Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Proxy keeps turning on

Started by bhzendner , Dec 29 2014 10:14 PM

  • Please log in to reply

#16
bhzendner
Posted 14 January 2015 - 09:42 AM

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

# AdwCleaner v4.107 - Report created 14/01/2015 at 07:36:39

# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Sheila - ACCOUNTING
# Running from : C:\Users\Sheila\Desktop\adwcleaner_4.107.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\Users\Sheila\AppData\Local\GeniusBox
Folder Deleted : C:\Users\Sheila\AppData\LocalLow\YahooCouponAddOn
Folder Deleted : C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggebenakhmhfdkmkemdmllecchcldgec
Folder Deleted : C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\eefhnbpnnaaokmclnihgajdnlgljajjg
File Deleted : C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Optimizer Pro Schedule
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fmgckcapmffomaifonnhgkfdgljnkpgi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ggebenakhmhfdkmkemdmllecchcldgec
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eefhnbpnnaaokmclnihgajdnlgljajjg
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ib.adnxs.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\lax1.ib.adnxs.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\quizzes.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Opera v21.0.1432.67
 
[C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [4278 octets] - [14/01/2015 07:30:58]
AdwCleaner[S0].txt - [4303 octets] - [14/01/2015 07:36:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4363 octets] ##########

  • 0

Advertisements

#17
bhzendner
Posted 14 January 2015 - 09:51 AM

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Sheila on Wed 01/14/2015 at  7:47:39.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\prefetch\DRIVERSCANNER.TMP-10C06897.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Sheila\AppData\Roaming\pcdr"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/14/2015 at  7:50:05.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#18
bhzendner
Posted 15 January 2015 - 11:08 AM

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Where are we?


  • 0

#19
zep516
Posted 15 January 2015 - 04:33 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,012 posts
Hello,

How is the computer doing right now ?

Joe
  • 0

#20
bhzendner
Posted 15 January 2015 - 04:35 PM

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Seems ok, no switchbacks so far, what do the logs show?


  • 0

#21
zep516
Posted 15 January 2015 - 05:03 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,012 posts
Hello,

A few items to address in log,

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
ProxyEnable: [S-1-5-21-2236943327-1624783660-3240051488-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2236943327-1624783660-3240051488-1001] => http=127.0.0.1:62929;https=127.0.0.1:62929
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2236943327-1624783660-3240051488-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
CHR DefaultSuggestURL: Default -> http://vinstaller.co...nd={searchTerms}
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
CHR HKLM-x32\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fmgckcapmffomaifonnhgkfdgljnkpgi] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ggebenakhmhfdkmkemdmllecchcldgec] - No Path
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path
C:\Users\Sheila\AppData\Local\Temp\install_temp.exe
C:\Users\Sheila\AppData\Local\Temp\SymCCIS.dll
C:\Users\Sheila\AppData\Local\Temp\SymInstallStub.exe
CustomCLSID: HKU\S-1-5-21-2236943327-1624783660-3240051488-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sheila\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
Task: {29CCCB71-F507-413C-A077-9F598E1544EE} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {5B4099C8-73CE-479D-8F95-0668AEF3EDF7} - \PocketCloud No Task File <==== ATTENTION
Task: {660121E0-B19C-483A-BA14-74D81C9F567C} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Task: {8108E642-F471-4E3D-B1CC-2AD7B5717F9B} - \SystemToolsDailyTest No Task File <==== ATTENTION
Task: {D9053E81-7BF5-4FB1-890E-9E110AFF233A} - \PocketCloudUpdater No Task File <==== ATTENTION
Task: {F610FF9A-DF56-4C75-AB3F-6C61F0D45888} - \PocketCloudVirtualChannel No Task File <==== ATTENTION
Task: {FB416C51-0EB9-4CB8-92A0-B0F4BC2FDDF8} - \PCDEventLauncherTask No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Sheila\OneDrive:ms-properties
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
CMD: ipconfig /flushdns
hosts:
Emptytemp:
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

In your next reply post:

Fixlog.txt

Thanks
Joe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP