Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with Ad-type.google Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected with Ad-type.google Malware

Unread postby mcanos » October 16th, 2015, 8:26 pm

It's been months since I had this malware.. every time I click on search bars on any site and for some sites all what it takes is to click on some blank space to start popping up some new tab that starts with the ad-type.google link but it finally redirects me to another site that advertises for something or whatever!!

I gave up on getting rid of this malware by using any anti virus software including removal tools because they usually detect the cookies and erase it but never the source of this problem. spyhunter for an example!

I decided to format the hard drive and reinstall the OS and I did so only to find out that I still have that malware trolling me with my first click after opening Internet explorer.

As for dds.. It didn't work so I used FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-10-2015
Ran by Ahmed (administrator) on AHMAD (16-10-2015 17:24:39)
Running from C:\Users\Ahmed\Downloads
Loaded Profiles: Ahmed (Available Profiles: Ahmed)
Platform: Windows 8.1 Single Language (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3796375202-56556863-2467605043-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Ahmed\DOWNLO~1\dds.scr

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 31.3.252.72 37.220.8.189
Tcpip\..\Interfaces\{252D5658-A49E-4002-A44B-6B141625F3F9}: [DhcpNameServer] 31.3.252.72 37.220.8.189

Internet Explorer:
==================
HKU\S-1-5-21-3796375202-56556863-2467605043-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2505472 2015-10-09] (ESET)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-07-30] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-07-30] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2015-07-30] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [170792 2015-07-30] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 22:30 - 2015-10-16 17:05 - 00652659 _____ C:\Windows\WindowsUpdate.log
2015-10-16 22:29 - 2015-10-16 22:29 - 00000000 __SHD C:\Recovery
2015-10-16 17:24 - 2015-10-16 17:24 - 00004903 _____ C:\Users\Ahmed\Downloads\FRST.txt
2015-10-16 17:23 - 2015-10-16 17:24 - 00000000 ____D C:\FRST
2015-10-16 17:23 - 2015-10-16 17:23 - 02196480 _____ (Farbar) C:\Users\Ahmed\Downloads\FRST64.exe
2015-10-16 15:53 - 2015-10-16 15:53 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-10-16 15:27 - 2015-10-16 13:36 - 00000000 ____D C:\Windows\Panther
2015-10-16 15:26 - 2015-10-16 15:26 - 00008192 __RSH C:\BOOTSECT.BAK
2015-10-16 14:46 - 2015-10-16 14:47 - 09317168 _____ (ESET, spol. s r.o.) C:\Users\Ahmed\Downloads\eset_sysrescue_live_creator_enu.exe
2015-10-16 14:41 - 2015-10-16 14:41 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-10-16 14:22 - 2015-10-16 17:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-16 14:22 - 2015-10-16 14:22 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-16 14:22 - 2015-10-16 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-16 14:22 - 2015-10-16 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-16 14:22 - 2015-10-16 14:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-16 14:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-16 14:22 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-16 14:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-16 14:08 - 2015-10-16 14:08 - 00002647 _____ C:\Users\Ahmed\Desktop\µTorrent.lnk
2015-10-16 14:07 - 2015-10-16 14:39 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\uTorrent
2015-10-16 14:02 - 2015-10-16 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-10-16 14:02 - 2015-10-16 14:02 - 00000000 ____D C:\ProgramData\ESET
2015-10-16 14:01 - 2015-10-16 14:01 - 00000000 ____D C:\Program Files\ESET
2015-10-16 13:58 - 2015-10-16 14:42 - 00000000 ____D C:\Intel
2015-10-16 13:58 - 2015-10-16 13:58 - 00000000 ____D C:\Program Files (x86)\Intel
2015-10-16 13:57 - 2015-10-16 13:57 - 00000000 ____D C:\Windows\LastGood.Tmp
2015-10-16 13:57 - 2015-10-16 13:57 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\WinRAR
2015-10-16 13:57 - 2015-10-16 13:57 - 00000000 ____D C:\Program Files\Intel
2015-10-16 13:56 - 2015-10-16 13:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-10-16 13:56 - 2015-10-16 13:56 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-16 13:56 - 2015-10-16 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-16 13:56 - 2015-10-16 13:56 - 00000000 ____D C:\Program Files (x86)\WinRAR
2015-10-16 13:50 - 2015-10-16 13:50 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\Macromedia
2015-10-16 13:48 - 2015-10-16 13:48 - 02838216 _____ (ESET) C:\Users\Ahmed\Downloads\eset_nod32_antivirus_live_installer.exe
2015-10-16 13:48 - 2015-10-16 13:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-10-16 13:47 - 2015-10-16 13:47 - 00000000 ____D C:\AMD
2015-10-16 13:44 - 2015-10-16 13:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-10-16 13:43 - 2015-10-16 14:42 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FAEE859F-60D3-4D6D-A79D-FC1D6F778C78}
2015-10-16 13:43 - 2015-10-16 13:43 - 00000000 __SHD C:\Users\Ahmed\AppData\LocalLow\EmieUserList
2015-10-16 13:43 - 2015-10-16 13:43 - 00000000 __SHD C:\Users\Ahmed\AppData\LocalLow\EmieSiteList
2015-10-16 13:43 - 2015-10-16 13:43 - 00000000 __SHD C:\Users\Ahmed\AppData\Local\EmieUserList
2015-10-16 13:43 - 2015-10-16 13:43 - 00000000 __SHD C:\Users\Ahmed\AppData\Local\EmieSiteList
2015-10-16 13:43 - 2015-10-16 13:43 - 00000000 ____D C:\Users\Ahmed\AppData\Local\GWX
2015-10-16 13:42 - 2015-10-16 17:09 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3796375202-56556863-2467605043-1001
2015-10-16 13:37 - 2015-10-16 13:37 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-10-16 13:36 - 2015-10-16 14:42 - 00000000 ____D C:\Users\Ahmed
2015-10-16 13:36 - 2015-10-16 13:37 - 00000000 ____D C:\Users\Ahmed\AppData\Local\Packages
2015-10-16 13:36 - 2015-10-16 13:36 - 00001442 _____ C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-16 13:36 - 2015-10-16 13:36 - 00000020 ___SH C:\Users\Ahmed\ntuser.ini
2015-10-16 13:36 - 2015-10-16 13:36 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\Adobe
2015-10-16 13:36 - 2015-10-16 13:36 - 00000000 ____D C:\Users\Ahmed\AppData\Local\VirtualStore
2015-10-16 13:36 - 2014-03-18 09:00 - 00000000 ___RD C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-16 13:36 - 2014-03-18 09:00 - 00000000 ___RD C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-16 13:36 - 2014-03-18 08:40 - 00000369 _____ C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-10-16 13:36 - 2014-03-18 08:40 - 00000369 _____ C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-10-16 13:36 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-16 13:36 - 2013-08-22 08:36 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-16 13:35 - 2015-10-16 13:37 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-16 13:35 - 2015-10-16 13:35 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-16 13:32 - 2015-08-10 19:47 - 02757072 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-10-16 13:32 - 2015-08-10 19:47 - 02414096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-10-16 13:32 - 2015-07-09 12:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-16 13:32 - 2015-07-09 11:48 - 00131712 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2015-10-16 13:32 - 2015-07-09 11:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-16 13:32 - 2015-07-09 10:59 - 00112624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2015-10-16 13:32 - 2015-07-09 09:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-16 13:32 - 2015-07-09 08:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-16 13:32 - 2015-07-09 08:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-16 13:32 - 2015-07-09 08:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-10-16 13:32 - 2015-07-09 08:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-16 13:32 - 2015-07-09 08:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-16 13:32 - 2015-07-09 08:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-16 13:32 - 2015-07-09 08:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-16 13:32 - 2015-07-09 08:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-16 13:32 - 2015-07-09 08:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-16 13:32 - 2015-07-09 08:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-16 13:32 - 2015-06-26 20:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-16 13:32 - 2015-06-26 20:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-16 13:32 - 2015-06-26 19:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-16 13:32 - 2015-03-13 18:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-16 13:32 - 2014-10-17 23:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 22:30 - 2013-08-22 07:44 - 00335784 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-16 22:29 - 2013-08-22 08:37 - 00002664 _____ C:\Windows\DtcInstall.log
2015-10-16 22:29 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\Recovery
2015-10-16 17:08 - 2014-03-18 08:32 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-16 17:04 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-16 17:03 - 2014-03-18 01:19 - 00003690 _____ C:\Windows\PFRO.log
2015-10-16 17:03 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-16 15:53 - 2013-08-22 08:43 - 00000000 ____D C:\Windows\DigitalLocker
2015-10-16 15:36 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-16 15:26 - 2013-08-22 08:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2015-10-16 14:48 - 2013-08-22 07:46 - 00014619 _____ C:\Windows\setupact.log
2015-10-16 14:41 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\MediaViewer
2015-10-16 14:02 - 2013-08-22 08:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-10-16 13:47 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-10-16 13:35 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2015-10-16 13:35 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\en-GB
2015-10-16 13:33 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-16 13:33 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-10-16 13:31 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-16 22:27

