[mjdevo31]

Well I'm not sure what else to do. I have downloaded the program twice and I still get the same message when I attempt to launch it.

[Advertisements]

Hi.
 

Well I'm not sure what else to do. I have downloaded the program twice and I still get the same message when I attempt to launch it.

OK safely remove your removable drive (BIG POPPA) if still attached and any other form of USB removable storage media that may be attached at present.

Then delete all copies of both FRST64 and fixlist, some may be designated FRST64(2) and fixlist(2) for example. So basically delete anything that has the following ; FRST64 or fixlist as part of the file name. Then empty your Recycle Bin.

Next:

Download the following(below) to your desktop...

and FRST64.exe

Once you have downloaded both...

• Right-click on FRST64.exe and select Run as Administrator to start FRST.
• Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
• Reboot your machine(ensure you do this) when prompted to do so and post the contents of the newly created Fixlog in your next reply.

[Dakeyras]

Hi.
 

Well I'm not sure what else to do. I have downloaded the program twice and I still get the same message when I attempt to launch it.

OK safely remove your removable drive (BIG POPPA) if still attached and any other form of USB removable storage media that may be attached at present.

Then delete all copies of both FRST64 and fixlist, some may be designated FRST64(2) and fixlist(2) for example. So basically delete anything that has the following ; FRST64 or fixlist as part of the file name. Then empty your Recycle Bin.

Next:

Download the following(below) to your desktop...

and FRST64.exe

Once you have downloaded both...

• Right-click on FRST64.exe and select Run as Administrator to start FRST.
• Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
• Reboot your machine(ensure you do this) when prompted to do so and post the contents of the newly created Fixlog in your next reply.

[mjdevo31]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2014

Ran by Mario at 2014-05-30 21:48:45 Run:5

Running from C:\Users\Mario\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

URLSearchHook: HKCU - (No Name) - {462be121-2b54-4218-bf00-b9bf8135b23f} - No File

URLSearchHook: HKCU - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File

SearchScopes: HKCU - DefaultScope {F48A813B-A772-4D44-82AC-BCFC384CDCA0} URL = http://search.condui...&ctid=CT3244149

SearchScopes: HKCU - {29A7C5FA-551A-4E7F-81E0-2FF8A32D8EC2} URL = http://websearch.ask...D1-11E9FE02EDD8

SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incre...6OyP3p0KLa&i=26

SearchScopes: HKCU - {DE258F5C-7578-41BC-BEFD-5E4E2758ACAB} URL = http://search.yahoo....p={searchTerms}

SearchScopes: HKCU - {F48A813B-A772-4D44-82AC-BCFC384CDCA0} URL = http://search.condui...&ctid=CT3244149

BHO: Privacy Safeguard BHO - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivacySafeguard)

BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File

BHO-x32: No Name - {1036AD63-AEAC-460B-9060-C96005D4DC86} -  No File

BHO-x32: Privacy Safeguard BHO - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard)

Toolbar: HKCU - No Name - {462BE121-2B54-4218-BF00-B9BF8135B23F} -  No File

Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

C:\Program Files\PrivacySafeGuard

C:\Program Files (x86)\Common Files\AVG Secure Search

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml

FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox

C:\Program Files\IB Updater\Firefox

C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic

C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2013-08-23]

CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_bunndle-cb_1_1.crx [2012-08-13]

CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Mario\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-13]

CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Mario\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-13]

CHR HKLM-x32\...\Chrome\Extension: [hfiohanpgnbjdfieigilhiojlaphgdcl] - C:\ProgramData\wxDownload\hfiohanpgnbjdfieigilhiojlaphgdcl.crx [2012-08-13]

CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Mario\AppData\Local\Wajam\Chrome\wajam.crx [2012-07-26]

CHR HKLM-x32\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files (x86)\OApps\chromeaddon.crx [2012-07-26]

CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [2012-07-26]

CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx [2012-07-26]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

C:\ProgramData\SMRResults410.dat

2014-05-05 18:14 - 2014-03-04 14:49 - 00000000 ____D () C:\Program Files (x86)\Search-Protect

Task: {441D558D-FD10-4507-A070-95F98B1494A2} - System32\Tasks\WxDFastUpdaterTask{3BDB104A-A161-445F-A7FA-B134036443A1} => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION

Task: C:\Windows\Tasks\WxDFastUpdaterTask{3BDB104A-A161-445F-A7FA-B134036443A1}.job => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION

Reboot:

*****************

 

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{462be121-2b54-4218-bf00-b9bf8135b23f} => Value not found.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Value not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{29A7C5FA-551A-4E7F-81E0-2FF8A32D8EC2} => Key not found.

HKCR\CLSID\{29A7C5FA-551A-4E7F-81E0-2FF8A32D8EC2} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.

HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DE258F5C-7578-41BC-BEFD-5E4E2758ACAB} => Key not found.

HKCR\CLSID\{DE258F5C-7578-41BC-BEFD-5E4E2758ACAB} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F48A813B-A772-4D44-82AC-BCFC384CDCA0} => Key not found.

HKCR\CLSID\{F48A813B-A772-4D44-82AC-BCFC384CDCA0} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86} => Key not found.

HKCR\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.

HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86} => Key not found.

HKCR\Wow6432Node\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} => Key not found.

HKCR\Wow6432Node\CLSID\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{462BE121-2B54-4218-BF00-B9BF8135B23F} => Value not found.

HKCR\CLSID\{462BE121-2B54-4218-BF00-B9BF8135B23F} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => Value not found.

HKCR\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.

HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.

HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.

HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => Key not found.

HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key not found.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

"C:\Program Files\PrivacySafeGuard" => File/Directory not found.

"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Directory not found.

HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.

"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.

HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.

"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml" => not found.

HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => Value not found.

"C:\Program Files\IB Updater\Firefox" => File/Directory not found.

"C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda" => File/Directory not found.

"C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic" => File/Directory not found.

"C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp" => File/Directory not found.

HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Key not found.

"C:\Program Files\IB Updater\source.crx" => File/Directory not found.

HKLM\SOFTWARE\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh => Key not found.

"C:\Program Files\PrivacySafeGuard\pschrome_bunndle-cb_1_1.crx" => File/Directory not found.

HKCU\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda => Key not found.

"C:\Users\Mario\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda => Key not found.

"C:\Users\Mario\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hfiohanpgnbjdfieigilhiojlaphgdcl => Key not found.

"C:\ProgramData\wxDownload\hfiohanpgnbjdfieigilhiojlaphgdcl.crx" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp => Key not found.

"C:\Users\Mario\AppData\Local\Wajam\Chrome\wajam.crx" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl => Key not found.

"C:\Program Files (x86)\OApps\chromeaddon.crx" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Key not found.

"C:\ProgramData\\ChromeExt\\avg.crx" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco => Key not found.

"C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx" => File/Directory not found.

HKLM\SOFTWARE\Policies\Google => Key not found.

"C:\ProgramData\SMRResults410.dat" => File/Directory not found.

"C:\Program Files (x86)\Search-Protect" => File/Directory not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{441D558D-FD10-4507-A070-95F98B1494A2} => Key not found.

C:\Windows\System32\Tasks\WxDFastUpdaterTask{3BDB104A-A161-445F-A7FA-B134036443A1} not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WxDFastUpdaterTask{3BDB104A-A161-445F-A7FA-B134036443A1} => Key not found.

C:\Windows\Tasks\WxDFastUpdaterTask{3BDB104A-A161-445F-A7FA-B134036443A1}.job not found.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

[Dakeyras]

Hi.

It appears the custom script has been processed more than once. Not a problem however and lets proceed as follows shall we...

Scan with JRT:

Please download Junkware Removal Tool to your desktop.

Alternate download is here.

Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

• Right-click on on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Note: Reboot your machine and ensure all disabled security software is now enabled etc.

Malwarebytes Anti-Malware:

Please download the installer for Malwarebytes' Anti-Malware to your desktop.

• Right-click on mbam-setup-2.0.2.1012.exe and select Run as Administrator, then follow the prompts to install the program.
• Select the language and click OK >> Accept the agreement.
• Make sure a checkmark is placed next to Enable the Free Trial and Launch Malwarebytes' Anti-Malware, then click on finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Scan Now".
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click on Quarantine All
• When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
• Upon restart, launch Malwarebytes Antimalware and select History.
• Double click on the last scan done, then on Copy to Clipboard.
• To submit your reply, click on Add Reply, then right click on the window and select Paste.
• Submit your reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered ?
• Junkware Removal Tool Log.
• Malwarebytes Anti-Malware Log.

[mjdevo31]

Computer seems to be running fine.

 

Upon launching the malware program then going to history, there is no last scan run log to copy. It just shows all the files in quarantine, there is no copy to clipboard key either.

 

Attached Files

•  JRT.txt   15.13KB   501 downloads

[Dakeyras]

Hi.
 

Computer seems to be running fine.

Good.
 

Upon launching the malware program then going to history, there is no last scan run log to copy. It just shows all the files in quarantine, there is no copy to clipboard key either.

Hmmm that is unusual, so when you launch Malwarebytes Anti-Malware >> click on History >> Application Logs >> there is no Scan Log present ?

If so still in the History settings >> click on Quarantine >> expand the Malwarebytes Anti-Malware window to full screen >> and Take a screen shot >> post the aforementioned as a attachment in your next reply please. That way at least I will have some idea what has been removed etc.

[mjdevo31]

It took a little more tooling around. For some reason it would not let me copy to clipboard. Copied and pasted.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/31/2014
Scan Time: 10:31:50 PM
Logfile: scan.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.01.01
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mario

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 285263
Time Elapsed: 19 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 10
Trojan.BHO, HKLM\SOFTWARE\CLASSES\APPID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}, Quarantined, [cd78274c6714c4724b1d42f9a65cdf21],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}, Quarantined, [cd78274c6714c4724b1d42f9a65cdf21],
PUP.Optional.Incredibar, HKLM\SOFTWARE\CLASSES\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}, Quarantined, [420384ef7ffcc6705746cd9caf539868],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [a0a5561d196253e36d5297cfb34f0ff1],
PUP.Optional.Incredibar, HKLM\SOFTWARE\CLASSES\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}, Quarantined, [67de492a007bc472d3cb32370002ca36],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-2349173154-2153486983-3080027658-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [df66c0b3a8d388ae8899fa359270bd43],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF}, Quarantined, [5fe67ff4eb90013501665ae1db27d22e],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF}, Quarantined, [5fe67ff4eb90013501665ae1db27d22e],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF}, Quarantined, [5fe67ff4eb90013501665ae1db27d22e],
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\IB Updater, Quarantined, [bf8692e1710ab086859a7d1d956dd52b],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-2349173154-2153486983-3080027658-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),Replaced,[f94cc2b11b60e74fb8945b01a262cc34]

Folders: 4
PUP.Optional.Wajam.A, C:\Users\Mario\AppData\Local\Wajam, Quarantined, [ab9ad99a6219e94d867b7509ce349c64],
PUP.Optional.Wajam.A, C:\Users\Mario\AppData\Local\Wajam\Chrome, Quarantined, [ab9ad99a6219e94d867b7509ce349c64],
PUP.Optional.1ClickDownload.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected], Quarantined, [d174195ad5a6e4521bc4116eb151f30d],
PUP.Optional.SolidSavings.A, C:\Users\Mario\AppData\Local\Solid Savings, Quarantined, [360ffc777b00b5814cdebad0c53d8977],

Files: 8
PUP.Optional.Spigot.A, C:\ProgramData\YouTube Downloader\ytd_installer.exe, Quarantined, [62e3c4af4c2ff04690ef80a623dde51b],
PUP.Optional.Spigot.A, C:\ProgramData\YTD YouTube Downloader & Converter\ytd_installer.exe, Quarantined, [92b3c6adf5869d9947386abca7596e92],
PUP.Optional.InstallIQ, C:\Users\Mario\Downloads\mediaplayerlitefam_d3759478.exe, Quarantined, [91b4ec870a713afcd0f23be07c85b749],
PUP.Optional.InstallIQ.A, C:\Users\Mario\Downloads\mediaplayerlite_d878913.exe, Quarantined, [10352a4902795adc5c29eb2cba477888],
PUP.Optional.Amonetize.AS, C:\Users\Mario\Downloads\MediaUpdater__2577_i28268057_il561301.exe, Quarantined, [e75e3a39ed8e0b2bff50e72f07fa7c84],
PUP.Optional.IBryte, C:\Users\Mario\Downloads\Word_Setup.exe, Quarantined, [87bed3a0b7c42a0cfee6ba4fca376b95],
PUP.Optional.Bundlore, C:\Users\Mario\Downloads\setup (1).exe, Quarantined, [32137003ff7c2e081d2e5dc4768a2fd1],
PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.outfox.tv/?referid=179", "http://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP6F418339-4F23-42D1-B503-ADA701136BD9&SSPV=", "http://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP6F418339-4F23-42D1-B503-ADA701136BD9&SSPV=" ],), Replaced,[8eb7482b5625270ffdc7c4c9729243bd]

Physical Sectors: 0
(No malicious items detected)


(end)

Attached Files

•  scan.txt   4.64KB   563 downloads

[Dakeyras]

Hi.
 

It took a little more tooling around. For some reason it would not let me copy to clipboard. Copied and pasted.

Acknowledged...

TFC(Temp File Cleaner):

• Please download TFC to the desktop,
• Right-click on TFC.exe and select Run as Administrator to run the program.
• Click the Start button in the bottom left of the GUI(graphical user interface).
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If you would prefer to use Google Chrome for the scan, merely let myself know and I will post/provide the appropriate instructions.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Please go here to run the scan...
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then right click on it and select Run as Administrator to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the log file first!
• Now click on:
• Use notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

[mjdevo31]

C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\update[1] a variant of Win32/Toolbar.Perion.G potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Search-Protect\Updater.exe Win32/Toolbar.Visicom.D potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.31.0.526_0\APISupport\APISupport.dll Win32/Conduit.SearchProtect potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.31.0.526_0\plugins\ChromeApiPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Prism\prism.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Prism\prismsetup_v1.82.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Prism\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\VideoConverter\VideoConverter.exe probably a variant of Win32/InstallCore.C potentially unwanted application deleted - quarantined
C:\Program Files (x86)\VideoConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.AY potentially unwanted application deleted - quarantined
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg potentially unsafe application deleted - quarantined
C:\Users\Mario\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Mario\Downloads\FreeCUDAMovieConverter.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Mario\Downloads\VideoConverterSetup.exe a variant of Win32/InstallCore.AY potentially unwanted application deleted - quarantined
C:\Windows\Installer\MSI294B.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Windows\Installer\MSI8E83.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Windows\Installer\MSIB196.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\Windows\Installer\MSIEE61.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
 

[Dakeyras]

Hi.

It appears you ran the online scan with the remove found threats option selected, fair play and no harm done.

Anyway we might as well clean up the tools used for the malware removal process on this machine as follows. I will dispense with providing some online safety advice until we have sorted your other machine.

Clean-Up with DelFix:

Please download DelFix to the desktop of the machine we have been working on...

• Right-click on delfix.exe and select Run as Administrator to launch the application.
• Referring to the image below, select all available options:

• Then click on Run.
• Once it has finished processing, a notepad file named DelFix.txt will open. Post the contents in your next reply for my review.
• The log can also be located at the root of the system drive, C:\DelFix.txt.
• After you have posted the aforementioned DelFix.txt, delete it and empty the Recycle Bin.

Next:

In your next reply along with the requested DelFix log, let myself know exactly what is wrong/what occurred to your other machine as best able and which operating system it has. We will then go from there, thank you.

[mjdevo31]

# DelFix v10.7 - Logfile created 03/06/2014 at 19:22:13
# Updated 27/04/2014 by Xplode
# Username : Mario - MARIO-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Mario\Desktop\aswMBR.txt
Deleted : C:\Users\Mario\Desktop\Fixlog.txt
Deleted : C:\Users\Mario\Desktop\FRST64.exe
Deleted : C:\Users\Mario\Desktop\JRT.txt
Deleted : C:\Users\Mario\Desktop\MBR.dat
Deleted : C:\Users\Mario\Desktop\scan.txt
Deleted : C:\Users\Mario\Desktop\TFC (1).exe
Deleted : C:\Users\Mario\Downloads\Addition.txt
Deleted : C:\Users\Mario\Downloads\Fixlog.txt
Deleted : C:\Users\Mario\Downloads\JRT.exe
Deleted : C:\Users\Mario\Downloads\TFC (1).exe
Deleted : C:\Users\Mario\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

########## - EOF - ##########

[Dakeyras]

Hi.

It appears you ran DelFix with only the default option selected (Remove disinfection tools) and did not select all as I advised. So please download and run DelFix again as outlined in post #25.

Also do please answer my prior query:-
 

let myself know exactly what is wrong/what occurred to your other machine as best able and which operating system it has

[mjdevo31]

# DelFix v10.7 - Logfile created 04/06/2014 at 16:18:38

# Updated 27/04/2014 by Xplode

# Username : Mario - MARIO-PC

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

 

~ Activating UAC ... OK

 

~ Removing disinfection tools ...

 

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #228 [Windows Update | 03/19/2014 07:00:10]

Deleted : RP #229 [Windows Update | 03/25/2014 06:14:52]

Deleted : RP #230 [Windows Update | 03/29/2014 08:07:01]

Deleted : RP #231 [Windows Update | 04/02/2014 01:53:08]

Deleted : RP #232 [Windows Update | 04/05/2014 03:00:50]

Deleted : RP #233 [Windows Update | 04/08/2014 23:43:31]

Deleted : RP #234 [Windows Update | 04/10/2014 00:33:26]

Deleted : RP #236 [Scheduled Checkpoint | 04/17/2014 02:25:06]

Deleted : RP #237 [Windows Update | 04/18/2014 04:45:11]

Deleted : RP #238 [Windows Update | 04/23/2014 23:51:30]

Deleted : RP #239 [Installed VitalSource Bookshelf. | 04/24/2014 00:31:03]

Deleted : RP #240 [Windows Update | 04/29/2014 22:16:50]

Deleted : RP #241 [Installed Rapport | 05/02/2014 00:51:48]

Deleted : RP #242 [Windows Update | 05/03/2014 02:55:17]

Deleted : RP #243 [Windows Update | 05/03/2014 21:26:28]

Deleted : RP #244 [Windows Update | 05/07/2014 01:45:01]

Deleted : RP #245 [Windows Update | 05/08/2014 01:16:24]

Deleted : RP #246 [Windows Update | 05/10/2014 14:57:35]

Deleted : RP #247 [Windows Update | 05/14/2014 02:10:55]

Deleted : RP #248 [Installed Rapport | 05/15/2014 02:22:55]

Deleted : RP #249 [Windows Update | 05/16/2014 01:14:44]

Deleted : RP #250 [Windows Update | 05/21/2014 01:35:38]

Deleted : RP #251 [Windows Update | 05/26/2014 15:19:13]

Deleted : RP #252 [Norton_Power_Eraser_20140526113015314 | 05/26/2014 15:30:15]

Deleted : RP #253 [Removed ooVoo | 05/26/2014 15:40:49]

Deleted : RP #254 [Scheduled Checkpoint | 06/03/2014 08:41:39]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

[Dakeyras]

You're good to go as they say regarding the machine we have been working upon...

Do you still require assistance with the other machine you mentioned or not ? Let myself know either-way please.

[mjdevo31]

Yes, the machine is toshiba also and has the same virus as this one.it is a satellite c655 55212,