Author Topic: wpad.net/wpad.dat (Read 21568 times)

desireezenna · « **Reply #15 on:** October 09, 2013, 11:11:40 PM »

erm cant find that

essexboy · « **Reply #16 on:** October 09, 2013, 11:16:53 PM »

Run OTL again then please, there will only be one log this time

Use the same script as before

desireezenna · « **Reply #17 on:** October 10, 2013, 08:25:34 AM »

i did that but i get otltxt and its to big to post. its the same one as i did in 2 parts

desireezenna · « **Reply #18 on:** October 10, 2013, 08:58:26 AM »

this is the extra text

oh and when i had run that otl again i get again something running in msdos and it saying ... c/windowes then lots blah blah and its to long. and that gos on for a few min.
maybe thatwhy the textlog is to big?

Pondus · « **Reply #19 on:** October 10, 2013, 09:13:42 AM »

Quote from: desireezenna on October 10, 2013, 08:25:34 AM

i did that but i get otltxt and its to big to post. its the same one as i did in 2 parts

you can send it to Essexboy in mail ..... i will give you his mail address in a PM in a few minutes
see the My messages button at top of the forum....

desireezenna · « **Reply #20 on:** October 10, 2013, 09:16:08 AM »

smiles thank you

Pondus · « **Reply #21 on:** October 10, 2013, 09:18:37 AM »

Quote from: desireezenna on October 10, 2013, 09:16:08 AM

smiles thank you

Essexboy will be back online later today, usually after work hours european time

desireezenna · « **Reply #22 on:** October 10, 2013, 09:19:24 AM »

but wont he get that infection either if i send him mail?

Pondus · « **Reply #23 on:** October 10, 2013, 09:24:39 AM »

Quote from: desireezenna on October 10, 2013, 09:19:24 AM

but wont he get that infection either if i send him mail?

no, it is only a txt. log file ....
and if there is somone in this forum that knows how to protect himselfe from (and remove) infections, then it is him

desireezenna · « **Reply #24 on:** October 10, 2013, 09:26:22 AM »

oke wil send it to him right away thank you

essexboy · « **Reply #25 on:** October 10, 2013, 11:43:56 AM »

OK lets kill this.. Did you install Splashtop ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=361&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=361&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=94010018E786BA10&affID=125035&tsp=5030
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.searchgol.com/?babsrc=HP_ss&mntrId=94010018E786BA10&affID=125035&tsp=5030"
FF - prefs.js..extensions.enabledAddons: plugin%40videofiledownload.com:1.5
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q="
[2012-04-01 02:08:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2013-10-09 06:26:31 | 000,000,000 | ---D | M] (BonanzaDeals) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
[2013-06-12 20:27:58 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\crossriderapp435@crossrider.com
[2013-10-09 06:27:17 | 000,000,000 | ---D | M] (SearchGol) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\ffxtlbr@searchgol.com
[2012-07-09 13:04:02 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\plugin@videofiledownload.com
[2013-06-07 23:59:25 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\toolbar@ask.com
[2013-06-12 20:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\crossriderapp435@crossrider.com\chrome\content\extensionCode
[2013-10-05 03:05:26 | 000,007,537 | ---- | M] () (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\extensions\firefox@whilokii.net.xpi
[2012-04-08 09:50:29 | 000,004,929 | ---- | M] () (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}.xpi
[2013-03-30 10:44:47 | 000,000,931 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\conduit.xml
[2013-02-18 14:53:38 | 000,001,294 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\delta.xml
[2013-10-09 06:27:19 | 000,001,302 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\searchgol.xml
[2012-04-01 02:08:35 | 000,002,519 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\Search_Results.xml
[2012-04-01 02:08:35 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2 - BHO: (BonanzaDeals) - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000..\Run: [C3] File not found
O4 - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000..\Run: [iLivid] "C:\Users\cisca\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
[2013-10-09 21:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMesh Applications
[2013-10-09 06:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchgol
[2013-10-09 06:27:13 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[2013-10-09 06:27:12 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\searchgol
[2013-10-09 06:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\BitGuard
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Whilokii
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Local\BonanzaDealsLive
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\BonanzaDealsLive
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDealsLive
[2013-10-09 06:26:30 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
[2013-10-09 06:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDeals
[2013-10-10 08:17:57 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
[2013-10-09 06:26:54 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013-10-09 06:26:49 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job

:Files
C:\Program Files (x86)\Whilokii
C:\Program Files (x86)\BonanzaDealsLive
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
C:\PROGRA~2\SEARCH~1
C:\Users\cisca\AppData\Local\iLivid

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

desireezenna · « **Reply #26 on:** October 10, 2013, 08:28:49 PM »

oke doing it now and thank you so much essex for helping.. sorry if i dont know things right away
oke after the scan wil reboot adn then run the scan again,. but do i need to post that stuff again in that place?
i ment at fixes open space

desireezenna · « **Reply #27 on:** October 10, 2013, 08:31:31 PM »

and splashtop? i dont know what that is $:-\$

desireezenna · « **Reply #28 on:** October 10, 2013, 08:54:56 PM »

oke heres the new log

essexboy · « **Reply #29 on:** October 10, 2013, 09:24:14 PM »

Hmm that did not appear to take could you run this fix please, when the computer reboots a log should appear. Could you attach that

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013-10-10 08:26:45 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe -- (Util Whilokii)
SRV - [2013-10-09 06:26:34 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslivem)
SRV - [2013-10-09 06:26:34 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslive)
SRV - [2013-10-05 03:05:26 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe -- (Update Whilokii)
SRV - [2011-03-24 06:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2011-03-22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010-11-15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=361&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=361&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=94010018E786BA10&affID=125035&tsp=5030
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.searchgol.com/?babsrc=HP_ss&mntrId=94010018E786BA10&affID=125035&tsp=5030"
FF - prefs.js..extensions.enabledAddons: plugin%40videofiledownload.com:1.5
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q="
[2012-04-01 02:08:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2013-10-09 06:26:31 | 000,000,000 | ---D | M] (BonanzaDeals) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
[2013-06-12 20:27:58 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\crossriderapp435@crossrider.com
[2013-10-09 06:27:17 | 000,000,000 | ---D | M] (SearchGol) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\ffxtlbr@searchgol.com
[2012-07-09 13:04:02 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\plugin@videofiledownload.com
[2013-06-07 23:59:25 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\toolbar@ask.com
[2013-06-12 20:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\Firefox\Profiles\yxdtp2dk.default\extensions\crossriderapp435@crossrider.com\chrome\content\extensionCode
[2013-10-05 03:05:26 | 000,007,537 | ---- | M] () (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\extensions\firefox@whilokii.net.xpi
[2012-04-08 09:50:29 | 000,004,929 | ---- | M] () (No name found) -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}.xpi
[2013-03-30 10:44:47 | 000,000,931 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\conduit.xml
[2013-02-18 14:53:38 | 000,001,294 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\delta.xml
[2013-10-09 06:27:19 | 000,001,302 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\searchgol.xml
[2012-04-01 02:08:35 | 000,002,519 | ---- | M] () -- C:\Users\cisca\AppData\Roaming\mozilla\firefox\profiles\yxdtp2dk.default\searchplugins\Search_Results.xml
[2012-04-01 02:08:35 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2 - BHO: (BonanzaDeals) - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000..\Run: [C3] File not found
O4 - HKU\S-1-5-21-1502761434-3598144597-1864420891-1000..\Run: [iLivid] "C:\Users\cisca\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
[2013-10-09 21:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMesh Applications
[2013-10-09 06:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchgol
[2013-10-09 06:27:13 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[2013-10-09 06:27:12 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\searchgol
[2013-10-09 06:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\BitGuard
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Whilokii
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Local\BonanzaDealsLive
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\BonanzaDealsLive
[2013-10-09 06:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDealsLive
[2013-10-09 06:26:30 | 000,000,000 | ---D | C] -- C:\Users\cisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
[2013-10-09 06:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDeals
[2013-10-10 08:17:57 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
[2013-10-09 06:26:54 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013-10-09 06:26:49 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job

:Files
C:\Program Files (x86)\Whilokii
C:\Program Files (x86)\BonanzaDealsLive
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
C:\Users\cisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
C:\PROGRA~2\SEARCH~1
C:\Users\cisca\AppData\Local\iLivid
C:\Program Files (x86)\Splashtop

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Author Topic: wpad.net/wpad.dat (Read 21568 times)

desireezenna

Re: wpad.net/wpad.dat

essexboy

Re: wpad.net/wpad.dat

desireezenna

Re: wpad.net/wpad.dat

desireezenna

Re: wpad.net/wpad.dat

Pondus

Re: wpad.net/wpad.dat

desireezenna

Re: wpad.net/wpad.dat

Pondus

Re: wpad.net/wpad.dat

desireezenna

Re: wpad.net/wpad.dat

Pondus

Re: wpad.net/wpad.dat

desireezenna

Re: wpad.net/wpad.dat

essexboy

Re: wpad.net/wpad.dat

desireezenna

Re: wpad.net/wpad.dat

desireezenna

Re: wpad.net/wpad.dat

desireezenna

Re: wpad.net/wpad.dat

essexboy

Re: wpad.net/wpad.dat