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-10-2015
Ran by Ahmed (2015-10-16 17:25:01)
Running from C:\Users\Ahmed\Downloads
Windows 8.1 Single Language (X64) (2015-10-16 20:36:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3796375202-56556863-2467605043-500 - Administrator - Disabled)
Ahmed (S-1-5-21-3796375202-56556863-2467605043-1001 - Administrator - Enabled) => C:\Users\Ahmed
Guest (S-1-5-21-3796375202-56556863-2467605043-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 9.0.318.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 9.0.318.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3796375202-56556863-2467605043-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
ESET NOD32 Antivirus (HKLM\...\{60853F5E-E6F5-4A34-BBCD-C09D49BB5E64}) (Version: 9.0.318.0 - ESET, spol. s r.o.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3796375202-56556863-2467605043-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

16-10-2015 13:32:58 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2015-10-16 13:59 - 00003139 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 statsfe2.update.microsoft.com.akadns.net

There are 34 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-08-09 04:50 - 2015-08-09 04:50 - 00404376 _____ () C:\Windows\system32\igfxTray.exe

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3796375202-56556863-2467605043-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 31.3.252.72 - 37.220.8.189
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B40F22DD-5804-4C81-B83A-DC6EA30EBFA8}] => (Allow) C:\Users\Ahmed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4E159EA5-2CDE-4185-8E40-CB967B8502F9}] => (Allow) C:\Users\Ahmed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1A3B8B6E-1065-4D25-A7F3-671BE1C2E350}] => (Allow) C:\Users\Ahmed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{03FF99D2-D946-43BC-A8DF-2053BD6103B4}] => (Allow) C:\Users\Ahmed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E84D3B10-770A-47FF-A94C-83396F28DAF3}] => (Allow) C:\Users\Ahmed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{117147DF-7A00-4DF4-B5D5-F6EA6920E845}] => (Allow) C:\Users\Ahmed\AppData\Roaming\uTorrent\uTorrent.exe

==================== Faulty Device Manager Devices =============

Name: Network Controller
Description: Network Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2015 01:47:23 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start


System errors:
=============
Error: (10/16/2015 05:11:10 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (10/16/2015 05:06:35 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (10/16/2015 02:02:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/16/2015 10:28:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
%%21

Error: (10/16/2015 10:28:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IP Helper service terminated with the following error:
%%1058

Error: (10/16/2015 10:27:34 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 25%
Total physical RAM: 6040.36 MB
Available physical RAM: 4502.93 MB
Total Virtual: 7704.36 MB
Available Virtual: 5950.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150.63 GB) (Free:133.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:780.53 GB) (Free:771.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=150.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=780.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
mcanos
Active Member
 
Posts: 2
Joined: October 16th, 2015, 9:11 am
Advertisement
Register to Remove

Re: Infected with Ad-type.google Malware

Unread postby Gary R » October 19th, 2015, 4:41 am

Posting at multiple forums

You have already posted for help with this problem at another forum:
http://www.bleepingcomputer.com/forums/t/593626/infected-with-ad-typegoogle-malware/

May I draw your attention to the ALL USERS OF THIS FORUM MUST READ THIS FIRST topic, which you should have read before posting for help.
See the section here where we tell you why this is not a good idea.


This topic is now closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware