So… it’s been a while since i went to this forum. i recently got this problem, and it’s too annoying
it’s the LinkBucks Browser Hijacker, i got it maybe… after Chrome disabled the Avast! AdBlocker Extension. it appeared everywhere. In Chrome, IE11, and even Steam! -___- it’s too annoying

anyways, i’ve tried scanning my machine with this

• AdwCleaner 3.212
• Avast
• OTL Log is attached
• MBAM Log is attached
• aswMBR Log is attached

thanks in advance

in your MBAM log there are two items that say NO ACTION TAKEN
you have to select these for removal… before you take action

malware experts are notified…
when they are finish they will remove the tools used

those two items are KMService, that i need to activate for Microsoft Office.

Hi,

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Done.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

SearchScopes: HKCU - {25F278F0-DFB5-4E29-9AF8-D173A34C7478} URL = http://www.katsunews.com/q/{searchTerms}/1
SearchScopes: HKCU - {D1CEAE0F-3DF2-437C-B3E9-D67CAC745CA5} URL = http://myanimelist.net/anime.php?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\asus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
C:\Users\asus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\asus\AppData\Local\Temp\drm_dyndata_7380015.dll
C:\Users\asus\AppData\Local\Temp\DTLite4491-0356.exe
C:\Users\asus\AppData\Local\Temp\recycle.exe
C:\Windows\KMService.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
C:\Program Files (x86)\Microsoft Security Client
C:\Program Files\Microsoft Security Client

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Do you use a pirate version of MS office?

KMService – > crack

Sorry for the late reply

yes, i used the pirated version of Microsoft Office

Fixlog is attached

How is the situation now?

A few application crashes (Google Chrome, Origin, and other stuffs). the LinkBucks still appearing randomly (not always). it always appear after i browse around… 1 hour maybe.

oh, and IDM crashed, saying “1 file is missing. Try reinstalling IDM”

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
uninstall-list;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”

edit.

Try reinstalling IDM

Say “No” to Cracks! http://www.steves-digicams.com/knowledge-center/say-no-to-cracks.html#b

A Free Microsoft Office: Is Office Online Worth Using?
http://www.howtogeek.com/183299/a-free-microsoft-office-is-office-online-worth-using/

No More Upgrade Fees: Use Google Docs or Office Web Apps Instead of Microsoft Office
http://www.howtogeek.com/162200/no-more-upgrade-fees-use-google-docs-or-office-web-apps-instead-of-microsoft-office/

in my country, i’m not permanently connected to internet. even in my school, the wifi is for teachers only. so, using Office Online is not an option for me.
well, i’m trying to save my money to buy a license too

Zoek-Log is attached

there are solutions for that also

http://www.openoffice.org
http://www.kingsoftstore.com/kingsoft-office-freeware
http://www.libreoffice.org/

Thanks for the advice i’ll try one by one to check my document compabilities.

oh, and also i noticed that my RealTek Control Panel is not running, even when i reboot the machine. what should i do? and MSE is disabled on purpose too?

Avast and MSE, can not be together.

turn off your PC.

turn off all computers,
then unplug the power cable from the router,
then unplug the power cable from the (Cable) modem

…let it OFF for about 5 minutes.

Then with the computers still off,
plug back in the Cable modem power cable.

…when all the lights come on:
then plug in the router,

when all the lights come back on:
then start all computers:

Now check if your problem still exists.
Post results here!

done.

still appearing. is it my provider? ???

tp link router?

Yes. TD-W8951ND

oh, and my father changed the username & password for the setup