dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Dec 12, 2014 22:33:35 GMT -8
While Poweliks is broken for sure I'm not sure it is gone. Please run the following scans: FIRST >>>>Read Slowly and all of it.If you still have a Addition.txt log file on your desktop, please delete it now. Start FRST64 that is on your Desktop by right clicking and selecting "Run as Administrator". The tool will start to run. When the tool opens click Yes to disclaimer. (if it does) Select Additional.txt in the Optional Scans section of FRST64. Press Scan button. It will make two logs ( FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. ( Ask if you don't know how to do either of these). Notes:
If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file. Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com or filedropper.com to upload the file and then post the download link here in your reply post. SECOND >>>> Read carefullyDownload Adwcleaner from here to your desktop and run a scan. You may have to right click adwcleaner.exe and choose "Run as Administrator" from the menu. (Click the Scan button to start the scanning). It will create a log after it is finished scanning. If not (or if it just asks for you to uncheck what you don't wanted deleted), there is a Report button in the middle of the main window; click that and it will make the log file. Once the report file is made, you can leave AdwCleaner running (but don't delete anything yet) or you can close it down (we can always get a fresh scan done before the deletions). ONE SCAN ONLY, PLEASEAttach or paste the log back here for review and further instructions. Thanks.
|
|
sgtr
New Helpee
Posts: 17
|
Post by sgtr on Dec 13, 2014 10:35:27 GMT -8
|
|
sgtr
New Helpee
Posts: 17
|
Post by sgtr on Dec 13, 2014 10:49:12 GMT -8
Here is the log from Adwcleaner.
# AdwCleaner v4.105 - Report created 13/12/2014 at 13:36:11 # Updated 08/12/2014 by Xplode # Database : 2014-12-13.4 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Eric - ERIC-PC # Running from : C:\Users\Eric\Desktop\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\END File Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage File Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal File Found : C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk File Found : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk Folder Found : C:\Program Files (x86)\Bench Folder Found : C:\Program Files (x86)\ValueApps Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\ValueApps Folder Found : C:\ProgramData\Websteroids Folder Found : C:\Users\Amber Marie\AppData\Roaming\ValueApps Folder Found : C:\Users\Eric\AppData\Local\PackageAware Folder Found : C:\Users\Eric\AppData\Local\Temp\AskSearch Folder Found : C:\Users\Eric\AppData\Roaming\PerformerSoft Folder Found : C:\Users\Guest\AppData\Local\torch Folder Found : C:\Users\Guest\AppData\Roaming\24x7 help Folder Found : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch Folder Found : C:\Users\Guest\AppData\Roaming\PCFixSpeed Folder Found : C:\Windows\SysWOW64\WNLT
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\filescout Key Found : HKCU\Software\torch Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\filescout Key Found : [x64] HKCU\Software\torch Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Found : HKLM\SOFTWARE\Bench Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps Key Found : HKLM\SOFTWARE\PIP Key Found : HKLM\SOFTWARE\torch Key Found : HKLM\SOFTWARE\Video Converter Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v39.0.2171.95
[C:\Users\Amber Marie\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo [C:\Users\Amber Marie\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg [C:\Users\Amber Marie\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl [C:\Users\Amber Marie\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej [C:\Users\Amber Marie\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl [C:\Users\Amber Marie\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc [C:\Users\Amber Marie\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lcnnhcneegeeojhgpfijnlnocjdmlaon [C:\Users\Amber Marie\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : geggofhlfbcmanadhknllmlajiafopoh [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [4125 octets] - [13/12/2014 13:36:11]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4185 octets] ##########
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Dec 13, 2014 12:17:49 GMT -8
FIRSTPlease run AdwCleaner again (if you don't have it running from the last scan) and a) Click the Scan Button and wait for the scan to finish, (If Adwcleaner has been left open at the finish of the scan this is already done). b) Make sure in your case all the items under each TAB are ticked / checked then. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted. d) It should create a new log afterwards (with S0 in the name). e) Please attach or copy the log into your reply here. SECONDMalwarebytes' Anti-MalwarePlease start Malwarebytes Anti-Malware from either the Start Menu shortcut or the desktop shortcut (if you have one). When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link Once the program has loaded and updated, select " Scan Now >>" to start the scan. The scan may take some time to finish, so please be patient. If any malware is found, you will be presented with a screen like the one below. Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop). After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that. Please attach the report file to a post here; I will review the file and script what needs to be removed.
|
|
sgtr
New Helpee
Posts: 17
|
Post by sgtr on Dec 13, 2014 14:55:45 GMT -8
Here is the AdwCleaner file. Running Malwarebytes now. Thanks.
|
|
sgtr
New Helpee
Posts: 17
|
Post by sgtr on Dec 14, 2014 8:17:26 GMT -8
Here is the Malwarebytes log.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Dec 14, 2014 9:16:39 GMT -8
This next step may take a while (just to warn you) ..... ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier. You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control key and click on the following link to open ESET OnlineScan in a new window. Link =>> ESET Online Scanner << Click the Run ESET Online Scanner located on the left side of the page (not the free trial). For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step) Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop. Double click on the icon on your desktop. Check (accept) the Terms of Use. Click the START button. Accept any security warnings from your browser. Now in the Computer scan settings window that appears:- Make sure that the option Enable detection of potentially unwanted applications is selected. Now click on Advanced Settings and configure the options as follows: Remove found threats is Not checkedScan archives is checkedScan for potentially unsafe applications is checkedEnable Anti-Stealth Technology is checkedNow click on: StartESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats. At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry). Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish. Attach the saved log file in your next reply please. Thanks.
|
|
sgtr
New Helpee
Posts: 17
|
Post by sgtr on Dec 17, 2014 3:27:38 GMT -8
Ran the application as requested. Here is the log file.
Thanks,
Eric
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Dec 18, 2014 17:54:48 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script file that is attached by right clicking on it and selecting "Save Target As..." or "Save Link As ...." (depends on the browser you are using). Please make sure that the file type is set as Text File and the files name is Fixlist.txt , have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work properly for FRST.
The script tells FRST64 what to do.
Start FRST64 that is on the desktop by right clicking on file and selecting "Run as Administrator..."
When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait. The script will be processed and your system restarted to complete the removal / breakage of the malware.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
|
|
sgtr
New Helpee
Posts: 17
|
Post by sgtr on Dec 20, 2014 13:41:11 GMT -8
Thanks and attached is the log file.
Please let me know if we're done and good to go.
Eric
|
|