Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 26, 2015 17:04:57 GMT -8
Press the + R Keys on your keyboard at the same time. Type notepad and click OK. Copy the entire content of the codebox below and paste into the notepad (Including start and end) start HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer: [NoControlPanel] 0 AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found Startup: C:\Users\4Elmores\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2CFEF0EEF.lnk ShortcutTarget: 2CFEF0EEF.lnk -> C:\PROGRA~3\FEE0FEFC2.cpp (No File) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-3965635696-901638839-1822215282-1000 -> URL search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPCB6A66F6-053B-4CC3-9855-549206B46415&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-3965635696-901638839-1822215282-1000 -> SuggestionsURL_JSON suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Somoto Toolbar -> {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} -> C:\Program Files (x86)\somototoolbar\vmntemplateX.dll () C:\Program Files (x86)\somototoolbar Toolbar: HKLM-x32 - Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll () FF Plugin-x32: @pandora.tv/npmini,version=1.0 -> C:\Program Files (x86)\PANDORA.TV\Launcher\npmini.dll No File CHR DefaultSearchURL: Default -> search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPCB6A66F6-053B-4CC3-9855-549206B46415&q={searchTerms}&SSPV= CHR DefaultSuggestURL: Default -> suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} CHR Plugin: (Wajam) - C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File S2 Winmgmt; C:\PROGRA~3\2CFEF0EEF.zot [X] Task: {0FF1B0E4-E9DA-4587-9531-8CC055BBFC02} - System32\Tasks\4960 => Wscript.exe C:\Users\4Elmores\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {2E88947E-B75E-426C-A207-E56A2D25790F} - System32\Tasks\{09F88C19-7ADC-4CC0-A843-2D8B01B7CFFA} => C:\Users\4Elmores\Desktop\R151559.exe Task: {634FFD3B-57EB-440B-B8A7-78925098CC89} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {856C5010-BA4E-4219-964D-2F57DDC3C903} - System32\Tasks\{F9681160-A13C-412D-BC99-8D8A6CA2863B} => C:\Users\4Elmores\Desktop\R151559.exe Reboot: end Click File, Save As and type fixlist (.txt may be seen on the end depending on the system setup) as the File Name. Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start FRST. (XP users click run after receipt of Windows Security Warning - Open File). Press the button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt. To paste or attach back here Quads
|
|
|
Post by tigergrad on Jan 26, 2015 17:39:48 GMT -8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01 Ran by 4Elmores at 2015-01-26 20:28:23 Run:1 Running from C:\Users\4Elmores\Desktop Loaded Profiles: 4Elmores (Available profiles: 4Elmores) Boot Mode: Normal ==============================================
Content of fixlist: ***************** start HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer: [NoControlPanel] 0 AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found Startup: C:\Users\4Elmores\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2CFEF0EEF.lnk ShortcutTarget: 2CFEF0EEF.lnk -> C:\PROGRA~3\FEE0FEFC2.cpp (No File) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-3965635696-901638839-1822215282-1000 -> URL search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPCB6A66F6-053B-4CC3-9855-549206B46415&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-3965635696-901638839-1822215282-1000 -> SuggestionsURL_JSON suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Somoto Toolbar -> {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} -> C:\Program Files (x86)\somototoolbar\vmntemplateX.dll () C:\Program Files (x86)\somototoolbar Toolbar: HKLM-x32 - Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll () FF Plugin-x32: @pandora.tv/npmini,version=1.0 -> C:\Program Files (x86)\PANDORA.TV\Launcher\npmini.dll No File CHR DefaultSearchURL: Default -> search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPCB6A66F6-053B-4CC3-9855-549206B46415&q={searchTerms}&SSPV= CHR DefaultSuggestURL: Default -> suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} CHR Plugin: (Wajam) - C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File S2 Winmgmt; C:\PROGRA~3\2CFEF0EEF.zot [X] Task: {0FF1B0E4-E9DA-4587-9531-8CC055BBFC02} - System32\Tasks\4960 => Wscript.exe C:\Users\4Elmores\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {2E88947E-B75E-426C-A207-E56A2D25790F} - System32\Tasks\{09F88C19-7ADC-4CC0-A843-2D8B01B7CFFA} => C:\Users\4Elmores\Desktop\R151559.exe Task: {634FFD3B-57EB-440B-B8A7-78925098CC89} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {856C5010-BA4E-4219-964D-2F57DDC3C903} - System32\Tasks\{F9681160-A13C-412D-BC99-8D8A6CA2863B} => C:\Users\4Elmores\Desktop\R151559.exe Reboot: end
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully. "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully. C:\Users\4Elmores\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2CFEF0EEF.lnk => Moved successfully. C:\PROGRA~3\FEE0FEFC2.cpp not found. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\S-1-5-21-3965635696-901638839-1822215282-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully. HKU\S-1-5-21-3965635696-901638839-1822215282-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully. "HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully. "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}" => Key deleted successfully. C:\Program Files (x86)\somototoolbar => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} => value deleted successfully. HKCR\Wow6432Node\CLSID\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} => Key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@pandora.tv/npmini,version=1.0" => Key deleted successfully. Chrome DefaultSearchURL deleted successfully. Chrome DefaultSuggestURL deleted successfully. C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll not found. Winmgmt => Service restored successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FF1B0E4-E9DA-4587-9531-8CC055BBFC02}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FF1B0E4-E9DA-4587-9531-8CC055BBFC02}" => Key deleted successfully. C:\Windows\System32\Tasks\4960 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4960" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E88947E-B75E-426C-A207-E56A2D25790F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E88947E-B75E-426C-A207-E56A2D25790F}" => Key deleted successfully. C:\Windows\System32\Tasks\{09F88C19-7ADC-4CC0-A843-2D8B01B7CFFA} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09F88C19-7ADC-4CC0-A843-2D8B01B7CFFA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{634FFD3B-57EB-440B-B8A7-78925098CC89}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{634FFD3B-57EB-440B-B8A7-78925098CC89}" => Key deleted successfully. C:\Windows\System32\Tasks\0 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{856C5010-BA4E-4219-964D-2F57DDC3C903}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{856C5010-BA4E-4219-964D-2F57DDC3C903}" => Key deleted successfully. C:\Windows\System32\Tasks\{F9681160-A13C-412D-BC99-8D8A6CA2863B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F9681160-A13C-412D-BC99-8D8A6CA2863B}" => Key deleted successfully.
The system needed a reboot.
==== End of Fixlog 20:28:25 ====
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 26, 2015 17:57:51 GMT -8
part of PU"s removed and some Tasks removed including 2 ODD ones. Windows management has also been repaired by the loos now.
Does Norton Still give alerts??
Quads
|
|
|
Post by tigergrad on Jan 26, 2015 17:59:24 GMT -8
No to the Norton alerts, assuming that is good!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 26, 2015 18:06:07 GMT -8
There is the piece in Windows that had to be fixed (not deleted) I tried to state on the Norton forum also so users are aware, In Fixlog Winmgmt => Service restored successfully. (if you look carefully) That service controls a lot in Windows Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Quads
|
|
|
Post by tigergrad on Jan 26, 2015 18:15:05 GMT -8
# AdwCleaner v4.109 - Report created 26/01/2015 at 21:12:26 # Updated 24/01/2015 by Xplode # Database : 2015-01-25.1 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : 4Elmores - 4ELMORES-PC # Running from : C:\Users\4Elmores\Desktop\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\GreenTree Applications Folder Found : C:\Program Files (x86)\PANDORA.TV Folder Found : C:\ProgramData\apn Folder Found : C:\ProgramData\Conduit Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\ProgramData\ytd video downloader Folder Found : C:\Users\4Elmores\AppData\Local\Conduit Folder Found : C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe Folder Found : C:\Users\4Elmores\AppData\Local\NativeMessaging Folder Found : C:\Users\4Elmores\AppData\LocalLow\Conduit
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C3721E85-F0AC-4B7E-AE4C-3E738011DC9D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3721E85-F0AC-4B7E-AE4C-3E738011DC9D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\YahooPartnerToolbar Key Found : HKCU\Software\Zugo Key Found : [x64] HKCU\Software\APN PIP Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\Cr_Installer Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found : [x64] HKCU\Software\YahooPartnerToolbar Key Found : [x64] HKCU\Software\Zugo Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8} Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B} Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3306061 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3721E85-F0AC-4B7E-AE4C-3E738011DC9D} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe Key Found : [x64] HKLM\SOFTWARE\Tarma Installer Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v40.0.2214.93
[C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN36003396322941548&ctid=CT3306061&UM=2 [C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPCB6A66F6-053B-4CC3-9855-549206B46415&q={searchTerms}&SSPV= [C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPCB6A66F6-053B-4CC3-9855-549206B46415&q={searchTerms}&SSPV=
*************************
AdwCleaner[R0].txt - [7208 octets] - [26/01/2015 21:12:26]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7268 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 26, 2015 18:18:12 GMT -8
a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure all of the items under each TAB are to be ticked. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.[/span] d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|
|
Post by tigergrad on Jan 26, 2015 18:32:12 GMT -8
# AdwCleaner v4.109 - Report created 26/01/2015 at 21:21:43 # Updated 24/01/2015 by Xplode # Database : 2015-01-25.1 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : 4Elmores - 4ELMORES-PC # Running from : C:\Users\4Elmores\Desktop\AdwCleaner.exe # Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\Conduit Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\ProgramData\ytd video downloader Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\GreenTree Applications Folder Deleted : C:\Program Files (x86)\PANDORA.TV Folder Deleted : C:\Users\4Elmores\AppData\Local\Conduit Folder Deleted : C:\Users\4Elmores\AppData\Local\NativeMessaging Folder Deleted : C:\Users\4Elmores\AppData\LocalLow\Conduit Folder Deleted : C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3721E85-F0AC-4B7E-AE4C-3E738011DC9D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C3721E85-F0AC-4B7E-AE4C-3E738011DC9D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3721E85-F0AC-4B7E-AE4C-3E738011DC9D} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\Zugo Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v40.0.2214.93
[C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN36003396322941548&ctid=CT3306061&UM=2 [C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPCB6A66F6-053B-4CC3-9855-549206B46415&q={searchTerms}&SSPV= [C:\Users\4Elmores\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPCB6A66F6-053B-4CC3-9855-549206B46415&q={searchTerms}&SSPV=
*************************
AdwCleaner[R0].txt - [7388 octets] - [26/01/2015 21:12:26] AdwCleaner[S0].txt - [6828 octets] - [26/01/2015 21:21:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6888 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 26, 2015 18:36:07 GMT -8
On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Please download Online Scanner and save it to your Desktop. Start with administartor privileges. Select the option Yes, and click on . Choose the following settings: NO!! for Remove found threats (reason for this is we don't want something deleted and then Windows won't load). Click on Start. The virus signature database will begin to download. This may take some time. When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first! (List found Threats)Now click on Finish Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 26, 2015 23:39:05 GMT -8
I forgot to ask, does the Windows Security / Action Center and System Restore load, and does System Restore show the Restore Points.
DO NOT USE ANY RESTORE POINT, it is just to check if the service is now acting correctly.
Quads
|
|