Jump to content

vitaum88

Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Murphy, Sorry for the late reply. I was out of town for the week. Find attached both logs! Addition.txt FRST.txt
  2. hey murphy after almost 9 hours scanning, here is the log (i personally thought it would include the name of the files that were cleaned...): 19/02/2019 01:20:05 Files scanned: 882495 Infected files: 3 Cleaned threats: 3 Total scan time 08:24:40 Scan status: Finished
  3. I'm currently running ESET scan. Will post results asap.
  4. Hey Murphy, you're right. Upon searching anything on google, even though the domain is fine (google.com.br), I get some crazy trackers on the URL. Running a TEST SEARCH again, I get the following line on the address bar: https://www.google.com/search?q=test+search&rlz=1C1SQJL_pt-BRBR836BR836&oq=test+search&aqs=chrome.0.69i59j0l5.1648j0j7&sourceid=chrome&ie=UTF-8 From what I've researched, it seems that these are search trackers (the oq=, aqs=, etc) I did the browser clean up as requested on the link you provided (google official support link), but chrome wasn't able to run the malware search routine (check attachment).
  5. Hello Murphy, It seems the last step solved my issue. I've managed to install chrome, I don't see stupid advertisement and there's no redirect to google.ga. Also, upon checking my chrome extensions, these 2 are not there. Would you say the issue is solved?
  6. Hey Adding the fixlog. Gotta have dinner and will leave the Malwarebytes running. Ill attach it ASAP Fixlog.txt
  7. Hey Murphy, I don't see the code box with the code.
  8. Hey Murphy, Thanks for your help. Unfortunately, I'm still having some issues. I'm providing a few screen captures (attached) so you can see what I mean. Google redirection -> I typed "test search". Firstly the address bar tried to reach out to Google.com.br (Brazilian domain for Google) correctly, because I live here in Brazil. But when the page finally ran, the result came in Google.ga (Gabon, a totally different country in another continent, in Africa). - files google brasil and google gabon Upon visiting YouTube, for example, you can see that first it loads the "correct" advertisers on top (such as Coca-Cola's promo video). Then after a few seconds it refreshes and delivers those stupid ads (Viagra ads, scam sites for "easy money online", and the "Aura Ad" banner on the top-right corner). - files normal yt ads and dumb yt ads I try to download Chrome off of regular Google, but It keeps redirecting me to the Gabon website. And finally, upon running the installer, it says it could not connect to the internet. - files chrome installer and chrome download I do have Avira installed, but even after clicking it the interface won't open... This makes me wonder if there is some routing virus that I'm experiencing... Something that won't let me reach certain DNS or webpages, or deny access to my anti-virus software. Also the ad delivery is just blatant wrong. No matter what pages I open or websites I visit, I only get Viagra and the R$1900,00 / week scam website. Did you get the whole picture now?
  9. Hey! Here we go? Fix result of Farbar Recovery Scan Tool (x64) Version: 17.02.2019 Ran by victor.avdias (17-02-2019 14:12:00) Run:2 Running from C:\Users\victor.avdias\Desktop\recovery Loaded Profiles: victor.avdias (Available Profiles: victor.avdias) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: 2019-02-16 10:24 - 2019-02-16 15:58 - 000000000 ____D C:\Users\victor.avdias\AppData\Local\{01801827-6513-4a10-9443-a405dbafb4d3} CustomCLSID: HKU\S-1-5-21-1137961632-259276873-1674078284-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\victor.avdias\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll => No File CustomCLSID: HKU\S-1-5-21-1137961632-259276873-1674078284-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\victor.avdias\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll => No File ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File Task: {1A998079-7B99-4A48-9A32-79173B014453} - System32\Tasks\bkuhAoSJcXQpTtpNWuU => C:\Users\victor.avdias\AppData\Local\Temp\tJyta0VvB\oiuwertmnasgbkj.exe Task: {80891717-F5B0-4ABB-B528-02CD33D63ED4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {9AC66348-1D98-4E4B-904A-3130532A985B} - System32\Tasks\bkusGeDCEFIcvBdOSlJ => C:\Users\victor.avdias\AppData\Local\Temp\rqzzelkpath\oiuwertmnasgbkj.exe Task: {D35DCFAF-4425-4CAB-A4F9-E5EABECE31CA} - \goloader1 -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\bkuhAoSJcXQpTtpNWuU.job => C:\Users\victor.avdias\AppData\Local\Temp\tJyta0VvB\oiuwertmnasgbkj.exed/comm we /adp YNLR9YNLR5UMLR1APLR6KOLR9GOLR0NNLR6SNLR0SNLR2XMLR2YOLR3RNLR6JOLR4ZNLR4UOLR2WOLR6ZNLR2 C:\Users\victor.avdias\AppData\Local\Temp\tJyta0VvBLAPTOPVICTOR\victor.avd Task: C:\WINDOWS\Tasks\bkusGeDCEFIcvBdOSlJ.job => C:\Users\victor.avdias\AppData\Local\Temp\rqzzelkpath\oiuwertmnasgbkj.exed/comm we /adp YMLR0QNLR6EPLR7APLR2DNLR4MNLR9UNLR6LNLR3DPLR7WOLR9DNLR3SNLR8WNLR4BNLR2JOLR3RNLR8ONLR4 C:\Users\victor.avdias\AppData\Local\Temp\rqzzelkpathLAPTOPVICTOR\victor.avd VirusTotal: C:\Users\victor.avd FirewallRules: [UDP Query User{EA456565-E953-46D9-96CD-D23B9FAC3152}D:\gcantixit\gclauncher.new.exe] => (Allow) D:\gcantixit\gclauncher.new.exe No File FirewallRules: [TCP Query User{07DE9FC4-5E5A-4655-9D92-A251ED9804C6}D:\gcantixit\gclauncher.new.exe] => (Allow) D:\gcantixit\gclauncher.new.exe No File FirewallRules: [UDP Query User{5FF5AD42-939A-45DA-86EC-80F4B49831E0}C:\users\victor.avdias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\victor.avdias\appdata\roaming\spotify\spotify.exe No File FirewallRules: [TCP Query User{019538BE-A126-4B75-A9FB-DC371C4666F8}C:\users\victor.avdias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\victor.avdias\appdata\roaming\spotify\spotify.exe No File FirewallRules: [UDP Query User{4CD4645C-9D96-4BB8-84CF-5C4258B25E1A}C:\users\victor.avdias\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\victor.avdias\appdata\roaming\spotify\spotify.exe No File FirewallRules: [TCP Query User{7B479F83-2CE4-4CEB-B25F-4FD8139271CC}C:\users\victor.avdias\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\victor.avdias\appdata\roaming\spotify\spotify.exe No File FirewallRules: [{63D34267-4874-4C04-8715-3C7C71A7059E}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe No File FirewallRules: [{D5C919B1-DD4E-4095-A3BD-027838F7F71D}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe No File FirewallRules: [{BDA0E642-4672-410B-8371-48D693DB79A8}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [{EFAB59CB-916E-46B4-9C2A-BCC8AD72A85C}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [{06ACD42F-9DCA-4E38-A8C2-EFC7B635C648}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe No File FirewallRules: [{7F8A8F64-311D-4DD0-BB70-C2949DC6C37D}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe No File FirewallRules: [{B73ECC35-4CBE-43CA-B52C-8FBFC7125AAF}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [{2A3197A4-32EB-4C20-B4CD-29B2637BC18D}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [{7189BB17-7687-48EA-B554-0AF84B9C0AE1}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [{B7305920-6EBE-4C59-B31A-3B882EF3AE22}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [{4674792F-3556-4CC9-A385-3DBD14D61E0D}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [{6878256F-D676-4484-8945-E334C89B3995}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe No File FirewallRules: [{ADDD66D9-DB90-4486-8334-794E05E89FB8}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe No File FirewallRules: [{36E45D9D-B42C-4EE0-9159-242BF95B87EE}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [{922CB223-7EBD-433E-A21C-5EBD7EFC37E8}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [{8B564AAC-FA5A-4718-9D27-BA5B70B4F0B7}] => (Allow) d:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe No File FirewallRules: [{66D6460D-BCE6-4A45-92A5-CF3FC2747CF1}] => (Allow) d:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe No File FirewallRules: [{24A24EC5-5B1E-454F-B6AF-1D6615E98743}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [{5EE35ED8-E215-4805-A3E3-AEE173DC5FEC}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [{E241F745-19E0-40ED-AC45-C64F72C750E6}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [{8F8F8B93-7BBD-4F5D-AAAC-7C31E510460D}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [{36A13E40-46A8-4BC4-B5BB-3482B39989A2}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe No File FirewallRules: [UDP Query User{F6B030F4-F9D7-4387-A879-0405F41C9A7A}D:\program files (x86)\electronic arts\dead space\dead space.exe] => (Allow) D:\program files (x86)\electronic arts\dead space\dead space.exe No File FirewallRules: [TCP Query User{831645EB-0329-4598-BCA4-9CE5B66B8842}D:\program files (x86)\electronic arts\dead space\dead space.exe] => (Allow) D:\program files (x86)\electronic arts\dead space\dead space.exe No File FirewallRules: [{2BC13282-4776-4190-AB51-AF0C3253DE16}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File FirewallRules: [{04887266-C004-437E-B459-F9222B03A739}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File FirewallRules: [{BB559364-178B-45D9-8CC4-11F75016490A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File FirewallRules: [{A83C1F77-79F8-42DB-BEB6-3D076A9B861F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File FirewallRules: [{6560914F-F048-4C98-BA16-1E936B357C98}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe No File FirewallRules: [{C7543C50-5037-4185-9A57-D035EF908A2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe No File FirewallRules: [{A32C0716-3C5C-4EDA-8F75-D519C9C4598F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe No File FirewallRules: [{B2E143F2-F8A4-40A1-8C69-0BA09AEB0F59}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe No File FirewallRules: [{8A2C36C0-A151-4A7D-9F71-6471CD22DA57}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe No File FirewallRules: [{C193B8B8-B1CD-4CA4-BDE0-130D6B248242}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe No File FirewallRules: [{3A8A38D5-72FF-4078-A8B9-5D19A87663DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File FirewallRules: [{1D5BE10F-19BB-44C8-8441-2C5C233E7348}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File FirewallRules: [{AFCDDF1C-D2E5-4791-B563-2E94819C2CE1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe No File FirewallRules: [{35E64F80-55EA-4BE9-B0B7-2012EF3E487E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe No File FirewallRules: [{4ABDC258-E1CB-4899-9F39-DE755B8CDC3F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File FirewallRules: [{F370076F-2951-4158-93EA-7B5A763FCB47}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File FirewallRules: [{E57B439B-BC76-4041-8BF6-75D2F6D233A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe No File FirewallRules: [{0D5FF9FD-F978-4457-928E-11C2F83E2C62}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe No File FirewallRules: [{4F219C29-AED5-405C-AEFB-D088C412D89C}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe No File FirewallRules: [{051288DA-A1B3-45F0-9DD5-8B566E9A71D8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe No File FirewallRules: [{8EC2E6A3-67D0-46DC-B47D-73A5FA7CA9EC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe No File FirewallRules: [{E9EBEB30-53DB-43EE-BE98-8CC06C44CF93}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe No File FirewallRules: [{2914E838-2CAD-448E-93FB-9D1DDA75F37C}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe No File FirewallRules: [{85FDC0DC-C090-4F85-AEEB-18162F7565D2}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe No File FirewallRules: [{F9AA6261-9104-4B75-87BA-F2957A054EAB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EasyAntiCheat\EasyAntiCheat.exe No File FirewallRules: [{2F333577-E3AA-46BD-BF0D-B4C1D56DBC0B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EasyAntiCheat\EasyAntiCheat.exe No File FirewallRules: [TCP Query User{056DD655-47AC-4E3D-ACEC-FCA0CAC4EB43}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe No File FirewallRules: [UDP Query User{BB246DED-9D6D-495F-967B-533C38E2F032}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe No File FirewallRules: [{B869FD31-D289-4DA9-8C80-97256646F9F5}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe No File FirewallRules: [{2D22DE02-C41D-4655-A277-8B2D65621BA7}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe No File FirewallRules: [{73B3127F-74F4-40F3-8904-2C47F2585CAA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{CC70935D-EB57-4A59-AF57-BD800DC2B458}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{E4349180-BD0D-465F-A4E4-ABF292A34538}] => (Allow) C:\Program Files (x86)\Steam2\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{4DC2B4AD-AE84-4ED9-B0F3-5AA7B2729090}] => (Allow) C:\Program Files (x86)\Steam2\bin\cef\cef.win7\steamwebhelper.exe No File ***************** Restore point was successfully created. Processes closed successfully. "C:\Users\victor.avdias\AppData\Local\{01801827-6513-4a10-9443-a405dbafb4d3}" => not found HKU\S-1-5-21-1137961632-259276873-1674078284-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000} => removed successfully HKU\S-1-5-21-1137961632-259276873-1674078284-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000} => removed successfully HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BB FlashBack 2 => removed successfully HKLM\Software\Classes\CLSID\{A8065B9E-193F-4797-B62D-8F6321E7FCCB} => not found HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\QuickShare => removed successfully HKLM\Software\Classes\CLSID\{A8065B9E-193F-4797-B62D-8F6321E7FCCB} => not found HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A998079-7B99-4A48-9A32-79173B014453}" => not found "C:\WINDOWS\System32\Tasks\bkuhAoSJcXQpTtpNWuU" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bkuhAoSJcXQpTtpNWuU" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80891717-F5B0-4ABB-B528-02CD33D63ED4}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80891717-F5B0-4ABB-B528-02CD33D63ED4}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AC66348-1D98-4E4B-904A-3130532A985B}" => not found "C:\WINDOWS\System32\Tasks\bkusGeDCEFIcvBdOSlJ" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bkusGeDCEFIcvBdOSlJ" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D35DCFAF-4425-4CAB-A4F9-E5EABECE31CA}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D35DCFAF-4425-4CAB-A4F9-E5EABECE31CA}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\goloader1" => removed successfully "C:\WINDOWS\Tasks\bkuhAoSJcXQpTtpNWuU.job" => not found "C:\WINDOWS\Tasks\bkusGeDCEFIcvBdOSlJ.job" => not found "VirusTotal: C:\Users\victor.avd" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EA456565-E953-46D9-96CD-D23B9FAC3152}D:\gcantixit\gclauncher.new.