Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: finnman on April 16, 2016, 09:53:47 AM
-
today i noticed a weird problem of not being able to get the right click menu on windows explorer to stay because it would just "refresh" the file explorer. Also i noticed malwarebytes mentioning that firefox was being redirected to an unknown website (go.padsel.com) that coukld possibly be malicious.
Here are logs:
# AdwCleaner v5.111 - Logfile created 16/04/2016 at 18:31:34
# Updated 14/04/2016 by Xplode
# Database : 2016-04-15.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Joonas P - JOONAS
# Running from : C:\Users\Joonas P\Downloads\adwcleaner_5.111.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1553 bytes] - [16/04/2016 18:31:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [1592 bytes] - [16/04/2016 18:21:33]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1699 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Tarkistuksen päivämäärä: 16.4.2016
Tarkistuksen kellonaika: 18:41
Lokitiedosto: malwarebyteslog.txt
Järjestelmänvalvoja: Kyllä
Versio: 2.2.1.1043
Haittaohjelmien tietokanta: v2016.04.16.03
Rootkittien tietokanta: v2016.04.09.01
Lisenssi: Kokeiluversio
Haittaohjelmasuoja: Käytössä
Haitallisten verkkosivujen esto: Käytössä
Itsepuolustus: Pois käytöstä
Käyttöjärjestelmä: Windows 10
Prosessori: x64
Tiedostojärjestelmä: NTFS
Käyttäjä: Joonas P
Tarkistuksen tyyppi: Nopea tarkistus
Tulos: Valmis
Kohteita tarkistettu: 348889
Aikaa kulunut: 7 minuutti(a), 50 sekuntti(a)
Muisti: Käytössä
Käynnistys: Käytössä
Tiedostojärjestelmä: Pois käytöstä
Pakkaukset: Käytössä
Rootkitit: Pois käytöstä
Heuristiikka: Käytössä
Mahdollisesti haitalliset ohjelmat: Käytössä
Mahdollisesti haitalliset muutokset: Käytössä
Prosessit: 0
(Haitallisia kohteita ei löydetty)
Moduulit: 0
(Haitallisia kohteita ei löydetty)
Rekisteriavain: 0
(Haitallisia kohteita ei löydetty)
Rekisteriarvot: 0
(Haitallisia kohteita ei löydetty)
Reksiteritiedot: 0
(Haitallisia kohteita ei löydetty)
Kansiot: 0
(Haitallisia kohteita ei löydetty)
Tiedostot: 0
(Haitallisia kohteita ei löydetty)
Fyysiset sektorit: 0
(Haitallisia kohteita ei löydetty)
(end)
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
McAfee SiteAdvisor
Java version 32-bit out of Date!
Adobe Flash Player 21.0.0.213
Mozilla Firefox (45.0.2)
Google Chrome (49.0.2623.110)
Google Chrome (49.0.2623.112)
````````Process Check: objlist.exe by Laurent````````[/u]
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]
-
english malwarebytes log
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 16.4.2016
Scan Time: 18:41
Logfile:
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.04.16.03
Rootkit Database: v2016.04.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: Joonas P
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 348889
Time Elapsed: 7 min, 50 sec
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
*************************************************
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
- Leave the check mark next to Remove found threats.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64
Ran by Joonas P (Administrator) on la 16.04.2016 at 21:15:56,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Successfully deleted: C:\Users\Joonas P\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Program Files (x86)\your product (Folder)
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_832F54E157F03AC74306CA68A8783B57 (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on la 16.04.2016 at 21:18:08,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Still waiting on ESET to finish.
-
ESET finished scanning finally but there is no list of all threats ???
-
How are things with your computer now?
-
I still see the malwarebytes message about blocking the redirection to the website every now and then. still cant get the right clicking in windows explorer to work properly.
-
I still see the malwarebytes message about blocking the redirection to the website every now and then. still cant get the right clicking in windows explorer to work properly.
This is free trial period by MBAM. Not to worry. The right-clicking in windows explorer I don't understand. Do you mean Internet Explorer? Can you give me a screen print about what you're trying to do?
How to post screenshots or images (http://www.computerhope.com/forum/index.php/topic,61232.0.html)
-
I mean the windows file explorer. Whenever I try to right click files in it to run one program in compatibility mode as it doesnt work properly without it kind of jsut refreshes the file explroer and the right click menu that comes up instantly disappears. For the malwarebytes it is not about the trial but rather a warning message about malwarebytes stopping a pop up window that according to malwarebytes leads to the website (go.padsel.com) I would get a screenshot but it only happens sometimes. I will try to get a screenshot of the pop up message next time.
-
I was able to find a log about these things in malwarebytes. I blacked out the ip that it was showing as I wasnt sure if it was my ip or the ip it was connecting to.
(https://gyazo.com/4023e4bd52ab4dcaa739a768bdc1297f.png)
-
I don't think this is a malware problem. Windows 10 has a number of diagnostic programs that may be able to fix that right-click problem.
-
From what i have checked it seems "padsdel" is a hi-jacker that has fixes out there ...but they all wanna sell you a fix.
Have you ran ADWCleaner ? ?
-
Yes, he has run all the routine scans. Nothing showed.
-
K...