|
Post by jmpauter on Nov 1, 2014 10:59:43 GMT -8
Everything seems normal as of now, here's the report/log file from AdwCleaner:
# AdwCleaner v3.311 - Report created 01/11/2014 at 13:54:27 # Updated 30/09/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Joel - JOEL-PC # Running from : C:\Users\Joel\Desktop\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Program Files (x86)\FinalTorrent Folder Found : C:\ProgramData\apn Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalTorrent Folder Found : C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Joel\AppData\Roaming\FinalTorrent
***** [ Scheduled Tasks ] *****
Task Found : FinalTorrent Update Checker
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Bitberry Key Found : HKCU\Software\Bitberry Software Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457} Key Found : HKCU\Software\MyWiki Key Found : HKCU\Software\YahooPartnerToolbar Key Found : HKCU\Software\Zugo Key Found : [x64] HKCU\Software\Bitberry Key Found : [x64] HKCU\Software\Bitberry Software Key Found : [x64] HKCU\Software\InstallCore Key Found : [x64] HKCU\Software\MyWiki Key Found : [x64] HKCU\Software\YahooPartnerToolbar Key Found : [x64] HKCU\Software\Zugo Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : HKLM\SOFTWARE\InstallIQ Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1 Key Found : HKLM\SOFTWARE\MyWiki Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
[ File : C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\onfdebfu.default\prefs.js ]
-\\ Google Chrome v38.0.2125.111
[ File : C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [4092 octets] - [01/11/2014 13:54:27]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4152 octets] ##########
|
|
|
Post by jmpauter on Nov 1, 2014 16:19:20 GMT -8
I just noticed something new going on, suddenly I have like 8 instances of Myejypbtenwx.exe running, it says it's Google Chrome, but I haven't used Chrome at all today.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 1, 2014 16:23:50 GMT -8
Hang tight Tracur or a variant of it has decided to appear.
Quads
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 1, 2014 20:24:31 GMT -8
Read Slowly and all of it.If you still have a Addition.txt log file on your desktop, please delete it now. Start FRST64 that is on your Desktop by right clicking and selecting "Run as Administrator". The tool will start to run. When the tool opens click Yes to disclaimer. (if it does) Select Additional.txt in the Optional Scans section of FRST64. Press Scan button. It will make two logs ( FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. ( Ask if you don't know how to do either of these). Notes:
If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file. Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com or filedropper.com to upload the file and then post the download link here in your reply post.
|
|
|
Post by jmpauter on Nov 2, 2014 5:47:54 GMT -8
Should I refrain from even using my computer until these problems are resolved (other than working on this issue with you)?
Here are the requested files:
FRST.txt
Addition.txt
Thanks!
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 2, 2014 19:07:57 GMT -8
It would help; so should this....
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
|
|
|
Post by jmpauter on Nov 2, 2014 20:08:36 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 2, 2014 20:26:03 GMT -8
|
|
|
Post by jmpauter on Nov 2, 2014 20:32:19 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 2, 2014 21:44:11 GMT -8
How is your system running now?
Please run AdwCleaner again (if you don't have it running from the last scan) and
a) Click the Scan Button and wait for the scan to finish, (If Adwcleaner has been left open at the finish of the scan this is already done).
b) Make sure in your case all the items under each TAB are ticked / checked EXCEPT for the following (if they still show up):
***** [ Files / Folders ] ***** Folder Found : C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.
d) It should create a new log afterwards (with S0 in the name).
e) Please attach or copy the log into your reply here.
|
|