tradeadxchange.com Removal-scan

[ken545]

Then lets completely uninstall and then reinstall Chome



1. Close all Chrome windows and tabs.
2. Right click on the Start menu > Control Panel.
3. Click Programs and Features.
4. Double-click Google Chrome.
5. Click Uninstall from the confirmation dialog.
6. Select "Also delete your browsing data" <----- Do this
7. Right click on Start and go to File Explorer
8. Click on your C:\ Drive
9. Go to Program Files (86) Google and delete Google if still present
10. Ok your way out and then reboot your system


Download and reinstall Chrome
https://www.google.com/intl/en/chrom...top/index.html

[eezv11]

Hi,
I checked if the google folder was still there and it was.
Notwithstanding, before deleting it, I had to uninstall the google drive and goggle earth apps for there were folders for those applications.
After uninstalling them, I noticed that their folders were gone but I saw that the following there still left:
- Chrome;
- Crash reports; and
- Update

Due to the fact that I couldn't remove them I reboot and tried again.

Then, it showed that some files were being deleted (about 164) but it stopped. I checked and all the files from the Chrome folder were erased, but not Crash reports nor Update.

I deleted the chrome folder without incidents but weren't able to delete Crash reports nor Update.

After a minutes (while I was typing these post), I checked again and one of them was automatically deleted. I was going to try with the other but decided to go directly to the Google root and it worked.

I am on my way to reinstall google chrome.

Regards,
eezv11

[ken545]

How are you coming along ?

[eezv11]

It looks fine, it seems that it stopped opening the other browser.
BUt I'm still checking
Regards
eezv11

[eezv11]

Hi again!
I could'nt write it down, but it seems that the address opened this time is rdsa2012 DOT com / static / lprdr.html?r= AND then the http: www videodownloadconverter com
Thanks
eezv11

[ken545]

Lets run AdwCleaner again, here are the instructions and download link

-AdwCleaner-by Xplode


Click on this link to download : ADWCleaner TO YOUR DESKTOP
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers




Do not click on any links in the top Advertisment.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or 32 BIT
  
  
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

[eezv11]

Now, using the incognito pages it open something like track ad absolute. This time I couldn't write it down.
Thanks
eezv11

[eezv11]

These are the logs:
The first and second are AdwCleaner's. But the first is [C] and the second [S]
The third is the RogueKiller log. I don't want to delete anything yet. For example, eventhough I almost never use it, it found some extensions in Firefox that are resourceful. For example when I want to open webpages in the US that I cannot open from home I use the anonymoX and I wouldn't want to eliminate it. I also like to block ads and there is the Adblock Edge. I don't use the Real Downloader nor the HP SmartPrintButton, so it doesn't matter.

These I don't know what they mean nor if they should be deleted:
- Registry
a) One RUN Type "Suspicious Path" and
b) Six PUM.Dns DNS that refer to a an 172.20.10.1 ip address.

Finally, it's possible that the scanner was reading all my files but it seems that I cannot open my hotmail account in Oulook. (Only the internal ones)
I also cannot open any drive in the network.

I want to close the scanner and maybe that will release everything, but I don't know if I should do it, for that is going to make it take longer to eliminate a threat (If there is one).

Hopefully, you can answer to this fast.

1. # AdwCleaner v5.008 - Registro generado 22/09/2015 en 20:11:40
# Actualizado 18/09/2015 por Xplode
# Base de datos : 2015-09-22.3 [Servidor]
# Sistema operativo : Windows 10 Home (x64)
# Nombre de usuario : equipo2 - EEZV-EQUIPO2-HP
# Ejecutado desde : C:\Users\equipo2\Desktop\AdwCleaner.exe
# Opción : Limpiar
# Apoyo : http://toolslib.net/forum

***** [ Servicios ] *****

***** [ Carpetas ] *****

***** [ Archivos ] *****

***** [ Accesos directos ] *****

***** [ Tareas programadas ] *****

***** [ Registro ] *****

***** [ Navegadores Web ] *****

*************************

:: Winsock Configuración borrada

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [658 bytes] ##########

2. # AdwCleaner v5.008 - Registro generado 22/09/2015 en 20:10:17
# Actualizado 18/09/2015 por Xplode
# Base de datos : 2015-09-22.3 [Servidor]
# Sistema operativo : Windows 10 Home (x64)
# Nombre de usuario : equipo2 - EEZV-EQUIPO2-HP
# Ejecutado desde : C:\Users\equipo2\Desktop\AdwCleaner.exe
# Opción : Escanear
# Apoyo : http://toolslib.net/forum

***** [ Servicios ] *****

***** [ Carpetas ] *****

***** [ Archivos ] *****

***** [ Accesos directos ] *****

***** [ Tareas programadas ] *****

***** [ Registro ] *****

***** [ Navegadores Web ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [594 bytes] ##########

3. RogueKiller V10.10.6.0 [Sep 21 2015] by Adlice Software
correo : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Sitio web : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Sistema Operativo : Windows 10 (10.0.10240) 64 bits version
Iniciado en : Modo Normal
Usuario : equipo2 [Administrador]
Started from : C:\Users\equipo2\Desktop\RogueKiller.exe
Modo : Escanear -- Fecha : 09/23/2015 11:03:25

¤¤¤ Procesos : 0 ¤¤¤

¤¤¤ Registro : 7 ¤¤¤
[Suspicious.Path|VT.Unknown] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PPort12reminder : "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [7][x][-] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1bd54d50-7b1a-4d78-9e99-76f3b53439c3} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5edaff56-6c60-438c-b20d-1ab10bf61517} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c860732a-6130-453d-a27f-03278251d84b} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1bd54d50-7b1a-4d78-9e99-76f3b53439c3} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5edaff56-6c60-438c-b20d-1ab10bf61517} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c860732a-6130-453d-a27f-03278251d84b} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Encontrado

¤¤¤ Tareas : 0 ¤¤¤

¤¤¤ Archivos : 0 ¤¤¤

¤¤¤ Archivo de hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: No cargado [0xc000036b]) ¤¤¤

¤¤¤ Navegadores Web : 0 ¤¤¤

¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA632 +++++
--- User ---
[MBR] bc6b87ba5bc054481cae162c8e9c8559
[BSP] 740cc1fa5f9ba34bd24afc6afd52852f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 939761 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1924837376 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1925758976 | Size: 13556 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[eezv11]

Hi,
I closed the Rogue Killer scanner and every thing worked perfect.
Now, I guess that in order to make the clean up or deletion of malware, I'll have to do another scan. Unless there is an easier and faster way (for dummys) to enter the registry and clean them by hand.
I can leave the PC all night to do the scan again, though.
Thanks
eezv11

PS. Maybe the answer is obvious, but ... If I use chrome or any other google app with my user id, is it possible that the browser could bring the malware to another computer / gadget?

[ken545]

AdwCleaner didn't find anything bad and there is nothing to remove with RogueKiller

I will bet that you will think twice about downloading any cracked programs in the future, you can see what a disaster this has been for your computer

We are trying to remove some malware and you cant name it so I dont know what where looking for.

My advice would be to just uninstall Chome and use another browser

Another option would be to do a complete format of your hard drive and install windows nice and clean and be done with all this nonsense, the call is yours, let me know what you want to do