Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 24, 2014 23:51:57 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by maximus90 on Oct 25, 2014 0:05:47 GMT -8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-10-2014 Ran by Max at 2014-10-25 01:03:07 Run:1 Running from C:\Users\Max\Desktop Loaded Profile: Max (Available profiles: boinc_master & Max) Boot Mode: Normal ==============================================
Content of fixlist: ***************** start HKLM\...\Winlogon: [Shell] [0 ] () <=== ATTENTION BHO: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll (Plus HD) C:\Program Files (x86)\Plus-HD-1.6 HKU\S-1-5-21-464786991-3699752280-2420311854-1006\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe HKU\S-1-5-21-464786991-3699752280-2420311854-1006\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found C:\PROGRA~2\SearchProtect\SearchProtect HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=3d507f4d-5472-f76f-ec8e-e3f27b780a7e&searchtype=ds&q={searchTerms}&installDate=28/10/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=3d507f4d-5472-f76f-ec8e-e3f27b780a7e&searchtype=ds&q={searchTerms}&installDate=28/10/2013 URLSearchHook: HKLM-x32 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=3d507f4d-5472-f76f-ec8e-e3f27b780a7e&searchtype=ds&q={searchTerms}&installDate=28/10/2013 SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=3d507f4d-5472-f76f-ec8e-e3f27b780a7e&searchtype=ds&q={searchTerms}&installDate=28/10/2013 SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=3d507f4d-5472-f76f-ec8e-e3f27b780a7e&searchtype=ds&q={searchTerms}&installDate=28/10/2013 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB677846A-FF3A-4011-87F1-00FA54962DDA&q={searchTerms}&SSPV= BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File C:\Program Files (x86)\Hotspot Shield BHO-x32: No Name -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> No File BHO-x32: No Name -> {ba14329e-9550-4989-b3f2-9732e92d17cc} -> No File BHO-x32: GreatArcadeHits Add-on -> {D0C21091-FF8E-432C-9006-0540E81BA9D7} -> C:\Users\Max\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits) C:\Users\Max\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll C:\Users\Max\AppData\Local\GreatArcadeHits Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll No File C:\Program Files (x86)\Common Files\AVG Secure Search FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll No File FF HKCU\...\FIREFOX\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\Max\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14] CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27] C:\Program Files (x86)\Common Files\Spigot CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Max\AppData\Local\Slick Savings\coupons.crx [2013-08-14] C:\Users\Max\AppData\Local\Slick Savings CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22] S2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [X] U2 MSSQL$DDNI; No ImagePath C:\Users\Max\AppData\Local\Temp\i4jdel0.exe C:\Users\Max\AppData\Local\Temp\MSNC544.exe C:\Users\Max\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Max\AppData\Local\Temp\System.Data.SQLite15717.dll C:\Users\Max\AppData\Local\Temp\System.Data.SQLite44932.dll C:\Users\Max\AppData\Local\Temp\System.Data.SQLite53661.dll C:\Users\Max\AppData\Local\Temp\System.Data.SQLite83300.dll C:\Users\Max\AppData\Local\Temp\System.Data.SQLite88350.dll C:\Users\Max\AppData\Local\Temp\System.Data.SQLite94599.dll CustomCLSID: HKU\S-1-5-21-464786991-3699752280-2420311854-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Max\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-464786991-3699752280-2420311854-1006_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? CustomCLSID: HKU\S-1-5-21-464786991-3699752280-2420311854-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Max\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File Task: {183FA812-D0A0-4F39-B06D-E1DD5050D3E1} - System32\Tasks\Plus-HD-1.6-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe Task: {29C9C5FC-657E-41F8-9DD8-450F7EBF0562} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{21A269AF-DC7F-4FEA-BAF5-B3A773F11B6B}.exe Task: {4560DC72-E728-47DE-93D1-5B29B6FD43B0} - System32\Tasks\RocketTab => C:\Windows\system32\cmd.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION Task: {8B9D7F4D-4B67-4E3B-89E0-110BE88FA474} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{F5C2918F-EC1B-45F7-94D7-882299677A77}.exe Task: {99CDCBAA-1B75-492A-9FB5-817A3B6B433A} - System32\Tasks\Plus-HD-1.6-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe Task: {DCC60748-4865-4831-985C-D46AABBBD2FA} - System32\Tasks\GreatArcadeHits => C:\Users\Max\AppData\Local\GreatArcadeHits\GAHUpdate.exe [2014-07-01] () <==== ATTENTION Task: {F4CD8F8C-9A32-4E8D-9443-F83A6C324DD9} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\RocketTab\uninstall.exe [2014-08-27] () <==== ATTENTION Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{F5C2918F-EC1B-45F7-94D7-882299677A77}.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{21A269AF-DC7F-4FEA-BAF5-B3A773F11B6B}.exe Task: C:\Windows\Tasks\GreatArcadeHits.job => C:\Users\Max\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe <==== ATTENTION end *****************
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}" => Key deleted successfully. "HKCR\CLSID\{11111111-1111-1111-1111-110311201102}" => Key deleted successfully. C:\Program Files (x86)\Plus-HD-1.6 => Moved successfully. HKU\S-1-5-21-464786991-3699752280-2420311854-1006\Software\Microsoft\Windows\CurrentVersion\Run\\OutfoxTV => value deleted successfully. "HKU\S-1-5-21-464786991-3699752280-2420311854-1006\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully. "HKU\S-1-5-21-464786991-3699752280-2420311854-1006\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully. "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully. "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully. C:\PROGRA~2\SearchProtect\SearchProtect => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully. "HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully. "HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key deleted successfully. "HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key deleted successfully. "C:\Program Files (x86)\Hotspot Shield" => File/Directory not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7}" => Key deleted successfully. C:\Users\Max\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll => Moved successfully. C:\Users\Max\AppData\Local\GreatArcadeHits => Moved successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully. "HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully. "HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => value deleted successfully. "HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} => value deleted successfully. "HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully. "HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found. "HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key deleted successfully. C:\Program Files (x86)\Common Files\AVG Secure Search => Moved successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully. HKCU\Software\Mozilla\FIREFOX\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} => value deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj" => Key deleted successfully. C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj" => Key deleted successfully. C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx => Moved successfully. C:\Program Files (x86)\Common Files\Spigot => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk" => Key deleted successfully. C:\Users\Max\AppData\Local\Slick Savings\coupons.crx => Moved successfully. C:\Users\Max\AppData\Local\Slick Savings => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp" => Key deleted successfully. "C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx" => File/Directory not found. vToolbarUpdater17.0.12 => Service deleted successfully. MSSQL$DDNI => Service deleted successfully. C:\Users\Max\AppData\Local\Temp\i4jdel0.exe => Moved successfully. C:\Users\Max\AppData\Local\Temp\MSNC544.exe => Moved successfully. C:\Users\Max\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully. C:\Users\Max\AppData\Local\Temp\System.Data.SQLite15717.dll => Moved successfully. C:\Users\Max\AppData\Local\Temp\System.Data.SQLite44932.dll => Moved successfully. C:\Users\Max\AppData\Local\Temp\System.Data.SQLite53661.dll => Moved successfully. C:\Users\Max\AppData\Local\Temp\System.Data.SQLite83300.dll => Moved successfully. C:\Users\Max\AppData\Local\Temp\System.Data.SQLite88350.dll => Moved successfully. C:\Users\Max\AppData\Local\Temp\System.Data.SQLite94599.dll => Moved successfully. "HKU\S-1-5-21-464786991-3699752280-2420311854-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-464786991-3699752280-2420311854-1006_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found. "HKU\S-1-5-21-464786991-3699752280-2420311854-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{183FA812-D0A0-4F39-B06D-E1DD5050D3E1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{183FA812-D0A0-4F39-B06D-E1DD5050D3E1}" => Key deleted successfully. C:\Windows\System32\Tasks\Plus-HD-1.6-chromeinstaller => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-chromeinstaller" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29C9C5FC-657E-41F8-9DD8-450F7EBF0562}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29C9C5FC-657E-41F8-9DD8-450F7EBF0562}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4560DC72-E728-47DE-93D1-5B29B6FD43B0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4560DC72-E728-47DE-93D1-5B29B6FD43B0}" => Key deleted successfully. C:\Windows\System32\Tasks\RocketTab => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B9D7F4D-4B67-4E3B-89E0-110BE88FA474}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B9D7F4D-4B67-4E3B-89E0-110BE88FA474}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_HP_rmv" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99CDCBAA-1B75-492A-9FB5-817A3B6B433A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99CDCBAA-1B75-492A-9FB5-817A3B6B433A}" => Key deleted successfully. C:\Windows\System32\Tasks\Plus-HD-1.6-firefoxinstaller => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-firefoxinstaller" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCC60748-4865-4831-985C-D46AABBBD2FA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCC60748-4865-4831-985C-D46AABBBD2FA}" => Key deleted successfully. C:\Windows\System32\Tasks\GreatArcadeHits => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GreatArcadeHits" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F4CD8F8C-9A32-4E8D-9443-F83A6C324DD9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4CD8F8C-9A32-4E8D-9443-F83A6C324DD9}" => Key deleted successfully. C:\Windows\System32\Tasks\RocketTab Update Task => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully. C:\Windows\Tasks\GreatArcadeHits.job => Moved successfully. C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => Moved successfully. C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job => Moved successfully.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 25, 2014 0:09:25 GMT -8
The last step was to just take items and break malware apart, some go into quarantine Poweliks has been broken!!!
Now though in Normal Mode the system should be running a lot better and dllhost.exe should quieten down.
