Jump to content

Spigot infection :(


BritAngie
 Share

Recommended Posts

Hi,

 

I think I have been infected with Spigot and yesterday removed the addons from my browsers and sorted out the search engines. However reading further I've realised this little blighter is a bit more tenacious and there are registry entries and all sorts left by it. I've run this evening malwarebytes as instructed and quarantined. Also run Farbar and am attaching the two logs as requested to see what else I need to do to evict this nasty.

 

Many thanks

 

Angie

 

---------------------------

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Threat Scan with Malwarebytes

Start Malwarebytes 2.0..........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Hi,

 

Have backed up,set restore point, rescanned with malwarebytes the roguekiller as instructed. I've attached the logs from malwarebytes from yesterday(where I quarantined everything before I posted on here) and todays rescan. I've also attached the roguekiller log aswell as pasted it below.

 

Many thanks

 

Angie

 

 

 

RogueKiller V9.2.9.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : https://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Medion 3 [Admin rights]
Mode : Scan -- Date : 09/06/2014  19:02:41

¤¤¤ Bad processes : 10 ¤¤¤
[suspicious.Path] mf_watch.exe -- C:\Users\Medion 3\AppData\Local\MediaFire Desktop\mf_watch.exe[7] -> KILLED [TermProc]
[suspicious.Path] mf_hub.exe -- C:\Users\Medion 3\AppData\Local\MediaFire Desktop\mf_hub.exe[7] -> KILLED [TermThr]
[suspicious.Path] mf_interface.exe -- C:\Users\Medion 3\AppData\Local\MediaFire Desktop\mf_interface.exe[7] -> KILLED [TermThr]
[suspicious.Path] MediaFire Desktop.exe -- C:\Users\Medion 3\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe[7] ->

KILLED [TermThr]
[suspicious.Path] mf_filetransfer.exe -- C:\Users\Medion 3\AppData\Local\MediaFire Desktop\mf_filetransfer.exe[7] -> KILLED

[TermThr]
[suspicious.Path] mf_browser.exe -- C:\Users\Medion 3\AppData\Local\MediaFire Desktop\mf_browser.exe[7] -> KILLED [TermThr]
[suspicious.Path] mf_central_control.exe -- C:\Users\Medion 3\AppData\Local\MediaFire Desktop\mf_central_control.exe[7] ->

KILLED [TermThr]
[suspicious.Path] mf_monitor.exe -- C:\Users\Medion 3\AppData\Local\MediaFire Desktop\mf_monitor.exe[7] -> KILLED [TermThr]
[suspicious.Path] mf_dialogs.exe -- C:\Users\Medion 3\AppData\Local\MediaFire Desktop\mf_dialogs.exe[7] -> KILLED [TermThr]
[suspicious.Path] (SVC) MF NTFS Monitor -- C:\Users\MEDION~1\AppData\Local\MEDIAF~1\MFUSNM~1.EXE[7] -> STOPPED

¤¤¤ Registry Entries : 18 ¤¤¤
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4098235457-1201339195-3905214510-1000\Software\Microsoft\Windows

\CurrentVersion\Run | MediaFire Tray : C:\Users\Medion 3\AppData\Local\MediaFire Desktop\mf_watch.exe  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4098235457-1201339195-3905214510-1000\Software\Microsoft\Windows

\CurrentVersion\Run | MediaFire Tray : C:\Users\Medion 3\AppData\Local\MediaFire Desktop\mf_watch.exe  -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MF NTFS Monitor -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MF NTFS Monitor -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MF NTFS Monitor -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100

194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100

194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100

194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30924113-C70C-4A09-

92FC-A1E12B183665} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{30924113-C70C-4A09-

92FC-A1E12B183665} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{30924113-C70C-4A09-

92FC-A1E12B183665} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.StartMenu] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun :

0  -> FOUND
[PUM.StartMenu] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |

Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[RegVal.Brok] (X64) HKEY_CLASSES_ROOT\.exe\shell\open\command |  : No Data  ->
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4098235457-1201339195-3905214510-1000\Software\Microsoft\Internet Explorer

\Main | Search Page : www.google.com  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4098235457-1201339195-3905214510-1000\Software\Microsoft\Internet Explorer

\Main | Search Page : www.google.com  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] x9lvrlk0.default : user_pref("browser.startup.homepage", "about:home"); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1500DL003-9VT16L +++++
--- User ---
[MBR] 902b28c1987fcd1353aff08a52a576f5
[bSP] a2659a317bc448857be83fe6cb8a5575 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1378473 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -1471647744 | Size: 51200 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): -1366790144 | Size: 1024 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Multiple Card  Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

5th scan log.txt

6th scan log.txt

prot log 5th.txt

RKreport_SCN_09062014_190241.log

Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • [color-red]Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    =========================

    Please download AdwCleaner from HERE or HERE to your desktop.

    • Double click on AdwCleaner.exe to run the tool.

      Vista/Windows 7/8 users right-click and select Run As Administrator

    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    Please run a Threat Scan

    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

    Same for PUM (Potentially Unwanted Modifications)

    Quarantine All that's found

    MrC

Link to post
Share on other sites

Adwcleaner log after scan and reboot as requested. :)

 

# AdwCleaner v3.309 - Report created 07/09/2014 at 10:32:42
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Medion 3 - MEDION3-PC
# Running from : C:\Users\Medion 3\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\adawaretb
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Search Protection
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\TidyNetwork
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Users\Medion 3\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\q8kjunlk.default\adawaretb
Folder Deleted : C:\Users\Medion 3\AppData\Roaming\Mozilla\Firefox\Profiles\x9lvrlk0.default\adawaretb
Folder Deleted : C:\Users\Medion 3\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh
Folder Deleted : C:\Users\Medion 3\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
File Deleted : C:\Users\Medion 3\AppData\Roaming\Mozilla\Firefox\Profiles\x9lvrlk0.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\adawaretb
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\q8kjunlk.default\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");

[ File : C:\Users\Medion 3\AppData\Roaming\Mozilla\Firefox\Profiles\x9lvrlk0.default\prefs.js ]

Line Deleted : user_pref("extensions.helperbar.BackPageActive", true);
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 23261633);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", true);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.helperbar.backPageCapacity", 3);
Line Deleted : user_pref("extensions.helperbar.backPageCounter", 0);
Line Deleted : user_pref("extensions.helperbar.backPageDay", 24);
Line Deleted : user_pref("extensions.helperbar.backPageLastEvent", "1395524844621");
Line Deleted : user_pref("extensions.helperbar.backPageMinInterval", 15);
Line Deleted : user_pref("extensions.helperbar.barcodeid", "126842");
Line Deleted : user_pref("extensions.helperbar.countryiso", "gb");
Line Deleted : user_pref("extensions.helperbar.fromautoupdate", "false");
Line Deleted : user_pref("extensions.helperbar.installationid", "c9d3f7cb-c097-7b4f-0dec-b82170d1d444");
Line Deleted : user_pref("extensions.helperbar.installdate", "24/03/2014");
Line Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1395697644");
Line Deleted : user_pref("extensions.helperbar.lastExternalJsUpdate", "1395697649625");

-\\ Google Chrome v37.0.2062.103

[ File : C:\Users\Medion 3\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Extension] : lpoimibckejjdjcfbdnajaicnklhfplh
Deleted [Extension] : oejkcgajlodefenbbjdnaiahmbnnoole

*************************

AdwCleaner[R0].txt - [6510 octets] - [07/09/2014 10:29:39]
AdwCleaner[s0].txt - [6503 octets] - [07/09/2014 10:32:42]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6563 octets] ##########
 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Medion 3 on 07/09/2014 at 10:46:43.51

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{0080D9F2-8893-45F2-A24B-D8C199F4578F}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{01EC0AB4-B53E-4936-AC62-37372E977B53}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{02FA30BF-FCD9-4C56-A351-C1F279C334A3}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{0CEE0C4F-1464-40E1-9719-DCCC4D7CC3DB}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{11517D59-1270-475E-AE0A-42FF1BFFB596}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{189293A2-D3C3-4ACC-8A50-71583E97FF68}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{2C888E6F-1A32-4C52-ABE6-95EAD042F25B}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{2DB04ADC-ED78-4978-80FC-F8125F4D15B8}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{340E1B9F-BBDC-4E6D-B4DC-28B60D991D3F}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{39D60675-899E-40DD-A2C4-A5BE9B8D6F2B}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{45B71245-105B-40FF-85E9-7DF072B76A0B}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{48953A83-8C65-47CB-82D8-340D1701168D}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{5641AAEC-394A-4EBB-9B89-0BF5FD292215}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{567A5360-4D07-442A-8C77-907CD6E162AC}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{5BCD9BB0-370E-4D1B-8F93-0E7694F3B645}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{663B9B59-BCBB-4B25-9E90-3669E17A9185}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{68DE9871-5E56-414C-840D-6503F94C0CF5}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{6DFC61B1-B014-453A-B33A-F2838A8D11CC}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{6F9E683C-DC84-4204-80FB-A0E9287F228F}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{779550A2-45F8-4693-87EC-1A03873C8DA0}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{888E6C29-2D97-4564-83A2-988D58DC04F6}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{B10F7136-B906-41B0-B328-FEE8113C3D6A}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{BBFC33F3-B646-4468-86B0-7873E6441EE9}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{BE9777A2-5A61-481D-B0F4-36E7EF1D6A3F}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{C32BEDDC-7445-4AE4-B10E-22A6601CB14D}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{C6C5B87D-F3ED-4E1E-B799-BD10782F4D3F}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{C8540D16-8CF4-415F-998B-604DD5A2C87D}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{C90141D9-DCF4-4C52-AC70-2DB41DAC58B9}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{D8D682B4-A3EA-425B-9239-2DF98C39B743}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{DCA86781-8F59-4794-A773-C7E906A9DC3D}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{DF8ECC89-7A19-4DD3-9DA7-301A5173EE0A}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{E32DBC4D-FF9D-46BB-93F8-3AF4DDBD4558}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{E5172A68-1FAE-415B-9836-F653E6B1011E}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{E75D8D27-FDDA-4336-BC2B-8B7BB938D170}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{E7729C94-3F0E-4646-B2B4-ED14A59952FA}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{E848408D-78AE-4041-8E1F-B2A8C7875A6E}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{E8E13F35-F961-41F2-A4C1-86AAE9634F5B}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{F2C4E32A-13AA-4A16-9C60-52F94685AD2A}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{F74C7042-2E7E-4428-BDB0-6AF6C63550D4}

Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{FE59D377-735A-40B0-AF17-7AADF194ACC3}

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Medion 3\AppData\Roaming\mozilla\firefox\profiles\x9lvrlk0.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

Emptied folder: C:\Users\Medion 3\AppData\Roaming\mozilla\firefox\profiles\x9lvrlk0.default\minidumps [387 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 07/09/2014 at 10:52:06.08

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Medion 3 on 07/09/2014 at 10:46:43.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{0080D9F2-8893-45F2-A24B-D8C199F4578F}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{01EC0AB4-B53E-4936-AC62-37372E977B53}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{02FA30BF-FCD9-4C56-A351-C1F279C334A3}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{0CEE0C4F-1464-40E1-9719-DCCC4D7CC3DB}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{11517D59-1270-475E-AE0A-42FF1BFFB596}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{189293A2-D3C3-4ACC-8A50-71583E97FF68}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{2C888E6F-1A32-4C52-ABE6-95EAD042F25B}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{2DB04ADC-ED78-4978-80FC-F8125F4D15B8}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{340E1B9F-BBDC-4E6D-B4DC-28B60D991D3F}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{39D60675-899E-40DD-A2C4-A5BE9B8D6F2B}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{45B71245-105B-40FF-85E9-7DF072B76A0B}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{48953A83-8C65-47CB-82D8-340D1701168D}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{5641AAEC-394A-4EBB-9B89-0BF5FD292215}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{567A5360-4D07-442A-8C77-907CD6E162AC}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{5BCD9BB0-370E-4D1B-8F93-0E7694F3B645}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{663B9B59-BCBB-4B25-9E90-3669E17A9185}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{68DE9871-5E56-414C-840D-6503F94C0CF5}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{6DFC61B1-B014-453A-B33A-F2838A8D11CC}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{6F9E683C-DC84-4204-80FB-A0E9287F228F}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{779550A2-45F8-4693-87EC-1A03873C8DA0}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{888E6C29-2D97-4564-83A2-988D58DC04F6}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{B10F7136-B906-41B0-B328-FEE8113C3D6A}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{BBFC33F3-B646-4468-86B0-7873E6441EE9}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{BE9777A2-5A61-481D-B0F4-36E7EF1D6A3F}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{C32BEDDC-7445-4AE4-B10E-22A6601CB14D}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{C6C5B87D-F3ED-4E1E-B799-BD10782F4D3F}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{C8540D16-8CF4-415F-998B-604DD5A2C87D}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{C90141D9-DCF4-4C52-AC70-2DB41DAC58B9}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{D8D682B4-A3EA-425B-9239-2DF98C39B743}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{DCA86781-8F59-4794-A773-C7E906A9DC3D}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{DF8ECC89-7A19-4DD3-9DA7-301A5173EE0A}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{E32DBC4D-FF9D-46BB-93F8-3AF4DDBD4558}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{E5172A68-1FAE-415B-9836-F653E6B1011E}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{E75D8D27-FDDA-4336-BC2B-8B7BB938D170}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{E7729C94-3F0E-4646-B2B4-ED14A59952FA}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{E848408D-78AE-4041-8E1F-B2A8C7875A6E}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{E8E13F35-F961-41F2-A4C1-86AAE9634F5B}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{F2C4E32A-13AA-4A16-9C60-52F94685AD2A}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{F74C7042-2E7E-4428-BDB0-6AF6C63550D4}
Successfully deleted: [Empty Folder] C:\Users\Medion 3\appdata\local\{FE59D377-735A-40B0-AF17-7AADF194ACC3}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Medion 3\AppData\Roaming\mozilla\firefox\profiles\x9lvrlk0.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Emptied folder: C:\Users\Medion 3\AppData\Roaming\mozilla\firefox\profiles\x9lvrlk0.default\minidumps [387 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/09/2014 at 10:52:06.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Good! If there's no other problems......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Kaspersky Internet Security   
Lavasoft Ad-Aware             
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Java 6 Update 35  
 Java 7 Update 67  
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (31.0)
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Ad-Aware Antivirus AdAwareService.exe   
 Ad-Aware Antivirus SBAMSvc.exe   
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


====================

Java™ 6 Update 35 <----please uninstall this version if possible. (it may already have been uninstalled)

====================

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.