Solved Arabyonline and Volaro Malware killing me

[Ameesh]

Thank you in advance for taking time to help a stranger.

My laptop has suddenly been infected with loads of adware like arabyonline and volaro.These two I can see but god only knows what more.

For two days with the help of google, i have downloaded and scanned my computer using all the softwares out there like SpyBot, Adwcleaner, Malware Antibytes, Hitman but with no success.

Any help is much appreciated.

 

[argus]

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b
  emptyfolderscheck;delete

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Ameesh]

I did that. I think it's better now in a way that the ads are not showing up and also i can change the search engine from the omnibar.But obviously you would know better. I am pasting the log here as the upload says the file is empty and error comes up.

Thank you for the quick reply.


Zoek.exe v5.0.0.0 Updated 07-March-2015
Tool run by Ameesh Izath on Mon 03/09/2015 at 10:59:23.05.
Microsoft Windows 8.1 Pro N 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ameesh Izath\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3/9/2015 11:00:49 AM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Anatronica deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\PROGRA~3\Kirin deleted successfully
C:\PROGRA~3\Mistl deleted successfully
C:\Users\Ameesh Izath\AppData\Roaming\Crown deleted successfully
C:\Users\Ameesh Izath\AppData\Roaming\freemkvtomp4converter deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3614665711-2575066784-1607383811-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A1E1E78A-4F56-49F9-9A1C-9BF80B9E082B} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\Anatronica not found
C:\PROGRA~2\Internet Download Manager deleted
C:\PROGRA~2\rSpark deleted
C:\Users\Ameesh Izath\.android deleted
C:\Users\Ameesh Izath\AppData\Local\tSvgr.vbs deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat deleted
C:\windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat deleted
C:\windows\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\PROGRA~2\Windows Multimedia Platform" deleted

==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Possible outdated, latest Stable version: 41.0.2272.76)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ngpampappnmepgilojfohadhhmbhlaek - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[]

Google Voice Search Hotword (Beta) - Ameesh Izath\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
ESPN Cricinfo - Ameesh Izath\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlklinjgampohhihndkofhhaahoicoip
Google News - Ameesh Izath\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc
Chelsea FC - Ameesh Izath\AppData\Local\Google\Chrome\User Data\Default\Extensions\eanaknlfmaafbcpmaoencjmlmfaflkck
AdBlock - Ameesh Izath\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
ESPN Cricinfo - Ameesh Izath\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh

==== Chromium Fix ======================

C:\Users\Ameesh Izath\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ngpampappnmepgilojfohadhhmbhlaek deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ameesh Izath\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Ameesh Izath\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Ameesh Izath\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Ameesh Izath\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Ameesh Izath\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=24 folders=7 5250169 bytes)

==== Empty Temp Folders ======================

C:\Users\Ameesh Izath\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\AMEESH~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 03/09/2015 at 12:01:43.26 ======================

 

[argus]

Excellent, adware is gone.


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[Ameesh]

Thank you again. You're a life saver.

# DelFix v10.9 - Logfile created 09/03/2015 at 12:20:58
# Updated 27/02/2015 by Xplode
# Username : Ameesh Izath - AMEESH
# Operating System : Windows 8.1 Pro N (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Ameesh Izath\Downloads\Addition.txt
Deleted : C:\Users\Ameesh Izath\Downloads\FRST.txt
Deleted : C:\Users\Ameesh Izath\Downloads\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #6 [Scheduled Checkpoint | 12/07/2014 15:26:06]
Deleted : RP #7 [Scheduled Checkpoint | 02/22/2015 10:57:35]
Deleted : RP #8 [Installed Tom Clancy's Ghost Recon Future Soldier | 02/23/2015 13:49:40]
Deleted : RP #9 [Removed Apple Mobile Device Support | 02/26/2015 11:06:06]
Deleted : RP #10 [Removed BlueStacks Notification Center | 03/01/2015 20:47:47]
Deleted : RP #11 [Installed Microsoft Visual C++ 2005 Redistributable | 03/05/2015 08:14:45]
Deleted : RP #12 [Installed Free AAC To MP3 Converter | 03/06/2015 10:34:02]
Deleted : RP #14 [Checkpoint by HitmanPro | 03/08/2015 17:47:28]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########