Still Infected

[Shadowtime101]

Why is it a mess?

[nsm0220]

(12-05-2014, 11:25 PM)Shadowtime101 Wrote:  Why is it a mess?

don't worry about just give me the password though a pm so i can do a repair install

[Shadowtime101]

Ok then but can you tell me all the requirements needed for this to go through?

[nsm0220]

(12-06-2014, 01:01 AM)Shadowtime101 Wrote:  Ok then but can you tell me all the requirements needed for this to go through?

i show you in teamviewer

[Shadowtime101]

Do I need to insert a USB stick or DVD?

[nsm0220]

(12-06-2014, 01:22 AM)Shadowtime101 Wrote:  Do I need to insert a USB stick or DVD?

let me take care of it for you

[Shadowtime101]

nsm0220 are you there? My pc is back up, sorry my pc died.

[Shadowtime101]

@nsm0220 Ahhh when I turned on my pc and did hitmanpro scan it found things! I don't know if there what you downloaded, I want to remove them, but I don't know if you need them. I'll post the log in next post, my pc is so slow now. What do I do?

---

There are ad's everwhere!

---

[code]
HitmanPro 3.7.9.232
http://www.hitmanpro.com

Computer name . . . . : JOSHUA_COMPUTER
Windows . . . . . . . : 6.2.0.9200.X64/2
User name . . . . . . : JOSHUA_COMPUTER\jespi_000
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (18 days left)

Scan date . . . . . . : 2014-12-06 06:06:28
Scan mode . . . . . . : Quick
Scan duration . . . . : 5m 21s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 5
Traces . . . . . . . : 7

Objects scanned . . . : 4,425
Files scanned . . . . : 4,425
Remnants scanned . . : 0 files / 0 keys

Malware _____________________________________________________________________

C:\Program Files (x86)\SourceApp\bin\plugins\SourceApp.Bromon.dll
Size . . . . . . . : 65,776 bytes
Age . . . . . . . : 0.2 days (2014-12-06 01:14:14)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 9C77D1CB75B238CBD20DBFAC9000F0B9806F67BB12F895DF139D1138603B1FB9
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Gen:Variant.Adware.SwiftBrowse.4
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.MSIL.Kranet.heur
Fuzzy . . . . . . : 99.0

C:\Program Files (x86)\SourceApp\bin\plugins\SourceApp.BroStats.dll
Size . . . . . . . : 103,664 bytes
Age . . . . . . . : 0.2 days (2014-12-06 01:14:21)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 34CF2882D3C44790B3E97362C25C56C50FA896961705A6C45E6A40F2DE2D4639
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Gen:Variant.Adware.SwiftBrowse.4
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.MSIL.Kranet.heur
Fuzzy . . . . . . : 99.0

C:\Program Files (x86)\SourceApp\bin\plugins\SourceApp.CompatibilityChecker.dll
Size . . . . . . . : 64,240 bytes
Age . . . . . . . : 0.2 days (2014-12-06 01:14:11)
Entropy . . . . . : 6.1
SHA-256 . . . . . : C04897F1969CB645071CCF737640E01DD35B999673AB318B8E27B9E3B21DBFF0
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Gen:Variant.Adware.SwiftBrowse.4
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.MSIL.Kranet.heur
Fuzzy . . . . . . : 99.0

C:\Program Files (x86)\SourceApp\bin\SourceApp.BrowserAdapter.exe
Size . . . . . . . : 98,544 bytes
Age . . . . . . . : 0.0 days (2014-12-06 05:27:40)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 22AADAACAC766E089175855E1FB6B03456E7679A29AF31B0DBA750D0244F3415
RSA Key Size . . . : 2048
Parent Name . . . : C:\Program Files (x86)\SourceApp\bin\utilSourceApp.exe
Authenticode . . . : Valid
Running processes : 6716
> Bitdefender . . . : Gen:Variant.Adware.Graftor.159320
> Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.Kranet.heur
Fuzzy . . . . . . : 95.0

C:\Windows\system32\drivers\{0263559b-b988-4803-b082-70c1d2b89830}Gw64.sys
Size . . . . . . . : 48,784 bytes
Age . . . . . . . : 0.2 days (2014-12-06 01:15:05)
Entropy . . . . . : 6.4
SHA-256 . . . . . : F9FB961DDC8B85213DA32ED5FA3004562DF1BB39AA4C7A1CEA967A31767CEB63
Product . . . . . : StdLib
Publisher . . . . : StdLib
Description . . . : StdLib
Version . . . . . : 1.4.4.6
Copyright . . . . : Copyright © 2013 StdLib
RSA Key Size . . . : 2048
Service . . . . . : {0263559b-b988-4803-b082-70c1d2b89830}Gw64
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Adware.SwiftBrowse.CH
Fuzzy . . . . . . : 100.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\{0263559b-b988-4803-b082-70c1d2b89830}Gw64\

---

Please Help!

[Britec]

Step 1


Please download AdwCleaner (by Xplode) and save it to your Desktop

• Right-click on AdwCleaner.exe and Run as administrator.
  
• Click Scan. (AdwCleaner will now scan for Adware.)
  
  
• Once scan finishes, click Clean, now follow the on screen prompts.
  
  
• Your computer should now reboot.
  
  
• A log file will automatically open. Please Copy and Paste when you replay in your next post.
  
  
  

Note: The log can also be found in here: C:\AdwCleaner\


Step 2


Junkware-Removal-Tool
 
 Please download Junkware Removal Tool to your desktop.


§  Right click JRT.exe and select "Run as Administrator".


§  Important: If you get warning from Antivirus please disable your protection  until we are finished with scans this will avoid any potential conflicts.


§  A black Prompt Box should open, press enter key to start scanning your system.


§  Please be patient as this can take a while to complete.


§  Once complete a log file called JRT.txt is saved to your desktop, this will automatically open.

§  please copy contents of JRT.txt into your next post.


Step 3


 Reset Google Chrome to Default settings

1. Open Google Chrome
2. Go to the    in the right top corner
3. Select Settings
   
   
4. Scroll down to the end of the page, search for + Show advanced settings
   
   
5. Scroll down to end of the page and click Reset browser settings button
   
   
6. Click Reset once more
   

Step 4


Please perform a scan with ESET Online Scan

• Open new browser tab
• Click the 
   button.
• Click on   button to download the ESET Smart Installer.
• Save it to your Desktop.
• Double click on  to start ESET Smart Installer.
• Check ”YES“, and Tick ”I accept the Terms of Use“
• Click the  button.
• Yes to User Account Control warning.
• Enable detection of potentially unwanted applications.
• Click Advanced settings and select the following:
• Remove found threats
• Scan Archives
• Scan for potentially unsafe applications
• Enable Anti-Stealth technology
• ESET will then download updates for signature database, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List of Found Threats
• Click Export toText File, and save the file to your desktop and name it EsetLog. (optional)
• Put tick in Uninstall Application on close
• Put tick in Delete Quarantined files
• Click the Finish button.
  
  

[Shadowtime101]

# AdwCleaner v4.104 - Report created 06/12/2014 at 12:04:29
# Updated 05/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 8 (64 bits)
# Username : jespi_000 - JOSHUA_COMPUTER
# Running from : C:\Users\jespi_000\Desktop\adwcleaner_4.104.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update SourceApp
[#] Service Deleted : Util SourceApp
Service Deleted : {0263559b-b988-4803-b082-70c1d2b89830}Gw64

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Program Files (x86)\SourceApp
Folder Deleted : C:\Users\JESPI_~1\AppData\Local\Temp\SourceApp
File Deleted : C:\Windows\System32\drivers\{0263559b-b988-4803-b082-70c1d2b89830}Gw64.sys
File Deleted : C:\Users\jespi_000\AppData\Roaming\Mozilla\Firefox\Profiles\woys1x6u.default\use​r.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update SourceApp
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util SourceApp
Key Deleted : HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateSourceApp.ex​e
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9f7ab9c4-4da3-440e-ba84-95903165f129}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1B74BE8-E593-4EB8-BF9E-AC2BBE4B1BEB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7e25cc08-8611-435a-bed7-60dd82b4fde5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f7ab9c4-4da3-440e-ba84-95903165f129}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1B74BE8-E593-4EB8-BF9E-AC2BBE4B1BEB}
Key Deleted : HKCU\Software\SourceApp
Key Deleted : HKLM\SOFTWARE\SourceApp
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SourceApp

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148


-\\ Mozilla Firefox v33.1 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [7779 octets] - [13/08/2014 15:46:48]
AdwCleaner[R10].txt - [1678 octets] - [17/08/2014 10:05:32]
AdwCleaner[R11].txt - [1739 octets] - [18/08/2014 15:35:43]
AdwCleaner[R12].txt - [1939 octets] - [23/08/2014 10:57:25]
AdwCleaner[R13].txt - [1922 octets] - [23/08/2014 11:17:01]
AdwCleaner[R14].txt - [1983 octets] - [24/08/2014 10:10:19]
AdwCleaner[R15].txt - [2042 octets] - [26/08/2014 16:16:00]
AdwCleaner[R16].txt - [2103 octets] - [27/08/2014 19:19:10]
AdwCleaner[R17].txt - [2164 octets] - [06/09/2014 11:06:30]
AdwCleaner[R18].txt - [2211 octets] - [25/10/2014 10:22:56]
AdwCleaner[R19].txt - [2225 octets] - [26/10/2014 19:14:48]
AdwCleaner[R1].txt - [7839 octets] - [13/08/2014 15:56:08]
AdwCleaner[R20].txt - [2373 octets] - [30/10/2014 19:46:16]
AdwCleaner[R21].txt - [2434 octets] - [31/10/2014 22:15:11]
AdwCleaner[R22].txt - [3716 octets] - [11/11/2014 09:33:32]
AdwCleaner[R23].txt - [2589 octets] - [14/11/2014 20:18:25]
AdwCleaner[R24].txt - [2777 octets] - [23/11/2014 18:13:04]
AdwCleaner[R25].txt - [2838 octets] - [23/11/2014 18:28:34]
AdwCleaner[R26].txt - [5659 octets] - [06/12/2014 12:03:37]
AdwCleaner[R2].txt - [7899 octets] - [13/08/2014 18:48:40]
AdwCleaner[R3].txt - [7959 octets] - [13/08/2014 18:52:56]
AdwCleaner[R4].txt - [962 octets] - [13/08/2014 19:06:21]
AdwCleaner[R5].txt - [1021 octets] - [14/08/2014 15:14:46]
AdwCleaner[R6].txt - [1075 octets] - [15/08/2014 15:50:58]
AdwCleaner[R7].txt - [1255 octets] - [16/08/2014 11:49:38]
AdwCleaner[R8].txt - [1555 octets] - [17/08/2014 09:41:59]
AdwCleaner[R9].txt - [1557 octets] - [17/08/2014 09:52:42]
AdwCleaner[S0].txt - [7410 octets] - [13/08/2014 18:58:31]
AdwCleaner[S1].txt - [1618 octets] - [17/08/2014 09:49:25]
AdwCleaner[S2].txt - [1618 octets] - [17/08/2014 09:56:46]
AdwCleaner[S3].txt - [2001 octets] - [23/08/2014 11:11:40]
AdwCleaner[S4].txt - [2491 octets] - [31/10/2014 22:22:02]
AdwCleaner[S5].txt - [3768 octets] - [11/11/2014 09:35:32]
AdwCleaner[S6].txt - [2904 octets] - [23/11/2014 18:29:31]
AdwCleaner[S7].txt - [5340 octets] - [06/12/2014 12:04:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [5400 octets] ##########

---

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8 x64
Ran by jespi_000 on Sat 12/06/2014 at 14:56:23.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\jespi_000\AppData\Roaming\mozilla\firefox\profiles\woys1x6u.default\ext​ensions\staged
Successfully deleted the following from C:\Users\jespi_000\AppData\Roaming\mozilla\firefox\profiles\woys1x6u.default\pre​fs.js

user_pref("extensions.iobitascsurfingprotection@iobit.com.install-event-fired", true);
Emptied folder: C:\Users\jespi_000\AppData\Roaming\mozilla\firefox\profiles\woys1x6u.default\min​idumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/06/2014 at 19:23:37.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---

I'm not to sure if I want to do the repair install anymore. I don't know if the iso's are infected or not.