Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Malware/Virus possible Artua Vladislav (fs) and other symptoms [Closed

  • This topic is locked This topic is locked




  • Retired Staff
  • 8,228 posts

Hello I'm posting the results of Re-run Adwcleaner as it didn't go exactly as you mentioned.

Yep. An important step got left out of the instructions. My bad. The AdwCleaner GUI changed and when I re-did the instructions I left the part where you clean the computer. :blush: That's why you weren't asked to reboot the computer.
Let's try that again and then please run the Junk Removal Tool.


Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • Now click the Clean button.
  • Everything left checked will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt


Scan with JRT:

Posted Image

NOTE: Temporarily shut down your protection software now to avoid potential conflicts. To do that:

Disable the Resident Shield feature in AVG 2013

To disable this feature under AVG:
  • Double-click on the AVG tray icon to access the main interface.
  • Click Tools > Advanced Settings > Antivirus > Resident Shield.
  • Uncheck the box beside Enable Resident Shield.
    Posted Image
  • Click on Apply and then on OK to validate.
  • Right click the JRT.exe file and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled. To do that: Follow the instructions above but put a check in the box next to Enable Resident Shield.
  • 0





  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi I was a little unsure with the results so just checking before I go ahead and clean.

I ran the scan in step 1.

It seemed to stop and just say Pending. please uncheck elements you don't want to remove?

This wasn't a step you mentioned. I'm unsure what to do with that. I noticed that there were several tabs, do I need to do anything with the contents of those? I think they were like, service, folders/files, etc.

I didn't want to clean anything until you confirmed. Better safe than sorry!

  • 0




  • Retired Staff
  • 8,228 posts

It seemed to stop and just say Pending. please uncheck elements you don't want to remove?

Yes. You will get that when the initial scan has completed. You don't need to do anything except click the Clean button and the tool will clean what it found off of the system.
After you reboot, if the log report doesn't come up automatically you can find it in the location given above.
  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hello here is the log for the Adwcleaner, just going on to run the other JRT, so thought I would send this in the meantime.

# AdwCleaner v3.001 - Report created 29/08/2013 at 09:22:58
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Frances - FRANCES-PC
# Running from : C:\Users\Frances\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Productivity_2.2
Folder Deleted : C:\Users\Frances\AppData\Local\cre
Folder Deleted : C:\Users\Frances\AppData\Local\PackageAware
Folder Deleted : C:\Users\Frances\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Frances\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Frances\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Frances\AppData\LocalLow\Productivity_2.2
Folder Deleted : C:\Users\Frances\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\Smartbar
Folder Deleted : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\Extensions\[email protected]
Folder Deleted : C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Users\Frances\Desktop\Uninstall.exe
File Deleted : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\\invalidprefs.js
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09672E5B-9B96-49A5-9406-CC4F9DA8AD6B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09672E5B-9B96-49A5-9406-CC4F9DA8AD6B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCD0E0E-B424-4FC7-BF2E-B1EC7D6B05BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4FCD0E0E-B424-4FC7-BF2E-B1EC7D6B05BE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1BC4A06-191C-4AA0-87CF-AB8EEF49F25F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Productivity_2.2
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Productivity_2.2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Productivity_2.2 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\prefs.js ]

Line Deleted : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM1NTI2NTM4MCwidXVpZCI6MTExOTE4NzE3NTkzMjM5LCJzZXFfaWQiOjQ3LCJzc2IiOjEzNTExODAwMjV9");
Line Deleted : user_pref("CT3220468.BT_Usage.enc", "eyJ1dWlkIjoxMTE5MTg3MTc1OTMyMzksInNlcV9pZCI6Mn0=");
Line Deleted : user_pref("CT3220468.CBOpenMAMSettings.enc", "MA==");
Line Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.Facebook_Mode", "2");
Line Deleted : user_pref("CT3220468.Facebook_User_Locale", "en");
Line Deleted : user_pref("CT3220468.FirstTime", "true");
Line Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0=");
Line Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3220468.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3220468.SF_USER_ID.enc", "Y2lkXzMwNTIwMTMxMDE1NDQyMDk5NTky");
Line Deleted : user_pref("CT3220468.UserID", "UN35267562732629514");
Line Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Line Deleted : user_pref("CT3220468.cb_experience_000.enc", "MTA3NQ==");
Line Deleted : user_pref("CT3220468.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3220468.cb_user_id_000.enc", "Q0IyODgxOTIzMDYxOTdfMTM2NDIyMDEyNjAzMV9GaXJlZm94");
Line Deleted : user_pref("CT3220468.cbcountry_001.enc", "R0I=");
Line Deleted : user_pref("CT3220468.cbfirsttime.enc", "VGh1IE9jdCAyNSAyMDEyIDE2OjQ3OjAzIEdNVCswMTAwIChHTVQgRGF5bGlnaHQgVGltZSk=");
Line Deleted : user_pref("CT3220468.countryCode", "GB");
Line Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Line Deleted : user_pref("CT3220468.enableAlerts", "always");
Line Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Line Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3220468.fixUrls", true);
Line Deleted : user_pref("CT3220468.fullUserID", "UN35267562732629514.UP.20130701182713");
Line Deleted : user_pref("CT3220468.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscroll=0,titlebar=1,closebutton=1,saveresizedsize=0,openposition=alignment:(B;L),savelocation=0,closeone[...]
Line Deleted : user_pref("CT3220468.hxxp___toolbar_utorrent_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsc2F2ZXJlc2l6ZWRzaXplPTAsdGl0bGViYXI9MCxjbG9zZW9uZXh0ZXJuYWxjbGljaz0xLHNhdmVsb2NhdGlvbj0wLG9wZW5wb3NpdGlvbj1vZmZ[...]
Line Deleted : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=0,resizable=no,scrollbars=no,titlebar=yes,saveresizedsize=no");
Line Deleted : user_pref("CT3220468.installId", "fftB071.tmp.exe");
Line Deleted : user_pref("CT3220468.installType", "XPE");
Line Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Line Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN35267562732629514&SSPV=&Lay=1&UM=\"}");
Line Deleted : user_pref("CT3220468.lastVersion", "");
Line Deleted : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM3MzE4MzU4MjExMw==");
Line Deleted : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI0NGM3NjZhMi1hYjQ4LTQyM2EtOGM0NC02ZjUyZjc1OWYyNzQiLCJ[...]
Line Deleted : user_pref("CT3220468.mam_gk_currentBadgeValue.enc", "MQ==");
Line Deleted : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Line Deleted : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM3MzE4MzU4MzIwNw==");
Line Deleted : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3220468.mam_gk_newApps.enc", "W10=");
Line Deleted : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTk1XzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiR0IiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3220468.mam_gk_userId.enc", "ZjU5NTdkMGQtNzZmMS00ZTJmLWJmNDEtNjY5NjQ1ZTE5ZmU3");
Line Deleted : user_pref("CT3220468.mam_gk_user_apps_selection.enc", "");
Line Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bbc.co.uk%2Fiplayer%2Fepisode%2Fb00wyh2k%2FSmart_People%2F\",\"EB_MAIN_FRAME_TITLE\":\"B[...]
Line Deleted : user_pref("CT3220468.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.openThankYouPage", "true");
Line Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Line Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Line Deleted : user_pref("CT3220468.search.searchCount", "0");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1377192221094");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1373144671979");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1357382797195");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1373184815937");
Line Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372617244809");
Line Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1372595525205");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353267134036");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358373177197");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364381716458");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359634902630");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361191241296");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363196637287");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1372631645161");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372366001023");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374868542861");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377192221944");
Line Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372617244876");
Line Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1377192221089");
Line Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1377192220938");
Line Deleted : user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1363178727570");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372617244943");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1377192221615");
Line Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1377192221929");
Line Deleted : user_pref("CT3220468.settingsINI", true);
Line Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3220468.showToolbarPermission", "false");
Line Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Line Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3220468.smartbar.isHidden", true);
Line Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Line Deleted : user_pref("CT3220468.toolbarBornServerTime", "25-10-2012");
Line Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "22-8-2013");
Line Deleted : user_pref("CT3220468.toolbarLoginClientTime", "Wed Mar 13 2013 21:46:59 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT3220468.url_history0001.enc", "aHR0cDovL2JpdC5seS8xMWxXVHBROjo6Y2xpY2toYW5kbGVyOjo6MTM3MzExNjAyMzMxMywsLGh0dHA6Ly9iaXQubHkvMTFsV1RwUTo6OmNsaWNraGFuZGxlcjo6OjEzNzMxMTYwMjMzMjMsLCxodHRwczov[...]
Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1377192097708,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.avg.com/?d=4dd6974c&i=23&tp=ab&nt=1&q=");
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions[...]

-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url


AdwCleaner[R0].txt - [22760 octets] - [27/08/2013 14:49:06]
AdwCleaner[R1].txt - [22821 octets] - [28/08/2013 14:32:39]
AdwCleaner[R2].txt - [22882 octets] - [28/08/2013 19:32:14]
AdwCleaner[R3].txt - [22943 octets] - [29/08/2013 09:22:17]
AdwCleaner[S0].txt - [22433 octets] - [29/08/2013 09:22:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22494 octets] ##########
  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
As a note: I did notice that my AVG picked up a problem when I ran Adwcleaner, I just let it be ok and it added it to it's exceptions file. Hopefully that was ok!

Thank you for the updated info about disabling AVG 2013 - it doesn't apply to mine for some reason. What I mean is that I don't have those check boxes you describe.

So I think I will follow what I can see which is:

options, then advanced settings and there is one option to temp disable AVG, I can't apply it however I can " ok" it. I then assume that I go back and re-apply the AVG.

Then I can run JRT.


Edited by Feather24, 29 August 2013 - 02:45 AM.

  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hello all seemed to go ok.

Here is the JRT log:

Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x86
Ran by Frances on 29/08/2013 at 9:57:10.72

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2903601
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Frances\AppData\Roaming\coupons"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
Emptied folder: C:\Users\Frances\AppData\Roaming\mozilla\firefox\profiles\bx768oe8.default\minidumps [539 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Frances\appdata\local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

~~~ Event Viewer Logs were cleared

Scan was completed on 29/08/2013 at 9:59:25.59
End of JRT log
  • 0




  • Retired Staff
  • 8,228 posts

As a note: I did notice that my AVG picked up a problem when I ran Adwcleaner, I just let it be ok and it added it to it's exceptions file. Hopefully that was ok!

That was perfect.

Thank you for the updated info about disabling AVG 2013 - it doesn't apply to mine for some reason. What I mean is that I don't have those check boxes you describe.

Maybe the instructions for the paid version are different from the instructions for the free version :confused: , but I got them from the AVG web site. And you probably won't need to enable the AVG antivirus. If you just temporarily disabled it then is should automatically enable itself after a specified period of time or when you reboot the computer. You can always check the AVG icon in the system tray (by the clock) an make sure the AV protection is running.

Good job on the scans. AdwCleaner got rid of a bunch of rubbish. Now let's check for residual malware files and any programs that need updating.
For Steps 1 and 2 I want you to disable any screen saver you might have running.


Posted ImageMalwarebytes' Anti-Malware

Please close all programs and browsers on your computer and disable any screen saver you might have running.

  • Right click the MaywareBytes icon on the desktop and click Run As Administrator, then click the Continue button on the UAC window to run the program. You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while (like 2 hours or more for large hard drives), so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application and screen saver after running the above scan!


Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The MalwareBytes log
2. The ESET scan log IF it found anything. IF it didn't just let me know.
3. The checkup.txt log
4. How is the ocmputer running now?
  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hello thanks for all your help so far, I can see we are making progress:) which feels good, I have been noticing that my browsers are opening much quicker than before so that is really great. Glad we managed to remove more rubbish.

I do have a screen saver - I'm not sure how to disable it though, I went into the control panel and I can select "none" is that what you mean?

I'm familiar with Malwarebytes so I'm used to waiting for the scan to finish it takes quite a while usually.

  • 0




  • Retired Staff
  • 8,228 posts
You are welcome.

I do have a screen saver - I'm not sure how to disable it though, I went into the control panel and I can select "none" is that what you mean?

That's it :thumbsup:

Please continue with the scans and post the logs :)
  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Thanks will do, might take a little while to get back to you.
  • 0





  • Retired Staff
  • 8,228 posts
  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hello posting the first log from malwarebytes full scan.

Nothing picked up so I haven't needed to do the removal step, this is right I think?

Ok onto the rest.


Malwarebytes Anti-Malware

Database version: v2013.08.30.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Frances :: FRANCES-PC [administrator]

30/08/2013 16:09:56
mbam-log-2013-08-30 (16-09-56).txt

Scan type: Full scan (C:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 425447
Time elapsed: 1 hour(s), 54 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

  • 0




  • Retired Staff
  • 8,228 posts

You haven't posted the ESET scan log or the SecurityCheck log. Is there a problem?
  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi No problem so far just need a little more time!

Be back in by tomorrow.

  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Just as a quick note I am noticing that I have have to re-boot my computer a few times as it seemed to get stuck going to a page on the internet, and sometimes while on a webpage I get re-directed back to firefox browser.

It's late here so I'll be back tomorrow.

thanks again.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP