Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser Hijacked/Sidebar Removed - OTL Ran [Solved]


  • This topic is locked This topic is locked

#16
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello. Do you still require assistance?
  • 0

Advertisements


#17
mom2dylkay

mom2dylkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

All is running fine so far.  I am running above and will re-post.  I apologize for the delay in getting back to you. I have an 11-month-old son and he keeps me quite busy.  Thank you!


  • 0

#18
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
No worries. Thanks for the status update. It's much appreciated.
  • 0

#19
mom2dylkay

mom2dylkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wisdom-soft\tbWisd.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\LPT\sppsm.dll.vir a variant of MSIL/Toolbar.Linkury.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\LPT\spusm.dll.vir a variant of MSIL/Toolbar.Linkury.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\LPT\srbu.dll.vir a variant of MSIL/Toolbar.Linkury.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\LPT\srptc.dll.vir a variant of MSIL/Toolbar.Linkury.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir a variant of MSIL/Toolbar.Linkury.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir a variant of MSIL/Toolbar.Linkury.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir a variant of MSIL/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir a variant of MSIL/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\spbl.dll.vir a variant of MSIL/Toolbar.Linkury.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\sppsm.dll.vir a variant of MSIL/Toolbar.Linkury.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\spusm.dll.vir a variant of MSIL/Toolbar.Linkury.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\srbu.dll.vir a variant of MSIL/Toolbar.Linkury.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_25.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_26.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_27.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_28.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_29.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_30.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_31.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\KVogler\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_32.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe a variant of Win32/Bunndle potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\Toolbar.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\Kaylan\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdadcdjgdggdhdbdadjdcdedigedf\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Kaylan\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdadcdjgdggdhdbdadjdcdedigedf\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\KVogler\AppData\Roaming\Mozilla\Firefox\Profiles\guu3u9oy.default\extensions\[email protected] JS/Redirector.NCA trojan deleted - quarantined
C:\Users\KVogler\Downloads\burnsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\cbsidlm-cbsi134-Love_AnimatIon_Cursor-ORG-10462474 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\cbsidlm-cbsi134-Love_AnimatIon_Cursor-ORG-10462474.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\cbsidlm-cbsi134-Unique_Gift_Maker_Greeting_Card_Free_Edition-ORG-10360997 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\cbsidlm-cbsi134-Unique_Gift_Maker_Greeting_Card_Free_Edition-ORG-10360997.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\cbsidlm-cbsi188-CamStudio-ORG-10067101.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\cbsidlm-tr1_13-Minecraft-ORG-75446433.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\KVogler\Downloads\cnet_divorce_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\cnet_divorce_exe.exe&isDlm=1 a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\cnet_Easy Tax Planner 2011 Version 1_0_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\cnet_Easy Tax Planner 2011 Version 1_0_exe.exe&isDlm=1 a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\digital dj.exe a variant of Win32/InstallIQ.A potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\katyperryteenagedream.exe a variant of Win32/InstallIQ potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\minecraftdl_2134.exe Win32/InstalleRex.M potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\Screenhunter.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\Setup (1).exe Win32/OutBrowse.G potentially unwanted application deleted - quarantined
C:\Users\KVogler\Downloads\Setup.exe MSIL/Solimba potentially unwanted application deleted - quarantined
C:\Windows\Installer\1e57e7b.msi Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Windows\Installer\1e581f1.msi Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Windows\Installer\MSI324B.tmp a variant of MSIL/Toolbar.Linkury.G potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\09222014_124929\C_Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\_OTL\MovedFiles\09222014_124929\C_Users\KVogler\AppData\Roaming\mozilla\Firefox\Profiles\guu3u9oy.default\extensions\{6607f251-d663-1e9c-5c15-2cb413a09c1e}\components\SmartbarFireFoxRemotePlugin_25.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\09222014_124929\C_Users\KVogler\AppData\Roaming\mozilla\Firefox\Profiles\guu3u9oy.default\extensions\{6607f251-d663-1e9c-5c15-2cb413a09c1e}\components\SmartbarFireFoxRemotePlugin_26.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\09222014_124929\C_Users\KVogler\AppData\Roaming\mozilla\Firefox\Profiles\guu3u9oy.default\extensions\{6607f251-d663-1e9c-5c15-2cb413a09c1e}\components\SmartbarFireFoxRemotePlugin_27.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\09222014_124929\C_Users\KVogler\AppData\Roaming\mozilla\Firefox\Profiles\guu3u9oy.default\extensions\{6607f251-d663-1e9c-5c15-2cb413a09c1e}\components\SmartbarFireFoxRemotePlugin_28.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\09222014_124929\C_Users\KVogler\AppData\Roaming\mozilla\Firefox\Profiles\guu3u9oy.default\extensions\{6607f251-d663-1e9c-5c15-2cb413a09c1e}\components\SmartbarFireFoxRemotePlugin_29.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\09222014_124929\C_Users\KVogler\AppData\Roaming\mozilla\Firefox\Profiles\guu3u9oy.default\extensions\{6607f251-d663-1e9c-5c15-2cb413a09c1e}\components\SmartbarFireFoxRemotePlugin_30.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

  • 0

#20
mom2dylkay

mom2dylkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Sorry.  Posted twice.  Deleting.  Above is correct.  Working on 2nd part of instructions now.  Thank you.


