Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

  • This topic is locked This topic is locked

#46
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
sorry for the many typos..In will try proofreading better.
  • 0

Advertisements


#47
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Oh..incidently, I purchased this computer in late february of this year..or Jan...around then, from a pawnshop so files said to be created in 2013 for me are impossible dates.
  • 0

#48
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Thank you for the extra information.  I'll try and look at it tonight.

 

Did you get to run the AdwCleaner scan yet?


  • 0

#49
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
# AdwCleaner v4.001 - Report created 25/10/2014 at 13:36:22
# Updated 20/10/2014 by Xplode
# Database : 2014-10-23.2
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner-1 - DPLACE
# Running from : C:\Users\Owner-1\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater3.2.0

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Found : C:\Windows\Reimage.ini
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Enigma Software Group
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\FileCure
Folder Found : C:\ProgramData\iWin
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\ProgramData\Uniblue\DriverScanner
Folder Found : C:\Users\Guest\AppData\Roaming\SearchProtect
Folder Found : C:\Users\Owner-1\AppData\LocalLow\comcasttb
Folder Found : C:\Users\Owner-1\AppData\Roaming\GetPrivate
Folder Found : C:\Users\Owner-1\AppData\Roaming\iWin
Folder Found : C:\Users\Owner-1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boost
Folder Found : C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected]
Folder Found : C:\Users\Owner-1\AppData\Roaming\NCH Software
Folder Found : C:\Users\Owner-1\AppData\Roaming\Systweak

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\appmarket-
Key Found : HKCU\Software\AppDataLow\Software\xfin_portal
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\Reimage
Key Found : HKCU\Software\UpdateStar
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\Reimage
Key Found : [x64] HKCU\Software\UpdateStar
Key Found : HKLM\SOFTWARE\appmarket-
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3307181
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Found : HKLM\SOFTWARE\istart123Software
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{784B00FC-B760-40AC-BDD3-3DE690E925E8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F9652B4-DB32-4DA0-8743-AA0BA600D3FD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{745D0A77-05CB-4FF3-BE77-48D888F06261}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : [x64] HKLM\SOFTWARE\Reimage
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [8686 octets] - [25/10/2014 13:36:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8746 octets] ##########
  • 0

#50
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

AdwCleaner Delete run

I have examined the log file and want you to have AdwCleaner delete what it found. Please run the following steps to do this:

Re-run AdwCleaner

Close all open windows and browsers.

  • Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Junkware Removal Tool

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


Things to Reply With, Please >>>>

  • The AdwCleaner[S#].txt log file.
  • The JRT.txt log file.
  • Just for my information, did this system come with any OS install disks, Factory Restore disks, etc. or "as is"?

  • 0

#51
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I ran adware cleaner but did not remove " Boost" because I pay for it, but wii run it again and remove, in case it is infected.. I can always re-install, right.

So here is that log, and I will rerun scan and remove what is recommended.

# AdwCleaner v4.002 - Report created 28/10/2014 at 14:47:58
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner-1 - DPLACE
# Running from : C:\Users\Owner-1\Desktop\adwcleaner_4.002.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater3.2.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
[x] Not Deleted : C:\Users\Owner-1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boost
Folder Deleted : C:\Users\Owner-1\AppData\LocalLow\comcasttb
Folder Deleted : C:\ProgramData\FileCure
Folder Deleted : C:\Users\Owner-1\AppData\Roaming\GetPrivate
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\Users\Owner-1\AppData\Roaming\iWin
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Users\Owner-1\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Guest\AppData\Roaming\SearchProtect
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\Users\Owner-1\AppData\Roaming\Systweak
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected]
File Deleted : C:\END
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Owner-1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Owner-1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3307181
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{745D0A77-05CB-4FF3-BE77-48D888F06261}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{784B00FC-B760-40AC-BDD3-3DE690E925E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F9652B4-DB32-4DA0-8743-AA0BA600D3FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKCU\Software\AppDataLow\Software\appmarket-
Key Deleted : HKLM\SOFTWARE\istart123Software
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\appmarket-
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [8926 octets] - [25/10/2014 13:36:22]
AdwCleaner[R1].txt - [8685 octets] - [28/10/2014 14:38:59]
AdwCleaner[S0].txt - [8906 octets] - [28/10/2014 14:47:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8966 octets] ##########
  • 0

#52
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
# AdwCleaner v4.002 - Report created 28/10/2014 at 15:49:18
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner-1 - DPLACE
# Running from : C:\Users\Owner-1\Desktop\adwcleaner_4.002.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Owner-1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boost

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [8926 octets] - [25/10/2014 13:36:22]
AdwCleaner[R1].txt - [8685 octets] - [28/10/2014 14:38:59]
AdwCleaner[R2].txt - [1064 octets] - [28/10/2014 15:08:44]
AdwCleaner[S0].txt - [9130 octets] - [28/10/2014 14:47:58]
AdwCleaner[S1].txt - [982 octets] - [28/10/2014 15:49:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1041 octets] ##########
  • 0

#53
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner-1 on Tue 10/28/2014 at 16:13:03.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Owner-1\AppData\Roaming\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files (x86)\fixcleaner"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{09F971DC-79D8-4E74-A905-96F7300D2911}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{11C84B5F-08F6-47AD-BB4F-7D64D0BB1C45}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{16C1B8E8-33E1-4992-9413-1E9535DC2923}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{1711B3A1-DCBA-45EF-A9E4-E7E0A9E5F41B}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{1B11040E-A237-47B5-ACF4-8A1B6FCB7873}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{24FF32C3-A238-43DA-AB94-3D6118AD377A}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{27D0495A-0947-47F2-A662-58E77D036041}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{314ABBEF-1289-47A1-B365-D84FE81F8C3C}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{3765C781-0340-4215-95F2-17A1929762CC}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{3888F538-E12F-43E2-861A-228D8F4778B8}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{3B0ADF4F-C311-4004-A644-CDC5F1069358}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{3B62D614-A65C-4A70-B530-5A091127F695}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{3B8787CD-9633-4101-92CF-F343F19D6935}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{3D0E7986-82EF-4466-BFD9-56CC81D9C726}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{54176A2B-69C5-42F1-8620-5A93F1611AE5}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{60D9FFAF-ADFB-4D70-B0E9-E2AE17E9FD11}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{74FA7AA5-F6BC-4308-8231-6AA32116CB03}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{7510169C-3D9E-45E0-B3C5-2A07F8D0CAC5}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{75594086-FCD3-4F1D-A6BD-2394AD7F1D42}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{763F981B-977C-4FA9-8779-4DF88B38245D}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{768D9975-F5BB-43FF-B76F-9C112895F5E7}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{770AFCF8-87B8-436A-98A0-09C25E193065}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{792BAAFA-EFDC-47B2-91C2-1177113ADE41}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{8AAFBCE9-EA12-4D95-A57A-6BDF9C31A24A}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{9B6E8402-CBF0-413E-AFF0-E39525B3B8B7}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{B249B865-FC13-4C65-B6CB-76E8283C6002}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{C1E1DFB9-F230-4755-BF12-7930EFCB088C}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{C90307A6-525E-4786-9675-87B094F38E37}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{DF0ADA1A-E2F1-4C25-9D7B-F76359F0D48C}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{E07C71A2-7AB9-49CD-812A-C7773A0B3795}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{E09F344B-276F-4618-AC3D-BC395B2050F4}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{F2FC17C6-F26E-4095-A6B1-D8A7BCDA512E}
Successfully deleted: [Empty Folder] C:\Users\Owner-1\appdata\local\{FA3CB96A-9D8D-461A-901B-26ADE89B1210}



~~~ FireFox

Emptied folder: C:\Users\Owner-1\AppData\Roaming\mozilla\firefox\profiles\le7ztt4j.default-1407191572707\minidumps [11 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Owner-1\appdata\local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/28/2014 at 16:20:46.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#54
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
As is, no disks. ?I? do have a Win 7 starter for my notebook, but it is 32 bit.
  • 0

#55
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Let's see what MBAM and ESET have to say...

First, scan with MBAM >>>>

Malwarebytes' Anti-Malware
Please Launch Malwarebytes' Anti-Malware from your desktop icon or the start menu item. Notice that I want this to scan your system but I will be reviewing the log to manually remove anything it finds.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link

2a308da4-c469-4a72-b86c-84c05ca1e6a6_zps

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
5f2fe168-2571-4c73-a1e8-945d5aae9e1e_zps

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.

MBAMfoundMalwarescan_zpsafe36848.png
Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).

After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.

Please Copy and Paste the report file to a post here; I will review the file and script what needs to be removed or have MBAM remove the found issues.


Scan with ESET Online scanner


ESET Online Scanner:

Note: You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here. Also, please note that this scan can take a while to run.

  • Please go here to run the scan and click on Run ESET Online Scanner
  • abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps
  • The next screen will be the ESET Online Scanner installer
  • Getinstallerpopup_zps569f8772.png
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer and select Save File
  • downloadsave_zpsb758563f.png
  • Save the file to your desktop; you should see a file like this when the download is finished
  • desktopfile_zps98a1ee89.png Double click on this to start the installation of the ESET Online Scanner
  • In the new window that appears select the option YES, I accept the Terms of Use then click on Start
  • TOU_zps4ecd3406.png
  • Now in the Computer scan settings window that appears:-
  • Make sure that the option Enable detection of potentially unwanted applications is selected.
  • Now click on Advanced Settings and configure the options as follows:
    • Remove found threats is Not checked
    • Scan archives is checked
    • Scan for potentially unsafe applications is checked
    • Enable Anti-Stealth Technology is checked
  • Now click on: Start
  • Loadsettings_2014-08-23_zps3f2d0c88.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • Downloadingsignatures_zps36c38587.png
  • When completed the Online Scan will begin automatically.
  • Scanningdisplay_zpsec3aac14.png
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if any malware was detected, the summary screen will show a warning.
  • Threatsfound_zpsfe95fb4e.png
  • On the Scan results detail window, select to Export to text file, name the file ESET scan results.txt and save it to your desktop.
  • Exporttotextfile_zps16cb487f.png
  • Click <<Back once the file is saved, select 'Uninstall application on close' and click on Finish.
  • UninstallcheckedandFinish_zps6fb26ad8.pn
  • Use Notepad to open the logfile you save on your desktop.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



Logs to Reply with >>>>>

  • The MBAM scan report.
  • The ESET Online Scanner report log
  • How is your system running now?

  • 0

Advertisements


#56
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Ok..a couple of thigs..complex...

1. I have malwarebytes..paid version installed and it will not run..this started a few months ago before installing avg..I accidentally had avast..not sure whether it was free version, or trial full, and also avira..again..dont recall but I think it was a full trial version..I meant to try them separatly, but both were running for about 2 weeks..mbam stopped running, and I read on "geek sites" that one of these 2 programs caused probs with malware bytes..I uninstalled all three and reinstalled mbam after chameleon was unable to get through either...so I installed the newest version 64bit, then realized I had previously used the 32 bit version, because that is the one I purchased when I had my old notebook, with lifetime registered subscription. I tried working with mbam support and had a very bad experience with my tech, as could never find responses in my email, and they kept calling the ticket closed, without fixing it..I was not informed that response were on their site and not emailed.

I have been working with you, and so have not re-opened a ticket with mbam. I can however post a copy of the last instructions given by their staff if it helps. I have not completed their instructions as your site asks not to use other tools while you are helping me.

Edited by devasativa, 03 November 2014 - 03:44 AM.

  • 0

#57
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.


This is a quote from my welcoming post to you. Your next post included this statement ...
 

That said I will attempt your instructions.


Now, I understand that things happen in real life and not everything is in black and white tones. I understand that you may have not had a good experience with Tech Support before and that you may not think that this is any better. I also understand that it is hard to wait around for answers / directions when your system is not 100%; very frustrating, I know. I've been there myself and that is how I know most of what I do now but I would not want you to have to go through what I did to learn it.

We have been working for over two weeks on this system and have only done two FRST scans / Fix scripts and two Adware removal scans. There is much left to do on this system but Malware Removal / System Repair has to be a methodical, step-by-step process (computers like it that way). There are some guidelines in my welcoming post; there are instructions in every post to you.

I will leave it up to you as to if we continue or not. What have I asked you to do?


  • 0

#58
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I do not understand your response.

"What have I asked you to do?"

Up to this point, I thought I have been complying with your instructions. I had asked questions, and let you know as I encountered issues. I have been very happy with your patient and easy to understand instructions. And I have not used any other tools.

The night that I told you about my ignorant actions of changing the program used to open shortcuts, unfortunately was poor decisions due to alchohol ( first time in 23 years.) And I have restored shortcuts to their default settings, so that is no longer an issue. Your response sounds like you are angry with me, if I am interpreting it correctly.

Would you like to read the directions given by mbam staff reguarding restoring their product? I was not aware that they had sent me 2 additional responses since I had problems withe one individual, and so I had not followed up on directions.

I would very much like to continue working with you if that is alright with you. You have been noting but professional and kind, and I really appreciate the time you have devoted to my computer issues. Thank you very much.

Please instruct me how next to proceed.

I thought that I had sent you the results of the EST scan. I was unable to run malware bytes, as I was telling you, It has not been working for months. And also, I had both 32 bit and 64 bit installed on this computer, so should I uninstall it again, then re-install the 64 bit version? Or how can I run it?

I did run the EST scan and have the results of that process, but since it was done before malwarebytes could run, do you want the results yet?
  • 0

#59
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Please accept my apologies, I thought that tool was one you had instructed me to use..I was on my desktop, and I did not go back and read each one again, but I thought it was a tool you had told me to use in an earlier post. I am removing the junkware removal tool right now. I am so sorry for my error..I have way to many things saved to desktop. I will make sure to rre-read instructions before running any program again.

I have no idea where this program came from..Not in program files, nor program86..desktop icon for it is an executable, not a shortcut...


ok, here is scrreenshot..bleeping computer..while I was doing your steps, mirror site..eithe re-directed, or I simply clicked on the wong files..I did not even check name, I just ran it...see the times..so sorry, no disrespect was intended.

Attached Thumbnails

  • junkwareemovaltool  bleeping computer.jpg

Edited by devasativa, 05 November 2014 - 12:26 AM.

  • 0

#60
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

No, I am not mad or angry with you.  But I am a little frustrated with the situation however.  Let's get back on track, OK?

 

Last thing was I wanted a Malwarebytes Antimalware scan and a ESET Online Scanner scan.  Both of these are just scans to see if there are any lingering malware lurking in the corners of your system.  Right now neither one will be removing anything; I will examine the logs and see what needs to be removed or repaired.

 

So, if MBAM will not run right now let us put that off to one side for now and move on to the ESET scan log.  If you have that log, please post it now.  Thank you.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP