Jump to content

Recommended Posts

A couple of days ago I started getting these pop-ups from Malwarebytes saying malicious websites have been blocked.I checked the IP addresses of the blocked websites and they're all from Ecatel LDT from Netherlands.I've run both MBAM and Malwarebytes Anti-Rootkit but no malware has been found.I've attached the Application logs from the past three days since this problem started and Scan logs.

mbam-scan-log-2014-10-30.txtmbam-daily-log-2014-10-30.txtmbam-daily-log-2014-10-31.txtmbam-daily-log-2014-11-01.txt

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

1. Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

2. Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

3. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014

Ran by User (administrator) on INTELDUALCORE on 01-11-2014 20:20:12

Running from C:\Documents and Settings\User\Desktop

Loaded Profiles: User &  (Available profiles: User)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 6

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(The Within Network, LLC) C:\WINDOWS\UnsignedThemesSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(BitTorrent Inc.) C:\Documents and Settings\User\Application Data\uTorrent\uTorrent.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-11-09] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [NCUpdateHelper] => C:\Program Files\NCWest\NCLauncher\NCUpdateHelper.exe

HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM\...\Winlogon: [uIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)

HKU\S-1-5-21-436374069-854245398-1801674531-1003\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-06] (SUPERAntiSpyware)

HKU\S-1-5-21-436374069-854245398-1801674531-1003\...\Run: [Facebook Update] => "C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

HKU\S-1-5-21-436374069-854245398-1801674531-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)

HKU\S-1-5-21-436374069-854245398-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-06] (SUPERAntiSpyware)

HKU\S-1-5-21-436374069-854245398-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => "C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

HKU\S-1-5-21-436374069-854245398-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)

HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Shortcut to rds bd.lnk

ShortcutTarget: Shortcut to rds bd.lnk ->  (No File)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome



SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}

SearchScopes: HKCU - DefaultScope 3AC374FC-8DCB-4AE5-8637-483CDFE8E029 URL = http://searchou.com/q=



SearchScopes: HKCU - 3AC374FC-8DCB-4AE5-8637-483CDFE8E029 URL = http://searchou.com/q=

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}

BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - No Name - {8d3ec233-b92d-4187-a506-284127cfba2d} -  No File

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)

Tcpip\..\Interfaces\{C7262CFB-57EE-41AE-AD87-832E63F51CF0}: [NameServer] 193.231.252.1 213.154.124.1

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\15u5x17j.default

FF DefaultSearchEngine: Google

FF SelectedSearchEngine: Google

FF Homepage: hxxp://google.com/

FF Keyword.URL: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yff27&p=

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\15u5x17j.default\user.js

FF Extension: Avira Browser Safety - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\15u5x17j.default\Extensions\abs@avira.com [2014-10-01]

FF Extension: Big Clock Background - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\15u5x17j.default\Extensions\clocktab@vik.josh.xpi [2014-04-19]

FF Extension: Heartbleed Notifier - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\15u5x17j.default\Extensions\heartbleed@dactyl.googlecode.com.xpi [2014-05-04]

FF Extension: Heartbleed Monitor - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\15u5x17j.default\Extensions\jid1-eMhaOaq3SPBFDg@jetpack.xpi [2014-05-04]

FF Extension: Stylish - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\15u5x17j.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-07-27]

FF Extension: Adblock Plus - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\15u5x17j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-19]

FF Extension: Greasemonkey - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\15u5x17j.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-06-29]

FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default -> "https://www.google.com/"

CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default

CHR Extension: (Duolingo Web) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2013-08-26]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]

CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-09]

CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-09]

CHR Extension: (Chromebleed) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-10]

CHR Extension: (Block site) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2014-03-31]

CHR Extension: (Stylish) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-07-18]

CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-12]

CHR Extension: (XKit) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-07-18]

CHR Extension: (AdBlock) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-25]

CHR Extension: (Cool Clock) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce [2014-04-17]

CHR Extension: (Image Search Options) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl [2013-02-09]

CHR Extension: (New Tab Clock) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ljpapphpgkmigobbbakmnfoohclifanm [2014-04-15]

CHR Extension: (Casey Reas) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nijljpbmaieiejfcgahimekneppldbha [2014-03-16]

CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Duolingo Test Center) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\peghfgbgbdfhiilhefhghjpghgkcbaon [2014-10-22]

CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-09]

CHR HKLM\...\Chrome\Extension: [21fb4c4d-8a40-45e8-9772-565851bb781a] - C:\Program Files\DownTango4SToolbar\chrome\DownTango4SToolbar.crx []

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-14] (SUPERAntiSpyware.com)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]

R2 UnsignedThemes; C:\WINDOWS\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)

R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [100368 2011-10-17] (Advanced Micro Devices)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54232 2014-11-01] (Malwarebytes Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-01] (Malwarebytes Corporation)

S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)

S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [476544 2009-07-17] (Ralink Technology, Corp.)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-02-25] (Avira GmbH)

R2 uxpatch; C:\WINDOWS\system32\drivers\uxpatch.sys [25448 2009-07-13] ()

S3 ALSysIO; \??\C:\DOCUME~1\User\LOCALS~1\Temp\ALSysIO.sys [X]

S4 IntelIde; No ImagePath

U4 vsserv; No ImagePath

S3 vvftav211; system32\drivers\vvftav211.sys [X]

U1 WS2IFSL; No ImagePath

S3 zgwhsdiag; system32\DRIVERS\zgwhsdiag.sys [X]

S3 zgwhsmdm; system32\DRIVERS\zgwhsmdm.sys [X]

S3 zgwhsnmea; system32\DRIVERS\zgwhsnmea.sys [X]

S3 ZSMC30x; System32\Drivers\ZS211.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-01 20:20 - 2014-11-01 20:20 - 00019553 _____ () C:\Documents and Settings\User\Desktop\FRST.txt

2014-11-01 20:20 - 2014-11-01 20:20 - 00000000 ____D () C:\FRST

2014-11-01 20:19 - 2014-11-01 20:19 - 01105920 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe

2014-11-01 19:26 - 2014-11-01 20:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2014-11-01 19:23 - 2014-11-01 20:01 - 00000000 ____D () C:\Documents and Settings\User\Desktop\mbar

2014-11-01 19:23 - 2014-11-01 19:23 - 14349744 _____ (Malwarebytes Corp.) C:\Documents and Settings\User\Desktop\mbar-1.07.0.1012.exe

2014-11-01 19:04 - 2014-11-01 19:04 - 00001851 _____ () C:\Documents and Settings\User\Desktop\Chrome App Launcher.lnk

2014-11-01 19:04 - 2014-11-01 19:04 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\Google Chrome

2014-10-30 14:20 - 2014-10-30 14:20 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-30 09:04 - 2014-10-30 16:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-10-25 21:00 - 2014-10-25 21:01 - 00000000 ____D () C:\Documents and Settings\User\Desktop\1-am

2014-10-25 20:44 - 2009-06-03 11:59 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Natsume Yuujinchou OST

2014-10-25 20:35 - 2014-10-25 20:46 - 00000000 ____D () C:\Documents and Settings\User\Desktop\SVWC-7611

2014-10-25 11:37 - 2014-10-25 23:13 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt

2014-10-25 11:37 - 2014-10-25 11:37 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\TuneUp Software

2014-10-25 11:37 - 2014-10-25 11:37 - 00000000 ____D () C:\Documents and Settings\User\Application Data\TuneUp Software

2014-10-25 11:33 - 2014-10-25 11:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software

2014-10-25 11:33 - 2014-10-25 11:33 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2014-10-25 11:33 - 2014-10-25 11:33 - 00000000 ____D () C:\Documents and Settings\User\Application Data\RHEng

2014-10-25 11:32 - 2014-10-25 11:55 - 00000528 _____ () C:\Documents and Settings\User\Desktop\KMPlayer.lnk

2014-10-25 11:32 - 2014-10-25 11:32 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\The KMPlayer

2014-10-24 15:57 - 2014-10-24 15:57 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Gameforge Live

2014-10-18 16:32 - 2014-10-18 16:32 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-10-18 16:32 - 2014-10-18 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java

2014-10-18 16:32 - 2014-10-18 16:31 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-10-18 16:32 - 2014-10-18 16:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-10-18 16:32 - 2014-10-18 16:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-10-18 16:32 - 2014-10-18 16:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-10-18 16:32 - 2014-10-18 16:31 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-10-18 16:31 - 2014-10-18 16:31 - 00000000 ____D () C:\Program Files\Java

2014-10-14 20:17 - 2014-10-14 20:17 - 00000864 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk

2014-10-11 21:12 - 2014-10-11 21:12 - 05688862 _____ () C:\Documents and Settings\User\My Documents\de la ioana.mp4

2014-10-08 07:38 - 2014-10-08 08:04 - 00000000 ____D () C:\Documents and Settings\User\Desktop\accounts.TIC

2014-10-05 21:39 - 2014-10-05 21:39 - 00000000 ____D () C:\WINDOWS\system32\IPM

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-01 20:20 - 2014-06-07 17:14 - 00000994 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-854245398-1801674531-1003UA.job

2014-11-01 20:20 - 2014-06-07 17:14 - 00000972 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-854245398-1801674531-1003Core.job

2014-11-01 20:20 - 2012-05-09 19:38 - 00000000 ____D () C:\Documents and Settings\User\Application Data\uTorrent

2014-11-01 20:20 - 2012-05-09 12:14 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp

2014-11-01 19:59 - 2012-12-25 12:08 - 00000000 ____D () C:\KMPlayer

2014-11-01 19:59 - 2012-06-08 17:52 - 00007680 __SHC () C:\WINDOWS\Thumbs.db

2014-11-01 19:32 - 2012-05-09 12:34 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-11-01 19:24 - 2014-05-17 12:36 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-11-01 19:23 - 2012-06-13 16:51 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-01 18:26 - 2014-05-17 12:40 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-11-01 15:12 - 2014-09-29 19:52 - 00000000 ____D () C:\Documents and Settings\User\Desktop\school.stuff

2014-11-01 14:31 - 2012-06-13 16:51 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-01 14:31 - 2012-05-09 15:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-11-01 14:31 - 2012-05-09 15:04 - 00000049 _____ () C:\WINDOWS\wiaservc.log

2014-11-01 14:31 - 2012-05-09 12:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-10-31 23:16 - 2014-08-13 23:22 - 00329082 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-436374069-854245398-1801674531-1003-0.dat

2014-10-31 23:16 - 2014-08-12 13:22 - 00329082 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

2014-10-31 23:16 - 2012-05-09 12:29 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt

2014-10-31 23:16 - 2012-05-09 12:14 - 00000278 ___SH () C:\Documents and Settings\User\ntuser.ini

2014-10-31 23:16 - 2012-05-09 12:13 - 00032644 _____ () C:\WINDOWS\SchedLgU.Txt

2014-10-31 23:16 - 2012-05-09 12:09 - 00286225 _____ () C:\WINDOWS\WindowsUpdate.log

2014-10-31 08:04 - 2012-12-26 22:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-10-30 14:20 - 2014-05-17 12:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-30 14:20 - 2014-05-17 12:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-10-30 10:34 - 2012-06-02 20:30 - 00003072 ____H () C:\Documents and Settings\User\My Documents\photothumb.db

2014-10-29 14:17 - 2014-09-03 19:16 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Adobe

2014-10-29 14:17 - 2012-05-09 12:34 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-10-29 14:17 - 2012-05-09 12:34 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-10-27 19:46 - 2012-05-09 15:01 - 01008290 _____ () C:\WINDOWS\setupapi.log

2014-10-27 16:36 - 2012-05-09 12:39 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk

2014-10-26 08:02 - 2012-05-09 15:02 - 00544060 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-10-25 11:42 - 2014-06-24 12:03 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy

2014-10-25 11:42 - 2014-06-24 12:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2014-10-25 11:18 - 2008-04-14 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

2014-10-20 15:40 - 2014-08-31 09:53 - 00000000 ____D () C:\The KMPlayer

2014-10-19 13:02 - 2013-06-29 17:22 - 00000000 ____D () C:\Documents and Settings\User\My Documents\cool

2014-10-19 13:02 - 2012-05-16 16:41 - 06632448 ___SH () C:\Documents and Settings\User\My Documents\Thumbs.db

2014-10-18 15:17 - 2012-06-03 13:01 - 01745920 ___SH () C:\Documents and Settings\User\Desktop\Thumbs.db

2014-10-18 09:47 - 2012-09-23 15:48 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-10-15 21:06 - 2012-10-06 13:38 - 00000000 ___RD () C:\Documents and Settings\User\My Documents\STUFF

2014-10-14 20:17 - 2013-02-25 19:50 - 00000000 ____D () C:\Program Files\Avira

2014-10-14 20:17 - 2013-02-25 19:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira

2014-10-14 20:16 - 2014-08-12 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache

2014-10-14 16:08 - 2012-12-08 14:08 - 00072824 _____ () C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT

2014-10-14 12:40 - 2013-02-25 19:50 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys

2014-10-14 12:40 - 2013-02-25 19:50 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys

2014-10-13 08:34 - 2012-06-03 20:19 - 00034816 ____H () C:\Documents and Settings\User\Desktop\photothumb.db

2014-10-09 18:27 - 2012-06-27 16:02 - 00000000 ____D () C:\WINDOWS\system32\NtmsData

2014-10-05 17:21 - 2013-03-18 23:03 - 00000000 ____D () C:\Documents and Settings\User\My Documents\inspirational

2014-10-05 08:42 - 2014-09-07 14:20 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Anki

 

Files to move or delete:

====================

C:\Documents and Settings\User\jagex_cl_runescape_LIVE.dat

C:\Documents and Settings\User\random.dat

 

 

Some content of TEMP:

====================

C:\Documents and Settings\Crina\Local Settings\Temp\avgnt.exe

C:\Documents and Settings\Crina\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe

C:\Documents and Settings\User\Local Settings\Temp\avgnt.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End Of Log ============================


Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

=================================

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    tds2.jpg

  • Put a checkmark beside loaded modules.

    13040712472913819.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    tds2.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdsskiller_guide_5.gif

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    tdsskiller_guide_3.gif

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

Last:

Clean out temp files:

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

http://www.bleepingcomputer.com/download/tfc/dl/92/

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

MrC

Link to post
Share on other sites

OK...Next:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next.........

Please run a Threat Scan (Malwarebytes)

Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine All that's found

MrC

Link to post
Share on other sites

It's ok now.I haven't got any other pop-ups,so I suppose everything is alright now.

But what exactly happened?Last night before starting the thread the pop-ups just kept coming and coming,with different ip addresses everytime,both inbound and outbound(whatever that means).Was someone trying to access my computer or...?

 

Thank you very much for helping me!

Link to post
Share on other sites

Google Chrome

mbam-protection-log-2014-11-02.txt

Also at the beginning of one of your replies I was advised to uninstall or disable peer-2-peer programs and I chose to fully uninstall it.But after everything settled I figured it was ok to install it again.And while I was using utorrent I realized that I started getting more and more pop-ups.So the problem that I'm having comes from using this program?

Link to post
Share on other sites

And while I was using utorrent I realized that I started getting more and more pop-ups.So the problem that I'm having comes from using this program?

Yes that's possible....try disabling it and see what happens.

Also disable all the extensions in Chrome and see how it is:

Open up Chrome by clicking on the 3 bars in the upper right hand corner.

Then in Chrome go to Tools > > Extensions > Make sure the Developer Mode box is checked in the upper right hand corner > uncheck all the extensions and see if that makes a difference.

MrC

Link to post
Share on other sites

I already disabled utorrent and I didn't get any pop-ups for a while.But just now I went to this news site and I started getting pop-up after pop-up..but it's not the first time I'm visiting that site so why now?Is my computer vulnerable now all of a sudden or what?

I also disabled all the extensions in Chrome,but the only change I've noticed is that it seems to work faster now.

Link to post
Share on other sites

Give this a try:

Delete your Java cache:

https://support.google.com/chrome/answer/95582?hl=en

=====================

Download zoek.exe to your Desktop:

http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here

http://www.bleepingcomputer.com/forums/topic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator

Give it a few seconds to appear

Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

autoclean;

emptyalltemp;

emptyclsid;

chromelook;

Now...

Close any open programs.

Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.

The log is also found on the systemdrive, normally C:\

If a reboot is needed, the log is opened after the reboot.

MrC

Link to post
Share on other sites

A lot of those are inbound (not much you can do about that. A lot of times it's due to the programs that you have installed on your system)

=================================

We can give this a try: (It will check and rerset Chrome to like new)

1. Download and run this tool (Software removal tool), immediately it will start searching for suspicious programs on your computer and then shows a message how many programs it found.

https://www.google.com/chrome/srt/

2. Click ‘Remove suspicious programs ‘and wait for the tool to show ‘removal complete’ message.

3. Click ‘Continue’ to quit the tool (you may be prompted to restart your computer, do so)

4. After that, Chrome will automatically open and asks to reset browser settings, click ‘Reset’.

MrC

Link to post
Share on other sites

That's Good News....if there's no other problems:

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • If you can't post it, attach it
MrC
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.