\Nhu\AppData\Local\Microsoft\Windows\INetCache\IE\XO2B4EUE\JOSrv[1].exe a variant of Win32/Adware.ConvertAd.VI application C:\Users\Nhu\AppData\Local\Microsoft\Windows\INetCache\IE\XO2B4EUE\Setup[1].exe a variant of Win32/InstallCore.PO potentially unwanted application C:\Users\Nhu\AppData\Local\Microsoft\Windows\INetCache\IE\XO2B4EUE\setup_362[1].exe a variant of Win32/Adware.Imali.E application C:\Users\Nhu\AppData\Local\Microsoft\Windows\INetCache\IE\ZE65MXMV\runasu[1].exe a variant of Win32/Adware.ConvertAd.WX application C:\Users\Nhu\AppData\Local\Temp\nsiC9DD.tmp a variant of Win32/Adware.ConvertAd.XC.gen application C:\Users\Nhu\AppData\Local\Temp\nsjC1C9.tmp a variant of Win32/Adware.ConvertAd.XA.gen application C:\Users\Nhu\AppData\Local\Temp\nslDDE3.tmp a variant of Win32/Adware.ConvertAd.XD.gen application C:\Users\Nhu\AppData\Local\Temp\HYD6F00.tmp.1440042996_permissionsCopy\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application C:\Users\Nhu\AppData\Local\Temp\HYD6F00.tmp.1440042996_permissionsCopy\updates\3.3.1_30017.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application C:\Users\Nhu\AppData\Local\Temp\HYD6F00.tmp.1440042996_permissionsCopy\updates\3.4.3_40298.exe a variant of Win32/OpenCandy.C potentially unsafe application C:\Users\Nhu\AppData\Roaming\BitTorrent\updates\7.8.1_30016.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/22/2015 Scan Time: 4:00 PM Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.22.04 Rootkit Database: v2015.08.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Nhu Scan Type: Threat Scan Result: Completed Objects Scanned: 462593 Time Elapsed: 57 min, 27 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

# AdwCleaner v5.003 - Logfile created 22/08/2015 at 15:51:58 # Updated 20/08/2015 by Xplode # Database : 2015-08-20.1 [server] # Operating system : Windows 10 Home (x64) # Username : Nhu - NHU-PC # Running from : C:\Users\Nhu\Desktop\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Users\Nhu\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gonkiodfhbjglnfaicbfnipcgkcpbfaf [-] Folder Deleted : C:\WINDOWS\SysFilesController [-] Folder Deleted : C:\WINDOWS\SysHealthController ***** [ Files ] ***** [-] File Deleted : C:\END [-] File Deleted : C:\WINDOWS\SysWOW64\WebWatcherLSP.dll ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key Deleted : HKCU\Software\DAILYPCCLEAN [!] Key Not Deleted : [x64] HKCU\Software\DAILYPCCLEAN [-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar ***** [ Web browsers ] ***** ************************* :: Proxy settings cleared :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1365 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.5.7 (08.18.2015:1) OS: Windows 10 Home x64 Ran by Nhu on Sat 08/22/2015 at 15:39:15.96 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Adanak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Deal Keeper ~~~ Files Successfully deleted: [File] C:\WINDOWS\system32\drivers\tfsfltx64.sys Successfully deleted: [File] C:\WINDOWS\SysWOW64\lnsecsl.exe Successfully deleted: [File] C:\WINDOWS\SysWOW64\x64.txt ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Nhu\Appdata\Local\{06FCD9E2-19E3-426D-AB78-4681BCE9C872} Successfully deleted: [Empty Folder] C:\Users\Nhu\Appdata\Local\{328096CD-B283-4D1C-80A2-01559790DA38} Successfully deleted: [Empty Folder] C:\Users\Nhu\Appdata\Local\{4E0FEBAC-4C71-4A71-B55C-EA4B0E24CD4F} Successfully deleted: [Empty Folder] C:\Users\Nhu\Appdata\Local\{4E25D678-FDE1-4E24-9813-C0ED74954318} Successfully deleted: [Empty Folder] C:\Users\Nhu\Appdata\Local\{5013B493-25CC-4FDE-925D-B480F27A92FC} Successfully deleted: [Empty Folder] C:\Users\Nhu\Appdata\Local\{A0DDB101-049B-4D30-A4ED-9D11E2B6166D} Successfully deleted: [Empty Folder] C:\Users\Nhu\Appdata\Local\{D4B13E3C-552B-4746-B0DC-13120E1E1636} Successfully deleted: [Empty Folder] C:\Users\Nhu\Appdata\Local\{EB8846EC-6E47-483F-A534-2FB3C1BED36B} Successfully deleted: [Empty Folder] C:\Users\Nhu\Appdata\Local\{FC6B5EFA-FD33-4CA0-B9C4-3DEAB46E3E6E} Successfully deleted: [Folder] C:\Program Files (x86)\kakao Successfully deleted: [Folder] C:\Program Files (x86)\predm Successfully deleted: [Folder] C:\ProgramData\esellerate Successfully deleted: [Folder] C:\ProgramData\google Successfully deleted: [Folder] C:\ProgramData\thunder network Successfully deleted: [Folder] C:\Users\Nhu\Appdata\Local\crashrpt Successfully deleted: [Folder] C:\Users\Nhu\Appdata\Local\kakao Successfully deleted: [Folder] C:\Users\Nhu\Appdata\LocalLow\company Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\ai_recyclebin Successfully deleted: [Folder] C:\ProgramData\668eeb42f168435c8a12d2a94281c70f Successfully deleted: [Folder] C:\ProgramData\6bb313acbe9e4141ab5954c822b5e4df Successfully deleted: [Folder] C:\ProgramData\bbeab180898245b68c83493cf478acad ~~~ Chrome [C:\Users\Nhu\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Nhu\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Nhu\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Nhu\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 08/22/2015 at 15:42:29.96 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/21/2015 Scan Time: 8:27 AM Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.21.06 Rootkit Database: v2015.08.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Nhu Scan Type: Threat Scan Result: Completed Objects Scanned: 462438 Time Elapsed: 13 hr, 13 min, 7 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 1 PUP.Optional.iDealsShoppingOptimizer.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|jid1-xNAj4KGyf5wyhg@jetpack, C:\Program Files (x86)\Faster Web\faster-web.xpi, Quarantined, [96e4e823e3a8d6600e5869b1679ca060] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Here are the logs. FRST.txt Addition.txt

I started seeing these ad links all around the page on every website. Hope you can help me remove this malware!