|
Post by thomazilla on Feb 3, 2015 13:50:41 GMT -8
Hi, thanks, here is the log from Adwcleaner:
*******************
# AdwCleaner v4.109 - Report created 03/02/2015 at 22:48:30 # Updated 24/01/2015 by Xplode # Database : 2015-02-03.1 [Live] # Operating System : Windows 8.1 (64 bits) # Username : ThomasJ.R - YOGATJRM # Running from : C:\Users\ThomasJ.R\Desktop\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\ProgramData\WindowsMangerProtect Folder Found : C:\Users\ThomasJ.R\AppData\Roaming\webssearches
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Mozilla\Extends Key Found : HKLM\SOFTWARE\supWindowsMangerProtect Key Found : HKLM\SOFTWARE\webssearchesSoftware Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17037
-\\ Mozilla Firefox v35.0.1 (x86 nb-NO)
*************************
AdwCleaner[R0].txt - [1111 octets] - [03/02/2015 22:48:30]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1171 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 3, 2015 13:54:55 GMT -8
OK, it was only one Browser Shortcut involved (IE) that was Target Hijacked so that when you clicked on the IE shortcut istartwebseraches opened at the start also (dealt with by FRST script among others a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure all of the items under each TAB are to be ticked. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.[/span] d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|
|
Post by thomazilla on Feb 4, 2015 2:41:50 GMT -8
I see. Here is the log-text:
********************
# AdwCleaner v4.109 - Report created 04/02/2015 at 10:15:48 # Updated 24/01/2015 by Xplode # Database : 2015-02-03.1 [Live] # Operating System : Windows 8.1 (64 bits) # Username : ThomasJ.R - YOGATJRM # Running from : C:\Users\ThomasJ.R\Desktop\AdwCleaner.exe # Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\WindowsMangerProtect Folder Deleted : C:\Users\ThomasJ.R\AppData\Roaming\webssearches
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Key Deleted : HKCU\Software\Mozilla\Extends Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17037
-\\ Mozilla Firefox v35.0.1 (x86 nb-NO)
*************************
AdwCleaner[R0].txt - [1251 octets] - [03/02/2015 22:48:30] AdwCleaner[R1].txt - [1311 octets] - [04/02/2015 10:14:10] AdwCleaner[S0].txt - [1248 octets] - [04/02/2015 10:15:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1308 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 4, 2015 18:49:09 GMT -8
The istart.websearches should have stopped now On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Please download Online Scanner and save it to your Desktop. Start with administartor privileges. Select the option Yes, and click on . Choose the following settings: NO!! for Remove found threats (reason for this is we don't want something deleted and then Windows won't load). Click on Start. The virus signature database will begin to download. This may take some time. When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first! (List found Threats)Now click on Finish Quads
|
|
|
Post by thomazilla on Feb 5, 2015 1:58:13 GMT -8
Hi, here is the found threats log:
*****
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.BH potentially unwanted application C:\Users\ThomasJ.R\AppData\Local\Temp\~dl2C3B\~dljyb\tmp\wpm_v20.0.0.1714.exe a variant of Win32/ELEX.BH potentially unwanted application
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 6, 2015 17:54:42 GMT -8
The TEMP folders and caches. (use the program below to do so) Download TFC www.bleepingcomputer.com/download/tfc/ the instrctions are on that page below the blue download button and screenshots. Quads
|
|
|
Post by thomazilla on Feb 7, 2015 11:24:14 GMT -8
Hi, I did not know whether I were to post a log after using TFC, but here it is anyways:
********
Getting user folders. Stopping running processes. Emptying Temp folders. User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: ThomasJ.R ->Temp folder emptied: 102871359 bytes ->Temporary Internet Files folder emptied: 7850258 bytes ->FireFox cache emptied: 370175221 bytes ->Flash cache emptied: 4591 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16408529 bytes Emptying RecycleBin. Do not interrupt. RecycleBin emptied: 0 bytes Process complete! Total Files Cleaned = 474.00 mb
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 7, 2015 14:36:40 GMT -8
Tools and Quarantines we used to be removed Please download DelFix by Xplode to your Desktop. toolslib.net/downloads/viewdownload/2-delfix/Double-click to run the program; Note: Windows Vista/7/8 users right-click and choose Run as administratorMake sure the Remove Disinfection tools is ticked / selected in the list Click RunA log will be opened after the operation is finished Copy and Paste it in your next reply Quads
|
|
|
Post by thomazilla on Feb 9, 2015 0:18:46 GMT -8
Hi, thanks again, here is the DelFix.txt:
*****************
# DelFix v10.8 - Logfile created 09/02/2015 at 09:18:10 # Updated 29/07/2014 by Xplode # Username : ThomasJ.R - YOGATJRM # Operating System : Windows 8.1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\ThomasJ.R\Desktop\Addition.txt Deleted : C:\Users\ThomasJ.R\Desktop\AdwCleaner.exe Deleted : C:\Users\ThomasJ.R\Desktop\esetsmartinstaller_enu.exe Deleted : C:\Users\ThomasJ.R\Desktop\Fixlog.txt Deleted : C:\Users\ThomasJ.R\Desktop\FRST.txt Deleted : C:\Users\ThomasJ.R\Desktop\FRST64.exe Deleted : C:\Users\ThomasJ.R\Desktop\TFC.exe Deleted : C:\Users\ThomasJ.R\Downloads\Addition.txt Deleted : C:\Users\ThomasJ.R\Downloads\FRST.txt Deleted : HKLM\SOFTWARE\OldTimer Tools Deleted : HKLM\SOFTWARE\AdwCleaner
########## - EOF - ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 9, 2015 14:56:22 GMT -8
You are free to go on your merry way. You are now fixed / Solved.
Quads
|
|