Also started receiving MAL error spam today

system · September 17, 2012, 8:58pm

This issue has started to occur 100% for me today as soon as I open Chrome. I uninstalled/reinstalled it, and have run through the gauntlet of various cleaners listed in the Logs thread in this topic with no luck.

Attaching all my info, please let me know if I there is anything else I can include or if I’ve attached anything wrong!

ps. I’ve had to start using Firefox again and noticed my sister managed to get something called searchamong infected on my PC and it’s taken over my default search engines… I’ve replaced it in the top right of firefox but when I search anything in the main toolbar it defaults to searchamong and it is not listed in my program files. Is there an easy way to get rid of this? I tried googling solutions but I’m weary of editing my registry as I do not have any experience doing so.

Will attach logs in replies for ease of reading.

system · September 17, 2012, 8:59pm

ADW Cleaner:

AdwCleaner v2.002 - Logfile created 09/17/2012 at 22:45:06

Updated 16/09/2012 by Xplode

Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

User : Ranger - RANGER-PC

Boot Mode : Normal

Running from : C:\Users\Ranger\Downloads\adwcleaner.exe

Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\user.js
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\Ranger\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\AppID{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Classes\Interface{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface{E7435878-65B9-44D1-A443-81754E5DFC90}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [.crossrider.com]

***** [Internet Browsers] *****

-\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchamong.com
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true

-\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Ranger\AppData\Roaming\Mozilla\Firefox\Profiles\5wzj72pn.default\prefs.js

Found : user_pref(“keyword.URL”, “hxxp://www.searchamong.com/searchview.php?cat=webs&bar=true&query=”);

-\ Google Chrome v [Unable to get version]

File : C:\Users\Ranger\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

AdwCleaner[R1].txt - [4569 octets] - [17/09/2012 22:45:06]

########## EOF - C:\AdwCleaner[R1].txt - [4629 octets] ##########

system · September 17, 2012, 9:00pm

Mbam log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ranger :: RANGER-PC [administrator]

9/17/2012 10:47:44 PM
mbam-log-2012-09-17 (22-47-44).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

system · September 17, 2012, 9:00pm

aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-17 22:55:08

22:55:08.461 OS Version: Windows x64 6.1.7601 Service Pack 1
22:55:08.461 Number of processors: 4 586 0x2A07
22:55:08.461 ComputerName: RANGER-PC UserName: Ranger
22:55:11.883 Initialize success
22:55:11.973 AVAST engine defs: 12091700
22:55:16.720 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1
22:55:16.720 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
22:55:16.770 Disk 0 MBR read successfully
22:55:16.770 Disk 0 MBR scan
22:55:16.770 Disk 0 Windows 7 default MBR code
22:55:16.780 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22003 MB offset 63
22:55:16.790 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152618 MB offset 45062325
22:55:16.790 Disk 0 Partition - 00 0F Extended LBA 435857 MB offset 357625856
22:55:16.830 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 435856 MB offset 357627904
22:55:16.850 Disk 0 scanning C:\Windows\system32\drivers
22:55:25.873 Service scanning
22:55:46.790 Modules scanning
22:55:46.790 Disk 0 trace - called modules:
22:55:46.837 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:55:46.853 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa800691f060]
22:55:46.853 3 CLASSPNP.SYS[fffff8800120143f] → nt!IofCallDriver → [0xfffffa80062cae40]
22:55:46.853 5 ACPI.sys[fffff88000d4d7a1] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-1[0xfffffa80062cd050]
22:55:47.430 AVAST engine scan C:\Windows
22:55:48.834 AVAST engine scan C:\Windows\system32
22:58:00.003 AVAST engine scan C:\Windows\system32\drivers
22:58:12.655 AVAST engine scan C:\Users\Ranger
22:59:18.425 Disk 0 MBR has been saved successfully to “C:\Users\Ranger\Desktop\MBR.dat”
22:59:18.441 The log file has been saved successfully to “C:\Users\Ranger\Desktop\aswMBR.txt”

Pondus · September 17, 2012, 9:06pm

much easier and better for the malware remover if you attach the logs

you do not have to attach the one you have already copy and pasted …

system · September 17, 2012, 9:13pm

How do you attach files? Can’t see option and help no use. Thanks.

system · September 17, 2012, 9:14pm

Pondus, noted for next time - those are the only logs I have atm anyways.

Chan, looks like there is an option at the bottom when you go to reply.

bob3160 · September 17, 2012, 9:26pm

http://my.jetscreenshot.com/2701/m_20120917-fakt-65kb.jpg