ad.directrev and others... I'm desperate.

[ona_to_zna]

Ok, I uninstalled both by add/remove programs.

 

Fixlog.txt

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-01-2014

Ran by MajaSanja at 2014-01-08 14:36:34 Run:2

Running from C:\Users\MajaSanja\Desktop\New folder

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Task: {10CDAB2A-324B-4961-B8CA-69E3BD427E9A} - System32\Tasks\{639D2D06-BE91-4CFA-BA42-2D3A462E5F0D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2010-10-11] (Skype Technologies S.A.)

C:\Program Files (x86)\Skype

 

*****************

 

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key not found.

"C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx" => File/Directory not found.

HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key not found.

HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.

HKCR\Wow6432Node\PROTOCOLS\Handler\skype-ie-addon-data => Key not found.

HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.

HKCR\Wow6432Node\PROTOCOLS\Handler\skype4com => Key not found.

HKCR\Wow6432Node\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10CDAB2A-324B-4961-B8CA-69E3BD427E9A} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10CDAB2A-324B-4961-B8CA-69E3BD427E9A} => Key deleted successfully.

C:\Windows\System32\Tasks\{639D2D06-BE91-4CFA-BA42-2D3A462E5F0D} => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{639D2D06-BE91-4CFA-BA42-2D3A462E5F0D} => Key deleted successfully.

"C:\Program Files (x86)\Skype" => File/Directory not found.

 

==== End of Fixlog ====

 

 

 

As for TCPView, thank you. When we are done, I'll create a new topic there. 

[ona_to_zna]

Almost forgot, I ran TFC, cleaned out the temp files, and rebooted.

[MrCharlie]

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If needed you can always reset Chrome:

Reset Chrome:

https://support.google.com/chrome/answer/3296214?hl=en

MrC

[ona_to_zna]

checkup.txt

 

 

 Results of screen317's Security Check version 0.99.78  

 Windows 7  x64 (UAC is disabled!)  

 Out of date service pack!! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 6 Update 17  

 Java version out of Date! 

 Adobe Flash Player 10 Flash Player out of Date! 

 Adobe Flash Player 11.7.700.224  

 Adobe Reader 9 Adobe Reader out of Date! 

 Mozilla Firefox (26.0) 

 Google Chrome 31.0.1650.63  

 Google Chrome 32.0.1700.72  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials msseces.exe 

 Windows Defender MSMpEng.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Microsoft Security Client Antimalware MsMpEng.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 Microsoft Security Client Antimalware NisSrv.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

[MrCharlie]

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java™ 6 Update 17 <---please uninstall from your add/remove programs

Java version out of Date! <-------Download and install the latest version (Java™ 7 Update 45) from Here. Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

---------------------------------

Adobe Flash Player 10 Flash Player out of Date! <---please uninstall

Adobe Flash Player 11.7.700.224
Flash Player:
Check for an update if available

--------------------------------

Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[ona_to_zna]

Ok... Here's what I did -

 

 

 

Uninstalled Java 6 update 17

Downloaded and installed the latest version (Java™ 7 Update 45)    

Uninstalled Adobe Flash Player 10 Flash Player

No update available for Adobe Flash Player 11.7.700.224 
Adobe Reader 9 Adobe Reader - downloaded Foxit reader, will uninstall adobe and install Foxit. 
I didn't download or use Combofix, but thanks anyway. 

As for OTC, it cleaned a little, the rest I will delete myself, if I can find it. For e.g. can't seem to find either RKreport.txt or

RK_Quarantine folder. Typed RK in 'find', from 'startt', but it only finds - RKreport[0]_S_01072014_144000, 

says it's in C:\Users\MajaSanja\AppData\Roaming\Microsoft\Windows\Recent Items, but the 'App Data' folder doesn't seem to 

exist where it should. :/ And when I right click and go to properties for the same thing, it doesn't open the General tab, just the 

shortcut tab, under 'target' it says that it's in C:\Users\MajaSanja\Desktop\RKreport[0]_S_01072014_144000.txt, but there is no such thing on my desktop - and, when I try to open the 'General' tab, it opens a window that says 'The name 'C:\Users\MajaSanja\Desktop\RKreport[0]_S_01072014_144000.txt' specified in the target Box is not valid. Make sure the path and file name are correct.'. Now, I know that RKreport[0] refers to the RogueKiller, but I don't know what all that means, where it is, how to find it, or delete it. There are also some other things that appear to be in the 'non-existant' AppData folder... 

 

And one more thing, and if you think that you've had enough of me - let me know, and I'll post another topic - suddenly, when looking for the AppData, I noticed that I have three 'users'. Only I don't, This much I know for certain - because this is the route that I 'go through' for Google Chrome downloads - I always go through the 'Users' folder - and there were always, ALWAYS only two other folders inside, 'users' - 'MajaSanja', and 'Public'. Now, all of a sudden, I've got 'Updatususer' - with the same little 'lock' picture on the icon as on the 'MajaSanja' folder - which is apparently entirely empty, even though the 'properties' say its about 50MB. Inside, in the desktop is the icon for PhotoScape, a program that I know I have on my computer. So, is this a problem, or not? Can programs create 'users'? Who can? 

Again, I'm really sorry to bother you so much, but, since we're here, I thought I'd check. I've gone -ware paranoid... 

[MrCharlie]

The latest flash player is 11.9.900.170 

 

-----------------

The files/folder from RogueKiller are located on your desktop. (RK_Quarantine, RogueKiller.exe, RKreport[0]_S_01082014_173615.txt)

Try going to Start > Run > Desktop > Enter

 

--------------------------

You have to enable hidden files to see some W7 folders:
http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

 

-----------------------

I use XP pro so I can't answer you questions on users.
Ask that question Here:
https://forums.malwarebytes.org/index.php?showforum=6
or Here:
http://www.geekstogo.com/forum/forum/79-windows-vista-and-windows-7/

MrC

[ona_to_zna]

Yes, I've seen that - but here's what the site says when I click on download in the bottom of the page 
 

Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available.

To download the Adobe® Flash® Player system plug-in, click here. For instructions on how to enable it, click here.

Do you have a different operating system or browser?

To learn more about the enhanced support for Flash Player in Chrome, including information for developers, see this TechNote.

I thought that means that there is no update available. So, what do I do?

[ona_to_zna]

Oh, and I forgot - there is nothing left on my desktop - I deleted it all. This C:\Users\MajaSanja\AppData\Roaming\Microsoft\Windows\Recent  is the location of the RKreport[0]_S_01072014_144000, and some other stuff... Can I delete those? Should I delete those?

[ona_to_zna]

And, lastly, thank you, so much, for your help and an abundance of patience. 
I would be more than happy to donate for your efforts, unfortunately, I don't have PayPal. Is there any other way to do that? 

[MrCharlie]

I thought that means that there is no update available. So, what do I do?

For Chrome, the update is installed when you update Chrome

Any other browser like IE, you have to download and install the update.

 

---------------------

Oh, and I forgot - there is nothing left on my desktop - I deleted it all. This C:\Users\MajaSanja\AppData\Roaming\Microsoft\Windows\Recent is the location of the RKreport[0]_S_01072014_144000, and some other stuff... Can I delete those? Should I delete those?

Yes you can

 

---------------------

 

And, lastly, thank you, so much, for your help and an abundance of patience.
I would be more than happy to donate for your efforts, unfortunately, I don't have PayPal. Is there any other way to do that?

As long as you have a credit card you can donate using PayPal.

MrC

[ona_to_zna]

Well, I don't have a credit card... I don't think anybody I know has one. There has to be another way, for e.g. by post, or through the bank or sth like that... Unfortunately, here we are still a little 'backward', credit cards are not very common.

[ona_to_zna]

Besides, how can I ask for someone else's help again, if I know that there is no way for me to compensate them for their time... There has to be another way. 

[MrCharlie]

The help is free.

MrC

[ona_to_zna]

I know it is. Thank you anyway. You have been very helpful.
The computer is being obedient and meek (a rarity, I tell you). Still, I will open another topic, just for the sake of someone explaining to me what's up with TCPView and my sudden third user. :/ I hope it's alright that I will mention that you have helped me with another issue.
I wish you all the best, and again I thank you. 

[MrCharlie]

Take Care , MrC

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!