Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Mar 29, 2015 22:36:16 GMT -8
a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure all of the items under each TAB are to be ticked. Except the entries for (Remove the tick beside the entries) The items below are not to be deleted!! (4 individual Listings below)
Folder Found : C:\Users\Jessikaah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Found : C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk (All belong to Norton )
c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|
|
Post by mynn30 on Mar 29, 2015 23:07:11 GMT -8
# AdwCleaner v4.200 - Logfile created 30/03/2015 at 17:57:52 # Updated 29/03/2015 by Xplode # Database : 2015-03-29.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Melinda - MELINDA-PC # Running from : C:\Users\Melinda\Desktop\AdwCleaner.exe # Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\ProgramData\Registry Helper Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\ProgramData\ShoppingChip Folder Deleted : C:\ProgramData\3249cf157b596b58 Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopcornTV Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video downloader Folder Deleted : C:\Program Files (x86)\FlvPlayer Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com Folder Deleted : C:\Program Files (x86)\PopcornTV Folder Deleted : C:\Program Files (x86)\predm Folder Deleted : C:\Program Files (x86)\Video downloader Folder Deleted : C:\Program Files (x86)\ShoppingChip Folder Deleted : C:\Users\Ellllliiieeee\AppData\Local\fst_au_4 Folder Deleted : C:\Users\Ellllliiieeee\AppData\LocalLow\alotappbar Folder Deleted : C:\Users\Ellllliiieeee\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\Ellllliiieeee\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Ellllliiieeee\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Ellllliiieeee\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Ellllliiieeee\AppData\LocalLow\Yahoo! Companion Folder Deleted : C:\Users\Jessikaah\AppData\Local\fst_au_4 Folder Deleted : C:\Users\Jessikaah\AppData\LocalLow\alotappbar Folder Deleted : C:\Users\Jessikaah\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Jessikaah\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Jessikaah\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Jessikaah\AppData\LocalLow\Yahoo! Companion Folder Deleted : C:\Users\Jessikaah\AppData\Roaming\PC Speed Maximizer Folder Deleted : C:\Users\Melinda\AppData\Local\PopcornTV Folder Deleted : C:\Users\Melinda\AppData\Local\WeatherAlerts Folder Deleted : C:\Users\Melinda\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Melinda\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlvPlayer Folder Deleted : C:\Users\Jessikaah\AppData\Local\Google\Chrome\User Data\Default\Extensions\iapmgeefjjdeofmglpelkaipeolfkefe Folder Deleted : C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iapmgeefjjdeofmglpelkaipeolfkefe [x] Not Deleted : C:\Users\Jessikaah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [x] Not Deleted : C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk File Deleted : C:\Users\Jessikaah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iapmgeefjjdeofmglpelkaipeolfkefe_0.localstorage File Deleted : C:\Users\Jessikaah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iapmgeefjjdeofmglpelkaipeolfkefe_0.localstorage-journal File Deleted : C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iapmgeefjjdeofmglpelkaipeolfkefe_0.localstorage File Deleted : C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iapmgeefjjdeofmglpelkaipeolfkefe_0.localstorage-journal File Deleted : C:\alotserviceruntime.log File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp File Deleted : C:\Windows\SysWOW64\RegistryHelperLM.ocx File Deleted : C:\Users\Jessikaah\Desktop\Free Animated Desktop Wallpaper.lnk File Deleted : C:\Users\Jessikaah\Desktop\Free Dolphin Screensaver.lnk File Deleted : C:\Users\Jessikaah\Desktop\Free Whales ScreenSaver.lnk File Deleted : C:\Users\Melinda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk File Deleted : C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk File Deleted : C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js File Deleted : C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cap1.conduit-apps.com_0.localstorage
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Shortcut Disinfected : C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Shortcut Disinfected : C:\Users\Melinda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Shortcut Disinfected : C:\Users\Melinda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Shortcut Disinfected : C:\Users\Melinda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registry ] *****
[x] Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [x] Not Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Deleted : HKCU\Software\Classes\iLivid.torrent Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282134 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022342291} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033343391} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066346691} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077347791} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044344491} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066346691} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077347791} Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\powerpack Key Deleted : HKCU\Software\Tutorials Key Deleted : HKCU\Software\TutoTag Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Driver-Soft Key Deleted : HKLM\SOFTWARE\FreeSoftToday Key Deleted : HKLM\SOFTWARE\Freeze.com Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions Key Deleted : HKLM\SOFTWARE\omiga-plusSoftware Key Deleted : HKLM\SOFTWARE\SP Global Key Deleted : HKLM\SOFTWARE\Trymedia Systems Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.omiga-plus.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\omiga-plus.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.conduit.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vshare.eu
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v
-\\ Google Chrome v41.0.2272.101
[C:\Users\Jessikaah\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : hfimfliilbabfohebppnfomgjljicpdm [C:\Users\Jessikaah\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : iapmgeefjjdeofmglpelkaipeolfkefe [C:\Users\Jessikaah\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk [C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422324092&from=ild&uid=ST9500325AS_6VE8LX2YXXXX6VE8LX2Y&q={searchTerms} [C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : iapmgeefjjdeofmglpelkaipeolfkefe [C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk [C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://isearch.omiga-plus.com/?type=hp&ts=1422324092&from=ild&uid=ST9500325AS_6VE8LX2YXXXX6VE8LX2Y [C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Startup_URLs] : hxxp://isearch.omiga-plus.com/?type=hp&ts=1422324092&from=ild&uid=ST9500325AS_6VE8LX2YXXXX6VE8LX2Y
*************************
AdwCleaner[R0].txt - [14063 bytes] - [30/03/2015 17:12:25] AdwCleaner[R1].txt - [14123 bytes] - [30/03/2015 17:47:35] AdwCleaner[S0].txt - [13462 bytes] - [30/03/2015 17:57:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13522 bytes] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Mar 29, 2015 23:14:32 GMT -8
Now due to the way part of this one works use this tool (Shortcut Cleaner) to check for any other target hijacks, I got one with FRST in with all the other items and Adwcleaner listed 5, that it fixed. www.bleepingcomputer.com/download/shortcut-cleaner/The bue Download Now @ Bleeping ComputerButton Quads
|
|
|
Post by mynn30 on Mar 29, 2015 23:24:54 GMT -8
Shortcut Cleaner 1.3.5 by Lawrence Abrams (Grinler) www.bleepingcomputer.com/Copyright 2008-2015 BleepingComputer.com More Information about Shortcut Cleaner can be found at this link: www.bleepingcomputer.com/download/shortcut-cleaner/Windows Version: Windows 7 Home Premium Service Pack 1 Program started at: 03/30/2015 06:23:40 PM. Scanning for registry hijacks: * No issues found in the Registry. Searching for Hijacked Shortcuts: Searching C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\ Searching C:\ProgramData\Microsoft\Windows\Start Menu\ Searching C:\Users\Melinda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Searching C:\Users\Public\Desktop\ Searching C:\Users\Melinda\Desktop 0 bad shortcuts found. Program finished at: 03/30/2015 06:23:41 PM Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Mar 29, 2015 23:29:17 GMT -8
Before going on to step 4,
Your problem (symptoms) should now be gone as the combination of tools and scripts have broken PUP's and other working pieces apart or deleted / restored Browser objects.
Quads
|
|
|
Post by mynn30 on Mar 29, 2015 23:31:16 GMT -8
Ok I will check
|
|
|
Post by mynn30 on Mar 29, 2015 23:33:03 GMT -8
Woohoo, Omiga plus appears to be gone!!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Mar 29, 2015 23:45:03 GMT -8
On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Please download Online Scanner and save it to your Desktop. Start with administartor privileges. Select the option Yes, and click on . Choose the following settings: NO!! for Remove found threats (reason for this is we don't want something deleted and then Windows won't load). Click on Start. The virus signature database will begin to download. This may take some time. When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first! (List found Threats)Now click on Finish Quads
|
|
|
Post by mynn30 on Mar 30, 2015 20:31:12 GMT -8
I have done the scan, but can't seem to copy and paste the report:( I have tried to copy to clipboard but not successful. How do I copy it so you can see it?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Mar 30, 2015 20:34:20 GMT -8
Use the list found threats like in the screenshot above
Quads
|
|