Edited by mom2dylkay, 07 October 2014 - 08:32 AM.

  • 0

#21
mom2dylkay

mom2dylkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

I just ran the scan for above MBAM and i was saving the log, but then when I tried to open it, it says I cannot locate it.  It did find some threats.  Should i try to run one more time and try to get a log again?  I saved the file as mbamscanlog.txt, and it shows it in the search window but it will not open.


  • 0

#22
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello. Yes. A new scan is sufficient!
  • 0

#23
mom2dylkay

mom2dylkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

It just did the same thing except when I tried to export it and save it, etc., it said that MBAM had stopped working and would have to close.  What shall I do now.  It did quarantine the items it found.  Help.


  • 0

#24
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
So I assume the scan ran successfully and you just weren't able to get the log. If that's the case, see if this works

1. Open up the Malwarebytes program again. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Put a check mark next to Scan Log as shown in the picture below.
5. Click the view button as shown in the picture below. Copy and paste into your next post. Thank you.
 
GetLog.JPG
  • 0

#25
mom2dylkay

mom2dylkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

This is all it tells me when I export:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 10/7/2014 10:36:25 AM, SYSTEM, KROSS-HP, Manual, Rootkit Database, 2014.2.20.1, 2014.9.19.1, 
Update, 10/7/2014 10:36:31 AM, SYSTEM, KROSS-HP, Manual, Malware Database, 2014.3.4.9, 2014.10.7.7, 
 
(end)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 10/7/2014 10:36:25 AM, SYSTEM, KROSS-HP, Manual, Rootkit Database, 2014.2.20.1, 2014.9.19.1, 
Update, 10/7/2014 10:36:31 AM, SYSTEM, KROSS-HP, Manual, Malware Database, 2014.3.4.9, 2014.10.7.7, 
 
(end)

  • 0

Advertisements


#26
mom2dylkay

mom2dylkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Appears when it saved the log it only saved a "protection log" and not a "scan log"?  Weird.


  • 0

#27
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello. Sorry about the delay. I'm just checking something with my instructor. I'll have a response done ASAP. :)
  • 0

#28
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts

Step One

 

Download aswMBR.exe (4.52MB) to your desktop.

Double click the aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

aswMBR2-1.gif

aswMBR2.png

On completion of the scan click save log, save it to your desktop and post it in your next reply.


  • 0

#29
mom2dylkay

mom2dylkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-14 19:48:16
-----------------------------
19:48:16.688    OS Version: Windows x64 6.1.7601 Service Pack 1
19:48:16.688    Number of processors: 2 586 0x603
19:48:16.689    ComputerName: KROSS-HP  UserName: KVogler
19:48:26.012    Initialize success
19:48:26.282    VM: initialized successfully
19:48:27.191    VM: Amd CPU BiosDisabled 
19:49:04.178    VM: supported disk I/O storport.sys
19:51:18.879    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
19:51:18.886    Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 11
19:51:19.010    Disk 0 MBR read successfully
19:51:19.016    Disk 0 MBR scan
19:51:19.023    Disk 0 unknown MBR code
19:51:19.035    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:51:19.051    Disk 0 default boot code
19:51:19.070    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       700217 MB offset 206848
19:51:19.099    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15085 MB offset 1434251264
19:51:19.143    Disk 0 scanning C:\Windows\system32\drivers
19:51:29.888    Service scanning
19:51:44.304    Modules scanning
19:51:44.329    Disk 0 trace - called modules:
19:51:44.368    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
19:51:44.375    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048fa5d0]
19:51:44.382    3 CLASSPNP.SYS[fffff880019bb43f] -> nt!IofCallDriver -> [0xfffffa800487d040]
19:51:44.389    5 amd_xata.sys[fffff880010afd00] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa80047ca060]
19:51:44.396    Scan finished successfully
19:52:02.906    Disk 0 MBR has been saved successfully to "C:\Users\KVogler\Desktop\MBR.dat"
19:52:02.962    The log file has been saved successfully to "C:\Users\KVogler\Desktop\aswMBR.txt"

  • 0

#30
mom2dylkay

mom2dylkay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

I forgot to update the virus definitions.    Sorry about that.  I actually don't think it was quite done when I saved it.  Ooops.  I will re-post once this has been completed. My apologies.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP