Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google Redirect?

Started by njnauticalnut , Sep 16 2013 01:04 PM

Please log in to reply

#16
njnauticalnut

Posted 18 September 2013 - 11:12 AM

Member

Topic Starter
Member
22 posts

AdwCleaner log

# AdwCleaner v3.004 - Report created 18/09/2013 at 12:39:59
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\Virus Removal\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3bhtdneb.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [9956 octets] - [03/09/2013 10:22:32]
AdwCleaner[R1].txt - [3587 octets] - [17/09/2013 21:02:19]
AdwCleaner[R2].txt - [1030 octets] - [18/09/2013 12:38:58]
AdwCleaner[S0].txt - [9629 octets] - [03/09/2013 10:32:00]
AdwCleaner[S1].txt - [3720 octets] - [17/09/2013 21:06:19]
AdwCleaner[S2].txt - [953 octets] - [18/09/2013 12:39:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1012 octets] ##########

#17
njnauticalnut

Posted 18 September 2013 - 11:31 AM

Member

Topic Starter
Member
22 posts

Malware Bytes log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.18.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Owner :: OWNER-PC [administrator]

9/18/2013 1:18:53 PM
mbam-log-2013-09-18 (13-18-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203393
Time elapsed: 10 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#18
njnauticalnut

Posted 18 September 2013 - 03:57 PM

Member

Topic Starter
Member
22 posts

With the ESET Online Scanner do I only click on uninstall application on close or do I also click on delete quarantined files? I have left ESET open until I get the answer.

ESET Log

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9665a0110ac2fa4d904504dacf3f9981
# engine=15177
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-18 08:49:09
# local_time=2013-09-18 04:49:09 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 131080799 0 0
# scanned=281739
# found=9
# cleaned=9
# scan_time=11130
sh=25DC3F6CE4737CF236C3334AC96C67AB044A7DBB ft=1 fh=fc48def012c89f2c vn="probably a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\AskToolbar\setup.exe.vir"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Glary Utilities\ApnIC.dll"
sh=FC1DD1D45CD4E293EF8ED7C2B3709ECB9E04442B ft=1 fh=364b28d8dff84f34 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Glary Utilities\ApnToolbarInstaller.exe"
sh=03D38B8ADCE42831B00B1FE927FE1796180C46C8 ft=1 fh=9fd71002d174e848 vn="probably a variant of Win32/ELEX application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Glary Utilities\v9gls.exe"
sh=F23C4845CA9A96691B38CFBA00E56C8CB658B4F8 ft=1 fh=5ecb8caf265c3650 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\LimeWire\.NetworkShare\LimeWireWin5.5.10.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="a variant of Win32/InstallCore.AZ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\AppData\Roaming\0S1F1O2Z0S2Y1H1T\K-Lite Codec Packages\uninstaller.exe"
sh=CDE34638DCF9325D6CE50E151688A3BCBB0643DC ft=1 fh=cf231f6f96f28a7c vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\Downloads\FreeVideoToJPGConverter.exe"
sh=CA4465FED8127902C233876084962BE515219103 ft=1 fh=2aae4c570c2e1699 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\Downloads\gusetup.exe"
sh=31D2DD44EDF5B7FC6DC8FE217EFFF67C18A88F6C ft=1 fh=be2ef24bc864bb71 vn="a variant of Win32/AirAdInstaller.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Owner\Downloads\Setup(2).exe"

ESET List of Threats
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\AskToolbar\setup.exe.vir probably a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Program Files (x86)\Glary Utilities\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Program Files (x86)\Glary Utilities\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Program Files (x86)\Glary Utilities\v9gls.exe probably a variant of Win32/ELEX application cleaned by deleting - quarantined
C:\Program Files (x86)\LimeWire\.NetworkShare\LimeWireWin5.5.10.exe multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\Roaming\0S1F1O2Z0S2Y1H1T\K-Lite Codec Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\FreeVideoToJPGConverter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Owner\Downloads\gusetup.exe multiple threats cleaned by deleting - quarantined
C:\Users\Owner\Downloads\Setup(2).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined

#19
njnauticalnut

Posted 19 September 2013 - 07:08 AM

Member

Topic Starter
Member
22 posts

I have left ESET open until I find out whether to delete the quarantined files. When you get a chance please let me know. Thanks.

#20
Phel

Posted 19 September 2013 - 08:35 AM

Trusted Helper

Malware Removal
1,386 posts

Have you installed LimeWire and Glarysoft Utilites by yourself?

#21
njnauticalnut

Posted 19 September 2013 - 09:07 AM

Member

Topic Starter
Member
22 posts

I have installed LimeWire but can uninstall it. I am not familiar with Glarysoft Utilities so I would say that I did not install it.

#22
Phel

Posted 19 September 2013 - 09:19 AM

Trusted Helper

Malware Removal
1,386 posts

Okay, then allow ESET to remove quarantined files.

#23
njnauticalnut

Posted 19 September 2013 - 10:48 AM

Member

Topic Starter
Member
22 posts

Thanks. Is there anything else that I need to do?

#24
Phel

Posted 19 September 2013 - 11:03 AM

Trusted Helper

Malware Removal
1,386 posts

Is there anything else that I need to do?

Yes, there are a few steps till the completion. Please, answer on one question: do you still have any problems?

#25
njnauticalnut

Posted 19 September 2013 - 11:52 AM

Member

Topic Starter
Member
22 posts

I am not noticing any problems. I am no longer being redirected to a page of ads and those Ads when I do a google search are gone. The ad at the top of my webmail is also gone and all the links on webpages are working.

#26
Phel

Posted 19 September 2013 - 02:23 PM

Trusted Helper

Malware Removal
1,386 posts

Congratulations, your PC is clean now.

However, you need to follow some important steps to remove tools and prevent infection again.

Warning! I have noticed, that you are using P2P (Peer-to-peer)-programs.

I see that you have installed programs, called uTorrent and LimeWire. These programs are classified as P2P-programs - programs, whose are downloading content (movies, music, programs and etc.) via P2P-networks (torrents). P2P-networks are a huge source of malware, so you can easily pick up it.

So, I strongly recommend you to remove these programs from your computer. If you don't want to remove these programs from your computer, please, at least be very careful, what you are downloading from torrents.

Warning! You have Windows Sidebar enabled.

Windows Sidebar is used for beautiful and informative widgets, whose take a place on your Desktop. This feature is really useful and nice for users. But it has one big minus - Windows Sidebar has a very dangerous vulnerability, which allows malware to exploit your PC and infect it. Because this vulnerability couldn't be fixed, there is only one way to protect your computer from attack - disable Windows Sidebar. So, I strongly recommend you to disable Sidebar.

To learn more about this problem and how to disable Windows Sidebar, please, visit this site.

Step 1. Uninstalling Programs.

Open Start menu.
Click on Control Panel.
Click on Programs and Features. New window should appear.
Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

ESET Online Scanner
Malwarebytes Anti-Malware
Glary Utilities 2.41.0.1358
uTorrent - optional
LimeWire 5.5.16 - optional

Step 2. Uninstall AdwCleaner.

Run AdwCleaner on your Desktop.
Click Uninstall button.
AdwCleaner will be removed from your computer.

Step 3. CleanUp.

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:
```
:Commands
[EMPTYTEMP]
```
Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
After reboot run OTL again.
Click on CleanUp button.
OTL will be removed from your computer.

Here are some recommendations for you, how to stay safe in the internet.

Keep your system up-to-date. It will increase your protection level, because sometimes malware can use system vulnerabilities.

To learn more, how to turn Automatic Updates on, if you haven't turned it on before, click here.
Keep another software up-to-date too. Malware can often use third party software vulnerabilities.

You can monitor news about vulnerabilities or just simply install software, which will scan your computer for outdated and vulnerable software versions. If outdated version is found, this software will notify you about it and even install updates automatically.

One of these programs is Secunia Personal Software Inspector. It requires installation, you can learn more about it here. This software also has online version - Secunia Online Software Inspector. It's Java applet, which requires Java Runtime Environment. You can learn more about it here.

Another good program is FileHippo.com Update Checker. It requires installation and it scans your computer very rapidly. You can learn more about it here.
Keep your antivirus software always up-to-date.

Turn on automatic definition updates for your antivirus, if you haven't turned it on before, it's a basis of protection. Don't forget to keep your antivirus engine version up-to-date, new versions usually have advanced functionality. They can clean and prevent infections more effectively, than outdated versions.
Use limited user account. It will considerably increase your level of protection.

90% of Malware won't work under limited user account, because they need administrator priveleges. If you are using Windows XP, then you can use DropMyRights while you are surfing in the internet. If you are using Windows 7/Vista, then you'll need to create new User with limited rights.
Invent strong and long passwords for your accounts, if you want to keep your personal and confidential data in safety.

Sometimes malware have very dangerous functionality - they can crack your passwords. Please, set very strong password for your administrator account in Windows, then malware won't harm your PC. Here you can find a nice tutorial, how to create strong passwords. For each account in the internet create individual password.

Hope that these recommendations will help you and you will avoid malware infections in the future. Good luck and safe web to you!

#27
njnauticalnut

Posted 19 September 2013 - 08:53 PM

Member

Topic Starter
Member
22 posts

Thank you for your assistance. I will take care of this over the weekend. Going forward are there scans I should run regularly to pick up any issues? I have Kapersky and Malware Bytes and Superantispyware. Should I run any of the programs that I you have had me run? Thanks.

#28
Phel

Posted 20 September 2013 - 01:10 PM

Trusted Helper

Malware Removal
1,386 posts

Going forward are there scans I should run regularly to pick up any issues?

Yes, it would be nice to run full scan with KAV, MBAM and SAS once in 2-3 months.

Should I run any of the programs that I you have had me run?

No, if you would have any problems, feel free to come back. Tools, whose you have run, shouldn't be used without supervision (except Antivirus scanners).