keeps trying to access go.wvydeo.com/xxx ... xxx

Something keeps trying to access go.wvydeo.com/xxx … xxx and avast keeps blocking it. I don’t have to be using a web browser or have one opened for it to try. Avast says it is a URL:Mal.

I have done all of the scans that avast free offers. I have run Malwarebytes and cleared what it found. It is still trying to access go.wvydeo.com/xxx … xxx.

I have attached the files requested for an evaluation of what to do next.

Brett

You have idle crawler, lets get rid of it for you

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-21-1411632546-1894154949-1915452839-1000\...\Run: [TornTv Downloader] => C:\Users\owner\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk ShortcutTarget: TornTvDownloader.lnk -> C:\Users\owner\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File) BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File CHR Extension: (PriceBlink) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2014-08-28] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2014-09-06 23:29 - 2014-09-06 23:29 - 00087171 _____ () C:\Users\owner\Downloads\Unconfirmed 59986.crdownload 2014-09-06 23:27 - 2014-09-06 23:27 - 00078456 _____ () C:\Users\owner\Downloads\Unconfirmed 968186.crdownload 2014-09-04 23:59 - 2014-09-04 23:59 - 02913528 _____ (BoostSoftware Inc. ) C:\Users\owner\Downloads\Unconfirmed 737677.crdownload 2014-08-29 18:50 - 2014-08-29 18:52 - 09686176 _____ (Perfect World Entertainment) C:\Users\owner\Downloads\Unconfirmed 965146.crdownload 2014-08-29 14:09 - 2014-08-29 14:10 - 04944265 _____ () C:\Users\owner\Downloads\Unconfirmed 733483.crdownload 2014-08-29 11:26 - 2014-08-29 11:26 - 00126483 _____ () C:\Users\owner\Downloads\Unconfirmed 141864.crdownload 2014-08-29 11:24 - 2014-08-29 11:24 - 00163457 _____ () C:\Users\owner\Downloads\Unconfirmed 888421.crdownload 2014-08-29 11:23 - 2014-08-29 11:23 - 00111809 _____ () C:\Users\owner\Downloads\Unconfirmed 454347.crdownload 2014-08-28 20:08 - 2014-08-28 20:08 - 01605695 _____ () C:\Users\owner\Downloads\kdadialhpiikehpdeejjeiikopddkjem_37603.crx 2014-08-26 01:50 - 2014-08-26 01:50 - 00291488 _____ () C:\Users\owner\Downloads\Unconfirmed 837615.crdownload 2014-08-24 19:58 - 2014-08-25 08:07 - 00000000 ____D () C:\Users\owner\AppData\Local\Idle~_~Crawler 2014-08-24 19:51 - 2014-08-24 19:56 - 00000000 ____D () C:\Program Files\globalUpdate 2014-08-24 19:51 - 2014-08-24 19:51 - 00000000 ____D () C:\Users\owner\AppData\Local\globalUpdate Task: {0A924F21-4445-4198-A421-4CA40919D9C5} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION Task: {23AAC458-2662-4DA8-B985-6B1EDDD6CD2A} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {EE8AA38A-5984-400D-A574-874CFB14C3C2} - System32\Tasks\Idle~_~Crawler Runner => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION C:\Users\owner\jobq.dat EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Here is the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014 Ran by owner at 2014-09-10 22:02:42 Run:1 Running from C:\Users\owner\Desktop\Log Files Boot Mode: Normal

==============================================

Content of fixlist:


HKU\S-1-5-21-1411632546-1894154949-1915452839-1000.…\Run: [TornTv Downloader] => C:\Users\owner\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk → C:\Users\owner\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File)
BHO: No Name → {9030D464-4C02-4ABF-8ECC-5164760863C6} → No File
CHR Extension: (PriceBlink) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2014-08-28]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-09-06 23:29 - 2014-09-06 23:29 - 00087171 _____ () C:\Users\owner\Downloads\Unconfirmed 59986.crdownload
2014-09-06 23:27 - 2014-09-06 23:27 - 00078456 _____ () C:\Users\owner\Downloads\Unconfirmed 968186.crdownload
2014-09-04 23:59 - 2014-09-04 23:59 - 02913528 _____ (BoostSoftware Inc. ) C:\Users\owner\Downloads\Unconfirmed 737677.crdownload
2014-08-29 18:50 - 2014-08-29 18:52 - 09686176 _____ (Perfect World Entertainment) C:\Users\owner\Downloads\Unconfirmed 965146.crdownload
2014-08-29 14:09 - 2014-08-29 14:10 - 04944265 _____ () C:\Users\owner\Downloads\Unconfirmed 733483.crdownload
2014-08-29 11:26 - 2014-08-29 11:26 - 00126483 _____ () C:\Users\owner\Downloads\Unconfirmed 141864.crdownload
2014-08-29 11:24 - 2014-08-29 11:24 - 00163457 _____ () C:\Users\owner\Downloads\Unconfirmed 888421.crdownload
2014-08-29 11:23 - 2014-08-29 11:23 - 00111809 _____ () C:\Users\owner\Downloads\Unconfirmed 454347.crdownload
2014-08-28 20:08 - 2014-08-28 20:08 - 01605695 _____ () C:\Users\owner\Downloads\kdadialhpiikehpdeejjeiikopddkjem_37603.crx
2014-08-26 01:50 - 2014-08-26 01:50 - 00291488 _____ () C:\Users\owner\Downloads\Unconfirmed 837615.crdownload
2014-08-24 19:58 - 2014-08-25 08:07 - 00000000 ___D () C:\Users\owner\AppData\Local\Idle~~Crawler
2014-08-24 19:51 - 2014-08-24 19:56 - 00000000 __D () C:\Program Files\globalUpdate
2014-08-24 19:51 - 2014-08-24 19:51 - 00000000 D () C:\Users\owner\AppData\Local\globalUpdate
Task: {0A924F21-4445-4198-A421-4CA40919D9C5} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~
~Crawler Update => %LOCALAPPDATA%\Idle~
~Crawler\Idle~
~Crawler.exe <==== ATTENTION
Task: {23AAC458-2662-4DA8-B985-6B1EDDD6CD2A} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {EE8AA38A-5984-400D-A574-874CFB14C3C2} - System32\Tasks\Idle~
~Crawler Runner => %LOCALAPPDATA%\Idle~
~Crawler\Idle~
~Crawler.exe <==== ATTENTION
C:\Users\owner\jobq.dat
EmptyTemp:
CMD: bitsadmin /reset /allusers


HKU\S-1-5-21-1411632546-1894154949-1915452839-1000\Software\Microsoft\Windows\CurrentVersion\Run\TornTv Downloader => value deleted successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk => Moved successfully.
C:\Users\owner\AppData\Roaming\TornTV.com\Torntv Downloader.exe not found.
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}” => Key deleted successfully.
“HKCR\CLSID{9030D464-4C02-4ABF-8ECC-5164760863C6}” => Key not found.
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh => Moved successfully.
“HKCU\SOFTWARE\Policies\Google” => Key deleted successfully.
“C:\Users\owner\Downloads\Unconfirmed 59986.crdownload” => File/Directory not found.
“C:\Users\owner\Downloads\Unconfirmed 968186.crdownload” => File/Directory not found.
“C:\Users\owner\Downloads\Unconfirmed 737677.crdownload” => File/Directory not found.
“C:\Users\owner\Downloads\Unconfirmed 965146.crdownload” => File/Directory not found.
“C:\Users\owner\Downloads\Unconfirmed 733483.crdownload” => File/Directory not found.
“C:\Users\owner\Downloads\Unconfirmed 141864.crdownload” => File/Directory not found.
“C:\Users\owner\Downloads\Unconfirmed 888421.crdownload” => File/Directory not found.
“C:\Users\owner\Downloads\Unconfirmed 454347.crdownload” => File/Directory not found.
“C:\Users\owner\Downloads\kdadialhpiikehpdeejjeiikopddkjem_37603.crx” => File/Directory not found.
“C:\Users\owner\Downloads\Unconfirmed 837615.crdownload” => File/Directory not found.
C:\Users\owner\AppData\Local\Idle~~Crawler => Moved successfully.
C:\Program Files\globalUpdate => Moved successfully.
C:\Users\owner\AppData\Local\globalUpdate => Moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{0A924F21-4445-4198-A421-4CA40919D9C5}” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{0A924F21-4445-4198-A421-4CA40919D9C5}” => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Idle~
~Crawler Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Idle~~Crawler Update" => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{23AAC458-2662-4DA8-B985-6B1EDDD6CD2A}” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{23AAC458-2662-4DA8-B985-6B1EDDD6CD2A}” => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{EE8AA38A-5984-400D-A574-874CFB14C3C2}” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{EE8AA38A-5984-400D-A574-874CFB14C3C2}” => Key deleted successfully.
C:\Windows\System32\Tasks\Idle~
~Crawler Runner => Moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Idle~_~Crawler Runner” => Key deleted successfully.
C:\Users\owner\jobq.dat => Moved successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

Do you have the Adwcleaner log as well. Also have the alerts ceased

I haven’t been on the computer long enough after doing this to know for sure, but I haven’t seen an alert yet. Thanks! It also appears to be functioning much faster. I think I need to go get some RAM too.

Here is the log from the cleaner:

# AdwCleaner v3.309 - Report created 11/09/2014 at 08:10:02 # Updated 02/09/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (32 bits) # Username : owner - MIRIAMDELL # Running from : C:\Users\owner\Downloads\AdwCleaner.exe # Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Users\owner\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\ Internet Explorer v11.0.9600.17280

-\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\q46vfn23.default\prefs.js ]

-\ Google Chrome v37.0.2062.120

[ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://connect2utah.com/search-results?q={searchTerms}
Deleted [Search Provider] : hxxp://www.disneystore.com/disney/store/DSISearch?Searchstr={searchTerms}&x=0&y=0&storeId=10051&catalogId=10002&langId=-1&Ntx=mode+matchallpartial&N=0&Nu=pProductID&Nr=pPublished%3A1&Ntk=All_Shopping&Ntt=tie&D=tie&Dr=pPublished%3A1
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?oq=vege+tales&ac_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://disneyworld.disney.go.com/search-results/?searchString={searchTerms}&goSearch_event_Id=Go
Deleted [Search Provider] : hxxp://www.farmtek.com/farm/supplies/Search?catalogId=15052&searchMethod=wcSearch&searchType=ANY&searchBeginIndex=0&searchDefaultPerPage=50&ftSearchBeginIndex=0&ftSearchDefaultPerPage=50&searchQuery={searchTerms}
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={C32D82C5-7DC7-4D6C-9931-B65C1BA59013}&mid=2faa459aade047d1b771d15a34f9f228-0a3583441ac93cd8776bcb0d60a4563eda6cdfc5&lang=en&ds=AVG&pr=fr&d=2012-09-25 09:36:54&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=M1B1F80DA-799A-426D-82B0-F74C13B74EC3&SearchSource=58&CUI=&UM=2&UP=SP87FF7A2D-29D9-413B-97A5-B56382AE72D3&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ch


AdwCleaner[R0].txt - [4955 octets] - [11/09/2014 07:58:43]
AdwCleaner[S0].txt - [4964 octets] - [11/09/2014 08:10:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5024 octets] ##########

OK once you are happy let me know and I will tidy up :slight_smile:

The cleaner said to Enable detection of PUPs in my antivirus. How do I do that?

Go to Settings > Active Protection > Customise on all main shields
Select Sensitivity and tick the PUP option

Okay, done. Thanks. So now my computer is fast again and doesn’t freeze up. But when I open Chrome I get an error message. I have to re-sign in to Chrome and tell it to show the book marks bar. And my extensions take a while to load.

Try the steps here http://www.techrepublic.com/forums/discussions/google-chrome-problem-solved-your-preferences-cannot-be-read/ and let me know if it solves the prefs problem

I am experiencing the same issue, yet every forum I read in hopes of fixing all say WARNING THIS FIX IS SPECIFICALLY FOR THIS PERSON’S COMPUTER IF YOU TRY IT ON YOURS IT WILL EXPLODE or whatever. Please help. If I hear ding ding ding threat has been detected I might cut someone.

taez0r could you start your own thread please and attach both FRST logs :slight_smile: