I'm not sure what it means by "What scan logs have you uploaded to this post?", so I left it blank.
UTubeAedBlock 2.2 removal?
- Thread starter forteddyt
- Start date
- Mar 1, 2014
- 251
hello
Download Shortcut_Module from this link :
http://www.telecharger.sosvirus.net/download/shortcut-module/
save it to your desktop, run it and click on "Clean" after it has verified if it's up to date
Attention : It'll close all the opened programs opened like IE, Firefox, Word etc...
It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.
Attach the report here or on http://cjoint.com or other site and give the link you obtained
=====================================================
=====================================================
Download From this link OTL : http://oldtimer.geekstogo.com/OTL.exe
Save it to your desktop
If you have XP => double-click , else , right-click "Run as administrator" to launch it
Configure it like this : ("Analyse"="Run Scan" must be pressed at last after pasting the bold text under the picture )
If a 64 bits checkbox appears let it checked.
Copy/paste what is below in blue bold under "Personnalization" in OTL :
HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
%Homedrive%\*
%Homedrive%\*.
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%programFiles%\*
%programfiles%\Google\Desktop\Install /s
%programFiles%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT
click on "Run scan" and let the tool work
At the end "notepad" will open (OTL.txt & Extras.txt)
you can find them near the OTL executable.
Don't post them in the forum !!!! ( they're too big )
Attach them here or on http://cjoint.com or other site and give the links you obtained
Download Shortcut_Module from this link :
http://www.telecharger.sosvirus.net/download/shortcut-module/
save it to your desktop, run it and click on "Clean" after it has verified if it's up to date
Attention : It'll close all the opened programs opened like IE, Firefox, Word etc...
It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.
Attach the report here or on http://cjoint.com or other site and give the link you obtained
=====================================================
=====================================================
Download From this link OTL : http://oldtimer.geekstogo.com/OTL.exe
Save it to your desktop
If you have XP => double-click , else , right-click "Run as administrator" to launch it
Configure it like this : ("Analyse"="Run Scan" must be pressed at last after pasting the bold text under the picture )
If a 64 bits checkbox appears let it checked.
Copy/paste what is below in blue bold under "Personnalization" in OTL :
HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
%Homedrive%\*
%Homedrive%\*.
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%programFiles%\*
%programfiles%\Google\Desktop\Install /s
%programFiles%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT
click on "Run scan" and let the tool work
At the end "notepad" will open (OTL.txt & Extras.txt)
you can find them near the OTL executable.
Don't post them in the forum !!!! ( they're too big )
Attach them here or on http://cjoint.com or other site and give the links you obtained
Last edited:
Alright, sorry for the late response, I had gone to bed before you posted it. Here is the Shortcut Module text - http://cjoint.com/14ma/DCmtBfBxOFP.htm
And here's the OTL text - (first link was incorrect, here's the actual text) http://cjoint.com/14ma/DCmuxZJMl5i.htm
Here's the Extras text - http://cjoint.com/14ma/DCmuyE7QLzJ.htm
And here's the OTL text - (first link was incorrect, here's the actual text) http://cjoint.com/14ma/DCmuxZJMl5i.htm
Here's the Extras text - http://cjoint.com/14ma/DCmuyE7QLzJ.htm
Last edited:
- Mar 1, 2014
- 251
It's not good for OTL , did you deactivate your antivirus ?
look where there's the OTL executable , you must see OTL.txt and Extra.txt
look where there's the OTL executable , you must see OTL.txt and Extra.txt
- Mar 1, 2014
- 251
goto Virus total : https://www.virustotal.com
browse you computer and select this file : C:\Windows\system32\amdocl_as32.exe
Click on analyze , and when it's finished give the link which is in your adress bar
browse you computer and select this file : C:\Windows\system32\amdocl_as32.exe
Click on analyze , and when it's finished give the link which is in your adress bar
- Mar 1, 2014
- 251
Uninstall McAfee Security Scan it's useless
==========================
Run OTL again
Select all this text and CTRL + C ( or right click => copy ) :
and paste it under "Personnalization" , and click on "Run Fix" without touching anything else
attach the new log
==========================
Run OTL again
Select all this text and CTRL + C ( or right click => copy ) :
Code:
:OTL
IE - HKLM\..\URLSearchHook: {e306aaa2-3b4f-4802-9faf-0c10ab78b589} - No CLSID value found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
[2013/12/17 15:44:47 | 000,000,861 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\h8t4v5t4.default\searchplugins\conduit-search.xml
CHR - Extension: UTubeAedBlocck = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbeglmljehhajnnojahljglhjaeddiib\2.2_0\
CHR - Extension: UTubeAedBlocck = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbeglmljehhajnnojahljglhjaeddiib\2.2_0\
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E306AAA2-3B4F-4802-9FAF-0C10AB78B589} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E306AAA2-3B4F-4802-9FAF-0C10AB78B589} - No CLSID value found.
O3 - HKU\S-1-5-21-1700486814-2142742571-1525867388-1000\..\Toolbar\WebBrowser: (no name) - {E306AAA2-3B4F-4802-9FAF-0C10AB78B589} - No CLSID value found.
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.45.2)
O20 - AppInit_DLLs: (C:\PROGRA~3\TurboNet\TURBON~1.DLL) - C:\ProgramData\TurboNet\TurboNet_x64.dll ()
O33 - MountPoints2\{534cd8ea-80b6-11e2-ac39-c860005a1286}\Shell - "" = AutoRun
O33 - MountPoints2\{534cd8ea-80b6-11e2-ac39-c860005a1286}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O33 - MountPoints2\{7b55c42c-6d68-11e3-b64d-c860005a1286}\Shell - "" = AutoRun
O33 - MountPoints2\{7b55c42c-6d68-11e3-b64d-c860005a1286}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{aa444b1f-eb0a-11e1-80b0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aa444b1f-eb0a-11e1-80b0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\MSETUP4.EXE -- [2008/12/12 06:43:33 | 000,333,136 | R--- | M] (CANON INC.)
[2014/03/02 20:58:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/01/10 04:06:19 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Roaming\InstallDir
[2014/02/06 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\rcru
[2013/10/29 20:49:23 | 000,000,000 | ---D | M] -- C:\SearchProtect
[2013/04/28 17:33:04 | 000,000,000 | ---D | M] -- C:\Firefox
[2014/01/31 12:58:05 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/02/02 06:52:35 | 000,000,000 | ---D | M] -- C:\ProgramData\db6bbc1f59f57b02
[2014/02/05 22:42:07 | 000,000,000 | ---D | M] -- C:\ProgramData\dnkcnmnklaiechncjeidkimhkahhpijn
[2014/01/31 12:58:05 | 000,000,000 | ---D | M] -- C:\ProgramData\jbeglmljehhajnnojahljglhjaeddiib
[2012/10/10 15:36:56 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee Security Scan
[2014/02/05 22:40:50 | 000,000,000 | ---D | M] -- C:\ProgramData\TurboNet
[2014/02/05 22:40:50 | 000,000,000 | ---D | M] -- C:\ProgramData\UTubeAedBlocck
[2013/06/13 18:43:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\eSupport.com
[2014/01/05 20:41:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CoupExtensiooN
[2013/12/26 12:43:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ss helper
[2014/02/02 06:52:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\UTubeAedBlocck
:reg
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""=-
[-HKEY_CURRENT_USER\Software\5d4de88bd3bea47]
[-HKEY_LOCAL_MACHINE\Software\5d4de88bd3bea47]
[-HKEY_LOCAL_MACHINE\Software\Object]
[-HKEY_LOCAL_MACHINE\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}]
:files
C:\Windows\Temp\*
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
:commands
[emptytemp]and paste it under "Personnalization" , and click on "Run Fix" without touching anything else
attach the new log
Very sorry about that, it was displaying the previous message, so I reposted the virustool link. Here's the OTL log - http://cjoint.com/14ma/DCnlBYj450f.htm
Last edited:
- Mar 1, 2014
- 251
- Mar 1, 2014
- 251
- Mar 1, 2014
- 251
- Mar 1, 2014
- 251
Ok so uninstall chrome , Reinstall it without synchronizing with your gmail account , it's not a good idea to do that
- Mar 1, 2014
- 251
- Mar 1, 2014
- 251
Similar threads
- Locked
