wpad.net/wpad.dat

system · October 10, 2013, 7:16am

smiles thank you

Pondus · October 10, 2013, 7:18am

Essexboy will be back online later today, usually after work hours european time

system · October 10, 2013, 7:19am

but wont he get that infection either if i send him mail?

Pondus · October 10, 2013, 7:24am

no, it is only a txt. log file …
and if there is somone in this forum that knows how to protect himselfe from (and remove) infections, then it is him ;D

system · October 10, 2013, 7:26am

oke wil send it to him right away thank you

essexboy · October 10, 2013, 9:43am

OK lets kill this… Did you install Splashtop ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=361&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=361&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=94010018E786BA10&affID=125035&tsp=5030
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.searchgol.com/?babsrc=HP_ss&mntrId=94010018E786BA10&affID=125035&tsp=5030"
FF - prefs.js..extensions.enabledAddons: plugin%40videofiledownload.com:1.5
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q="
[2012-04-01 02:08:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2013-10-09 06:26:31 | 000,000,000 | ---D | M] (BonanzaDeals) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
[2013-06-12 20:27:58 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\crossriderapp435@crossrider.com
[2013-10-09 06:27:17 | 000,000,000 | ---D | M] (SearchGol) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\ffxtlbr@searchgol.com
[2012-07-09 13:04:02 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\plugin@videofiledownload.com
[2013-06-07 23:59:25 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\toolbar@ask.com
[2013-06-12 20:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\crossriderapp435@crossrider.com\chrome\content\extensionCode
[2013-10-05 03:05:26 | 000,007,537 | ---- | M] () (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\extensions\firefox@whilokii.net.xpi
[2012-04-08 09:50:29 | 000,004,929 | ---- | M] () (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}.xpi
[2013-03-30 10:44:47 | 000,000,931 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\conduit.xml
[2013-02-18 14:53:38 | 000,001,294 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\delta.xml
[2013-10-09 06:27:19 | 000,001,302 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\searchgol.xml
[2012-04-01 02:08:35 | 000,002,519 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\Search_Results.xml
[2012-04-01 02:08:35 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2 - BHO: (BonanzaDeals) - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000..\Run: [C3] File not found
O4 - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000..\Run: [iLivid] "C:\Users\cisca\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
[2013-10-09 21:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMesh Applications
[2013-10-09 06:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchgol
[2013-10-09 06:27:13 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[2013-10-09 06:27:12 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\searchgol
[2013-10-09 06:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\BitGuard
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Whilokii
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Local\BonanzaDealsLive
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\BonanzaDealsLive
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDealsLive
[2013-10-09 06:26:30 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
[2013-10-09 06:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDeals
[2013-10-10 08:17:57 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
[2013-10-09 06:26:54 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013-10-09 06:26:49 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job

:Files
C:\Program Files (x86)\Whilokii
C:\Program Files (x86)\BonanzaDealsLive
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
C:\PROGRA~2\SEARCH~1
C:\Users\cisca\AppData\Local\iLivid

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

system · October 10, 2013, 6:28pm

oke doing it now and thank you so much essex for helping… sorry if i dont know things right away
oke after the scan wil reboot adn then run the scan again,. but do i need to post that stuff again in that place?
i ment at fixes open space

system · October 10, 2013, 6:31pm

and splashtop? i dont know what that is :-\

system · October 10, 2013, 6:54pm

oke heres the new log

essexboy · October 10, 2013, 7:24pm

Hmm that did not appear to take could you run this fix please, when the computer reboots a log should appear. Could you attach that

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013-10-10 08:26:45 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe -- (Util Whilokii)
SRV - [2013-10-09 06:26:34 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslivem)
SRV - [2013-10-09 06:26:34 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslive)
SRV - [2013-10-05 03:05:26 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe -- (Update Whilokii)
SRV - [2011-03-24 06:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2011-03-22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010-11-15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=361&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=361&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=94010018E786BA10&affID=125035&tsp=5030
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.searchgol.com/?babsrc=HP_ss&mntrId=94010018E786BA10&affID=125035&tsp=5030"
FF - prefs.js..extensions.enabledAddons: plugin%40videofiledownload.com:1.5
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q="
[2012-04-01 02:08:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2013-10-09 06:26:31 | 000,000,000 | ---D | M] (BonanzaDeals) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
[2013-06-12 20:27:58 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\crossriderapp435@crossrider.com
[2013-10-09 06:27:17 | 000,000,000 | ---D | M] (SearchGol) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\ffxtlbr@searchgol.com
[2012-07-09 13:04:02 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\plugin@videofiledownload.com
[2013-06-07 23:59:25 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\toolbar@ask.com
[2013-06-12 20:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\crossriderapp435@crossrider.com\chrome\content\extensionCode
[2013-10-05 03:05:26 | 000,007,537 | ---- | M] () (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\extensions\firefox@whilokii.net.xpi
[2012-04-08 09:50:29 | 000,004,929 | ---- | M] () (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}.xpi
[2013-03-30 10:44:47 | 000,000,931 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\conduit.xml
[2013-02-18 14:53:38 | 000,001,294 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\delta.xml
[2013-10-09 06:27:19 | 000,001,302 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\searchgol.xml
[2012-04-01 02:08:35 | 000,002,519 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\Search_Results.xml
[2012-04-01 02:08:35 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2 - BHO: (BonanzaDeals) - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000..\Run: [C3] File not found
O4 - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000..\Run: [iLivid] "C:\Users\cisca\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
[2013-10-09 21:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMesh Applications
[2013-10-09 06:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchgol
[2013-10-09 06:27:13 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[2013-10-09 06:27:12 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\searchgol
[2013-10-09 06:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\BitGuard
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Whilokii
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Local\BonanzaDealsLive
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\BonanzaDealsLive
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDealsLive
[2013-10-09 06:26:30 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
[2013-10-09 06:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDeals
[2013-10-10 08:17:57 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
[2013-10-09 06:26:54 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013-10-09 06:26:49 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job

:Files
C:\Program Files (x86)\Whilokii
C:\Program Files (x86)\BonanzaDealsLive
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
C:\PROGRA~2\SEARCH~1
C:\Users\cisca\AppData\Local\iLivid
C:\Program Files (x86)\Splashtop

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

system · October 10, 2013, 7:34pm

oke running the new scan :o im so gonne kill my comp hahahah

system · October 10, 2013, 8:05pm

heres the log after the reboot
what is that weird wpadnet dat for thing? that more people get it?
now the quic scan

system · October 10, 2013, 8:18pm

the quick scan log

essexboy · October 10, 2013, 9:38pm

It is used to get a list of IP addresses

Is Avast still alerting ?

system · October 11, 2013, 4:14am

yes its stil alerting big times… it say skype /phone exe… then alert windows sidebar, then sometimes it say avast exe.

essexboy · October 11, 2013, 1:29pm

OK run this fix

Then run the MSFixit here http://support.microsoft.com/kb/2719662

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013-09-05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

system · October 11, 2013, 2:25pm

did all and here the log… bit avast stil doing the same grrr.

essexboy · October 11, 2013, 2:40pm

Could you attach a screen shot of the alert please

system · October 11, 2013, 5:10pm

oke screen shot and its first time i get this new one… normal its from skype phone exe or avast exe or windows sidebar
http://avast alarm

system · October 11, 2013, 5:12pm

screen shot

wpad.net/wpad.dat

Announcements