Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help! Browser Redirect xml.adventurefeeds.com

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Help! Browser Redirect xml.adventurefeeds.com

Unread postby mAL_rEm018 » April 25th, 2015, 8:49 am

Hello DakotaRT1977,


Before we continue any further, there are a few things we should clarify..


Please answer the following question..
Did you run the fix I gave you twice?
DakotaRT1977 wrote:Yes, I was in the middle of replying to you so I figured if I ran it again it would be a more recent but I guess it caused an issue?

Never run a fix I give you more than once, because this could cause a lot of damage to your computer. In this case you were lucky and nothing happened to your computer. If you are unsure of anything, always ask me first.

DakotaRT1977 wrote:Hello Mal, I will have to upload them as attachments (they are just too big!) I hope this is ok? Otherwise I will have to split it into several posts.

For the future it would be preferable that you post instead of attach your logs (unless I ask you otherwise). The reasons being:
  • Certain types of infections target notepad files and if you had one of these infections, my computer could become infected as well.
  • This is a university and since not everyone has access to attached logs, it is best to post your logs so everyone can learn.

Finally, on more than one occasion your replies to my posts were very close to 72 hours apart. When a computer is infected with malware it becomes very unpredictable and the infection can spread and also start installing new infections. The longer it remains active on your computer, the harder it will be to remove, therefore I would be very grateful if you could reply more promptly to my posts.


Now let's get to work :)


Adwcleaner
  • Close all your programs and right-click adwcleaner_4.201.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Cleaning.
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open. Please copy/paste the contents in your next reply.


I still need to see the ESET log, so if you have not already done so..


ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.



-----------------------------------------
In your next reply, I would like to see..
  • Adwcleaner log.
  • ESET log.
    Please post everything in the order given.
User avatar
mAL_rEm018
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 815
Joined: November 11th, 2013, 6:26 pm
Location: Canada
Advertisement
Register to Remove

Re: Help! Browser Redirect xml.adventurefeeds.com

Unread postby DakotaRT1977 » April 25th, 2015, 9:48 pm

Hello mal, can I use chrome for the eset log? I did do the scan ; I must have not copied it. Should I do it again?
DakotaRT1977
Active Member
 
Posts: 13
Joined: April 12th, 2015, 9:42 pm

Re: Help! Browser Redirect xml.adventurefeeds.com

Unread postby DakotaRT1977 » April 26th, 2015, 8:28 am

Hello Mal,

I performed a scan and clean but no notepad file appeared after restart?
The only log file I have is before it cleaned

# AdwCleaner v4.202 - Logfile created 25/04/2015 at 21:55:07
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : jason - HOMEPC
# Running from : C:\Users\jason\Desktop\adwcleaner_4.202.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\{805b4b3e-9e97-5a06-805b-b4b3e9e92cfa}
Folder Found : C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nielaigelomefgdoljcpfgbdbfefhdjc

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v42.0.2311.90

[C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : nielaigelomefgdoljcpfgbdbfefhdjc

*************************

AdwCleaner[R0].txt - [3145 bytes] - [17/04/2015 07:38:33]
AdwCleaner[R1].txt - [3303 bytes] - [22/04/2015 22:51:27]
AdwCleaner[R2].txt - [1505 bytes] - [23/04/2015 07:21:47]
AdwCleaner[R3].txt - [1021 bytes] - [23/04/2015 07:27:20]
AdwCleaner[R4].txt - [1409 bytes] - [23/04/2015 19:23:04]
AdwCleaner[R5].txt - [1859 bytes] - [23/04/2015 19:38:37]
AdwCleaner[R6].txt - [1271 bytes] - [25/04/2015 21:55:07]
AdwCleaner[S0].txt - [3161 bytes] - [22/04/2015 22:52:57]
AdwCleaner[S1].txt - [1575 bytes] - [23/04/2015 07:22:57]
AdwCleaner[S2].txt - [1086 bytes] - [23/04/2015 07:28:29]
AdwCleaner[S3].txt - [1477 bytes] - [23/04/2015 19:26:29]
AdwCleaner[S4].txt - [1929 bytes] - [23/04/2015 19:40:47]

########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [1625 bytes] ##########

Here are the Eset Scan results

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e2ec2b9706808f4ca96eba424ef9c751
# engine=23564
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-26 05:32:04
# local_time=2015-04-26 01:32:04 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2066 16777213 85 100 0 132928433 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 525812 11592307 0 0
# scanned=270922
# found=11
# cleaned=0
# scan_time=10382
sh=BC5FF9D88D718177EC0C468CACE060F586618C91 ft=1 fh=b3b1fe36ef6eb05d vn="a variant of MSIL/Riskware.ShimChanger.A application" ac=I fn="C:\FRST\Quarantine\C\Users\jason\AppData\Local\Temp\Runner4.exe.xBAD"
sh=68B41F1835AD238699CF8CC195FCA038B99E8E28 ft=1 fh=3bddf8c162747b2f vn="Win32/Adware.1ClickDownload.AY application" ac=I fn="C:\FRST\Quarantine\C\Users\jason\AppData\Local\Temp\ttv.exe.xBAD"
sh=5DDF63171E6B30202B4CC2E76064E029CA086507 ft=1 fh=18806216c846c6bd vn="Win32/OutBrowse.BK potentially unwanted application" ac=I fn="C:\Users\jason\Downloads\Software\Installation.exe"
sh=AB3F8E7E4A69A0997087455B15CCD531241B4DB5 ft=1 fh=1d2d8eb6045787ab vn="a variant of Win32/InstallCore.UN potentially unwanted application" ac=I fn="C:\Users\jason\Downloads\Software\Nero_BurningROM2015_16.9_cnet_trial_setup.exe"
sh=5B33D9ACF8AAF7A2DADD9AF42519BE7D5FAEDDF5 ft=1 fh=ecbde20ce99c3a1e vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="F:\backups\backup-20121125-165124-998.dll"
sh=D94F8B1AC2828BF9203E1188612E73FDE9B4793A ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="F:\Jeep\Backup Set 2014-03-29 193557\Backup Files 2014-03-29 193557\Backup files 8.zip"
sh=AADAB7D0F0C96875717CD968F672F820398B9EE5 ft=1 fh=b0560120a4a18a3d vn="a variant of Win32/AirAdInstaller.A potentially unwanted application" ac=I fn="F:\documents\Downloads\setup.exe"
sh=FBB2991DCCACE8A807D4BC8D972F4E7E0B37B38C ft=1 fh=1ed17a9e5b2e2275 vn="a variant of Win32/DongleHack.MultiKey.A potentially unsafe application" ac=I fn="F:\documents\Downloads\Torrents\crack\crack\VUsbBus.sys"
sh=FBB2991DCCACE8A807D4BC8D972F4E7E0B37B38C ft=1 fh=1ed17a9e5b2e2275 vn="a variant of Win32/DongleHack.MultiKey.A potentially unsafe application" ac=I fn="F:\documents\Downloads\Torrents\crack\crack\Emul_Install\VUsbBus.sys"
sh=FBB2991DCCACE8A807D4BC8D972F4E7E0B37B38C ft=1 fh=1ed17a9e5b2e2275 vn="a variant of Win32/DongleHack.MultiKey.A potentially unsafe application" ac=I fn="F:\documents\Downloads\Torrents\crack\Emul_Install\VUsbBus.sys"
sh=33242AEDE8038DE2DC39FE7DEC1D829684CAC8D1 ft=1 fh=dbddfae89f878c97 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="F:\documents\Downloads\Torrents\WinZip PRO FINAL v16.0 + Serials [ChattChitto RG]\WinZip PRO FINAL v16.0 + Serials [ChattChitto RG].exe"
DakotaRT1977
Active Member
 
Posts: 13
Joined: April 12th, 2015, 9:42 pm

Re: Help! Browser Redirect xml.adventurefeeds.com

Unread postby mAL_rEm018 » April 27th, 2015, 10:59 am

Hello DakotaRT1977,

I am still reviewing your logs. I will be back as soon as possible with a reply.
User avatar
mAL_rEm018
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 815
Joined: November 11th, 2013, 6:26 pm
Location: Canada

Re: Help! Browser Redirect xml.adventurefeeds.com

Unread postby mAL_rEm018 » April 27th, 2015, 11:11 am

Hello DakotaRT1977,


Please answer the following question..
    Did you set Video Download Capture in your documents folder?
C:\Users\jason\Documents\Video Download Capture



Please run the following fix..

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
C:\Users\jason\AppData\Local\Temp\Quarantine.exe
C:\Users\jason\AppData\Local\Temp\sqlite3.dll
F:\documents\Downloads\Torrents
F:\documents\Downloads\setup.exe
C:\Users\jason\Downloads\Software\Nero_BurningROM2015_16.9_cnet_trial_setup.exe
C:\Users\jason\Downloads\Software\Installation.exe

CreateRestorePoint:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


Next..


Enable a program through CCleaner
  • Open the Start menu.
  • Inside the Search programs and files type the following:
    CCleaner
  • Right-click on CCleaner and select Run as administrator.
  • Select Tools from the left-side panel.
  • Open Startup.
  • Select the Windows tab. Locate the following programs:
    CCleaner Monitoring
    GoogleChromeAutoLaunch_C2CE614B5D9BA92DE83B617E66F86261
    SkyDrive
    Power2GoExpress8
  • Click Enable.
  • Exit CCleaner and reboot your computer.



-----------------------------------------
In your next reply, I would like to see..
  • Did you have trouble performing any of the steps?
  • Answer to my question.
  • fixlog.txt
    Please post everything in the order given.
User avatar
mAL_rEm018
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 815
Joined: November 11th, 2013, 6:26 pm
Location: Canada

Re: Help! Browser Redirect xml.adventurefeeds.com

Unread postby DakotaRT1977 » April 27th, 2015, 7:29 pm

Hello Mal,

Please see my response below



Did you set Video Download Capture in your documents folder?
C:\Users\jason\Documents\Video Download Capture


Yes, I use that program once in a while. Should I uninstall it?


Fixlog results


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01
Ran by jason at 2015-04-27 18:50:29 Run:3
Running from C:\Users\jason\Desktop
Loaded Profiles: jason (Available profiles: jason)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\jason\AppData\Local\Temp\Quarantine.exe
C:\Users\jason\AppData\Local\Temp\sqlite3.dll
F:\documents\Downloads\Torrents
F:\documents\Downloads\setup.exe
C:\Users\jason\Downloads\Software\Nero_BurningROM2015_16.9_cnet_trial_setup.exe
C:\Users\jason\Downloads\Software\Installation.exe

CreateRestorePoint:
*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"C:\Users\jason\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\jason\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
F:\documents\Downloads\Torrents => Moved successfully.
F:\documents\Downloads\setup.exe => Moved successfully.
C:\Users\jason\Downloads\Software\Nero_BurningROM2015_16.9_cnet_trial_setup.exe => Moved successfully.
C:\Users\jason\Downloads\Software\Installation.exe => Moved successfully.
Restore point was successfully created.

==== End of Fixlog 19:00:56 ====


I did not have any issues performing the steps; it was very easy.

Thank you for your help thus far.
DakotaRT1977
Active Member
 
Posts: 13
Joined: April 12th, 2015, 9:42 pm

Re: Help! Browser Redirect xml.adventurefeeds.com

Unread postby mAL_rEm018 » April 28th, 2015, 10:18 am

Hello DakotaRT1977,


Did you set Video Download Capture in your documents folder?
C:\Users\jason\Documents\Video Download Capture
DakotaRT1977 wrote:Yes, I use that program once in a while. Should I uninstall it?

No that will not be necessary. The reason I asked was because the program is not installed in the default location, however since you are aware of this, there is no cause for concern.


I have good news..there are no more signs of malware on your computer :) Please follow the steps below and then you'll be all set to go.


Let's remove the tools we have been using so far..
  • Please download Delfix to your desktop.
  • Right-click on delfix_10.9.exe and select Run as administrator.
  • Check the following boxes:
    • Remove disinfection tools
    • Purge system restore
  • You can now safely remove any tools and/or logs that may remain on your computer.


You should also read and get acquainted with the following topic: COMPUTER SECURITY - a short guide to staying safer online , which goes into depth on how to keep your computer secure. I have bookmarked it for easy reference and I suggest you do the same.


Please note the following:
µTorrent (HKU\S-1-5-21-927955738-466818065-3840015512-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)

Using Peer-to-peer programs (P2P) is the best way to catch malware and probably the reason you were infected in the first place. If you value the security of your computer at all, stay clear of P2P programs! It will save you a lot of headaches in the end. You should really read the following topic Refusal to remove Peer-to-Peer (P2P) programs, where you will find valuable information concerning this subject.


I would really appreciate it if you could reply to this post to let me know that you've seen it, so that I can request for this topic to be closed.
User avatar
mAL_rEm018
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 815
Joined: November 11th, 2013, 6:26 pm
Location: Canada

Re: Help! Browser Redirect xml.adventurefeeds.com

Unread postby DakotaRT1977 » April 28th, 2015, 7:50 pm

Hello Mal,

Thank You so much for your help! I am glad that I stumbled across this website and I am hoping I won't need to use it again but if I do, I know I will have help!

Thanks Again!

Kind Regards,

Jason

Here is my log for an FYI


# DelFix v1.010 - Logfile created 28/04/2015 at 19:45:35
# Updated 26/04/2015 by Xplode
# Username : jason - HOMEPC
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\jason\Downloads\FRST-OlderVersion
Deleted : C:\Users\jason\Desktop\FRST-OlderVersion
Deleted : C:\Users\jason\Desktop\adwcleaner_4.202.exe
Deleted : C:\Users\jason\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\jason\Desktop\Fixlog.txt
Deleted : C:\Users\jason\Desktop\FRST64.exe
Deleted : C:\Users\jason\Downloads\AdwCleaner[R5].txt
Deleted : C:\Users\jason\Downloads\AdwCleaner[R6].txt
Deleted : C:\Users\jason\Downloads\adwcleaner_4.201.exe
Deleted : C:\Users\jason\Downloads\dds.scr
Deleted : C:\Users\jason\Downloads\Fixlog.txt
Deleted : C:\Users\jason\Downloads\FRST.txt
Deleted : C:\Users\jason\Downloads\HijackThis.exe
Deleted : C:\Users\jason\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #52 [Removed Garmin WebUpdater | 04/17/2015 11:37:11]
Deleted : RP #54 [Restore Point Created by FRST | 04/19/2015 23:44:32]
Deleted : RP #56 [Restore Point Created by FRST | 04/21/2015 22:38:57]
Deleted : RP #58 [Restore Point Created by FRST | 04/27/2015 22:59:37]

New restore point created !

########## - EOF - ##########
DakotaRT1977
Active Member
 
Posts: 13
Joined: April 12th, 2015, 9:42 pm

Re: Help! Browser Redirect xml.adventurefeeds.com

Unread postby mAL_rEm018 » April 29th, 2015, 10:05 am

Hello Jason,

DakotaRT1977 wrote:Thank You so much for your help! I am glad that I stumbled across this website and I am hoping I won't need to use it again but if I do, I know I will have help!

Thanks Again!

You are very welcomed :) Safe browsing!
User avatar
mAL_rEm018
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 815
Joined: November 11th, 2013, 6:26 pm
Location: Canada

Re: Help! Browser Redirect xml.adventurefeeds.com

Unread postby Cypher » April 29th, 2015, 10:44 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware