|
Post by marcymuss on Jul 13, 2014 8:14:10 GMT -8
Ok. Done (correctly this time) per instructions. Thank you for your help.
# AdwCleaner v3.215 - Report created 13/07/2014 at 09:11:09 # Updated 09/07/2014 by Xplode # Operating System : Windows 8.1 (64 bits) # Username : Marcy - MARCYS # Running from : C:\Users\Marcy\Desktop\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\Marcy\AppData\LocalLow\SkwConfig.bin Folder Found : C:\Program Files (x86)\Movies Toolbar Folder Found : C:\ProgramData\apn Folder Found : C:\ProgramData\BitGuard Folder Found : C:\ProgramData\Browser Manager Folder Found : C:\ProgramData\BrowserProtect Folder Found : C:\Users\Marcy\AppData\Local\Conduit Folder Found : C:\Users\Marcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj Folder Found : C:\Users\Marcy\AppData\LocalLow\Conduit Folder Found : C:\Users\Marcy\AppData\LocalLow\DataMngr Folder Found : C:\Users\Marcy\AppData\LocalLow\PriceGong Folder Found : C:\Users\Marcy\AppData\LocalLow\searchresultstb Folder Found : C:\Users\Marcy\AppData\Roaming\Mozilla\Firefox\Profiles\0by6rjii.default\ilividmoviestoolbarha Folder Found : C:\Users\Marcy\AppData\Roaming\pccustubinstaller Folder Found : C:\Users\Marcy\Documents\Optimizer Pro Folder Found : C:\Users\Marcy\Favorites\StumbleUpon
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\Supra Savings Key Found : HKCU\Software\Classes\iLivid.torrent Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\ilivid Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA5FC7D7-7D23-1D2A-1185-DC1510C81752} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA5FC7D7-7D23-1D2A-1185-DC1510C81752} Key Found : HKCU\Software\SweetIM Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\ilivid Key Found : [x64] HKCU\Software\IM Key Found : [x64] HKCU\Software\ImInstaller Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKCU\Software\SweetIM Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Found : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085} Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DA5FC7D7-7D23-1D2A-1185-DC1510C81752} Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1 Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1 Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent Key Found : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\surifkeeipIt.surifkeeipIt Key Found : HKLM\SOFTWARE\Classes\surifkeeipIt.surifkeeipIt.8.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3310511 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\DataMngr Key Found : HKLM\Software\firstsearch Key Found : HKLM\Software\Lightspark Team Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D86A75B-CB6B-4764-885D-CA6336F04BA2} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DA5FC7D7-7D23-1D2A-1185-DC1510C81752} Key Found : HKLM\Software\suprasavings Key Found : HKLM\Software\SweetIM Key Found : HKLM\Software\systweak Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{DA5FC7D7-7D23-1D2A-1185-DC1510C81752} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Found : [x64] HKLM\SOFTWARE\LevelQualityWatcher Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : [x64] HKLM\SOFTWARE\Supra Savings Key Found : [x64] HKLM\SOFTWARE\suprasavings Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.toshiba.com
-\\ Mozilla Firefox v
[ File : C:\Users\Marcy\AppData\Roaming\Mozilla\Firefox\Profiles\0by6rjii.default\prefs.js ]
Line Found : user_pref("CT3310511.FF19Solved", "true"); Line Found : user_pref("CT3310511.UserID", "UN33582684312484170"); Line Found : user_pref("CT3310511.browser.search.defaultthis.engineName", "true"); Line Found : user_pref("CT3310511.fullUserID", "UN33582684312484170.IN.20131022101701"); Line Found : user_pref("CT3310511.installDate", "22/10/2013 10:17:12"); Line Found : user_pref("CT3310511.installSessionId", "{FC52F77A-2972-47F5-9430-91B74EC6BB1B}"); Line Found : user_pref("CT3310511.installSp", "TRUE"); Line Found : user_pref("CT3310511.installerVersion", "1.8.0.14"); Line Found : user_pref("CT3310511.keyword", "true"); Line Found : user_pref("CT3310511.originalHomepage", "hxxp://start.roboform.com|hxxp://www.google.com/|hxxp://cozicentral.cozi.com/"); Line Found : user_pref("CT3310511.originalSearchAddressUrl", ""); Line Found : user_pref("CT3310511.originalSearchEngine", ""); Line Found : user_pref("CT3310511.originalSearchEngineName", ""); Line Found : user_pref("CT3310511.searchRevert", "false"); Line Found : user_pref("CT3310511.searchUserMode", "2"); Line Found : user_pref("CT3310511.smartbar.homepage", "true"); Line Found : user_pref("CT3310511.toolbarInstallDate", "22-10-2013 10:17:02"); Line Found : user_pref("CT3310511.versionFromInstaller", "10.21.1.7"); Line Found : user_pref("CT3310511.xpeMode", "0"); Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN33582684312484170&UM=2&UP=SP5C5AB197-C6E2-4106-8636-E6447ECE2037"); Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Line Found : user_pref("browser.search.defaultthis.engineName", "SweetPacks Customized Web Search"); Line Found : user_pref("browser.search.defaulturl", "hxxp://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=aimright-ff&tb_uuid=2F791B3B20654363A27DD9C7C8FDA3DC&tb_oid=18-04-2014&tb_mrud=18-04[...] Line Found : user_pref("extensions.UAgYs.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexO[...] Line Found : user_pref("extensions.fW4aOKHj.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.ind[...] Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3310511"); Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN33582684312484170&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource[...] Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN33582684312484170&UM=2&q="); Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511"); Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3310511"); Line Found : user_pref("smartbar.machineId", "40HYFXECVKZK6F+FLO/NX6WMQQ28QXN50/TN1BR7LMZNW8L/KCJO1WSUDR58QK8XJQ6UEZHXCHH+I7ZHEW7U+A"); Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN33582684312484170&UM=2&SearchSource=13");
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Marcy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Homepage] : hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=n10666-197&t=4 Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo Found [Extension] : eiimolhnbbbdagljikeckdkldgemmmlj Found [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl Found [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej Found [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
*************************
AdwCleaner[R0].txt - [11908 octets] - [10/07/2014 23:21:23] AdwCleaner[R1].txt - [11709 octets] - [13/07/2014 09:11:09]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [11770 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 13, 2014 10:25:36 GMT -8
I see what is seen as iffy in the packages folder as Adwcleaner listed one item for it StumpleUpon a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure in your case this item listed by Adwcleaner is NOT selected for removal Folder Found : C:\Users\Marcy\Favorites\StumbleUpon all of the rest of the items under each TAB are to be ticked. just not the one in red above. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|
|
Post by marcymuss on Jul 13, 2014 14:56:43 GMT -8
Steps completed... see below. Thank you!
# AdwCleaner v3.215 - Report created 13/07/2014 at 15:47:06 # Updated 09/07/2014 by Xplode # Operating System : Windows 8.1 (64 bits) # Username : Marcy - MARCYS # Running from : C:\Users\Marcy\Desktop\AdwCleaner.exe # Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
[x] Not Deleted : C:\Users\Marcy\Favorites\StumbleUpon Folder Deleted : C:\ProgramData\apn [#] Folder Deleted : C:\ProgramData\BitGuard [#] Folder Deleted : C:\ProgramData\Browser Manager [#] Folder Deleted : C:\ProgramData\BrowserProtect Folder Deleted : C:\Program Files (x86)\Movies Toolbar Folder Deleted : C:\Users\Marcy\AppData\Local\Conduit Folder Deleted : C:\Users\Marcy\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Marcy\AppData\LocalLow\DataMngr Folder Deleted : C:\Users\Marcy\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Marcy\AppData\LocalLow\searchresultstb Folder Deleted : C:\Users\Marcy\AppData\Roaming\pccustubinstaller Folder Deleted : C:\Users\Marcy\Documents\Optimizer Pro Folder Deleted : C:\Users\Marcy\AppData\Roaming\Mozilla\Firefox\Profiles\0by6rjii.default\ilividmoviestoolbarha Folder Deleted : C:\Users\Marcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj File Deleted : C:\Users\Marcy\AppData\LocalLow\SkwConfig.bin
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Classes\iLivid.torrent Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1 Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\surifkeeipIt.surifkeeipIt Key Deleted : HKLM\SOFTWARE\Classes\surifkeeipIt.surifkeeipIt.8.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DA5FC7D7-7D23-1D2A-1185-DC1510C81752} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA5FC7D7-7D23-1D2A-1185-DC1510C81752} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA5FC7D7-7D23-1D2A-1185-DC1510C81752} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DA5FC7D7-7D23-1D2A-1185-DC1510C81752} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D86A75B-CB6B-4764-885D-CA6336F04BA2} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DA5FC7D7-7D23-1D2A-1185-DC1510C81752} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\SweetIM Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\firstsearch Key Deleted : HKLM\Software\Lightspark Team Key Deleted : HKLM\Software\suprasavings Key Deleted : HKLM\Software\SweetIM Key Deleted : HKLM\Software\systweak Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher Key Deleted : [x64] HKLM\SOFTWARE\Supra Savings Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
-\\ Mozilla Firefox v
[ File : C:\Users\Marcy\AppData\Roaming\Mozilla\Firefox\Profiles\0by6rjii.default\prefs.js ]
Line Deleted : user_pref("CT3310511.FF19Solved", "true"); Line Deleted : user_pref("CT3310511.UserID", "UN33582684312484170"); Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true"); Line Deleted : user_pref("CT3310511.fullUserID", "UN33582684312484170.IN.20131022101701"); Line Deleted : user_pref("CT3310511.installDate", "22/10/2013 10:17:12"); Line Deleted : user_pref("CT3310511.installSessionId", "{FC52F77A-2972-47F5-9430-91B74EC6BB1B}"); Line Deleted : user_pref("CT3310511.installSp", "TRUE"); Line Deleted : user_pref("CT3310511.installerVersion", "1.8.0.14"); Line Deleted : user_pref("CT3310511.keyword", "true"); Line Deleted : user_pref("CT3310511.originalHomepage", "hxxp://start.roboform.com|hxxp://www.google.com/|hxxp://cozicentral.cozi.com/"); Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", ""); Line Deleted : user_pref("CT3310511.originalSearchEngine", ""); Line Deleted : user_pref("CT3310511.originalSearchEngineName", ""); Line Deleted : user_pref("CT3310511.searchRevert", "false"); Line Deleted : user_pref("CT3310511.searchUserMode", "2"); Line Deleted : user_pref("CT3310511.smartbar.homepage", "true"); Line Deleted : user_pref("CT3310511.toolbarInstallDate", "22-10-2013 10:17:02"); Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.21.1.7"); Line Deleted : user_pref("CT3310511.xpeMode", "0"); Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN33582684312484170&UM=2&UP=SP5C5AB197-C6E2-4106-8636-E6447ECE2037"); Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetPacks Customized Web Search"); Line Deleted : user_pref("browser.search.defaulturl", "hxxp://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=aimright-ff&tb_uuid=2F791B3B20654363A27DD9C7C8FDA3DC&tb_oid=18-04-2014&tb_mrud=18-04[...] Line Deleted : user_pref("extensions.UAgYs.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexO[...] Line Deleted : user_pref("extensions.fW4aOKHj.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.ind[...] Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3310511"); Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN33582684312484170&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource[...] Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN33582684312484170&UM=2&q="); Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511"); Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3310511"); Line Deleted : user_pref("smartbar.machineId", "40HYFXECVKZK6F+FLO/NX6WMQQ28QXN50/TN1BR7LMZNW8L/KCJO1WSUDR58QK8XJQ6UEZHXCHH+I7ZHEW7U+A"); Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN33582684312484170&UM=2&SearchSource=13");
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Marcy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Homepage] : hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=n10666-197&t=4 Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo Deleted [Extension] : eiimolhnbbbdagljikeckdkldgemmmlj Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
*************************
AdwCleaner[R0].txt - [11908 octets] - [10/07/2014 23:21:23] AdwCleaner[R1].txt - [11923 octets] - [13/07/2014 09:11:09] AdwCleaner[R2].txt - [11984 octets] - [13/07/2014 15:42:58] AdwCleaner[S0].txt - [11654 octets] - [13/07/2014 15:47:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11715 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 13, 2014 16:08:00 GMT -8
Your system should be much better now. On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan
Click the For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on Posted Image to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Under scan settings, check and DON'T (NO) check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
Click Advanced settings and select the following: Scan potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. Attach the resulting log in your next reply The scanner screen gives me the option of saving the results to a .txt file as part of the options after the scan has finished. Screenshot of part of the finished scan dialog box by ESET showing the options. List found threats and at the bottom of the listings is the options to save the list. Quads
|
|
|
Post by marcymuss on Jul 14, 2014 9:47:27 GMT -8
Got it. Running the scan now - I'll post once it's completed.
|
|
|
Post by marcymuss on Jul 14, 2014 12:12:01 GMT -8
My system IS much better already. Attached list of found threats file. Thank you.
Attachment Deleted
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 14, 2014 14:58:26 GMT -8
Download OTL www.bleepingcomputer.com/download/otl/ On to the Desktop Click on the Blue Button on the download page Download Now @ Authors Site Disable your AV for say 30mins or More Start OTL, (Right click and from the menu choose "Run as Administrator") Click the Scan All Users checkbox. Change file age to 90 days Press the An OTL.txt and extras.txt will be created. To attach back in a post Quads
|
|
|
Post by marcymuss on Jul 21, 2014 20:36:51 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 21, 2014 20:52:58 GMT -8
I see you have started to re infect your system again (or someone with access to the system)
In the Control panel => Programs => Uninstall
Uninstall in the list of programs
"ESET Online Scanner" = ESET Online Scanner v3
I have to script for the rest, In your case am using the OTL, and ESET logs
Quads
|
|
|
Post by marcymuss on Jul 22, 2014 18:22:54 GMT -8
UGH! Crazy! I sure appreciate your help with all this. I've never had such trouble with viruses I did see new programs installed, while I was out of town... time to lockdown my laptop.
ESET has been Uninstalled.
|
|