Snap Do virus has taken over my internet explorer

Toshiba / Satellite pro l300
November 21, 2013 at 11:23:03
Specs: Microsoft Windows Vista Home Premium, 2.128 GHz / 1013 MB
Good evening all

I have a query/issue regarding malware/spy.

I recently downloaded a file from the net and what come with it was a program/virus of some description (alerted via Avast that a threat was detected)........ This virus has taken over my internet explorer (firefox) and calls itself Snap Do.

I have tried to unistall it but my computer says "NOT RESPONDING" and the littel blighter is still there.

I have tried to scan my computer with Malwarebytes, it scans fine telling me that i have over 800 threats found. However when i check the threats and try to remove them Malwarebytes freezes telling me its not responding.

I am stuck people, any ideas on what to do next.

Cheers as always

Northern


See More: Snap Do virus has taken over my internet explorer

Report •

#1
November 21, 2013 at 17:32:17
1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

2: Reboot

3: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

4: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#2
November 22, 2013 at 11:35:08
John

Here is the log from your list above, the log refers to unhid in point one i found this log saved to the desk top.

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 11/22/2013 05:24:06 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 142489 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 457 files processed.

The C:\Users\David\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 11/22/2013 06:08:45 PM
Execution time: 0 hours(s), 44 minute(s), and 39 seconds(s)


I have reboot and now moved onto point two.....

Cheers in advance

Northern

message edited by Northern2010


Report •

#3
November 22, 2013 at 12:40:10
Johnw

Here is the log from point three (AdwCleaner)

***************************************************************************************************

# AdwCleaner v3.012 - Report created 22/11/2013 at 20:27:16
# Updated 11/11/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\David\AppData\Local\Smartbar
Folder Deleted : C:\Users\David\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\David\AppData\Roaming\Betcat
Folder Deleted : C:\Users\David\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\David\AppData\Roaming\Web Cake
Folder Deleted : C:\Users\David\Documents\optimizer pro
Folder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\zn311epm.default\Extensions\plugin@getwebcake.com
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\zn311epm.default\searchplugins\Web Search.xml

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422052294}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466056694}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v

[ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\zn311epm.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=GB&userid=820d941c-b3ae-98d7-d6c7-558c912abdb4&searchtype=nt&installDate=20/11/2013");
Line Deleted : user_pref("extensions.crossrider.bic", "1427758800c2ad691cce25f3fccdc558");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.helperbar.countryiso", "gb");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "tuguu");
Line Deleted : user_pref("extensions.helperbar.installationid", "820d941c-b3ae-98d7-d6c7-558c912abdb4");
Line Deleted : user_pref("extensions.helperbar.installdate", "20/11/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "tuguu");
Line Deleted : user_pref("extensions.plugin@getwebcake.com.install-event-fired", true);
Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Line Deleted : user_pref("extentions.webcake.installId", "6ba92713-ba87-4491-8b59-6c7d9cf1e45b");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=GB&userid=820d941c-b3ae-98d7-d6c7-558c912abdb4&searchtype=ds&installDate=20/11/2013&q=");

-\\ Google Chrome v

[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [21992 octets] - [22/11/2013 20:04:10]
AdwCleaner[R1].txt - [8304 octets] - [22/11/2013 20:17:43]
AdwCleaner[S0].txt - [717 octets] - [22/11/2013 20:05:21]
AdwCleaner[S1].txt - [7435 octets] - [22/11/2013 20:27:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7495 octets] ##########

Thanks again, i willmove onto point 4


Report •

Related Solutions

#4
November 22, 2013 at 13:01:14
Finally Johnw

Here is the JRT log

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by David on 22/11/2013 at 20:45:30.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1185260996-3142398987-1875053881-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411051194}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/11/2013 at 20:51:24.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Thanks again for your help

Northern


Report •

#5
November 22, 2013 at 13:03:22
Very good so far Northern2010

Run MBAM again, Note: my key points > Quick scan, how to avoid the nag screen & keep it for FREE, "No action taken."

Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log please.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://i.imgur.com/3DtG68Y.gif
http://www.malwarebytes.org/mbam.php
http://www.spywareinfoforum.com/ind...
http://www.bleepingcomputer.com/vir...
Make sure you uncheck > Enable free trial < during install.
http://i.imgur.com/tUFCbYz.gif
If your MBAM log indicates "No action taken." That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...


Report •

#6
November 22, 2013 at 13:26:28
As you can see from your logs, you had a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, they make you aware the program is Ad-supported & down the bottom of the page, they will advise of what you have to watch out for.
Sample pages.
http://www.softpedia.com/get/CD-DVD...
http://www.softpedia.com/get/Multim...
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshot ) of above.
http://i.imgur.com/CSBplyA.gif

Report •

#7
November 25, 2013 at 00:13:53
I've see enough victims of such browser hijackers, you need to remove these virus from both your browser and pc program center.
See specific removal guide here:
http://www.yac.mx/en/guides/virus-g...
http://malwaretips.com/blogs/snap-d...

Report •

#8
November 26, 2013 at 05:00:07
Johnw

Here is the contents of the Malwarebytes log (see below)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.26.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-PC [administrator]

26/11/2013 12:28:31
MBAM-log-2013-11-26 (12-46-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229335
Time elapsed: 16 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 11
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0 (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\userCode (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\icons (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\icons\actions (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\api (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\popupResource (PUP.Optional.Feven.A) -> No action taken.

Files Detected: 87
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\manifest.json (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\popup.html (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\manifest.xml (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins.json (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\4_jquery_1_7_1.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\101_cortica_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\102_dealply_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\103_intext_5_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\104_jollywallet_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\105_corticas_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\108_icm_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\116_ads_only_5_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\117_coupons_intext_ads_5_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\119_similar_web_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\120_luck_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\123_intext_adv_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\155_ibario_pops_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\159_cortica_rollover_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\170_icm1_5_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\171_arcadi2_sourceID_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\175_coolmirage_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\178_revizer_ws_dynamic_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\179_revizer_p_dynamic_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\17_jQuery.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\19_CHAppAPIWrapper.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\1_base.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\21_debug.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\22_resources.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\28_initializer.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\47_resources_background.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\125_arcadi2_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\126_revizer_ws_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\127_revizer_p_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\128_superfish_pricora_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\129_widdit_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\135_arcadi3_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\138_getdeal_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\13_CrossriderAppUtils.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\141_corticas_ru_m.js.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\142_intext_fa_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\14_CrossriderUtils.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\64_appApiMessage.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\72_appApiValidation.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\78_CrossriderInfo.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\7_hooks.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\80_CHPopupAppAPI.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\87_ginyas_wrapper.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\91_monetizationLoader.js.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\92_superfish_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\93_superfish_no_coupons_m.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\97_resourceApiWrapper.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\plugins\9_search_engine_hook.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\userCode\background.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\extensionData\userCode\extension.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\icons\icon128.png (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\icons\icon16.png (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\icons\icon48.png (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\icons\actions\1.png (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\background.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\main.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\api\chrome.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\api\cookie.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\api\message.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\api\pageAction.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\api\pageActionBG.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\app_api.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\bg_app_api.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\consts.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\cookie_store.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\crossriderAPI.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\delegate.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\events.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\extensionDataStore.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\installer.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\logFile.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\logging.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\onBGDocumentLoad.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\reports.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\storageWrapper.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\updateManager.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\util.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\xhr.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\popupResource\newPopup.js (PUP.Optional.Feven.A) -> No action taken.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\popupResource\popup.js (PUP.Optional.Feven.A) -> No action taken.

(end)


I have also tried and tried to remove the selected items/threats found once the scan is complete but i am yet again finding Malwarebytes stalls and displays a message claiming its not responding.......????????

Johnw i have as you stated reinstalled Malwarebytes as per post but i cant find the screen/option to uncheck the the Enable free trail of malwarebytes, i have just reinstalled Malwarebytes as normal, but im still having problems removing the selected items found during a scan....

????????????

Cheers again

Northen


Report •

#9
November 26, 2013 at 05:21:59
"I have also tried and tried to remove the selected items/threats found once the scan is complete but i am yet again finding Malwarebytes stalls and displays a message claiming its not responding.......????????"

We have to outsmart the infections Northen, I will dismantle them bit by bit.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://tigzyrk.blogspot.fr/2012/11/...
If RougeKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#10
November 26, 2013 at 05:55:28
Johnw

Again thanks for your help, please find below the report/log from Roguekiller

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/rog...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Remove -- Date : 11/26/2013 13:53:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xD05B333C)
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35E19966)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35E19966)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35E19966)
[Inline] EAT @firefox.exe (?UndefinedHandleValue@JS@@3V?$Handle@VValue@JS@@@1@B) : mozjs.dll -> HOOKED (Unknown @ 0x5E383B61)
[Inline] EAT @firefox.exe (?singleton@CrossCompartmentWrapper@js@@2V12@A) : mozjs.dll -> HOOKED (Unknown @ 0x4638007C)
[Inline] EAT @firefox.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xD05B333C)
[Inline] EAT @firefox.exe (?ms_ReadWriteSemaphore@GCUtilDLL@@2VGCReadWriteSemaphore@@A) : GrooveUtil.DLL -> HOOKED (Unknown @ 0x6F616E35)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS542512K9SA00 ATA Device +++++
--- User ---
[MBR] 425eeb0367e6f9cebf615c7c3f79d9d8
[BSP] 67e860782ebbfc6bcd01c0613e5d55ba : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 57000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 119810048 | Size: 55971 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_11262013_135338.txt >>
RKreport[0]_S_11262013_135305.txt

Northern


Report •

#11
November 26, 2013 at 06:00:48
Are you going to be online for a while Northern? I was thinking of going to bed, but will stay up if you are staying.

I'm here.
http://www.timeanddate.com/worldclo...


Report •

#12
November 26, 2013 at 06:15:09
Thats fine Johnw, get yourself to bed mate, appreciate your help. I can wait till your back online.

Cheers again for your help.

Northern


Report •

#13
November 26, 2013 at 06:17:30
Ok bed here I come, try this in the meantime.

Use Chameleon to run Malwarebytes Anti-Malware on infected systems
https://helpdesk.malwarebytes.org/e...


Report •

#14
December 3, 2013 at 13:29:40
Johnw.....

Thanks for the endless advice on ridding this little blighter.

I have now ran the Chameleon aspect of Malwarebytes and this has booted up Malwarebytes and carried out a quick scan finding 8 threats.

I have removed the threats successfully it seems as i received an update claiming all had been removed....:)

I have also posted the report/log below for your expert advice.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.03.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-PC [administrator]

03/12/2013 20:46:57
mbam-log-2013-12-03 (20-46-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228902
Time elapsed: 20 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 8
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg (PUP.Optional.Feven.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0 (PUP.Optional.Feven.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\icons (PUP.Optional.Feven.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\icons\actions (PUP.Optional.Feven.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js (PUP.Optional.Feven.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\api (PUP.Optional.Feven.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib (PUP.Optional.Feven.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.25.35_0\js\lib\popupResource (PUP.Optional.Feven.A) -> Quarantined and deleted successfully.

Files Detected: 0
(No malicious items detected)

(end)


As always thank u very much

Northern


Report •

#15
Report •

#16
December 27, 2013 at 15:53:56
Johnw
New post redirected back here as you are still awaiting results of #15:
http://www.computing.net/answers/wi...

Always pop back and let us know the outcome - thanks


Report •

#17
December 27, 2013 at 15:59:33
"New post redirected back here as you are still awaiting results of #15:"
Thanks Derek.

Report •

#18
January 3, 2014 at 00:40:00
Johnw,

Thanks for your help buddy, but I have opted to fully format my laptop. This has cured the any issues I did have.

Thanks again for your time, knowledge and patience it's much appreciated.

Northern


Report •

#19
January 3, 2014 at 00:43:01
"This has cured the any issues I did have"
If any issues do raise their head.

Make sure when you reinstall, you delete ALL partitions & format to NTFS.
XP - D to Delete the selected partition
http://www.blackviper.com/os-instal...
Vista - Drive options (advanced)
http://www.vistax64.com/tutorials/1...
W7 - Click on > Drive options (advanced) Then highlight each partition & hit > Delete.
http://www.blackviper.com/os-instal...
http://www.blackviper.com/os-instal...
W8 - The complete guide to a Windows 8 clean installation
http://i.imgur.com/2FOd60C.gif
http://i.imgur.com/pm8d5Xm.gif
http://pcsupport.about.com/od/windo...
http://www.techrepublic.com/blog/wi...
Here are some examples of why you delete all partitions.
http://forums.spybot.info/showthrea...
http://forums.whatthetech.com/index...
http://blog.eset.com/2011/10/18/tdl...

message edited by Johnw


Report •

Ask Question