Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 13, 2014 17:37:05 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by glenn440 on Jul 13, 2014 17:48:40 GMT -8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014 Ran by Glenn at 2014-07-13 20:46:47 Run:1 Running from C:\Users\Glenn\Desktop Boot Mode: Normal ==============================================
Content of fixlist: ***************** start () C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe () C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe () C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Windows YWN Monitor] => C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe [988160 2014-07-02] () HKLM-x32\...\Run: [ywnmon32] => C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe [988160 2014-07-02] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ywnmon32.exe.lnk ShortcutTarget: ywnmon32.exe.lnk -> C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe () SearchScopes: HKLM-x32 - {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm003^YYA^us&si=CPrthZemhbkCFQ1gMgodxGAAYg&ptb=16B1B89A-143A-4652-88A8-34A6F72729E1&ind=2013081716&n=77fd3074&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - VWPT URL = search.viewpoint.com/pl/search?tab=1&k={searchTerms}&addr=1&query=vb=1%26tn%3D0%26addr%3D1%26type%3Drel39%5fvista%26instid%3DViewpointV39%5fvista SearchScopes: HKCU - {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm003^YYA^us&si=CPrthZemhbkCFQ1gMgodxGAAYg&ptb=16B1B89A-143A-4652-88A8-34A6F72729E1&ind=2013081716&n=77fd3074&psa=&st=sb&searchfor={searchTerms} BHO-x32: sizlsearch - {36d96925-abfa-4eb8-b630-305e905a930d} - C:\Program Files (x86)\sizlsearch\sizlsearchbho.dll (sizlsearch) C:\Program Files (x86)\sizlsearch\sizlsearchbho.dll BHO-x32: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll Toolbar: HKLM-x32 - Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File R2 Update sizlsearch; C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe [321824 2014-07-13] () R2 Util sizlsearch; C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe [321824 2014-07-13] () R2 Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [24652 2008-09-08] (Viewpoint Corporation) [File not signed] R1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys [61120 2014-07-12] (StdLib) C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys 2014-07-13 01:14 - 2014-07-13 01:15 - 00030690 _____ () C:\Users\Glenn\Downloads\Addition.txt 2014-07-13 01:13 - 2014-07-13 01:15 - 00037175 _____ () C:\Users\Glenn\Downloads\FRST.txt 2014-07-13 01:16 - 2014-07-13 01:16 - 05185536 _____ (AVAST Software) C:\Users\Glenn\Desktop\aswmbr.exe 2014-07-13 01:09 - 2014-07-12 13:46 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys 2014-07-13 00:05 - 2014-07-13 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open JDK Explorer 2014-07-13 00:05 - 2014-07-13 00:05 - 00000000 ____D () C:\Program Files (x86)\Open JDK Explorer 2014-07-13 00:04 - 2014-07-13 01:08 - 00000000 ____D () C:\Program Files (x86)\sizlsearch 2014-07-13 00:05 - 2014-07-13 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open JDK Explorer C:\Users\Glenn\AppData\Local\Temp\converter.exe C:\Users\Glenn\AppData\Local\Temp\GfxDbMash.dll C:\Users\Glenn\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe C:\Users\Glenn\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Glenn\AppData\Local\Temp\MotoCast_Installer_2.0309.exe C:\Users\Glenn\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe C:\Users\Glenn\AppData\Local\Temp\nvAppBar.exe C:\Users\Glenn\AppData\Local\Temp\nview.dll C:\Users\Glenn\AppData\Local\Temp\nView64.dll C:\Users\Glenn\AppData\Local\Temp\nViewSetup.exe C:\Users\Glenn\AppData\Local\Temp\nvShell.dll C:\Users\Glenn\AppData\Local\Temp\nvStInst.exe C:\Users\Glenn\AppData\Local\Temp\nvTaskBar.exe C:\Users\Glenn\AppData\Local\Temp\nvwdmcpl.dll C:\Users\Glenn\AppData\Local\Temp\nvwimg.dll C:\Users\Glenn\AppData\Local\Temp\nvwimg64.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSAR.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSCS.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSDA.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSDE.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSEL.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSENG.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSENU.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSES.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSESM.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSFI.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSFR.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSHE.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSHU.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSIT.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSJA.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSKO.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSNL.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSNO.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSPL.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSPT.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSPTB.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSRU.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSSK.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSSL.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSSV.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSTH.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSTR.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSZHC.dll C:\Users\Glenn\AppData\Local\Temp\NVWRSZHT.dll C:\Users\Glenn\AppData\Local\Temp\nwiz.exe C:\Users\Glenn\AppData\Local\Temp\ose00000.exe Task: {4918FF9B-CE80-4223-ADD3-332144EC8A75} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-05-21] () <==== ATTENTION 2014-07-13 00:57 - 2014-07-13 00:57 - 00580701 _____ () C:\Users\Glenn\AppData\Local\Temp\tmpE436.tmp end *****************
[3300] C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe => Process closed successfully. C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe => Moved successfully. [2904] C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe => Process closed successfully. C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe => Moved successfully. [4332] C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe => Process closed successfully. C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe => Moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Windows YWN Monitor => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ywnmon32 => value deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ywnmon32.exe.lnk => Moved successfully. C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe not found. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{35e9438f-19d4-4516-b2ac-59ba9241de4d}'=> Key not found. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\VWPT' => Key deleted successfully. 'HKCR\CLSID\VWPT'=> Key not found. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}' => Key deleted successfully. 'HKCR\CLSID\{35e9438f-19d4-4516-b2ac-59ba9241de4d}'=> Key not found. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36d96925-abfa-4eb8-b630-305e905a930d}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{36d96925-abfa-4eb8-b630-305e905a930d}' => Key deleted successfully. C:\Program Files (x86)\sizlsearch\sizlsearchbho.dll => Moved successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}' => Key deleted successfully. C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully. 'HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}'=> Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully. 'HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}'=> Key not found. Update sizlsearch => Service deleted successfully. Util sizlsearch => Service deleted successfully. Viewpoint Manager Service => Service stopped successfully. Viewpoint Manager Service => Service deleted successfully. {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64 => Service stopped successfully. {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64 => Service deleted successfully. C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys => Moved successfully. C:\Users\Glenn\Downloads\Addition.txt => Moved successfully. C:\Users\Glenn\Downloads\FRST.txt => Moved successfully. C:\Users\Glenn\Desktop\aswmbr.exe => Moved successfully. "C:\Windows\system32\Drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys" => File/Directory not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open JDK Explorer => Moved successfully. C:\Program Files (x86)\Open JDK Explorer => Moved successfully. C:\Program Files (x86)\sizlsearch => Moved successfully. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open JDK Explorer" => File/Directory not found. C:\Users\Glenn\AppData\Local\Temp\converter.exe => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\GfxDbMash.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\MotoCast_Installer_2.0309.exe => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\nvAppBar.exe => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\nview.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\nView64.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\nViewSetup.exe => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\nvShell.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\nvStInst.exe => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\nvTaskBar.exe => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\nvwdmcpl.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\nvwimg.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\nvwimg64.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSAR.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSCS.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSDA.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSDE.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSEL.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSENG.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSENU.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSES.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSESM.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSFI.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSFR.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSHE.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSHU.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSIT.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSJA.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSKO.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSNL.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSNO.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSPL.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSPT.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSPTB.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSRU.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSSK.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSSL.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSSV.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSTH.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSTR.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSZHC.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\NVWRSZHT.dll => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\nwiz.exe => Moved successfully. C:\Users\Glenn\AppData\Local\Temp\ose00000.exe => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4918FF9B-CE80-4223-ADD3-332144EC8A75}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4918FF9B-CE80-4223-ADD3-332144EC8A75}' => Key deleted successfully. C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar' => Key deleted successfully. C:\Users\Glenn\AppData\Local\Temp\tmpE436.tmp => Moved successfully.
==== End of Fixlog ====
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 13, 2014 18:24:07 GMT -8
Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Quads
|
|
|
Post by glenn440 on Jul 13, 2014 18:29:09 GMT -8
# AdwCleaner v3.215 - Report created 13/07/2014 at 21:27:06 # Updated 09/07/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Glenn - GLENN-PC # Running from : C:\Users\Glenn\Desktop\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
Service Found : Update sizlsearch Service Found : Util sizlsearch Service Found : Viewpoint Manager Service
***** [ Files / Folders ] *****
Folder Found : C:\Program Files (x86)\Ask.com Folder Found : C:\Program Files (x86)\Common Files\Viewpoint Folder Found : C:\Program Files (x86)\Viewpoint Folder Found : C:\ProgramData\apn Folder Found : C:\ProgramData\Viewpoint Folder Found : C:\Users\Glenn\AppData\Local\AskToolbar Folder Found : C:\Users\Glenn\AppData\LocalLow\AskToolbar Folder Found : C:\Users\Glenn\AppData\LocalLow\Viewpoint Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\AskToolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{36D96925-ABFA-4EB8-B630-305E905A930D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36D96925-ABFA-4EB8-B630-305E905A930D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\sizlsearch Key Found : HKCU\Software\Viewpoint Key Found : [x64] HKCU\Software\Ask.com Key Found : [x64] HKCU\Software\AskToolbar Key Found : [x64] HKCU\Software\sizlsearch Key Found : [x64] HKCU\Software\Viewpoint Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Key Found : HKLM\Software\InstallIQ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager Key Found : HKLM\Software\sizlsearch Key Found : HKLM\Software\Viewpoint Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sizlsearch Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
*************************
AdwCleaner[R0].txt - [5989 octets] - [13/07/2014 21:27:06]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6049 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 13, 2014 18:36:33 GMT -8
Adwcleaner found the Services again, although it does not state the ControlSet number, a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure in your case all the items under each TAB are ticked / checked then. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|
|
Post by glenn440 on Jul 13, 2014 18:43:36 GMT -8
# AdwCleaner v3.215 - Report created 13/07/2014 at 21:39:30 # Updated 09/07/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Glenn - GLENN-PC # Running from : C:\Users\Glenn\Desktop\AdwCleaner.exe # Option : Clean
***** [ Services ] *****
[#] Service Deleted : Update sizlsearch [#] Service Deleted : Util sizlsearch [#] Service Deleted : Viewpoint Manager Service
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\Viewpoint Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Program Files (x86)\Viewpoint Folder Deleted : C:\Program Files (x86)\Common Files\Viewpoint Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} Folder Deleted : C:\Users\Glenn\AppData\Local\AskToolbar Folder Deleted : C:\Users\Glenn\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Glenn\AppData\LocalLow\Viewpoint
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AskToolbar Key Deleted : HKCU\Software\sizlsearch Key Deleted : HKCU\Software\Viewpoint Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKLM\Software\InstallIQ Key Deleted : HKLM\Software\sizlsearch Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sizlsearch Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
*************************
AdwCleaner[R0].txt - [6185 octets] - [13/07/2014 21:27:06] AdwCleaner[R1].txt - [6245 octets] - [13/07/2014 21:38:20] AdwCleaner[S0].txt - [5658 octets] - [13/07/2014 21:39:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5718 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 13, 2014 18:49:47 GMT -8
|
|
|
Post by glenn440 on Jul 13, 2014 18:57:41 GMT -8
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Ultimate x64 Ran by Glenn on Sun 07/13/2014 at 21:52:05.75 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 07/13/2014 at 21:55:54.43 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jul 13, 2014 19:05:53 GMT -8
Your system should be much better now. On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan
Click the For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on Posted Image to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Under scan settings, check and DON'T (NO) check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
Click Advanced settings and select the following: Scan potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. Attach the resulting log in your next reply The scanner screen gives me the option of saving the results to a .txt file as part of the options after the scan has finished. Screenshot of part of the finished scan dialog box by ESET showing the options. List found threats and at the bottom of the listings is the options to save the list. Quads
|
|
|
Post by glenn440 on Jul 13, 2014 19:35:54 GMT -8
24 minutes and counting...
|
|