Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected pc... once again. [Closed]


  • This topic is locked This topic is locked

#1
lostone

lostone

    Member

  • Member
  • PipPip
  • 61 posts

infected with Adware generic_s.DP (Reported by avg)


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will need to look at the system first

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
lostone

lostone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Hello. here it is.

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you know what this programme is ? DriaCquaracine

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-21-4172500889-1631978864-1456911185-1003\...\Run: [Obrona Block Ads] => "C:\Users\Stijn\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe" --hidden
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ProxyEnable: [S-1-5-21-4172500889-1631978864-1456911185-1003] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4172500889-1631978864-1456911185-1003] => http=127.0.0.1:9880;https=127.0.0.1:9880
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: No Name -> {11111111-1111-1111-1111-110511071180} -> No File
BHO-x32: No Name -> {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} -> No File
2014-11-18 01:50 - 2014-11-18 02:43 - 00000000 ____D () C:\Users\Stijn\AppData\Local\Obrona Block Ads
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#5
lostone

lostone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

DriaCquaracine is the virus, will upload log in bit


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that explains why I can find no info about it, I would like a copy when we have finished if I may

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

R2 DriaCquaracine; C:\Program Files (x86)\DriaCquaracine\DriaCquaracine.exe [4377560 2014-11-03] ()
2014-11-18 02:39 - 2014-11-18 03:16 - 00000000 __SHD () C:\Program Files (x86)\DriaCquaracine
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#7
lostone

lostone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

I did that and i had no log

 

Edit:

Heres a log of AdwCleaner


Edited by lostone, 18 November 2014 - 05:43 PM.

  • 0

#8
lostone

lostone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

here

Attached Files


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP