|
Post by jobags on Oct 29, 2014 7:33:37 GMT -8
My computer is still running slow, but not as bad as it was.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 29, 2014 14:59:02 GMT -8
Please run AdwCleaner again (if you don't have it running from the last scan) and
a) Click the Scan Button and wait for the scan to finish, (If Adwcleaner has been left open at the finish of the scan this is already done).
b) Make sure in your case all the items under each TAB are ticked / checked EXCEPT for the following:
***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.
d) It should create a new log afterwards (with S0 in the name).
e) Please attach or copy the log into your reply here.
|
|
|
Post by jobags on Oct 29, 2014 19:12:09 GMT -8
# AdwCleaner v4.002 - Report created 29/10/2014 at 23:06:28 # DB v2014-10-26.6 # Updated 27/10/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Joe - JOE-PC # Running from : C:\Users\Joe\Downloads\AdwCleaner.exe # Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Users\Joe\AppData\Local\Conduit Folder Deleted : C:\Users\Joe\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Joe\AppData\Local\FileTypeAssistant Folder Deleted : C:\Users\Joe\AppData\Local\Temp\pccustubinstaller Folder Deleted : C:\Users\Joe\AppData\Roaming\pccustubinstaller Folder Deleted : C:\Users\Joe\AppData\Local\visi_coupon Folder Deleted : C:\ProgramData\WeCareReminder Folder Deleted : C:\ProgramData\PC Drivers HeadQuarters Folder Deleted : C:\Program Files (x86)\PC Drivers HeadQuarters Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective Folder Deleted : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\0yy3pbig.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} File Deleted : C:\END
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
[x] Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [x] Not Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B65B5CE-1CB5-4ECD-B369-2A02F614E6A5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10E0BF94-AB2A-4FC0-86F6-AA117ABFA54C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{130DDF47-335B-4A3B-809C-6A27561D247C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{521E3668-62B3-49E2-B5C2-B82B6D2DDBEF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{676E475C-3B97-492B-9541-B853D1DF05F9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819342BD-C4A5-425A-B7C7-A4CB08EF846A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9DA4B4BB-5C18-4AAB-803B-6BBBB0A2AAC0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A17F8466-5402-4A46-9635-AB3DB292A88C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2D37F-8025-4DED-BE8F-9477FD9F11EC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D912D2DF-4651-4DF6-8752-5C0E338038C1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DA076F67-EBC4-434C-9044-C9FB413CE566} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\FileTypeAssistant Key Deleted : HKCU\Software\pc optimizer pro Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Freeze.com Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
-\\ Google Chrome v38.0.2125.104
*************************
AdwCleaner[R0].txt - [5714 octets] - [29/10/2014 11:27:37] AdwCleaner[S0].txt - [5336 octets] - [29/10/2014 23:06:28]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5396 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 30, 2014 18:18:27 GMT -8
On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan
Click the For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on Posted Image to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Under scan settings, check DON'T (NO)</font></b> check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
Click Advanced settings and select the following: Scan potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. Attach the resulting log in your next reply The scanner screen gives me the option of saving the results to a .txt file as part of the options after the scan has finished. Screenshot of part of the finished scan dialog box by ESET showing the options. List found threats and at the bottom of the listings is the options to save the list. Quads
|
|
|
Post by jobags on Oct 31, 2014 7:00:30 GMT -8
I did the scan, but deleted it trying to save the txt file...So I am running it again...3 infected files were found.
How do I copy the list here ? and how do I do a screen shot of the scan results that you asked for ?
|
|
|
Post by jobags on Oct 31, 2014 13:34:35 GMT -8
Scan results below... C:\FRST\Quarantine\C\Users\Joe\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx.xBAD a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Users\Joe\Downloads\ccsetup310.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application C:\Users\Joe\Downloads\BitTorrent\avc-free.exe Win32/OpenCandy potentially unsafe application ESET Online Scanner Image... wikisend.com/download/436956/Scan Results.png Scan Results.png
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 31, 2014 13:58:23 GMT -8
Uninstall ESET Online Scanner Then just Delete C:\Users\Joe\Downloads\BitTorrent\avc-free.exe THEN Tools and Quarantines we used to be removed Please download DelFix by Xplode to your Desktop. toolslib.net/downloads/viewdownload/2-delfix/Double-click to run the program; Note: Windows Vista/7/8 users right-click and choose Run as administrator Make sure the Remove Disinfection tools is ticked / selected in the list Click RunA log will be opened after the operation is finished Copy and Paste it in your next reply
|
|
|
Post by jobags on Oct 31, 2014 16:32:04 GMT -8
# DelFix v10.8 - Logfile created 31/10/2014 at 20:31:47 # Updated 29/07/2014 by Xplode # Username : Joe - JOE-PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Joe\Desktop\Addition.txt Deleted : C:\Users\Joe\Desktop\AdwCleaner[S0].txt Deleted : C:\Users\Joe\Desktop\Fixlog.txt Deleted : C:\Users\Joe\Desktop\FRST.txt Deleted : C:\Users\Joe\Desktop\frst64.exe Deleted : C:\Users\Joe\Downloads\AdwCleaner.exe Deleted : C:\Users\Joe\Downloads\esetsmartinstaller_enu (2).exe Deleted : C:\Users\Joe\Downloads\tdsskiller.exe Deleted : HKLM\SOFTWARE\AdwCleaner
########## - EOF - ##########
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 31, 2014 16:33:14 GMT -8
Your system looks clean and your logs are fine. Unless Quads wants something else done, you are done and free to go.
Final word from me: Surf safely, and watch when installing or letting anything add itself to your system. Remember, the best security is not on your system but in the chair in front of it. Take care and thanks for sticking with us in this rushed time.
|
|
|
Post by jobags on Oct 31, 2014 17:17:37 GMT -8
Thank you very much for all your and Quads help...You are both fantastic...
|
|