Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sony vaio laptop infected with malware [Solved]

Malware Baidu

  • This topic is locked This topic is locked

#1
Confused Dave

Confused Dave

    Member

  • Member
  • PipPip
  • 25 posts
Hi I recently installed windows 10 download, also canon zoom browser, canon photo professional. Soon after, the browser started redirecting to unwanted sites. I tried to install various malware removal tools but all installs are interrupted by errors. Kaspersky Internet security says it can't install due to presence of conflicting software ie Baidu antivirus ( which I haven't installed) and I can't find the program to remove it manually.

Any help would be appreciated

Dave
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets see what is showing...

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Hi,

 

Thanks for the response. Requested files attached

 

Attached File  Addition.txt   20.72KB   932 downloadsAttached File  FRST.txt   62.1KB   120 downloads

 

Dave


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK there are two drivers that I will not be able to remove with FRST so I will need to use Malwarebytes for those.

This fix is quite long but it should virtually remove all the malware in one sweep

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [GoogleChromeAutoLaunch_471C568578175D6DF77F6D2460619B03] => C:\Users\Ellen\AppData\Local\Chromium\Application\chrome.exe [659456 2015-06-03] (The Chromium Authors)
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [DeskBar] => C:\Users\Ellen\AppData\Local\DeskBar\dblaunch.exe
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [WindApp] => "C:\Users\Ellen\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [Selection Tools] => "C:\Users\Ellen\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll No File
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
Winsock: Catalog9-x64 17 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M89F0110C-C151-4163-88B6-B1F0CC9B52B7&SearchSource=55&CUI=&UM=8&UP=SP76DD2D66-F056-46FB-9377-96A3F592F73F&D=090815&SSPV=SP30500TA_sp_ie
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_36&cd=2XzuyEtN2Y1L1QzutA0CtDyByBtCyCyCyE0D0Ezy0AyD0F0FtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SzytByBzy0Fzz0B0EtGzz0D0B0FtGyE0BtByBtG0ByEtA0BtG0ByBtA0EyEyCzzyByC0Bzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DzztB0F0C0C0AtG0A0A0EtDtGyE0BtBzztG0A0FtA0AtG0CzytDyE0DzzyD0ByD0CtC0B2QtN0A0LzuyE&cr=1365513339&ir=
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> DefaultScope {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www-searching.com/search.aspx?s=F98zbwybl002,16e48174-861d-40fc-a252-76eb3e60302e&site=shyosie&prd=set&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M89F0110C-C151-4163-88B6-B1F0CC9B52B7&SearchSource=58&CUI=&UM=8&UP=SP76DD2D66-F056-46FB-9377-96A3F592F73F&D=090815&q={searchTerms}&SSPV=SP30500TA_sp_ie
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=F98zbwybl002,16e48174-861d-40fc-a252-76eb3e60302e,
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_36&cd=2XzuyEtN2Y1L1QzutA0CtDyByBtCyCyCyE0D0Ezy0AyD0F0FtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SzytByBzy0Fzz0B0EtGzz0D0B0FtGyE0BtByBtG0ByEtA0BtG0ByBtA0EyEyCzzyByC0Bzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DzztB0F0C0C0AtG0A0A0EtDtGyE0BtBzztG0A0FtA0AtG0CzytDyE0DzzyD0ByD0CtC0B2QtN0A0LzuyE&cr=1365513339&ir=
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www-searching.com/search.aspx?s=F98zbwybl002,16e48174-861d-40fc-a252-76eb3e60302e&site=shyosie&prd=set&q={searchTerms}
FF user.js: detected! => C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\5hxdje8y.default\user.js [2015-09-11]
S2 Update Super Great; "C:\Program Files (x86)\Super Great\updateSuperGreat.exe" [X]
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2015-09-08] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56736 2015-08-20] (Windows ® Win 7 DDK provider)
R1 {ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64; C:\Windows\System32\drivers\{ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64.sys [48744 2015-09-05] (StdLib)
2015-09-19 20:53 - 2015-09-19 20:53 - 02012464 _____ C:\Users\Ellen\Downloads\Adaware_Installer.exe
2015-09-19 20:53 - 2015-09-19 20:53 - 00000000 ____D C:\ProgramData\Lavasoft
2015-09-19 00:17 - 2015-09-19 00:17 - 00000000 ____D C:\Users\Ellen\Downloads\mbam-chameleon-3.1.25.0
2015-09-19 00:16 - 2015-09-19 00:17 - 06383209 _____ C:\Users\Ellen\Downloads\mbam-chameleon-3.1.25.0.zip
2015-09-18 23:18 - 2015-09-18 23:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Ellen\Downloads\.exe.exe
2015-09-18 23:10 - 2015-09-18 23:11 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Ellen\Downloads\SpyHunter-Installer.exe
2015-09-17 12:27 - 2015-09-17 12:28 - 04902832 _____ (VAPC (Lux) S.a.r.L) C:\Users\Ellen\Downloads\wzro32.exe
2015-09-10 18:10 - 2015-09-21 22:10 - 00000276 _____ C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job
2015-09-10 18:10 - 2015-09-10 18:10 - 00003234 _____ C:\WINDOWS\System32\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}
2015-09-10 15:26 - 2015-09-10 15:30 - 00000000 ____D C:\Program Files (x86)\baidu
2015-09-10 15:26 - 2015-09-10 15:26 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Baidu
2015-09-10 15:26 - 2015-09-10 15:26 - 00000000 ____D C:\ProgramData\Baidu
2015-09-08 23:48 - 2015-09-10 18:09 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\WTools
2015-09-08 23:48 - 2015-09-10 15:58 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Store
2015-09-08 23:48 - 2015-09-08 23:48 - 00000078 _____ C:\Users\Ellen\AppData\Roaming\WindApp.installation.log
2015-09-08 23:48 - 2015-09-08 23:48 - 00000078 _____ C:\Users\Ellen\AppData\Roaming\Selection Tools.installation.log
2015-09-08 23:47 - 2015-09-10 15:54 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Nosibay
2015-09-08 23:47 - 2015-09-08 23:49 - 00001309 _____ C:\Users\Ellen\AppData\Roaming\Bubble Dock.boostrap.log
2015-09-08 23:47 - 2015-09-08 23:48 - 00005713 _____ C:\Users\Ellen\AppData\Roaming\Bubble Dock.installation.log
2015-09-08 23:47 - 2015-09-08 23:47 - 00000097 _____ C:\Users\Ellen\AppData\Roaming\WindApp.boostrap.log
2015-09-08 21:53 - 2015-09-08 21:53 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-09-08 21:51 - 2015-09-10 17:53 - 00004760 _____ C:\WINDOWS\SysWOW64\Haedyanurv.ini
2015-09-08 21:51 - 2015-09-10 17:53 - 00002480 _____ C:\WINDOWS\SysWOW64\HaedyanurvOff.ini
2015-09-08 21:51 - 2015-09-10 17:53 - 00002480 _____ C:\WINDOWS\system32\HaedyanurvOff.ini
2015-09-08 21:51 - 2015-09-08 21:51 - 00003686 _____ C:\WINDOWS\System32\Tasks\BAUpd
2015-09-08 21:51 - 2015-09-08 21:51 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2015-09-08 21:51 - 2015-09-08 10:28 - 00353608 _____ C:\WINDOWS\system32\Haedyanurv64.dll
2015-09-08 21:50 - 2015-09-08 21:50 - 00000000 ____D C:\WINDOWS\system32\ebon
2015-09-08 21:50 - 2015-09-08 21:50 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\ortmp
2015-09-08 21:49 - 2015-09-10 18:06 - 00000000 ____D C:\Program Files\groover080920151225
2015-09-08 21:49 - 2015-09-08 21:49 - 00000045 _____ C:\user.js
2015-09-08 21:49 - 2015-08-20 11:46 - 00056736 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-09-08 21:48 - 2015-09-10 17:52 - 00000000 ____D C:\Program Files\Common Files\Goobzo
2015-09-08 21:48 - 2015-09-10 15:29 - 00000000 ____D C:\Program Files\WebBar
2015-09-08 21:48 - 2015-09-08 21:48 - 00000000 ____D C:\ProgramData\SearchModule
2015-09-06 00:03 - 2015-09-06 00:03 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\0U1E1Q1T2Z1P0S2Z1T1C
2015-09-06 00:02 - 2015-09-06 00:02 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-09-05 23:59 - 2015-09-10 15:28 - 00000000 ____D C:\Users\Ellen\AppData\Local\Chromium
2015-09-05 23:56 - 2015-09-22 16:56 - 00000282 _____ C:\WINDOWS\Tasks\Tny_Cassiopesa.job
2015-09-05 23:56 - 2015-09-11 21:35 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v57.1978
2015-09-05 23:56 - 2015-09-10 18:13 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-09-05 23:56 - 2015-09-05 23:56 - 00002774 _____ C:\WINDOWS\System32\Tasks\Tny_Cassiopesa
2015-09-05 23:56 - 2015-09-05 23:56 - 00000008 _____ C:\END
2015-09-05 22:18 - 2015-09-05 22:18 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-05 20:09 - 2015-09-05 20:09 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\Windows\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job
Task: {ACD04BE6-A213-43D1-9927-0A8D84BC524D} - System32\Tasks\Tny_Cassiopesa => C:\Users\Ellen\AppData\Local\{D7C0E~1\UNINST~1.EXE
Task: {C428CDF0-183F-41FB-BBA3-CC681F8174BF} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {E6123579-7B41-4C28-91FD-C74D066AA5FA} - System32\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200} => C:\ProgramData\ToolsUpdatePlatform\CallBackInstall.exe [2015-07-07] ()
Task: {F787EC95-8C1B-4095-873A-82B5CF7B2AB3} - System32\Tasks\BAUpd => C:\Users\Ellen\AppData\Local\BrowserAir\Application\updater.exe
Task: C:\WINDOWS\Tasks\Tny_Cassiopesa.job =>
Task: C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job => C:\ProgramData\ToolsUpdatePlatform\CallBackInstall.exe
C:\Program Files (x86)\baidu
C:\Users\Ellen\AppData\Local\Chromium
C:\Program Files\SpaceSoundPro
C:\Program Files (x86)\Super Great
C:\Windows\System32\drivers\{ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64.sys
C:\Users\Ellen\AppData\Local\DeskBar
C:\Users\Ellen\AppData\Roaming\Store\WindApp
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here

FINALLY

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Hi,

 

I ran FRST with the fixlist and received the attached log on completion

 

Attached File  Fixlog.txt   19.44KB   129 downloads

 

 

 

I then ran malwarebytes but received the following error on setup

 

"Runtime error (at 75:100):

 

 Could not call proc. "

 

Clicking ok closes the installation setup. Can you please advise me on a way around this?

 

Cheers

 

Dave


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The Fix did not appear to be fully run

Could you re-run this portion of the fix and ensure that the system reboots please

Then try MBAM again, please download a fresh copy though

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\Program Files (x86)\baidu
C:\Users\Ellen\AppData\Local\Chromium
C:\Program Files\SpaceSoundPro
C:\Program Files (x86)\Super Great
C:\Windows\System32\drivers\{ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64.sys
C:\Users\Ellen\AppData\Local\DeskBar
C:\Users\Ellen\AppData\Roaming\Store\WindApp
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#7
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Hi,

 

Re-ran FRST with the new fixlist and received the following log

 

Attached File  Fixlog.txt   8.3KB   108 downloads

 

 

However when I tried to run the fresh download of MalwareBytes the same error occured

 

Dave


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK coninue to adwcleaner and I will have a rethink about how to tackle those two drivers

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#9
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Hi,

 

That program ran fine and produced the following logs (wasn't sure which you needed so posted all 3)

 

Attached File  Quarantine.log   1.43KB   104 downloadsAttached File  AdwCleanerS1.txt   4.02KB   110 downloadsAttached File  AdwCleanerC1.txt   4.51KB   102 downloads

 

Cheers

 

 


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK when you are ready we will go to safe mode with networking

Turn off the PC by pressing the shift key at the same time as you press restart

Capture.JPG

Select the Trouble shoot option

Select%20option8.JPG

Select Advanced option

advanced8.JPG

Select Startup settings

Select Safe mode with networking

Then download and run Malwarebytes
  • 0

Advertisements


#11
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Hi

 

I tried running the program in safe mode as above but still received the same error message from previous attempts


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK return to normal mode on the computer and uninstall MBAM via control panel
Then download and run the following programme http://downloads.mal...file/mbam_cleanthis will remove all traces of MBAM

Then run a fresh FRST scan so that I can see the current satate of affairs

How is the computer behaving now ?
  • 0

#13
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Hi

 

Web links are still redirecting to ads and i'm still getting popups whenever I try to close tabs. General performance seems ok, no slow down or crashing

 

Attached logs as requested

 

Attached File  Addition.txt   19.14KB   115 downloadsAttached File  FRST.txt   51.18KB   67 downloads

 

Cheers


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are the redirects in Edge browser ?


CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2015-09-08] ()
2015-09-23 21:30 - 2015-09-23 21:30 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
Task: {E6123579-7B41-4C28-91FD-C74D066AA5FA} - \{6A128791-4857-4484-9BB2-71D4C1257200} -> No File <==== ATTENTION
C:\WINDOWS\system32\drivers\bsdriver.sys
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#15
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Hi

 

Attached File  Fixlog.txt   6.96KB   108 downloads

 

Same error codearrow-10x10.png interrupting the install of Malwarebytesarrow-10x10.png. The redirects seem a lot less frequent now though

 

Yes Edge is the only browser currently installedarrow-10x10.png to my knowledge, Firefox was previously the default browser but it stopped connecting to the internet when other applications would so I tried a reinstall. However I couldn't get to the download link without being redirected to ads

 

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP