Register Account

Britec Tech Support Forum Members Area General Discussion Advertising materials bocking my chrome browser

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options  
Advertising materials bocking my chrome browser
sadat67d Offline
Junior Member
**
Registered
Posts: 3
Threads: 1
Joined: Feb 2016
Reputation: 0
#1
02-22-2016, 06:20 PM
Hello,
I am using Windows Vista Service Pack 2. Recently I am facing a strange problem when I am trying to open website via my chrome browser. Whenever I open advertising materials are coming one by one and I cant see the main web page inspite of using add block add in. For a brief period of time I did not use any antivirus. But now I am using avg antivirus trial 30 days service. For your convenience I am attaching the screenshot of my problem. What can I do now? Thanks in advance.


Attached Files Thumbnail(s)
   
Find
Reply

Compton Offline
member
*****
Registered
Posts: 5,029
Threads: 207
Joined: Feb 2015
Reputation: 145
#2
02-22-2016, 09:50 PM
[Image: malwarebytes-icon.png] Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
[/quote]




[Image: junkware_removal_tool.png] Fix with Junkware Removal Tool

Please download JRT by Malwarebytes and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on [Image: junkware_removal_tool.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
[/quote]



[Image: junkware_removal_tool.png] Fix with Junkware Removal Tool

Please download JRT by Malwarebytes and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on [Image: junkware_removal_tool.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
[/quote]



[Image: hitmanpro.png]HitmanPro



  • Please download HitmanPro.
  • Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
  • Click on the next button.
  • Click on the "Export scan results to XML file".
  • Save that file to your desktop and post in your next reply.

[/quote]
Find
Reply

sadat67d Offline
Junior Member
**
Registered
Posts: 3
Threads: 1
Joined: Feb 2016
Reputation: 0
#3
02-23-2016, 08:08 PM
(02-22-2016, 09:50 PM)Compton Wrote:  [Image: malwarebytes-icon.png] Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.




[Image: junkware_removal_tool.png] Fix with Junkware Removal Tool

Please download JRT by Malwarebytes and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on [Image: junkware_removal_tool.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
[/quote]



[Image: junkware_removal_tool.png] Fix with Junkware Removal Tool

Please download JRT by Malwarebytes and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on [Image: junkware_removal_tool.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
[/quote]



[Image: hitmanpro.png]HitmanPro



  • Please download HitmanPro.
  • Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
  • Click on the next button.
  • Click on the "Export scan results to XML file".
  • Save that file to your desktop and post in your next reply.

[/quote]
[/quote]

Thank you very much. Problem solved. Here is my scan log. I have forgotten to check rootkit. Anyway the problem is solved. Thanks once again.
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 2/23/2016
Scan Time: 1:05:17 PM
Logfile: Scan log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.22.06
Rootkit Database: v2016.02.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: tara

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344442
Time Elapsed: 14 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}, Quarantined, [c6f896cd2772df5787f5ee91b44e5da3],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [f0ce392a5d3c3ff7a3dde29d9c66d62a],
PUP.Optional.Yontoo, HKLM\SOFTWARE\DiscoverTreasure, Quarantined, [447ad48f990082b49b1d58aadd26dd23],
PUP.Optional.LuckyBrowse.ShrtCln, HKLM\SOFTWARE\LuckyBrowse, Quarantined, [07b7382bf0a96ccad9483cc8a55e8977],
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [be001350f0a965d1f4953de28d7720e0],
PUP.Optional.LuckyBrowse, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LuckyBrowse, Delete-on-Reboot, [af0f33308415b383768a0a45e02436ca],
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Discover Treasure, Quarantined, [734baeb5c5d4e84e700ef55a3ec6be42],
PUP.Optional.SimpleFiles, HKLM\SOFTWARE\SIMPLEFILES, Quarantined, [be0064ff3465e6501be695c5b2529b65],
PUP.Optional.Yontoo, HKU\S-1-5-21-797625875-3032012179-2915779993-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [526cdf845b3e082e8dfb6cb331d31ce4],
PUP.Optional.SimpleFiles, HKU\S-1-5-21-797625875-3032012179-2915779993-1000\SOFTWARE\SIMPLEFILES, Quarantined, [ac123f245643d85e28d8b3a744c059a7],

Registry Values: 12
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [7e40540f9efb3afc6efa928f7a8ab24e]
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsLWQgTFwITbVgOWFpcFQcVJRQABV8TDAEbIg1ZUFpGRAETeR9aFQQTSEc​FME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}, Quarantined, [be001350f0a965d1f4953de28d7720e0]
PUP.Optional.SimpleFiles, HKLM\SOFTWARE\SIMPLEFILES|PARTNER_ID, 3, Quarantined, [be0064ff3465e6501be695c5b2529b65]
PUP.Optional.LuckyBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FI​REWALLRULES|{D205AC84-71C7-400D-8657-484C4B9999B5}, v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\LuckyBrowse\app\LuckyBrowse.exe|Name=LuckyBrowse|Edge=FALSE|, Quarantined, [3b831c476a2fa591d2f414512fd56d93]
PUP.Optional.LuckyBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FI​REWALLRULES|{324CE856-22C2-4812-B92C-92D9B37DAC87}, v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\LuckyBrowse\app\LuckyBrowse.exe|Name=LuckyBrowse|Edge=FALSE|, Quarantined, [586670f32772f442487e83e2c93bf20e]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FI​REWALLRULES|{DE8E2A80-2BB3-4941-9A8A-A7C81FA9F911}, v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\SimpleFiles\SimpleFiles.exe|Name=SimpleFiles|Edge=FALSE|, Quarantined, [9628ea79e0b970c6785ff570fa0a936d]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FI​REWALLRULES|{00BF3ED6-8210-4BCA-82EA-9950DF96C2C0}, v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\SimpleFiles\SimpleFiles.exe|Name=SimpleFiles|Edge=FALSE|, Quarantined, [eed0e57eb7e22e08edeaadb83dc77090]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FI​REWALLRULES|{24D1A95B-02B4-4173-9EBB-C0A21738B58B}, v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\SimpleFiles\downloader.exe|Name=SimpleFiles|Edge=FALSE|, Quarantined, [be0075ee6138a39360770065fd07e41c]
PUP.Optional.SimpleFiles, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FI​REWALLRULES|{2D12197B-7776-4BBA-B815-EEB8BD3F0115}, v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\SimpleFiles\downloader.exe|Name=SimpleFiles|Edge=FALSE|, Quarantined, [e3db491a861354e29f387fe636ce0cf4]
PUP.Optional.Yontoo, HKU\S-1-5-21-797625875-3032012179-2915779993-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [942ace95bddce74f5054041cc63ecb35]
PUP.Optional.Yontoo, HKU\S-1-5-21-797625875-3032012179-2915779993-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsLWQgTFwITbVgOWFpcFQcVJRQABV8TDAEbIg1ZUFpGRAETeR9aFQQTSEc​FME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}, Quarantined, [526cdf845b3e082e8dfb6cb331d31ce4]
PUP.Optional.SimpleFiles, HKU\S-1-5-21-797625875-3032012179-2915779993-1000\SOFTWARE\SIMPLEFILES|is_firstrun, no, Quarantined, [ac123f245643d85e28d8b3a744c059a7]

Registry Data: 1
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBcwEJAw9GERhCdgBbTA1DF1AOeF1eAxRFGVcXIQhbVlxFEQwFIk0FA1ADB0V​XfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==, Good: (http://www.google.com), Bad: (https://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBcwEJAw9GERhCdgBbTA1DF1AOeF1eAxRFGVcXIQhbVlxFEQwFIk0FA1ADB0V​XfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==),Replaced,[813d3f24128738fe29a850a3689cdb25]

Folders: 23
PUP.Optional.SimpleFiles, C:\Program Files\SimpleFiles, Quarantined, [bb0367fcfd9c73c35558c202ab5731cf],
PUP.Optional.SimpleFiles, C:\ProgramData\Microsoft\Windows\Start Menu\SimpleFiles, Quarantined, [5d612e354f4a74c26946be065ca6e020],
PUP.Optional.LuckyBrowse.ShrtCln, C:\ProgramData\LuckyBrowse, Quarantined, [437bd2913e5b54e27f47bc35e919956b],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugincontainer, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\10, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\12, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\12\resources, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\2, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\3, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\4, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\5, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\7, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\7\resources, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\plugins\8, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\Program Files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77, Quarantined, [2a94055e20793bfb8d0909e943bf50b0],
PUP.Optional.Yontoo, C:\Program Files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77\updater, Quarantined, [2a94055e20793bfb8d0909e943bf50b0],
PUP.Optional.Yontoo, C:\Program Files\Discover Treasure, Quarantined, [3d814e15badf24124f48dd152fd321df],
PUP.Optional.Yontoo, C:\Program Files\Discover Treasure\Extensions, Quarantined, [3d814e15badf24124f48dd152fd321df],
PUP.Optional.SimpleFiles, C:\Users\tara\AppData\Roaming\SimpleFiles, Quarantined, [09b58cd7415895a1f06ed126bd45fe02],
PUP.Optional.Yontoo, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdidmnnfanhcebkjdjomigkmpfmlfmlo\1.0.5877.38629_0, Quarantined, [3f7f144f9dfc43f38604c6579174728e],
PUP.Optional.Yontoo, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdidmnnfanhcebkjdjomigkmpfmlfmlo, Quarantined, [3f7f144f9dfc43f38604c6579174728e],

Files: 30
PUP.Optional.SimpleFiles, C:\Program Files\SimpleFiles\downloader.exe, Quarantined, [11ad1053cccdf24429ce53bbee179868],
PUP.Optional.SimpleFiles, C:\Program Files\SimpleFiles\SimpleFiles.exe, Quarantined, [843ad68dc8d10a2c698e5cb25baa758b],
PUP.Optional.Amonetize, C:\Users\tara\Downloads\dit+usmle+step+2+ck+torre.ace, Quarantined, [09b5c1a2297089ad0b9a1b2a36ca27d9],
PUP.Optional.Yontoo, C:\Users\tara\AppData\Roaming\Mozilla\Firefox\Profiles\m6iqb4lg.default\extensio​ns\{d749d8a6-2564-455e-820c-a49ef3a150c8}.xpi, Quarantined, [6658154e7524be78d334c338fc0641bf],
PUP.Optional.Yontoo, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage, Quarantined, [af0f9ac905942412096add22946ee31d],
PUP.Optional.Yontoo, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal, Quarantined, [b10d0f54bedb5bdbc2b1b34c768ce51b],
PUP.Optional.Yontoo, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_discovertreasure-a.akamaihd.net_0.localstorage, Quarantined, [6f4f342f8e0bdf57981ebd45e1222bd5],
PUP.Optional.Yontoo, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_discovertreasure-a.akamaihd.net_0.localstorage-journal, Quarantined, [85398ad98514ba7c3581b84a1ce7e61a],
PUP.Optional.LuckyBrowse, C:\Windows\System32\Tasks\LuckyBrowse, Quarantined, [0eb01d46f2a71620ab534a04bf456997],
PUP.Optional.AdNetworkPerformance, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.adnetworkperformance.com_0.localstorage, Quarantined, [2c92065d60390c2a71cd451552b254ac],
PUP.Optional.AdNetworkPerformance, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.adnetworkperformance.com_0.localstorage-journal, Quarantined, [1ba343202871f83e201e69f1877d5aa6],
PUP.Optional.PriceMoon, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.pricemoon.co_0.localstorage, Quarantined, [dbe3d0939bfe65d1f37ecc90c53fc33d],
PUP.Optional.PriceMoon, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.pricemoon.co_0.localstorage-journal, Quarantined, [17a76bf8f6a3072fdf92b5a722e28e72],
PUP.Optional.SimpleFiles, C:\Program Files\SimpleFiles\htmlayout.dll, Quarantined, [bb0367fcfd9c73c35558c202ab5731cf],
PUP.Optional.SimpleFiles, C:\Program Files\SimpleFiles\uninstall.dat, Quarantined, [bb0367fcfd9c73c35558c202ab5731cf],
PUP.Optional.SimpleFiles, C:\ProgramData\Microsoft\Windows\Start Menu\SimpleFiles\SimpleFiles.lnk, Quarantined, [5d612e354f4a74c26946be065ca6e020],
PUP.Optional.LuckyBrowse.ShrtCln, C:\ProgramData\LuckyBrowse\install.dat, Quarantined, [437bd2913e5b54e27f47bc35e919956b],
PUP.Optional.Yontoo, C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77\temp, Quarantined, [16a85e053663072ff1a4d81af40ea060],
PUP.Optional.Yontoo, C:\Program Files\Discover Treasure\7za.exe, Quarantined, [3d814e15badf24124f48dd152fd321df],
PUP.Optional.Yontoo, C:\Program Files\Discover Treasure\Extensions\jdidmnnfanhcebkjdjomigkmpfmlfmlo.crx, Quarantined, [3d814e15badf24124f48dd152fd321df],
PUP.Optional.Yontoo, C:\Program Files\Discover Treasure\Extensions\{d749d8a6-2564-455e-820c-a49ef3a150c8}.xpi, Quarantined, [3d814e15badf24124f48dd152fd321df],
PUP.Optional.Yontoo, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdidmnnfanhcebkjdjomigkmpfmlfmlo\1.0.5877.38629_0\manife​st.json, Quarantined, [3f7f144f9dfc43f38604c6579174728e],
PUP.Optional.Yontoo, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdidmnnfanhcebkjdjomigkmpfmlfmlo\1.0.5877.38629_0\backgr​ound.js, Quarantined, [3f7f144f9dfc43f38604c6579174728e],
PUP.Optional.Yontoo, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdidmnnfanhcebkjdjomigkmpfmlfmlo\1.0.5877.38629_0\conten​t.js, Quarantined, [3f7f144f9dfc43f38604c6579174728e],
PUP.Optional.Yontoo, C:\Users\tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdidmnnfanhcebkjdjomigkmpfmlfmlo\1.0.5877.38629_0\icon.p​ng, Quarantined, [3f7f144f9dfc43f38604c6579174728e],
PUP.Optional.Yontoo, C:\Users\tara\AppData\Roaming\Mozilla\Firefox\Profiles\m6iqb4lg.default\prefs.js​, Good: (), Bad: (user_pref("browser.newtab.url", "https://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFcQeAhaVw5BDFQVeVoVVQtHRBgbJF9aTA1JQwFCcVoPBA1BGBNBNARaB0tXUUE​eJl9NER8fHGZGJXRXE1wjREZWLE1LKUwT");), Replaced,[9f1f540f0891979f74584ccd4eb71de3]
PUP.Optional.Yontoo, C:\Users\tara\AppData\Roaming\Mozilla\Firefox\Profiles\m6iqb4lg.default\prefs.js​, Good: (), Bad: (user_pref("keyword.URL", "https://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsLWQgTFwITbVgOWFpcFQcVJRQABV8TDAEbIg1ZUFpGRAETeR9aFQQTR0c​FME0FB18EURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}");), Replaced,[c1fd174c8811082ec11031e8e5206e92]
PUP.Optional.Yontoo, C:\Users\tara\AppData\Roaming\Mozilla\Firefox\Profiles\m6iqb4lg.default\prefs.js​, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "https://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBcwEJAw9GERhCdgBbTA1DF1AOeF1eAxRFGVcXIQhbVlxFEQwFIk0FA18DB0V​XfV9eFElXTwhwJVx1DksUc1BQNVVMEnEEQw==");), Replaced,[bb033e25108992a4cc5f7aa70ff624dc]
PUP.Optional.Yontoo, C:\Users\tara\AppData\Roaming\Mozilla\Firefox\Profiles\m6iqb4lg.default\searchpl​ugins\yahoo.xml, Quarantined, [01bda9ba1a7f59dd7db9d14d1fe69868],
PUM.Optional.FireFoxSearchOverride, C:\Users\tara\AppData\Roaming\Mozilla\Firefox\Profiles\m6iqb4lg.default\user.js,​ Quarantined, [28964d166039bd79a7dc66b89174f50b],

Physical Sectors: 0
(No malicious items detected)


(end)
Find
Reply

Compton Offline
member
*****
Registered
Posts: 5,029
Threads: 207
Joined: Feb 2015
Reputation: 145
#4
02-24-2016, 12:02 PM
ok great I would still run HitmanPro Junkware Removal Tool AdwCleaner

after completion  Scan with Farbar

Please download [Image: adwcleane.png] AdwCleaner (by Xplode) and save it to your Desktop


  • Right-click on AdwCleaner.exe and Run as administrator
  • Click Scan. (AdwCleaner will now scan for Adware.)

  • Once scan finishes, click Clean, now follow the on screen prompts.

  • Your computer should now reboot.

  • A log file will automatically open. Please Copy and Paste when you replay in your next post.


Note: The log can also be found in here: C:\AdwCleaner\









[Image: FRST.png] Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Right-click on [Image: FRST.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please copy and paste their content into your next reply
Find
Reply

sadat67d Offline
Junior Member
**
Registered
Posts: 3
Threads: 1
Joined: Feb 2016
Reputation: 0
#5
02-25-2016, 10:53 AM
(02-24-2016, 12:02 PM)Compton Wrote:  ok great I would still run HitmanPro Junkware Removal Tool AdwCleaner

after completion  Scan with Farbar

Please download [Image: adwcleane.png] AdwCleaner (by Xplode) and save it to your Desktop



  • Right-click on AdwCleaner.exe and Run as administrator
  • Click Scan. (AdwCleaner will now scan for Adware.)

  • Once scan finishes, click Clean, now follow the on screen prompts.

  • Your computer should now reboot.

  • A log file will automatically open. Please Copy and Paste when you replay in your next post.


Note: The log can also be found in here: C:\AdwCleaner\









[Image: FRST.png] Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on [Image: FRST.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please copy and paste their content into your next reply

Hi,
I installed Adwcleaner and scanned with it as well. But the FRST64 is not installing and it is showing that it is not a valid win32 application.

Here is the scan report by Adwcleaner:
# AdwCleaner v5.036 - Logfile created 25/02/2016 at 12:23:15
# Updated 22/02/2016 by Xplode
# Database : 2016-02-24.1 [Server]
# Operating system : Windows Vista ™ Ultimate Service Pack 2 (x86)
# Username : tara - TARA-PC
# Running from : C:\Users\tara\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater40.2.6

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\Users\tara\Documents\Updater

***** [ Files ] *****

[-] File Deleted : C:\Users\tara\AppData\Roaming\Mozilla\Firefox\Profiles\m6iqb4lg.default\extensio​ns\Avg@toolbar.xpi

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cfd32d46-7d3f-483f-bace-7172aec5592d}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{cfd32d46-7d3f-483f-bace-7172aec5592d}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SimpleFiles
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt

***** [ Web browsers ] *****

[-] [C:\Users\tara\AppData\Roaming\Mozilla\Firefox\Profiles\m6iqb4lg.default\prefs.js​] [Preference] Deleted : user_pref("avg.wtu.ext.Revert_HP", "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBcwEJAw9GERhCdgBbTA1DF1AOeF1eAxRFGVcXIQhbVlxFEQwFIk0FA18DB0V​XfV9eFElXTwhwJVx1DksUc1BQNVVMEnEEQw==");
[-] [C:\Users\tara\AppData\Roaming\Mozilla\Firefox\Profiles\m6iqb4lg.default\prefs.js​] [Preference] Deleted : user_pref("avg.wtu.ext.extParams", "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{77569d46-dfc1-4065-b0a8-cac9ed5d59cf}\",\"mid\":\"272ce8e7c84747cca7e7d349b9bccd95-[...]
[-] [C:\Users\tara\AppData\Roaming\Mozilla\Firefox\Profiles\m6iqb4lg.default\prefs.js​] [Preference] Deleted : user_pref("avg.wtu.ext.userHPSettings", "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBcwEJAw9GERhCdgBbTA1DF1AOeF1eAxRFGVcXIQhbVlxFEQwFIk0FA18DB0V​XfV9eFElXTwhwJVx1DksUc1BQNVVMEnEEQw==");
[-] [C:\Users\tara\AppData\Roaming\Mozilla\Firefox\Profiles\m6iqb4lg.default\prefs.js​] [Preference] Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4570 bytes] - [25/02/2016 12:23:15]
C:\AdwCleaner\AdwCleaner[S1].txt - [4466 bytes] - [25/02/2016 11:31:21]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4716 bytes] ##########

With Thanks
Sadat
Find
Reply

GuiltySpark Offline
Overseer
*****
VIP
Posts: 1,856
Threads: 46
Joined: Sep 2014
Reputation: 46
#6
02-26-2016, 12:15 PM
You would need the x86 version (32 bit) of Farbar.
 

Website Find
Reply

Compton Offline
member
*****
Registered
Posts: 5,029
Threads: 207
Joined: Feb 2015
Reputation: 145
#7
02-26-2016, 12:27 PM (This post was last modified: 02-26-2016, 12:29 PM by Compton.)
this should be 32bit

please complete hitman pro scan an Junkware Removal tol scan


[Image: FRST.png]Scan with Farbar Recovery Scan Tool


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Right-click on [Image: FRST.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please copy and paste their content into your next reply.
Find
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 Melroy van den Berg.