Jump to content

Need help - Malware removal

thomsen99
 Share

Recommended Posts

thomsen99

thomsen99

Posted
Posted

""My English might not be the best""

Hi out there.

A few days ago some random websites randomly apeared in a new tab, even if I was at a legit site like Facebook etc. I downloaded Malwarebytes and ran a FULL scan, but nothing was found. I searched among a lot of other forums, and found the following programs that could fix my problem - Adwcleaner,  Junkware removal Tool and rkill.

One of the forums said that I should run it the following order - Malwarebytes (updated), rkil, Adwcleaner, Junkware removal tool.

Malwarebytes found nothing, rkill found stuff like hku, hkcu and hkcu64, so did the remaining programs.  I need some fast response. I will post the LOGfile in the comments

Link to post
Share on other sites
thomsen99

thomsen99

Posted
  • Author
Posted
RKILL LOG
Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 03/22/2017 10:20:46 PM in x64 mode.
Windows Version: Windows 10 Home
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * C:\Users\mikke\Desktop\vibrance.GUI.exe (PID: 6752) [UP-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * No issues found.
Checking Windows Service Integrity:
 * agp440 [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
Searching for Missing Digital Signatures:
 * No issues found.
Checking HOSTS File:
 * No issues found.
Program finished at: 03/22/2017 10:21:26 PM
Execution time: 0 hours(s), 0 minute(s), and 40 seconds(s)
----------------------------------------------------------------------------------------------------------
ADWCLEANER LOG
# AdwCleaner v6.044 - Logfile created 22/03/2017 at 21:32:57
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-20.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : mikke - DESKTOP-FLA43L5
# Running from : C:\Users\mikke\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
No malicious services found.

***** [ Folders ] *****
No malicious folders found.

***** [ Files ] *****
No malicious files found.

***** [ DLL ] *****
No malicious DLLs found.

***** [ WMI ] *****
No malicious keys found.

***** [ Shortcuts ] *****
No infected shortcut found.

***** [ Scheduled Tasks ] *****
No malicious task found.

***** [ Registry ] *****
Data Found:  HKU\S-1-5-21-1456912111-4289891692-176724528-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid=%7B46F4C246-8173-4F0E-AB81-AB81A97A777A%7D&mid=ea022b737bfd47cd
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid=%7B46F4C246-8173-4F0E-AB81-AB81A97A777A%7D&mid=ea022b737bfd47cdbcb835b1da92c267-5f10e26fbefa74614d234163aaf4
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid=%7B46F4C246-8173-4F0E-AB81-AB81A97A777A%7D&mid=ea022b737bfd47cdbcb835b1da92c267-5f10e26fbefa74614d234163aa
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\keytweak.en.softo
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\keytweak.en.softonic
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\keytweak.en.sof
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\keytweak.en.softon
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com

***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [5884 Bytes] - [21/03/2017 22:09:19]
C:\AdwCleaner\AdwCleaner[C2].txt - [2889 Bytes] - [21/03/2017 23:37:26]
C:\AdwCleaner\AdwCleaner[S0].txt - [6143 Bytes] - [21/03/2017 22:07:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [2938 Bytes] - [21/03/2017 23:36:10]
C:\AdwCleaner\AdwCleaner[S2].txt - [3773 Bytes] - [22/03/2017 21:32:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3846 Bytes] ##########
----------------------------------------------------------------------------------------------------------
ADWCLEANER cleanerLOG
# AdwCleaner v6.044 - Logfile created 22/03/2017 at 21:38:24
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-20.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : mikke - DESKTOP-FLA43L5
# Running from : C:\Users\mikke\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
 
***** [ Folders ] *****
 
***** [ Files ] *****
 
***** [ DLL ] *****
 
***** [ WMI ] *****
 
***** [ Shortcuts ] *****
 
***** [ Scheduled Tasks ] *****
 
***** [ Registry ] *****
[-] Data restored: HKU\S-1-5-21-1456912111-4289891692-176724528-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\keytweak.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\keytweak.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\keytweak.en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\keytweak.en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com

***** [ Web browsers ] *****
 
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [5884 Bytes] - [21/03/2017 22:09:19]
C:\AdwCleaner\AdwCleaner[C2].txt - [2889 Bytes] - [21/03/2017 23:37:26]
C:\AdwCleaner\AdwCleaner[C3].txt - [3196 Bytes] - [22/03/2017 21:38:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [6143 Bytes] - [21/03/2017 22:07:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [2938 Bytes] - [21/03/2017 23:36:10]
C:\AdwCleaner\AdwCleaner[S2].txt - [3949 Bytes] - [22/03/2017 21:32:57]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [3488 Bytes] ##########
----------------------------------------------------------------------------------------------------------
 
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.