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{07DE9FC4-5E5A-4655-9D92-A251ED9804C6}D:\gcantixit\gclauncher.new.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5FF5AD42-939A-45DA-86EC-80F4B49831E0}C:\users\victor.avdias\appdata\roaming\spotify\spotify.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{019538BE-A126-4B75-A9FB-DC371C4666F8}C:\users\victor.avdias\appdata\roaming\spotify\spotify.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4CD4645C-9D96-4BB8-84CF-5C4258B25E1A}C:\users\victor.avdias\appdata\roaming\spotify\spotify.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7B479F83-2CE4-4CEB-B25F-4FD8139271CC}C:\users\victor.avdias\appdata\roaming\spotify\spotify.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63D34267-4874-4C04-8715-3C7C71A7059E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5C919B1-DD4E-4095-A3BD-027838F7F71D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BDA0E642-4672-410B-8371-48D693DB79A8}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EFAB59CB-916E-46B4-9C2A-BCC8AD72A85C}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06ACD42F-9DCA-4E38-A8C2-EFC7B635C648}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F8A8F64-311D-4DD0-BB70-C2949DC6C37D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B73ECC35-4CBE-43CA-B52C-8FBFC7125AAF}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A3197A4-32EB-4C20-B4CD-29B2637BC18D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7189BB17-7687-48EA-B554-0AF84B9C0AE1}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7305920-6EBE-4C59-B31A-3B882EF3AE22}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4674792F-3556-4CC9-A385-3DBD14D61E0D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6878256F-D676-4484-8945-E334C89B3995}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADDD66D9-DB90-4486-8334-794E05E89FB8}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36E45D9D-B42C-4EE0-9159-242BF95B87EE}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{922CB223-7EBD-433E-A21C-5EBD7EFC37E8}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B564AAC-FA5A-4718-9D27-BA5B70B4F0B7}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66D6460D-BCE6-4A45-92A5-CF3FC2747CF1}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24A24EC5-5B1E-454F-B6AF-1D6615E98743}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5EE35ED8-E215-4805-A3E3-AEE173DC5FEC}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E241F745-19E0-40ED-AC45-C64F72C750E6}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8F8F8B93-7BBD-4F5D-AAAC-7C31E510460D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36A13E40-46A8-4BC4-B5BB-3482B39989A2}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F6B030F4-F9D7-4387-A879-0405F41C9A7A}D:\program files (x86)\electronic arts\dead space\dead space.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{831645EB-0329-4598-BCA4-9CE5B66B8842}D:\program files (x86)\electronic arts\dead space\dead space.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2BC13282-4776-4190-AB51-AF0C3253DE16}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{04887266-C004-437E-B459-F9222B03A739}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB559364-178B-45D9-8CC4-11F75016490A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A83C1F77-79F8-42DB-BEB6-3D076A9B861F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6560914F-F048-4C98-BA16-1E936B357C98}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7543C50-5037-4185-9A57-D035EF908A2E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A32C0716-3C5C-4EDA-8F75-D519C9C4598F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2E143F2-F8A4-40A1-8C69-0BA09AEB0F59}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A2C36C0-A151-4A7D-9F71-6471CD22DA57}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C193B8B8-B1CD-4CA4-BDE0-130D6B248242}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A8A38D5-72FF-4078-A8B9-5D19A87663DA}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D5BE10F-19BB-44C8-8441-2C5C233E7348}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AFCDDF1C-D2E5-4791-B563-2E94819C2CE1}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35E64F80-55EA-4BE9-B0B7-2012EF3E487E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4ABDC258-E1CB-4899-9F39-DE755B8CDC3F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F370076F-2951-4158-93EA-7B5A763FCB47}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E57B439B-BC76-4041-8BF6-75D2F6D233A6}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D5FF9FD-F978-4457-928E-11C2F83E2C62}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F219C29-AED5-405C-AEFB-D088C412D89C}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{051288DA-A1B3-45F0-9DD5-8B566E9A71D8}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8EC2E6A3-67D0-46DC-B47D-73A5FA7CA9EC}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9EBEB30-53DB-43EE-BE98-8CC06C44CF93}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2914E838-2CAD-448E-93FB-9D1DDA75F37C}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85FDC0DC-C090-4F85-AEEB-18162F7565D2}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9AA6261-9104-4B75-87BA-F2957A054EAB}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F333577-E3AA-46BD-BF0D-B4C1D56DBC0B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{056DD655-47AC-4E3D-ACEC-FCA0CAC4EB43}C:\program files\java\jre1.8.0_45\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BB246DED-9D6D-495F-967B-533C38E2F032}C:\program files\java\jre1.8.0_45\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B869FD31-D289-4DA9-8C80-97256646F9F5}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D22DE02-C41D-4655-A277-8B2D65621BA7}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73B3127F-74F4-40F3-8904-2C47F2585CAA}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC70935D-EB57-4A59-AF57-BD800DC2B458}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4349180-BD0D-465F-A4E4-ABF292A34538}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4DC2B4AD-AE84-4ED9-B0F3-5AA7B2729090}" => removed successfully The system needed a reboot. ==== End of Fixlog 14:13:11 ====
  10. Hi friend, Here we go? # ------------------------------- # Malwarebytes AdwCleaner 7.2.7.0 # ------------------------------- # Build: 01-30-2019 # Database: 2019-02-15.6 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 02-17-2019 # Duration: 00:00:04 # OS: Windows 10 Home Single Language # Cleaned: 16 # Failed: 2 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files (x86)\OSTotoSoft ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\Tasks\BKUSGEDCEFICVBDOSLJ.JOB Deleted C:\Windows\Tasks\BKUHAOSJCXQPTTPNWUU.JOB Deleted C:\Windows\System32\Tasks\BKUSGEDCEFICVBDOSLJ Deleted C:\Windows\System32\Tasks\BKUHAOSJCXQPTTPNWUU ***** [ Registry ] ***** Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\EventSvc Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AC66348-1D98-4E4B-904A-3130532A985B} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AC66348-1D98-4E4B-904A-3130532A985B} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bkusGeDCEFIcvBdOSlJ Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A998079-7B99-4A48-9A32-79173B014453} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A998079-7B99-4A48-9A32-79173B014453} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bkuhAoSJcXQpTtpNWuU Deleted HKCU\Software\OSTotoSoft Deleted HKLM\Software\Wow6432Node\OSTotoSoft Deleted HKCU\Software\OneSystemCare Deleted HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} ***** [ Chromium (and derivatives) ] ***** Not Deleted Managera Not Deleted Extutil ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [3794 octets] - [04/05/2018 16:58:52] AdwCleaner[C00].txt - [3623 octets] - [04/05/2018 16:59:43] AdwCleaner[S01].txt - [2946 octets] - [17/02/2019 13:43:51] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ########## I see 2 lines on chrome weren`t fixed. haha Any more steps?
  11. Hello Murphy, Good morning! Thanks for your reply. Find attached the Fixlog.txt file. What are the next steps? Fixlog.txt
  12. Hello all, Earlier today I mistakenly installed some unknown piece of software which resulted in the infection of several Trojan and Adware files on my PC. The files were being generated everywhere, in random folders with random names upon startup and chrome would be opening new tabs indefinitely. By using Malwarebytes without internet connection it seemed that I had managed to fix this issue. The logs were coming with zero threats. However, when browsing YouTube and other sites via Chrome I seemed to get some unfamiliar behavior/ads. I checked my extensions and removed one I did not recognize (chrome_filter). Then I noticed two things: my Google page was "google.ga" (from Gabon), and when I actually searched for anything the address bar would change to my-search.com/"whatever term I searched her". Thus, I tried to reinstall chrome using MS Edge. On edge I'm getting some ads with "Aura" written on their bottom (which I searched online and seems to be malware-related) and I'm also getting Google.ga in there, but no "my-search" redirection. There are some empty popups that appear which I blocked. I tried reinstalling chrome anyway and I got an error saying that the chrome installer couldn't connect to Google's network and suggested I checked my firewalls. Finally, I've just run Malwarebytes again with Rootkit and inside archives options turned on and I got the attached log - I quarantined the 4 infected files. I'm also attaching FRTS log with the "addition.txt" file. Any help? Thanks in advance log.txt Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.