Jump to content

pops up adware


Recommended Posts

Hi cpocholo, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

  • Step #1 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Option and put a tick mark on everything;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
    • Copy and Paste the contents of this log in your reply.

  • Step #2 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click on mbam-setup-version-number.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
      • Navigate to the Settings tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.

Post a fresh FRST scan log.


  • Required Log(s):
    • AdwCleaner Log
    • Malwarebytes' Anti-Malware Log
    • FRST Scan Log (New{/i])
Regards,

Valinorum

Link to post
Share on other sites


HERE IS THE ADWCLEANER LOG

 

 

 

# AdwCleaner v5.015 - Logfile created 29/10/2015 at 06:20:23

# Updated 26/10/2015 by Xplode

# Database : 2015-10-26.2 [server]

# Operating system : Windows 7 Ultimate  (x86)

# Username : Pocholo - POCHOLO-PC

# Running from : C:\Users\Pocholo\Downloads\adwcleaner_5.015.exe

# Option : Cleaning


 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

 

***** [ Files ] *****

 

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com

[-] [C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com

 

*************************

 

:: Proxy settings cleared

:: Winsock settings cleared

:: TCP/IP settings cleared

:: Firewall settings cleared

:: IPSec settings cleared

:: BITS queue cleared

:: Chrome policies deleted

 

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1036 bytes] ##########

 

Link to post
Share on other sites

HERE IS THE MALWAREBYTES LOG

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/29/2015

Scan Time: 6:46 AM

Logfile: MALWARE.txt

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.10.28.02

Rootkit Database: v2015.10.23.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7

CPU: x86

File System: NTFS

User: Pocholo

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 310141

Time Elapsed: 12 min, 9 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-10-2015 02

Ran by Pocholo (administrator) on POCHOLO-PC (29-10-2015 06:46:49)

Running from C:\Users\Pocholo\Downloads

Loaded Profiles: Pocholo &  (Available Profiles: Pocholo)

Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)

Internet Explorer Version 8 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKU\S-1-5-21-1243576578-3494730903-3224598209-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-10-21] (SUPERAntiSpyware)

HKU\S-1-5-21-1243576578-3494730903-3224598209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-10-21] (SUPERAntiSpyware)

BootExecute: autocheck autochk * sdnclean.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{20A3354F-6CC5-4023-8959-A7373639936E}: [NameServer] 208.67.222.222,208.67.220.220

Tcpip\..\Interfaces\{20A3354F-6CC5-4023-8959-A7373639936E}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKU\S-1-5-21-1243576578-3494730903-3224598209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = gogoanime.com

HKU\S-1-5-21-1243576578-3494730903-3224598209-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp

HKU\S-1-5-21-1243576578-3494730903-3224598209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = gogoanime.com

HKU\S-1-5-21-1243576578-3494730903-3224598209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp

 

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-18] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-18] (Google Inc.)

 

Chrome: 

=======

CHR Profile: C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-18]

CHR Extension: (Google Docs) - C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-18]

CHR Extension: (Google Drive) - C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (YouTube) - C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18]

CHR Extension: (Google Search) - C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]

CHR Extension: (Tampermonkey) - C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-10-20]

CHR Extension: (SmarterPassword) - C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahdkacgpocedihpehmmhbcadaaacdmf [2015-10-24]

CHR Extension: (Google Sheets) - C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-18]

CHR Extension: (Google Docs Offline) - C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-19]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-18]

CHR Extension: (Gmail) - C:\Users\Pocholo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-18]

CHR HKU\S-1-5-21-1243576578-3494730903-3224598209-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-1243576578-3494730903-3224598209-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-10-22] (SurfRight B.V.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 eapihdrv; C:\Users\Pocholo\AppData\Local\Temp\ehdrv.sys [135760 2015-10-28] (ESET)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-10-29] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-29 06:46 - 2015-10-29 06:47 - 00008020 _____ C:\Users\Pocholo\Downloads\FRST.txt

2015-10-29 06:23 - 2015-10-29 06:26 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-10-29 06:22 - 2015-10-29 06:22 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-10-29 06:22 - 2015-10-29 06:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-10-29 06:22 - 2015-10-29 06:22 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2015-10-29 06:22 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-10-29 06:22 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-10-29 06:22 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2015-10-29 06:16 - 2015-10-29 06:20 - 00000000 ____D C:\AdwCleaner

2015-10-29 06:15 - 2015-10-29 06:15 - 01694208 _____ C:\Users\Pocholo\Downloads\adwcleaner_5.015.exe

2015-10-29 00:53 - 2015-10-29 06:46 - 00000000 ____D C:\FRST

2015-10-29 00:52 - 2015-10-29 00:52 - 01701376 _____ (Farbar) C:\Users\Pocholo\Downloads\FRST.exe

2015-10-28 13:51 - 2015-10-28 13:51 - 00000000 ____D C:\Program Files\ESET

2015-10-28 13:50 - 2015-10-28 13:50 - 02870984 _____ (ESET) C:\Users\Pocholo\Downloads\esetsmartinstaller_enu.exe

2015-10-28 13:34 - 2015-10-28 13:35 - 01801288 _____ (Malwarebytes) C:\Users\Pocholo\Downloads\JRT.exe

2015-10-28 13:24 - 2015-10-28 13:24 - 00000000 ____D C:\Windows\ERDNT

2015-10-28 13:23 - 2015-10-28 13:23 - 00000898 _____ C:\Users\Pocholo\Desktop\NTREGOPT.lnk

2015-10-28 13:23 - 2015-10-28 13:23 - 00000879 _____ C:\Users\Pocholo\Desktop\ERUNT.lnk

2015-10-28 13:23 - 2015-10-28 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\erunt

2015-10-28 13:23 - 2015-10-28 13:23 - 00000000 ____D C:\Program Files\ERUNT

2015-10-28 13:15 - 2015-10-28 13:15 - 00791393 _____ (Lars Hederer ) C:\Users\Pocholo\Downloads\erunt-setup.exe

2015-10-28 13:12 - 2015-10-28 13:13 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Pocholo\Downloads\rkill.exe

2015-10-28 05:20 - 2015-10-29 06:21 - 00000784 _____ C:\Windows\setupact.log

2015-10-28 05:20 - 2015-10-28 05:20 - 00000354 _____ C:\Windows\PFRO.log

2015-10-28 05:20 - 2015-10-28 05:20 - 00000000 _____ C:\Windows\setuperr.log

2015-10-28 04:45 - 2015-10-28 04:45 - 00000288 _____ C:\Users\Pocholo\Documents\cc_20151028_044517.reg

2015-10-28 04:45 - 2015-10-28 04:45 - 00000180 _____ C:\Users\Pocholo\Documents\cc_20151028_044529.reg

2015-10-27 22:59 - 2015-10-27 23:00 - 00000000 ___HD C:\Program Files\Temp

2015-10-27 22:59 - 2015-10-27 22:59 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2015-10-27 22:59 - 2015-10-27 22:59 - 00000000 ____D C:\Program Files\Realtek

2015-10-27 22:59 - 2014-10-23 17:34 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll

2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Intel

2015-10-27 16:34 - 2015-10-27 16:34 - 00000000 ____D C:\Windows\pss

2015-10-27 04:11 - 2015-10-27 04:11 - 00000000 ____D C:\Users\Nikko\AppData\Roaming\Apple Computer

2015-10-27 04:10 - 2015-10-27 04:10 - 00001417 _____ C:\Users\Nikko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-10-27 04:10 - 2015-10-27 04:10 - 00000020 ___SH C:\Users\Nikko\ntuser.ini

2015-10-27 04:10 - 2015-10-27 04:10 - 00000000 ____D C:\Users\Nikko\AppData\Local\VirtualStore

2015-10-27 04:10 - 2015-10-27 04:10 - 00000000 ____D C:\Users\Nikko\AppData\Local\Google

2015-10-27 04:10 - 2015-10-27 04:10 - 00000000 ____D C:\Users\Nikko

2015-10-27 04:10 - 2009-07-13 21:42 - 00000000 ___RD C:\Users\Nikko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-10-27 04:10 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Nikko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-10-25 13:49 - 2015-10-29 00:59 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e6c163d8-d52b-4f8c-971d-79741c668e28.job

2015-10-25 13:49 - 2015-10-28 02:00 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c3eda460-696f-466a-b51c-a76c737e0f9b.job

2015-10-24 21:35 - 2015-10-24 21:36 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\Pocholo\Downloads\procexp.exe

2015-10-24 21:32 - 2015-10-29 06:24 - 00081671 _____ C:\Windows\WindowsUpdate.log

2015-10-24 21:29 - 2015-10-24 21:29 - 00000079 _____ C:\Windows\wininit.ini

2015-10-24 20:56 - 2015-10-24 20:56 - 00000000 ____D C:\Program Files\Common Files\AV

2015-10-24 20:46 - 2015-10-24 21:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2015-10-24 20:45 - 2015-10-24 21:29 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2

2015-10-24 20:36 - 2015-10-24 20:37 - 01186640 _____ C:\Users\Pocholo\Downloads\ProcessExplorer.zip

2015-10-24 13:35 - 2015-10-24 13:35 - 00000000 ____D C:\Users\Pocholo\.android

2015-10-24 11:55 - 2015-10-24 11:59 - 22908888 _____ (Malwarebytes ) C:\Users\Pocholo\Downloads\mbam-setup-2.2.0.1024.exe

2015-10-22 23:01 - 2015-10-22 23:01 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe

2015-10-22 22:54 - 2015-10-22 23:02 - 00155400 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll

2015-10-22 22:54 - 2015-10-22 23:02 - 00000000 ____D C:\ProgramData\HitmanPro

2015-10-22 22:54 - 2015-10-22 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2015-10-22 22:54 - 2015-10-22 22:54 - 00000000 ____D C:\Program Files\HitmanPro

2015-10-21 23:10 - 2015-10-21 23:10 - 00000000 ____H C:\Users\Pocholo\Documents\Default.rdp

2015-10-21 15:31 - 2015-10-21 15:31 - 00000000 ____D C:\ProgramData\VIPRE

2015-10-21 15:31 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys

2015-10-21 15:06 - 2014-01-22 07:34 - 00044424 _____ (GFI Software) C:\Windows\system32\sbbd.exe

2015-10-20 23:03 - 2015-10-20 23:03 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk

2015-10-20 15:22 - 2015-10-20 15:23 - 00000000 ____D C:\Users\Pocholo\AppData\Roaming\Apple Computer

2015-10-20 15:22 - 2015-10-20 15:22 - 00000000 ____D C:\Users\Pocholo\AppData\Local\Apple Computer

2015-10-20 15:21 - 2015-10-20 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-10-20 15:21 - 2015-10-20 23:03 - 00000000 ____D C:\Program Files\iTunes

2015-10-20 15:21 - 2015-10-20 15:21 - 00000000 ____D C:\ProgramData\Apple Computer

2015-10-20 15:21 - 2015-10-20 15:21 - 00000000 ____D C:\Program Files\iPod

2015-10-20 15:20 - 2015-10-20 15:20 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2015-10-20 15:20 - 2015-10-20 15:20 - 00000000 ____D C:\Users\Pocholo\AppData\Local\Apple

2015-10-20 15:20 - 2015-10-20 15:20 - 00000000 ____D C:\Program Files\Bonjour

2015-10-20 15:20 - 2015-10-20 15:20 - 00000000 ____D C:\Program Files\Apple Software Update

2015-10-20 15:19 - 2015-10-20 15:21 - 00000000 ____D C:\Program Files\Common Files\Apple

2015-10-20 15:19 - 2015-10-20 15:20 - 00000000 ____D C:\ProgramData\Apple

2015-10-20 15:17 - 2015-10-20 15:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2015-10-19 22:47 - 2015-10-19 22:47 - 00000000 ____D C:\Users\Pocholo\AppData\Roaming\WinRAR

2015-10-19 22:46 - 2015-10-19 22:46 - 00000000 ____D C:\Users\Pocholo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-10-19 22:46 - 2015-10-19 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-10-19 22:45 - 2015-10-19 22:46 - 00000000 ____D C:\Program Files\WinRAR

2015-10-19 17:05 - 2015-10-19 17:05 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-10-19 16:59 - 2015-10-19 16:59 - 00000000 ____D C:\Users\Pocholo\AppData\Roaming\SUPERAntiSpyware.com

2015-10-19 16:58 - 2015-10-25 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2015-10-19 16:58 - 2015-10-21 16:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2015-10-19 16:58 - 2015-10-19 16:58 - 00001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

2015-10-19 16:58 - 2015-10-19 16:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2015-10-19 08:54 - 2015-10-19 08:54 - 00000000 ____D C:\Users\Pocholo\AppData\Local\Apps\2.0

2015-10-19 08:54 - 2015-10-18 17:56 - 00000000 ____D C:\Users\Pocholo\AppData\Local\Deployment

2015-10-19 08:52 - 2015-10-29 06:26 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI

2015-10-19 02:14 - 2015-10-19 17:03 - 00000000 ____D C:\Windows\Panther

2015-10-19 01:26 - 2015-10-19 01:26 - 00057560 _____ C:\Users\Pocholo\AppData\Local\GDIPFONTCACHEV1.DAT

2015-10-19 01:23 - 2015-10-24 13:35 - 00000000 ____D C:\Users\Pocholo

2015-10-19 01:23 - 2015-10-19 01:23 - 00001417 _____ C:\Users\Pocholo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-10-19 01:23 - 2015-10-19 01:23 - 00000020 ___SH C:\Users\Pocholo\ntuser.ini

2015-10-19 01:23 - 2015-10-19 01:23 - 00000000 ____D C:\Users\Pocholo\AppData\Local\VirtualStore

2015-10-19 01:23 - 2009-07-13 21:42 - 00000000 ___RD C:\Users\Pocholo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-10-19 01:23 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Pocholo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-10-19 01:21 - 2015-10-19 01:21 - 00000000 __SHD C:\Recovery

2015-10-19 01:18 - 2015-10-19 01:18 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

2015-10-19 01:18 - 2015-10-19 01:18 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

2015-10-19 01:16 - 2015-10-19 01:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2015-10-18 18:17 - 2015-06-23 13:27 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-10-18 18:03 - 2015-10-23 22:08 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-10-18 18:03 - 2015-10-18 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-10-18 17:56 - 2015-10-29 06:21 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-18 17:56 - 2015-10-29 06:01 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-18 17:56 - 2015-10-19 11:16 - 00000000 ____D C:\Users\Pocholo\AppData\Local\Google

2015-10-18 17:56 - 2015-10-18 18:03 - 00000000 ____D C:\Program Files\Google

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-29 06:21 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-10-28 11:23 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\NDF

2015-10-28 10:09 - 2009-07-13 21:34 - 00009776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-10-28 10:09 - 2009-07-13 21:34 - 00009776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-10-28 02:44 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system

2015-10-24 14:47 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET

2015-10-24 14:34 - 2009-07-13 19:37 - 00000000 __RHD C:\Users\Public\Libraries

2015-10-21 23:01 - 2009-07-14 00:48 - 00000000 ___RD C:\Users\Public\Recorded TV

2015-10-21 13:28 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\LiveKernelReports

2015-10-20 14:25 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\LogFiles

2015-10-19 02:14 - 2009-07-13 21:57 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG

2015-10-19 02:14 - 2009-07-13 21:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template

2015-10-19 01:26 - 2009-07-13 21:52 - 00000000 ____D C:\Windows\system32\restore

2015-10-19 01:26 - 2009-07-13 16:40 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll

2015-10-19 01:26 - 2009-07-13 16:36 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll

2015-10-19 01:26 - 2009-07-13 16:24 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

2015-10-19 01:19 - 2009-07-13 21:33 - 00266808 _____ C:\Windows\system32\FNTCACHE.DAT

2015-10-19 01:18 - 2009-07-13 21:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-10-19 01:18 - 2009-07-13 19:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-10-19 01:15 - 2009-07-14 00:49 - 00000000 ____D C:\Windows\CSC

 

Some files in TEMP:

====================

C:\Users\Pocholo\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-10-22 17:53

 

==================== End of FRST.txt ============================

Link to post
Share on other sites

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.


♣ Removal of Tools and Quarantined Files ♣


Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.

  • Cleanup with Delfix

    Please download DelFix by Xplode to your Desktop.

    Download Link

    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply

♣ Prevention and Future Guidelines ♣


Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.

  • Keep Windows up-to-date.

    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.

  • Run antivirus software and keep it up-to-date, too.

    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!

  • Keep your web browser plugins and other programs updated also.

    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.

  • Watch out for new threat named CryptoLocker

    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.

    How to prevent your computer from becoming infected by CryptoLocker.

  • And last of all, surf smart.

    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article How Did I Get Infected in the First Place? and Keep Your Computer Safe Online.

Regards,

Valinorum

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.