Hello all,
Whenever i open a new website on either firefox or chrom i m getting the following message
http://s15.postimage.org/4q5u2zyh7/prob.jpg
What is this thing??
Hello all,
Whenever i open a new website on either firefox or chrom i m getting the following message
http://s15.postimage.org/4q5u2zyh7/prob.jpg
What is this thing??
you may be infected
follow guide and attach logs http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR
Alright, thanks. I ran adwcleaner, deleted and reboot. Here is the log in two posts
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hyvhpeup.default\extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hyvhpeup.default\WinampToolbarData
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Winamp Toolbar
Folder Deleted : C:\WINDOWS\system32\TempDir
***** [Registry] *****
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Crossrider
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossrider
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\Software\Winamp Toolbar
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
***** [Internet Browsers] *****
-\ Internet Explorer v7.0.5730.13
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\ Mozilla Firefox v5.0.1 (en-US)
Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hyvhpeup.default\prefs.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hyvhpeup.default\user.js … Deleted !
Deleted : user_pref(“aol_toolbar.surf.date”, “14”);
Deleted : user_pref(“aol_toolbar.surf.lastDate”, “17”);
Deleted : user_pref(“aol_toolbar.surf.lastMonth”, “8”);
Deleted : user_pref(“aol_toolbar.surf.lastYear”, “2012”);
Deleted : user_pref(“aol_toolbar.surf.month”, “14”);
Deleted : user_pref(“aol_toolbar.surf.prevMonth”, “0”);
Deleted : user_pref(“aol_toolbar.surf.total”, “14”);
Deleted : user_pref(“aol_toolbar.surf.week”, “14”);
Deleted : user_pref(“aol_toolbar.surf.year”, “14”);
Deleted : user_pref(“extensions.crossriderapp435.435.active”, true);
Deleted : user_pref(“extensions.crossriderapp435.435.affid”, “0”);
Deleted : user_pref(“extensions.crossriderapp435.435.backgroundjs”, "\n//------------------ PLUGIN START --[…]
Deleted : user_pref(“extensions.crossriderapp435.435.backgroundver”, 8);
Deleted : user_pref(“extensions.crossriderapp435.435.certdomaininstaller”, “”);
Deleted : user_pref(“extensions.crossriderapp435.435.cookie._GPL_aoi.expiration”, "Fri Feb 01 2030 00:00:00 GM[…]
Deleted : user_pref(“extensions.crossriderapp435.435.cookie._GPL_aoi.value”, “%221324747850%22”);
Deleted : user_pref(“extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.expiration”, "Fri Feb 01 2030 0[…]
Deleted : user_pref(“extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.value”, “%2214974%22”);
Deleted : user_pref(“extensions.crossriderapp435.435.cookie._GPL_zoneid.expiration”, "Fri Feb 01 2030 00:00:00[…]
Deleted : user_pref(“extensions.crossriderapp435.435.cookie._GPL_zoneid.value”, “%2214976%22”);
Deleted : user_pref(“extensions.crossriderapp435.435.cookie.__GPL_ID.expiration”, "Fri Feb 01 2030 00:00:00 GM[…]
Deleted : user_pref(“extensions.crossriderapp435.435.cookie.__GPL_ID.value”, “435”);
Deleted : user_pref(“extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.expiration”, "Fri Feb 01 2030 […]
Deleted : user_pref(“extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.value”, “14969”);
Deleted : user_pref(“extensions.crossriderapp435.435.cookie.__GPL_pubid.expiration”, "Fri Feb 01 2030 00:00:00[…]
Deleted : user_pref(“extensions.crossriderapp435.435.cookie.__GPL_pubid.value”, “%222993%22”);
Deleted : user_pref(“extensions.crossriderapp435.435.description”, “Premiumplay Codec check”);
Deleted : user_pref(“extensions.crossriderapp435.435.domain”, “”);
Deleted : user_pref(“extensions.crossriderapp435.435.emailsig”, “”);
Deleted : user_pref(“extensions.crossriderapp435.435.exposesites”, “”);
Deleted : user_pref(“extensions.crossriderapp435.435.fbremoteurl”, “”);
Deleted : user_pref(“extensions.crossriderapp435.435.group”, 0);
Deleted : user_pref(“extensions.crossriderapp435.435.homepage”, “”);
Deleted : user_pref(“extensions.crossriderapp435.435.iframe”, false);
Deleted : user_pref(“extensions.crossriderapp435.435.js”, "\n//------------------ PLUGIN app_435_specific STA[…]
Deleted : user_pref(“extensions.crossriderapp435.435.name”, “Codec-V”);
Deleted : user_pref(“extensions.crossriderapp435.435.premium”, true);
Deleted : user_pref(“extensions.crossriderapp435.435.publisher”, “Premiumplay”);
Deleted : user_pref(“extensions.crossriderapp435.435.settingsurl”, “”);
Deleted : user_pref(“extensions.crossriderapp435.435.thankyou”, “”);
Deleted : user_pref(“extensions.crossriderapp435.435.ver”, 61);
Deleted : user_pref(“extensions.crossriderapp435.apps”, “435”);
Deleted : user_pref(“extensions.crossriderapp435.bic”, “1317b08f3d5e0e02efb9a42b4343cd1d”);
Deleted : user_pref(“extensions.crossriderapp435.cid”, 435);
Deleted : user_pref(“extensions.crossriderapp435.firstrun”, false);
Deleted : user_pref(“extensions.crossriderapp435.hadappinstalled”, true);
Deleted : user_pref(“extensions.crossriderapp435.installationdate”, 1312029210);
Deleted : user_pref(“extensions.crossriderapp435.jsver”, 3);
Deleted : user_pref(“extensions.crossriderapp435.lastcheck”, 22464982);
Deleted : user_pref(“extensions.crossriderapp435.lastcheckitem”, 22465048);
Deleted : user_pref(“extensions.crossriderapp435.misc.lastBgWorkerTimer”, “1347902927952”);
Deleted : user_pref(“extensions.crossriderapp435.misc.lastDomWorkerTimer”, “1347902927951”);
Deleted : user_pref(“extensions.enabledAddons”, "crossriderapp435@crossrider.com:0.72.17,jqs@sun.com:1.0,{0b38[…]
Deleted : user_pref(“winamp_toolbar.buttons.layout”, "shoutcast_30026;mobile/android_33522;post_to_twitter_335[…]
Deleted : user_pref(“winamp_toolbar.default.homepage.check”, false);
Deleted : user_pref(“winamp_toolbar.default.search.check”, false);
Deleted : user_pref(“winamp_toolbar.firsttime.showwindow”, false);
Deleted : user_pref(“winamp_toolbar.guid”, “{24E3BCCB-D5CD-5D5A-EDC1-B38E258B1426}”);
Deleted : user_pref(“winamp_toolbar.install.distroid”, “winamp”);
Deleted : user_pref(“winamp_toolbar.install.lastTbVersion”, “5.6.20.8620”);
Deleted : user_pref(“winamp_toolbar.install.lid”, “”);
Deleted : user_pref(“winamp_toolbar.install.mtmhp”, “”);
Deleted : user_pref(“winamp_toolbar.install.ncid”, “”);
Deleted : user_pref(“winamp_toolbar.metrics.activestampdate”, “17”);
Deleted : user_pref(“winamp_toolbar.metrics.activestampmonth”, “8”);
Deleted : user_pref(“winamp_toolbar.metrics.activestampyear”, “2012”);
Deleted : user_pref(“winamp_toolbar.metrics.originalDate”, “17”);
Deleted : user_pref(“winamp_toolbar.metrics.originalHours”, “13”);
Deleted : user_pref(“winamp_toolbar.metrics.originalMinutes”, “30”);
Deleted : user_pref(“winamp_toolbar.metrics.originalMonth”, “9”);
Deleted : user_pref(“winamp_toolbar.metrics.originalSeconds”, “40”);
Deleted : user_pref(“winamp_toolbar.metrics.originalYear”, “2012”);
Deleted : user_pref(“winamp_toolbar.relatednews.enabled”, false);
Deleted : user_pref(“winamp_toolbar.search.button”, true);
Deleted : user_pref(“winamp_toolbar.search.cid”, “17-09-2012”);
Deleted : user_pref(“winamp_toolbar.search.instd”, “20120915212634437”);
Deleted : user_pref(“winamp_toolbar.search.oid”, “17-09-2012”);
Deleted : user_pref(“winamp_toolbar.search.placement”, “left”);
Deleted : user_pref(“winamp_toolbar.search.populateoncomplete”, false);
Deleted : user_pref(“winamp_toolbar.search.savehistory”, false);
Deleted : user_pref(“winamp_toolbar.search.searchtype”, “web”);
Deleted : user_pref(“winamp_toolbar.search.source”, “tb50-ff-winamp”);
Deleted : user_pref(“winamp_toolbar.skin.custom”, true);
Deleted : user_pref(“winamp_toolbar.upgrade.showwindow”, false);
Deleted : user_pref(“winamp_toolbar.weather.degc”, “23”);
Deleted : user_pref(“winamp_toolbar.weather.degf”, “74”);
Deleted : user_pref(“winamp_toolbar.weather.image”, “chrome://winamptoolbar/skin/weather/34.png”);
Deleted : user_pref(“winamp_toolbar.weather.locationid”, “USNY0996”);
Deleted : user_pref(“winamp_toolbar.weather.metric”, true);
Deleted : user_pref(“winamp_toolbar.weather.tooltip”, “New York , NY : Mostly Sunny”);
Deleted : user_pref(“winamp_toolbar.weather.update”, “1347898905609”);
Deleted : user_pref(“winamp_toolbar.winamp.artist”, “”);
Deleted : user_pref(“winamp_toolbar.winamp.button.focus”, true);
Deleted : user_pref(“winamp_toolbar.winamp.button.forward”, true);
Deleted : user_pref(“winamp_toolbar.winamp.button.open”, true);
Deleted : user_pref(“winamp_toolbar.winamp.button.pause”, true);
Deleted : user_pref(“winamp_toolbar.winamp.button.play”, true);
Deleted : user_pref(“winamp_toolbar.winamp.button.rewind”, true);
Deleted : user_pref(“winamp_toolbar.winamp.button.stop”, false);
Deleted : user_pref(“winamp_toolbar.winamp.button.volume”, true);
Deleted : user_pref(“winamp_toolbar.winamp.ticker.show”, true);
Deleted : user_pref(“winamp_toolbar.winamp.title”, “-999999”);
-\ Google Chrome v [Unable to get version]
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
AdwCleaner[R1].txt - [12803 octets] - [17/09/2012 20:25:18]
AdwCleaner[R2].txt - [12864 octets] - [17/09/2012 20:26:06]
AdwCleaner[R3].txt - [12925 octets] - [17/09/2012 20:26:27]
AdwCleaner[R4].txt - [14117 octets] - [17/09/2012 21:06:23]
AdwCleaner[S2].txt - [14676 octets] - [17/09/2012 21:08:33]
########## EOF - C:\AdwCleaner[S2].txt - [14737 octets] ##########
Completed the scan with Malwarebytes and nothing showed up
Here’s the log
Έκδοση βάσης δεδομένων: v2012.09.17.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Administrator :: PC [διαχειριστής]
17/9/2012 9:16:13 μμ
mbam-log-2012-09-17 (21-16-13).txt
Τύπος σάρωσης: Γρήγορη σάρωση
Ενεργοποιημένες επιλογές σάρωσης: Μνήμη | Εκκίνηση | Μητρώο | Σύστημα αρχείων | Ευρετική μέθοδος/Extra | Ευρετική μέθοδος/Shuriken | PUP | PUM
Απενεργοποιημένες επιλογές σάρωσης: P2P
Αντικείμενα που σαρώθηκαν: 207017
Χρόνος που έχει διανυθεί: 4 λεπτό(ά), 56 δευτερόλεπτο(α)
Εντοπίστηκαν διεργασίες στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
Εντοπίστηκαν στοιχεία στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
Εντοπίστηκαν κλειδιά στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
Εντοπίστηκαν τιμές στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
Εντοπίστηκαν αντικείμενα δεδομένων στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
Εντοπίστηκαν φάκελοι: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
Εντοπίστηκαν αρχεία: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
(τέλος)
Finished scanning with OTL , here are the logs
While scanning with aswMBR and refreshing the forum page to see if i get any response it popped up again , this time with a different approach…Check this out
Changed to http://i.trkjmp.com/crossdomain.xml
[URL=http://imageshack.us/photo/my-images/89/prob2u.jpg/]
http://imageshack.us/a/img89/2464/prob2u.jpg
Uploaded with ImageShack.us[/img]
Everton and Newcastle match seems it gonna have goals and i dont want to login to my betfair account because of that s**t…
Is it normal for aswMBR to close on its own after scanning? I had it left scanning , next minute it disapeared.
And Baines made it 1-0 for Everton…
I’m a trader, i use an application called fairbot. It’s installed on my hard disk but needs my betfair login details to enter.
Do you think there’s a risk to run it while this thing keeps banging on??
Lets see if this stops it first
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
FF - prefs.js..extensions.enabledItems: crossriderapp435@crossrider.com:0.72.17
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll ()
:Files
C:\Program Files\CrossriderWebApps
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
I have aswMBR scanning again. Should i wait for it to end scanning before i paste that code on OTL or shall i close aswMBR and go OTL straight away?
Wait for aswMBR to complete please, I do not feel it is MBR related but I have been wrong before ;D
It sure takes a lot of time…
Is it normal for aswMBR to close unexpectedly?
Look for the google tool extension Vid-Saver. Get rid of it. That’s what was causing the i.trkjmp.com/crossdomain.xml warning on my computer.
I try but i can’t seem to be able to locate such thing. Checked chrome , firefox, even ran a search on hard disks to see if there is any indication this is present, but no sucess. No vid-saver here.
I’m having the same problem.
Not every site, but most.
Problem solved on my computer.
These are the files that had to be deleted from my computer . (NOTE: “dmn” is my user name.)
.
.
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\Uninstall.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe
c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
c:\users\dmn\AppData\Local\Vid-Saver
c:\users\dmn\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
c:\users\dmn\g2mdlhlpx.exe
Second time i get a crash dump from aswMBR
What do i do ???
Alright, i applied essexboy 's solution on OTL and it worked No messages poppin! Warmest thanks
What the heck was that thing ?? And what can we do to avoid getting infected again??
OK stop aswMBR and run the OTL fix please, your problem is crossrider
Ooops didn’t see a page two :-[
There are a wide variety of files that cause this… Vid saver, codecv, crossrider etc. etc
Could you run one more quick OTL scan please to ensure that I did not miss anything