user_avatar****

Had an adware problem and ran AdwCleaner, seems to have got it not sure will see :D

review and comment.

# AdwCleaner v5.108 - Logfile created 01/04/2016 at 07:55:31

# Updated 30/03/2016 by Xplode

# Database : 2016-03-30.1 [Server]

# Operating system : Windows 10 Home  (x64)

# Username :

# Running from : C:\Users\*****\Downloads\adwcleaner_5.108.exe

# Option : Clean

# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : cherimoya

[-] Service Deleted : PrivoxyService

***** [ Folders ] *****

[-] Folder Deleted : C:\a

[-] Folder Deleted : C:\Program Files\Earth Networks

[-] Folder Deleted : C:\Program Files (x86)\Techsmart Computer

[-] Folder Deleted : C:\ProgramData\CloudPrinter

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®

[-] Folder Deleted : C:\Users\****\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}

[-] Folder Deleted : C:\Users\Public\Documents\ShopperPro3

***** [ Files ] *****

[-] File Deleted : C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk

[-] File Deleted : C:\Users\*****\Desktop\WeatherBug®.lnk

[-] File Deleted : C:\WINDOWS\SysWOW64\findit.xml

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : snp

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH

[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}

[-] Value Deleted : HKCU\Environment [SNF]

[-] Value Deleted : HKCU\Environment [SNP]

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}

[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls

[-] Key Deleted : HKCU\Software\powerpack [-] Key Deleted : HKCU\Software\Tutorials

[-] Key Deleted : HKCU\Software\MICROSOFT\OTUT

[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}

[-] Key Deleted : HKCU\Software\AppDataLow\Software\TrailerWatch

[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}

[-] Key Deleted : HKLM\SOFTWARE\Scan [-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel

[-] Key Deleted : HKLM\SOFTWARE\Tutorials [-] Key Deleted : [x64] HKLM\SOFTWARE\Scan

[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{13e87a59-cd0b-4c5a-adc8-50b6dacba9ea} [NameServer]

[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{56aa17a9-6dbd-4239-8d27-a7f337e819a3} [NameServer]

[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{58cc6f4f-270e-4e1a-b146-3a46145513b3} [NameServer]

[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{837ecad1-d7a9-46da-9290-b387e87673f3} [NameServer]

[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9f91b0f4-e4f4-11e5-b439-806e6f6e6963} [NameServer]

[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{aa85a65a-015b-44cf-8969-6e6b453d5eef} [NameServer]

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted

:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4556 bytes] - [01/04/2016 07:55:31] C:\AdwCleaner\AdwCleaner[S1].txt - [5131 bytes] - [01/04/2016 07:52:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4702 bytes] ##########

 

 

---------------------------------------------------------------------------------------------

 

Seems to be still around.  :(

AdwCleaner v5.108 - Logfile created 01/04/2016 at 08:43:24



***** [ Registry ] *****

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant]

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

[-] Data Restored : HKU\S-1-5-21-527404139-1759109901-2943392317-1001\Software\Microsoft\Internet Explorer\Main [Search Bar]

[-] Data Restored : HKU\S-1-5-21-527404139-1759109901-2943392317-1001\Software\Microsoft\Internet Explorer\Main [SearchAssistant]

[-] Data Restored : HKU\S-1-5-21-527404139-1759109901-2943392317-1001\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Data Restored : HKU\S-1-5-21-527404139-1759109901-2943392317-1001\Software\Microsoft\Internet Explorer\SearchUrl [Default]

[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[#] Value Deleted : HKU\S-1-5-21-527404139-1759109901-2943392317-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com

 

Re: AdwCleaner v5.108 - Logfile created 01/04/2016 at 07:55:31

Hello,

Can you send me a whole fresh logfile ?

Regards,

Re: AdwCleaner v5.108 - Logfile created 01/04/2016 at 14:19:54

# AdwCleaner v5.108 - Logfile created 01/04/2016 at 14:19:54

# Updated 30/03/2016 by Xplode # Database : 2016-03-30.1 [Server]

# Operating system : Windows 10 Home  (x64)

# Username : Johann - COOLDREAM

# Running from : C:\Users\****\Downloads\adwcleaner_5.108.exe # Option : Scan

# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4801 bytes] - [01/04/2016 07:55:31] C:\AdwCleaner\AdwCleaner[C2].txt - [2629 bytes] - [01/04/2016 08:43:24] C:\AdwCleaner\AdwCleaner[S1].txt - [5131 bytes] - [01/04/2016 07:52:53] C:\AdwCleaner\AdwCleaner[S2].txt - [5139 bytes] - [01/04/2016 08:40:45] C:\AdwCleaner\AdwCleaner[S3].txt - [1045 bytes] - [01/04/2016 09:32:06] C:\AdwCleaner\AdwCleaner[S4].txt - [968 bytes] - [01/04/2016 14:19:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1040 bytes] ##########

 

Re: AdwCleaner v5.108 - Logfile created 01/04/2016 at 07:55:31

and yes  albireo is still haunting my browser.

Re: AdwCleaner v5.108 - Logfile created 01/04/2016 at 07:55:31

Hello,

Ok. We'll need to dig a little further :

 

  • Download ZHPDiag from Nicolas on his website
  • Then run it with administrator's rights (with right click)
  • Then upload the log file on up2share (you will find it on your desktop, just drop the file on the upload zone)
  • Then post the link in your reply

Regards,

Re: AdwCleaner v5.108 - Logfile created 01/04/2016 at 07:55:31

Hello,

Thanks !

I'll take a look and keep you informed asap.

Best regards,

Re: AdwCleaner v5.108 - Logfile created 01/04/2016 at 07:55:31

Hello,

 

We need to delete a las thing wit a ZHPFix script :

  • Please download ZHPFix - Go on the download page of ZhpFix, click on the blue button "Download Now".
  • Launch it with right click : "launch as administrator",
  • Follow the instructions during the installation.
  • Then click on the shortcut for ZhpFix on your desktop, and as usual, launch it as administrator.
  • Select "Import"
  • Copy & paste the following lines including "Script ZHPFix" to "EmptyFlash":
Script ZHPFix:


O23 - Service: Areofbad (Areofbad) . (...) - C:\Users\Johann\AppData\Roaming\EmimDionpae\Jhsuxuka.exe
O23 - Service: xedmal (xedmal) . (...) - C:\ProgramData\xedmal\xedmal.exe
SS - Demand [31/03/2016] [  425832]  IbissVirhot (IbissVirhot) . (...) - C:\Program Files\Sunm\IbissVirhot.exe
[MD5.00000000000000000000000000000000] [APT] [NRPPAVIDQFBAOIQL] (...) -- C:\ProgramData\Service7609\Service7609.exe 
O39 - APT: NRPPAVIDQFBAOIQL - (...) -- C:\WINDOWS\Tasks\NRPPAVIDQFBAOIQL.job
O39 - APT: NRPPAVIDQFBAOIQL - (...) -- C:\WINDOWS\System32\Tasks\NRPPAVIDQFBAOIQL
HKLM\SOFTWARE\Wow6432Node\mtxedmal
HKLM\SOFTWARE\Wow6432Node\mtZonekix
HKLM\SOFTWARE\Wow6432Node\Sunm
HKLM\SOFTWARE\Wow6432Node\SOFTWIN
O43 - CFD: 01/04/2016 - [] D -- C:\Program Files\Sunm
O43 - CFD: 31/03/2016 - [] D -- C:\Users\Johann\AppData\Roaming\ASPackage
O43 - CFD: 31/03/2016 - [] D -- C:\Users\Johann\AppData\Roaming\Unylfi
O43 - CFD: 31/03/2016 - [0] D -- C:\Users\Johann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
O61 - LFC: 2016/03/31 12:44:17 A . (..) -- C:\Users\Johann\AppData\Roaming\ASPackage\Uninstall.exe

EmptyTemp
EmptyPrefetch
EmptyFlash

 

  • Then click on Go (3) to launch the tool.
  • It will ask you to confirm, just do it !
  • At the end, a report named ZHPFixReport.txt will be created and saved on your desktop. Please copy/paste it in your answer here.

Best regards,