Quads
|
|
|
Post by maximus90 on Oct 25, 2014 0:13:21 GMT -8
Yeah! the dllhost.exe *32 has definitely hushed up thank you very much. Looking good thus far.....but you mentioned I have more then poweliks?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 25, 2014 0:16:46 GMT -8
I Broke a lot of the others with FRST to, But at least the system has calmed down so I can carry on with this tomorrow my time in the world (NZDT).
Quads
|
|
|
Post by maximus90 on Oct 25, 2014 0:20:45 GMT -8
Well thank you very much
|
|
|
Post by maximus90 on Oct 25, 2014 9:05:23 GMT -8
I am ready to continue at your convenience. Thank you for ALL the help so far.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 25, 2014 9:26:40 GMT -8
Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Quads
|
|
|
Post by maximus90 on Oct 25, 2014 9:36:52 GMT -8
# AdwCleaner v4.001 - Report created 25/10/2014 at 10:32:59 # Updated 20/10/2014 by Xplode # Database : 2014-10-23.2 # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Max - MAX-VAIO # Running from : C:\Users\Max\Desktop\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
Service Found : vToolbarUpdater17.0.12
***** [ Files / Folders ] *****
File Found : C:\END Folder Found : C:\Program Files (x86)\AVG Secure Search Folder Found : C:\Program Files (x86)\QuestBrwSearch Folder Found : C:\Program Files (x86)\RocketTab Folder Found : C:\Program Files (x86)\SearchProtect Folder Found : C:\ProgramData\apn Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\ProgramData\ParetoLogic Folder Found : C:\ProgramData\Partner Folder Found : C:\ProgramData\QuestBrwSearch Folder Found : C:\ProgramData\SecTaskMan Folder Found : C:\Users\Max\AppData\Local\AVG Secure Search Folder Found : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj Folder Found : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Folder Found : C:\Users\Max\AppData\Local\SearchProtect Folder Found : C:\Users\Max\AppData\LocalLow\AVG Secure Search Folder Found : C:\Users\Max\AppData\LocalLow\Conduit Folder Found : C:\Users\Max\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\Max\AppData\LocalLow\PriceGong Folder Found : C:\Users\Max\AppData\LocalLow\ShoppingReport2 Folder Found : C:\Users\Max\AppData\LocalLow\Vuze_Remote Folder Found : C:\Users\Max\AppData\Roaming\DriverCure Folder Found : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits Folder Found : C:\Users\Max\AppData\Roaming\OpenCandy Folder Found : C:\Users\Max\AppData\Roaming\ParetoLogic Folder Found : C:\Windows\SysWOW64\SearchProtect
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\anchorfree Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\Plus-HD-1.6 Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2 Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\IGearSettings Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\ParetoLogic Key Found : HKCU\Software\RocketTabInstalled Key Found : HKCU\Software\Search Extensions Key Found : HKCU\Software\SmartBar Key Found : [x64] HKCU\Software\anchorfree Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\IGearSettings Key Found : [x64] HKCU\Software\InstalledBrowserExtensions Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found : [x64] HKCU\Software\ParetoLogic Key Found : [x64] HKCU\Software\RocketTabInstalled Key Found : [x64] HKCU\Software\Search Extensions Key Found : [x64] HKCU\Software\SmartBar Key Found : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982} Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Found : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501} Key Found : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO.1 Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} Key Found : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502} Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602} Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand.1 Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl.1 Key Found : HKLM\SOFTWARE\Classes\speedupmypc Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344204402} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\SOFTWARE\DeviceVM Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateglindorus_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateglindorus_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilglindorus_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilglindorus_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.6 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Found : HKLM\SOFTWARE\ParetoLogic Key Found : HKLM\SOFTWARE\Plus-HD-1.6 Key Found : HKLM\SOFTWARE\QuestBrowse Key Found : HKLM\SOFTWARE\RocketTab Key Found : HKLM\SOFTWARE\SearchProtect Key Found : HKLM\SOFTWARE\Uniblue Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : [x64] HKLM\SOFTWARE\DeviceVM Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=3d507f4d-5472-f76f-ec8e-e3f27b780a7e&searchtype=ds&q={searchTerms}&installDate=28/10/2013 Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=3d507f4d-5472-f76f-ec8e-e3f27b780a7e&searchtype=ds&q={searchTerms}&installDate=28/10/2013 Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=3d507f4d-5472-f76f-ec8e-e3f27b780a7e&searchtype=ds&q={searchTerms}&installDate=28/10/2013 Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=3d507f4d-5472-f76f-ec8e-e3f27b780a7e&searchtype=ds&q={searchTerms}&installDate=28/10/2013
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [13333 octets] - [25/10/2014 10:32:59]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13394 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 25, 2014 9:59:55 GMT -8
a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure all of the items under each TAB are to be ticked. Except the entries for: Below are the entries that are NOT to be deleted Folder Found : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Found : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
(All Norton )
c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|