Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 12, 2014 19:39:17 GMT -8
Seeing as Norton is Removed for now some items can be removed also instead of excluding them Move the Adwcleaner.exe onto the Desktop instead of "Downloads\AdwCleaner.exe" before doing the below a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure all of the items under each TAB are to be ticked. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.[/span] d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|
|
Post by tomisgood on Dec 12, 2014 19:47:51 GMT -8
ADW cleaner reads "pending. Please uncheck elements you don't want to remove". I've left it open. Clicked the report button and pasted above.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 12, 2014 19:57:00 GMT -8
I told you what to do above. READ!!!!
Quads
|
|
|
Post by tomisgood on Dec 12, 2014 19:58:42 GMT -8
Sorry, I sent as you were sending as well.
# AdwCleaner v4.105 - Report created 12/12/2014 at 22:54:42 # Updated 08/12/2014 by Xplode # Database : 2014-12-12.1 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Tom - TOM-HP # Running from : C:\Users\Tom\Downloads\AdwCleaner.exe # Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Coupons.com CouponBar Folder Deleted : C:\Users\Michelle\AppData\Local\FromDocToPDF_65 Folder Deleted : C:\Users\Michelle\AppData\LocalLow\FromDocToPDF_65 Folder Deleted : C:\Users\Michelle\AppData\LocalLow\iac Folder Deleted : C:\Users\Michelle\AppData\LocalLow\MyScrapNook_12 Folder Deleted : C:\Users\Michelle\AppData\LocalLow\wiseconvert Folder Deleted : C:\Users\Reagan Riley Reese\AppData\LocalLow\FromDocToPDF_65 Folder Deleted : C:\Users\Tom\AppData\Local\Conduit Folder Deleted : C:\Users\Tom\AppData\Local\NativeMessaging Folder Deleted : C:\Users\Tom\AppData\Local\SwvUpdater Folder Deleted : C:\Users\Tom\AppData\Local\TBHostSupport Folder Deleted : C:\Users\Tom\AppData\Local\WhiteListing Folder Deleted : C:\Users\Tom\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Tom\AppData\LocalLow\FromDocToPDF_65 Folder Deleted : C:\Users\Tom\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Tom\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Deleted : C:\Users\Reagan Riley Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk File Deleted : C:\END File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage File Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1 Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1 Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1 Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1 Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1 Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1 Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1 Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1 Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1 Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898 Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-111CB1D2A7D6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-6D292FA53140} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E5A46-C344-4D13-99DB-BDCE7466B8A2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{82024F98-F9FB-47F4-860F-887E41883C9D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C9E2A578-FDDF-4214-8DB0-0F33E3421553} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E70EAE41-BB5A-440E-BF6E-BE2A280FD49C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5BC4D4DF-CE7A-4582-835E-56860B14462E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AE88B8C3-41A9-4BB6-B12D-BDA9219E58FB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E} Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\FromDocToPDF_65 Key Deleted : HKCU\Software\PIP Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\FromDocToPDF_65 Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\FromDocToPDF_65 Key Deleted : HKLM\SOFTWARE\PIP Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.2 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponBar5.0.0.5 Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v39.0.2171.95
[C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Reagan Riley Reese\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} [C:\Users\Reagan Riley Reese\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Reagan Riley Reese\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk [C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN36258821231195524&ctid=CT3289847&UM=2 [C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN36258821231195524&ctid=CT3289847&UM=2 [C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN36258821231195524&ctid=CT3289847&UM=2 [C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN36258821231195524&ctid=CT3289847&UM=2
*************************
AdwCleaner[R0].txt - [15976 octets] - [12/12/2014 22:25:35] AdwCleaner[S0].txt - [15671 octets] - [12/12/2014 22:54:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15732 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 12, 2014 20:03:24 GMT -8
Yes I know you don't Have Norton installed at the Moment, even though in the info below On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan
Click the For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on Posted Image to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Under scan settings, check DON'T (NO)</font></b> check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
Click Advanced settings and select the following: Scan potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. Attach the resulting log in your next reply The scanner screen gives me the option of saving the results to a .txt file as part of the options after the scan has finished. Screenshot of part of the finished scan dialog box by ESET showing the options. List found threats and at the bottom of the listings is the options to save the list. Quads
|
|
|
Post by tomisgood on Dec 12, 2014 20:14:26 GMT -8
Agreed to terms, clicked start. Message comes up "an add-on for this website failed to run".
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 12, 2014 20:20:21 GMT -8
It is the IE popup blocker (activeX control) Try Chrome
Quads
|
|
|
Post by tomisgood on Dec 13, 2014 8:48:27 GMT -8
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Michelle\AppData\LocalLow\wiseconvert\ldrtbWise.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Michelle\AppData\LocalLow\wiseconvert\tbWise.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Tom\AppData\Local\NativeMessaging\CT3289847\1_0_0_4\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Tom\AppData\Local\NativeMessaging\CT3289847\1_0_0_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Tom\AppData\Local\TBHostSupport\TBHostSupport.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Tom\AppData\Local\TBHostSupport\TBHostSupport_0.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe.xBAD a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe.xBAD a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon64.exe.xBAD a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrchMn.exe.xBAD a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe.xBAD a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65auxstb.dll a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65auxstb64.dll a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65bar.dll a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65bprtct.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65brstub.dll a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65brstub64.dll a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65datact.dll a variant of Win32/Toolbar.MyWebSearch.AK potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65dlghk.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65dlghk64.dll a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65feedmg.dll a variant of Win32/Toolbar.MyWebSearch.AK potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65highin.exe a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65hkstub.dll Win32/Toolbar.MyWebSearch.AM potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65htmlmu.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65httpct.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65idle.dll a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65ieovr.dll Win32/Toolbar.MyWebSearch.AG potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65medint.exe a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65mlbtn.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65Plugin.dll a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65radio.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65reghk.dll a variant of Win32/Toolbar.MyWebSearch.AK potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65regiet.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65script.dll a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65skin.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65skplay.exe a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65SrcAs.dll a variant of Win32/Toolbar.MyWebSearch.AK potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65srchmr.dll a variant of Win32/Toolbar.MyWebSearch.AK potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\65tpinst.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\APPINTEGRATOR.EXE a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\APPINTEGRATORSTUB.DLL Win32/Toolbar.MyWebSearch.AM potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\ASSISTMONITOR.DLL a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\ASSISTMONITOR64.DLL a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\CREXT.DLL a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\CrExtP65.exe a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\DPNMNGR.DLL a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\EXEMANAGER.DLL a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\FF-NativeMessagingDispatcher.dll a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\Hpg64.dll a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\NP65Stub.dll Win32/Toolbar.MyWebSearch.AI potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\T8EPMSUP.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\T8EXTEX.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\T8EXTPEX.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\T8HTML.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\T8TICKER.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\TPIMANAGERCONSOLE.EXE Win32/Toolbar.MyWebSearch.AI potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\UNIFIEDLOGGING.DLL a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\VERIFY.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL Win64/Toolbar.MyWebSearch.C potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\FromDocToPDF_65\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE Win32/Toolbar.MyWebSearch.AF potentially unwanted application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx.xBAD a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.31.4.510_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.31.4.510_0\plugins\ChromeApiPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\Temp\2.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\Temp\AskSLib.dll.xBAD a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\Temp\nsb2D50.exe.xBAD Win32/Conduit.SearchProtect.S potentially unwanted application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\Temp\nsg74BC.exe.xBAD Win32/Conduit.SearchProtect.S potentially unwanted application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\Temp\nsn59D6.exe.xBAD Win32/Conduit.SearchProtect.S potentially unwanted application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\Temp\nsq4AA0.exe.xBAD Win32/Conduit.SearchProtect.S potentially unwanted application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\Temp\nsv72F6.exe.xBAD Win32/Conduit.SearchProtect.S potentially unwanted application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\Temp\tbedrs.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\Temp\tbWise.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\Temp\ToolbarHelper.exe.xBAD Win32/Toolbar.Conduit.V potentially unwanted application C:\FRST\Quarantine\C\Users\Tom\AppData\Local\TouchSmartData\Gizyvfpbhq.dll.xBAD a variant of Win32/Kryptik.CSQX trojan C:\Users\Michelle\AppData\LocalLow\mpvacop.dll a variant of Win32/Kryptik.CSQX trojan C:\Users\Tom\AppData\Local\Temp\ct3289847\spch.exe Win32/Conduit.SearchProtect.J potentially unwanted application C:\Users\Tom\AppData\Local\Temp\ct3289847\statisticsStub.exe Win32/Toolbar.Conduit potentially unwanted application C:\Users\Tom\AppData\Local\Temp\DIQ\FlashPlayer_151\software\FlashPlayer.exe Win32/DomaIQ.M potentially unwanted application C:\Users\Tom\AppData\LocalLow\EmieSiteList\Rvyksoybf\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.15.2.24_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Users\Tom\Downloads\FlashPlayer_V.110719039a.exe Win32/DomaIQ.D potentially unwanted application
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 13, 2014 16:10:05 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by tomisgood on Dec 13, 2014 16:33:58 GMT -8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2014 Ran by Tom at 2014-12-13 19:31:43 Run:3 Running from C:\Users\Tom\Desktop Loaded Profile: Tom (Available profiles: Tom & Michelle & Reagan Riley Reese) Boot Mode: Normal ==============================================
Content of fixlist: ***************** start C:\Users\Michelle\AppData\LocalLow\mpvacop.dll C:\Users\Tom\AppData\Local\Temp\ct3289847\spch.exe C:\Users\Tom\AppData\Local\Temp\ct3289847\statisticsStub.exe C:\Users\Tom\AppData\Local\Temp\ct3289847 C:\Users\Tom\AppData\Local\Temp\DIQ\FlashPlayer_151\software\FlashPlayer.exe C:\Users\Tom\AppData\Local\Temp\DIQ C:\Users\Tom\AppData\LocalLow\EmieSiteList\Rvyksoybf\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.15.2.24_0\plugins\ConduitChromeApiPlugin.dll C:\Users\Tom\AppData\LocalLow\EmieSiteList\Rvyksoybf\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi C:\Users\Tom\AppData\LocalLow\EmieSiteList\Rvyksoybf C:\Users\Tom\Downloads\FlashPlayer_V.110719039a.exe end *****************
C:\Users\Michelle\AppData\LocalLow\mpvacop.dll => Moved successfully. C:\Users\Tom\AppData\Local\Temp\ct3289847\spch.exe => Moved successfully. C:\Users\Tom\AppData\Local\Temp\ct3289847\statisticsStub.exe => Moved successfully. C:\Users\Tom\AppData\Local\Temp\ct3289847 => Moved successfully. C:\Users\Tom\AppData\Local\Temp\DIQ\FlashPlayer_151\software\FlashPlayer.exe => Moved successfully. C:\Users\Tom\AppData\Local\Temp\DIQ => Moved successfully. C:\Users\Tom\AppData\LocalLow\EmieSiteList\Rvyksoybf\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.15.2.24_0\plugins\ConduitChromeApiPlugin.dll => Moved successfully. C:\Users\Tom\AppData\LocalLow\EmieSiteList\Rvyksoybf\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => Moved successfully. C:\Users\Tom\AppData\LocalLow\EmieSiteList\Rvyksoybf => Moved successfully. C:\Users\Tom\Downloads\FlashPlayer_V.110719039a.exe => Moved successfully.
==== End of Fixlog ====
|
|