Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

YAWCAM INFECTED MY COMPUTER [Closed] [Solved]


  • This topic is locked This topic is locked

#16
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by Me at 2015-07-11 22:16:53 Run:1
Running from C:\Users\Me\Desktop
Loaded Profiles: Me (Available Profiles: Me)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\runonceex: [Flags] => 
HKLM-x32\...\runonceex: [Title] => UnHackMe Rootkit Check
HKU\S-1-5-21-2418151325-680678365-4071922823-1001\...\MountPoints2: F - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2418151325-680678365-4071922823-1001\...\MountPoints2: {6073ecfa-09ed-11e0-b96c-806e6f6e6963} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2418151325-680678365-4071922823-1001\...\MountPoints2: {789f252d-b893-11e1-95ae-d48564179193} - E:\Autorun.exe /s
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: HKU\S-1-5-21-2418151325-680678365-4071922823-1001 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
URLSearchHook: HKU\S-1-5-21-2418151325-680678365-4071922823-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {2D21A907-C1FE-4CBE-A9F4-CD8441B29B1E} URL = 
SearchScopes: HKU\.DEFAULT -> {33532E57-ED6E-4D55-A0B4-A91A2D3A7A46} URL = 
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-2418151325-680678365-4071922823-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2418151325-680678365-4071922823-1001 -> No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} -  No File
Handler: viprotocol - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin HKU\S-1-5-21-2418151325-680678365-4071922823-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Me\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-2418151325-680678365-4071922823-1001: eagleget.com/EagleGet64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll No File
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\yubur1s0.default\Extensions\[email protected] [2015-04-30]
2015-06-07 03:00 - 2015-05-15 01:12 - 00000376 _____ C:\Windows\Tasks\REGSERVO.job
2015-06-02 16:24 - 2013-11-21 03:21 - 00000000 ____D C:\ProgramData\ProductData
2015-06-16 18:37 - 2012-06-30 14:58 - 00000000 ____D C:\Users\Me\AppData\Roaming\IObit
2015-06-16 18:37 - 2012-06-30 14:58 - 00000000 ____D C:\ProgramData\IObit
2015-06-09 19:39 - 2015-04-16 02:00 - 00002892 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Me
2013-09-15 02:25 - 2014-06-04 15:11 - 0003710 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2012-01-23 21:52 - 2012-01-23 21:52 - 0001854 _____ () C:\Users\Me\AppData\Roaming\GhostObjGAFix.xml
Task: {149159FA-6936-4264-924C-8489A5FE5627} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {350C7E68-0AA0-4C1B-B0DA-A02DDD25FEC2} - System32\Tasks\Driver Booster SkipUAC (Me) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {A8E22EB9-48CE-4B28-BAD0-8A842C9A0529} - System32\Tasks\{1629ABD6-14D9-448D-B81E-EFB00FFAFA54} => pcalua.exe -a "C:\Program Files (x86)\IObit\Advanced SystemCare 6\SecurityHole_Backup\KB2467173.exe" -d "C:\Program Files (x86)\IObit\Advanced SystemCare 6" -c /quiet /norestart
Task: {B11B24C1-AF41-494D-B010-04FD2CDF11E3} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {BDF0B3B6-B2CF-4699-9BAF-21AEA1C596DB} - System32\Tasks\{27BA5220-A105-426D-A5DB-D37B5A0B0E49} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [2015-06-08] (IObit)
Task: {C664EE58-FD55-471E-A5B8-38FC4ACBBD3A} - System32\Tasks\DSite => C:\Users\Me\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C731D637-78CF-4CF7-B14C-37204159A07D} - \Updater19962.exe No Task File <==== ATTENTION
Task: {E52EE3AC-CBBB-4062-B918-C2C860668405} - \Advanced System Protector No Task File <==== ATTENTION
Task: {E9C03BB7-2450-4EB6-AD37-CF3092352422} - System32\Tasks\REGSERVO => C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION
Task: {FFC41751-65C9-4A5C-B98F-7BA1F24E4A56} - System32\Tasks\Uninstaller_SkipUac_Me => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: C:\Windows\Tasks\REGSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe-t C:\Program Files\REGSERVO\REGSERVO.exe <==== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile:  <===== ATTENTION!
HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Classes\exefile:  <===== ATTENTION!
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\PROGRA~2\SearchProtect
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Users\Me\AppData\Roaming\DSite
C:\Program Files\REGSERVO
C:\Program Files (x86)\PC Tools Firewall Plus
C:\Users\Me\AppData\Roaming\PCToolsFirewallPlus
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
 
 
 
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\runonceex\\Flags => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\runonceex\\Title => value removed successfully
"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6073ecfa-09ed-11e0-b96c-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{6073ecfa-09ed-11e0-b96c-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{789f252d-b893-11e1-95ae-d48564179193}" => key removed successfully
HKCR\CLSID\{789f252d-b893-11e1-95ae-d48564179193} => key not found. 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 8 => value removed successfully
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => value data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} => value removed successfully
HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => key removed successfully
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D21A907-C1FE-4CBE-A9F4-CD8441B29B1E}" => key removed successfully
HKCR\CLSID\{2D21A907-C1FE-4CBE-A9F4-CD8441B29B1E} => key not found. 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33532E57-ED6E-4D55-A0B4-A91A2D3A7A46}" => key removed successfully
HKCR\CLSID\{33532E57-ED6E-4D55-A0B4-A91A2D3A7A46} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} => value removed successfully
HKCR\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612} => key not found. 
"HKCR\PROTOCOLS\Handler\viprotocol" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer" => key removed successfully
"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => key removed successfully
C:\Users\Me\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\MozillaPlugins\eagleget.com/EagleGet64" => key removed successfully
C:\Program Files (x86)\EagleGet\npEagleget64.dll not found.
C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\yubur1s0.default\Extensions\[email protected] => moved successfully.
C:\Windows\Tasks\REGSERVO.job => moved successfully.
C:\ProgramData\ProductData => moved successfully.
C:\Users\Me\AppData\Roaming\IObit => moved successfully.
C:\ProgramData\IObit => moved successfully.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Me => moved successfully.
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully.
C:\Users\Me\AppData\Roaming\GhostObjGAFix.xml => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{149159FA-6936-4264-924C-8489A5FE5627}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{149159FA-6936-4264-924C-8489A5FE5627}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{350C7E68-0AA0-4C1B-B0DA-A02DDD25FEC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{350C7E68-0AA0-4C1B-B0DA-A02DDD25FEC2}" => key removed successfully
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Me) => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Me)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8E22EB9-48CE-4B28-BAD0-8A842C9A0529}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8E22EB9-48CE-4B28-BAD0-8A842C9A0529}" => key removed successfully
C:\Windows\System32\Tasks\{1629ABD6-14D9-448D-B81E-EFB00FFAFA54} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1629ABD6-14D9-448D-B81E-EFB00FFAFA54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B11B24C1-AF41-494D-B010-04FD2CDF11E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B11B24C1-AF41-494D-B010-04FD2CDF11E3}" => key removed successfully
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDF0B3B6-B2CF-4699-9BAF-21AEA1C596DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDF0B3B6-B2CF-4699-9BAF-21AEA1C596DB}" => key removed successfully
C:\Windows\System32\Tasks\{27BA5220-A105-426D-A5DB-D37B5A0B0E49} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{27BA5220-A105-426D-A5DB-D37B5A0B0E49}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C664EE58-FD55-471E-A5B8-38FC4ACBBD3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C664EE58-FD55-471E-A5B8-38FC4ACBBD3A}" => key removed successfully
C:\Windows\System32\Tasks\DSite => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C731D637-78CF-4CF7-B14C-37204159A07D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C731D637-78CF-4CF7-B14C-37204159A07D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater19962.exe" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E52EE3AC-CBBB-4062-B918-C2C860668405}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E52EE3AC-CBBB-4062-B918-C2C860668405}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9C03BB7-2450-4EB6-AD37-CF3092352422}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9C03BB7-2450-4EB6-AD37-CF3092352422}" => key removed successfully
C:\Windows\System32\Tasks\REGSERVO => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\REGSERVO" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFC41751-65C9-4A5C-B98F-7BA1F24E4A56}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFC41751-65C9-4A5C-B98F-7BA1F24E4A56}" => key removed successfully
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Me not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Me" => key removed successfully
C:\Windows\Tasks\REGSERVO.job not found.
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Classes\exefile" => key removed successfully
"C:\Program Files (x86)\AVG SafeGuard toolbar" => File/Folder not found.
"C:\PROGRA~2\SearchProtect" => File/Folder not found.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Folder not found.
"C:\Users\Me\AppData\Roaming\DSite" => File/Folder not found.
"C:\Program Files\REGSERVO" => File/Folder not found.
C:\Program Files (x86)\PC Tools Firewall Plus => moved successfully.
C:\Users\Me\AppData\Roaming\PCToolsFirewallPlus => moved successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{D25C89D6-28BB-46E6-9F19-4B427E8A3E68} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 456 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 22:17:39 ====

  • 0

Advertisements


#17
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi BeachBumBum

You did good with the FRST fix. :thumbsup:

Here are the next steps for you.

Step1 - Junkware Removal Tool


Download Junkware Removal Tool by thisisu and save it to your desktop.

Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.


Step2 - Adwcleaner


Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    AdwCleaner.png
  • Click the Scan button and wait for the program to finish.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
  • Please copy/paste the generated log to your next reply.
Things for your next post:
  • JRT.txt
  • AdwCleaner[S*].txt
  • How is your computer running now?

    Thanks

  • 0

#18
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.5 (07.12.2015:1)
OS: Windows 7 Home Premium x64
Ran by Me on Sun 07/12/2015 at 12:59:49.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully deleted: [Service] yahooauservice [Reboot required]
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2418151325-680678365-4071922823-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271147}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update WiseEnhance
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util WiseEnhance
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\ProgramData\sparktrust
Successfully deleted: [Folder] C:\Users\Me\appdata\local\tempdir
Successfully deleted: [Folder] C:\Users\Me\AppData\Roaming\pc-gizmos
Successfully deleted: [Folder] C:\Users\Me\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\Users\Me\AppData\Roaming\sparktrust
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Me\AppData\Roaming\mozilla\firefox\profiles\yubur1s0.default\searchplugins\safeguard-secure-search.xml
Successfully deleted the following from C:\Users\Me\AppData\Roaming\mozilla\firefox\profiles\yubur1s0.default\prefs.js
 
user_pref(CT3298566.FirstTime, true);
user_pref(CT3298566.FirstTimeFF3, true);
user_pref(CT3298566.PG_ENABLE, dHJ1ZQ==);
user_pref(CT3298566.SF_JUST_INSTALLED.enc, RkFMU0U=);
user_pref(CT3298566.SF_STATUS.enc, RU5BQkxFRA==);
user_pref(CT3298566.TopHitsConfig.enc, ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zc
user_pref(CT3298566.UserID, UN27599149202583457);
user_pref(CT3298566.YTbyClickFavorites.enc, W10=);
user_pref(CT3298566.YTbyClickRecent.enc, W10=);
user_pref(CT3298566.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3298566.browser.search.defaultthis.engineName, true);
user_pref(CT3298566.cbfirsttime.enc, U2F0IFNlcCAyOCAyMDEzIDIwOjMzOjMxIEdNVC0wNDAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp);
user_pref(CT3298566.countryCode, US);
user_pref(CT3298566.firstTimeDialogOpened, true);
user_pref(CT3298566.fixPageNotFoundErrorByUser, TRUE);
user_pref(CT3298566.fixPageNotFoundErrorInHidden, true);
user_pref(CT3298566.fullUserID, UN27599149202583457.XX.20130928203231);
user_pref(CT3298566.isCheckedStartAsHidden, true);
user_pref(CT3298566.isFirstTimeToolbarLoading, false);
user_pref(CT3298566.lastVersion, 10.19.2.505);
user_pref(CT3298566.mam_gk_appStateReportTime, %B7%B9%BF%BB%BF%BD%B9%BB%BC%B6%BA%B7%BE);
user_pref(CT3298566.mam_gk_appStateReportTime.enc, MTM5NTk3MzU2MDQxOA==);
user_pref(CT3298566.mam_gk_appState_ACplus.enc, b24=);
user_pref(CT3298566.mam_gk_appState_Clarity_Active, %F5%F4);
user_pref(CT3298566.mam_gk_appState_Clarity_Active.enc, b24=);
user_pref(CT3298566.mam_gk_appState_CouponBuddy.enc, b24=);
user_pref(CT3298566.mam_gk_appState_Discover.enc, b24=);
user_pref(CT3298566.mam_gk_appState_Easytobook.enc, b24=);
user_pref(CT3298566.mam_gk_appState_Easytobook_targeted.enc, b24=);
user_pref(CT3298566.mam_gk_appState_Find-a-Pro.enc, b24=);
user_pref(CT3298566.mam_gk_appState_PiclickV2-WebSearch.enc, b24=);
user_pref(CT3298566.mam_gk_appState_PriceGong.enc, b24=);
user_pref(CT3298566.mam_gk_appState_WindowShopper.enc, b24=);
user_pref(CT3298566.mam_gk_appsConfig.enc, eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY
user_pref(CT3298566.mam_gk_appsDefaultEnabled, %F4%FB%F2%F2);
user_pref(CT3298566.mam_gk_appsDefaultEnabled.enc, bnVsbA==);
user_pref(CT3298566.mam_gk_currentBadgeValue, %B7);
user_pref(CT3298566.mam_gk_currentBadgeValue.enc, MQ==);
user_pref(CT3298566.mam_gk_currentVersion, %B7%B4%B7%B9%B4%B6%B4%B7%BD);
user_pref(CT3298566.mam_gk_currentVersion.enc, MS4xMy4wLjE3);
user_pref(CT3298566.mam_gk_existingUsersRecoveryDone.enc, MQ==);
user_pref(CT3298566.mam_gk_first_time, %B7);
user_pref(CT3298566.mam_gk_first_time.enc, MQ==);
user_pref(CT3298566.mam_gk_installer_preapproved.enc, VFJVRQ==);
user_pref(CT3298566.mam_gk_lastLoginTime, %B7%B9%BF%BB%BF%BD%B9%BB%BC%B6%BE%BA%B8);
user_pref(CT3298566.mam_gk_lastLoginTime.enc, MTM5NTk3MzU2MDg0Mg==);
user_pref(CT3298566.mam_gk_localization.enc, eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXB
user_pref(CT3298566.mam_gk_newApps, %E1%E3);
user_pref(CT3298566.mam_gk_newApps.enc, W10=);
user_pref(CT3298566.mam_gk_new_welcome_experience.enc, MQ==);
user_pref(CT3298566.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);
user_pref(CT3298566.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjo
user_pref(CT3298566.mam_gk_settings1.12.0.5, ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%
user_pref(CT3298566.mam_gk_settings1.12.0.5.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAxMTkiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg2XzAiLCJpc1Rlc3Q
user_pref(CT3298566.mam_gk_settings1.13.0.17, ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7
user_pref(CT3298566.mam_gk_settings1.13.0.17.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAzMjgiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsIlJUSy
user_pref(CT3298566.mam_gk_showWelcomeGadget, %EC%E7%F2%F9%EB);
user_pref(CT3298566.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);
user_pref(CT3298566.mam_gk_stamp, %B7%B6%BA%B9%E5%B6);
user_pref(CT3298566.mam_gk_stamp.enc, MTA0M18w);
user_pref(CT3298566.mam_gk_userBornDate, %D4%B5%C7);
user_pref(CT3298566.mam_gk_userBornDate.enc, Ti9B);
user_pref(CT3298566.mam_gk_userId, %EC%B7%BF%BA%B7%BA%B9%BF%B3%E8%BF%BF%E7%B3%BA%EB%BF%E8%B3%BE%EC%EC%B8%B3%EA%E7%BC%E7%BC%B8%EB%BC%EB%BE%EA%BE);
user_pref(CT3298566.mam_gk_userId.enc, ZjE5NDE0MzktYjk5YS00ZTliLThmZjItZGE2YTYyZTZlOGQ4);
user_pref(CT3298566.mam_gk_user_approval_interacted, %B7);
user_pref(CT3298566.mam_gk_user_approval_interacted.enc, MQ==);
user_pref(CT3298566.mam_gk_welcomeDialogMode, %B7);
user_pref(CT3298566.mam_gk_welcomeDialogMode.enc, MQ==);
user_pref(CT3298566.originalHomepage, chrome://branding/locale/browserconfig.properties);
user_pref(CT3298566.originalSearchEngine, Google);
user_pref(CT3298566.originalSearchEngineName, Google);
user_pref(CT3298566.price-gong.isManagedApp, true);
user_pref(CT3298566.revertSettingsEnabled, false);
user_pref(CT3298566.search.searchAppId, 130110228003246321);
user_pref(CT3298566.search.searchCount, 0);
user_pref(CT3298566.searchFromAddressBarEnabledByUser, false);
user_pref(CT3298566.searchInNewTabEnabledByUser, false);
user_pref(CT3298566.searchInNewTabEnabledInHidden, true);
user_pref(CT3298566.searchSuggestEnabledByUser, false);
user_pref(CT3298566.searchUserMode, 2);
user_pref(CT3298566.serviceLayer_services_Configuration_lastUpdate, 1395973661582);
user_pref(CT3298566.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1394489694658);
user_pref(CT3298566.serviceLayer_services_appsMetadata_lastUpdate, 1395973554274);
user_pref(CT3298566.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1394489694658);
user_pref(CT3298566.serviceLayer_services_login_10.19.2.505_lastUpdate, 1395973571261);
user_pref(CT3298566.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1394489694663);
user_pref(CT3298566.serviceLayer_services_searchAPI_lastUpdate, 1395973661480);
user_pref(CT3298566.serviceLayer_services_serviceMap_lastUpdate, 1395973661418);
user_pref(CT3298566.serviceLayer_services_setupAPI_lastUpdate, 1380414754244);
user_pref(CT3298566.serviceLayer_services_toolbarContextMenu_lastUpdate, 1394489694657);
user_pref(CT3298566.serviceLayer_services_toolbarSettings_lastUpdate, 1395973553159);
user_pref(CT3298566.serviceLayer_services_translation_lastUpdate, 1395973661519);
user_pref(CT3298566.settingsINI, true);
user_pref(CT3298566.showToolbarPermission, false);
user_pref(CT3298566.smartbar.CTID, CT3298566);
user_pref(CT3298566.smartbar.Uninstall, 0);
user_pref(CT3298566.smartbar.homepage, true);
user_pref(CT3298566.smartbar.isHidden, true);
user_pref(CT3298566.smartbar.toolbarName, MixiDJ V30 );
user_pref(CT3298566.toolbarBornServerTime, 28-8-2013);
user_pref(CT3298566.toolbarCurrentServerTime, 28-3-2014);
user_pref(CT3298566.toolbarLoginClientTime, Sat Sep 28 2013 20:32:34 GMT-0400 (Eastern Standard Time));
user_pref([email protected], true);
user_pref([email protected]ed, true);
user_pref(extensions.securespeeddial.amazonPromotionEnabled, false);
user_pref(extensions.xpiState, {\app-profile\:{\[email protected]\:{\d\:\C:\\\\Users\\\\Me\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\yubur1s0.default\\\\
user_pref(smartbar.defaultSearchOwnerCTID, CT3298566);
user_pref(smartbar.homePageOwnerCTID, CT3298566);
user_pref(smartbar.machineId, 8FY4UWJHBIPQCVTP9KAX2P5XGD5MAHECQ3LWUDLZ0IWVU6RJEB6LNAYDBOFZEJ8OPBQRCTP266CYOTBXA0BNIQ);
user_pref(startpage.ntsearch_url, hxxp://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=198484&p={searchTerms});
Emptied folder: C:\Users\Me\AppData\Roaming\mozilla\firefox\profiles\yubur1s0.default\minidumps [1 files]
 
 
 
~~~ Chrome
 
 
[C:\Users\Me\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Me\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Me\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Me\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  gjkpcnacdgdlpfejlgflolpaigoicibh,
  gkcefkcdkepgkpbgncjchhbjgoanleod,
  glmfgahfleepmdfffonfckpmkondpdkg,
  oilkkkefbalmbfppgjmgjoefbclebkce
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/12/2015 at 13:04:43.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Okay getting ready to run the AdwCleaner now

  • 0

#19
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

I ran the AdwCleaner like you said, but it got stuck on "Waiting for action.  Please uncheck elements you want to keep".  Nothing showed up and the only buttons are:  CLEANING (Which has an X on it), LOGFILE and UNINSTALL.  What do I need to do?  BTW...I closed the browser while scanning before I posted this.  The SCAN button is grayed out.


Edited by BeachBumBum, 12 July 2015 - 11:24 AM.

  • 0

#20
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Okay, I figured it out.  But I have one question.  Should I keep AdwCleaner and JRT on my computer to run every so often?  Will these help to keep my computer clean?  Also, do I need to change all my passwords that I've used since this problem?  Anyways...here's the report from AdwCleaner:

 

# AdwCleaner v4.208 - Logfile created 12/07/2015 at 15:57:38
# Updated 09/07/2015 by Xplode
# Database : 2015-07-11.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Me - ME-HP
# Running from : C:\Users\Me\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Driver Boost
Folder Deleted : C:\Program Files (x86)\DriverBoost
Folder Deleted : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
File Deleted : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glmfgahfleepmdfffonfckpmkondpdkg
File Deleted : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage
File Deleted : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage-journal
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\Users\Me\AppData\Local\GDIPFONTCACHEV1.DAT
File Deleted : C:\Users\Me\AppData\Roaming\GDIPFONTCACHEV1.DAT
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\USyndication
Key Deleted : HKCU\Software\Define Ext
Key Deleted : HKCU\Software\Appscion
Key Deleted : HKCU\Software\AppDataLow\Software\Slick Savings
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\FlvPlayer
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\Define Ext
Key Deleted : HKU\.DEFAULT\Software\IObit Apps
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;localhost
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]
 
-\\ Mozilla Firefox v38.0.1 (x86 en-US)
 
 
-\\ Google Chrome v43.0.2357.132
 
[C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN49909181213039174&ctid=CT3277370&UM=2
[C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_50_ch&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyEtCyBzytCzytA0B0B0F0DtN0D0Tzu0StCtDyByEtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StB0AtCzz0AyD0AtAtG0AtC0F0EtGyBtAzy0EtGzytDzyyEtGtD0ByDtB0EzzyBzytCtDzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0EtD0B0FtA0BzytGyDyC0B0EtGyE0Bzz0CtGzzyD0CyCtGtDyEyDzyyB0CyCtD0B0BtDyB2Q&cr=1177079610&ir=
[C:\Users\TEMP.Me-HP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\TEMP.Me-HP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [7603 bytes] - [12/07/2015 13:13:12]
AdwCleaner[S0].txt - [6947 bytes] - [12/07/2015 15:57:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7006  bytes] ##########

Edited by BeachBumBum, 12 July 2015 - 02:04 PM.

  • 0

#21
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi BeachBumBum

Things are taking shape. :). At the end of the cleaning process I will give you some advice on what programs to run and some prevention tips. In your next post don't forget to tell me how the computer is running now. :)

Here are the next steps for you.

Step1 - Malwarebytes scan

I see you already have Malwarebytes installed.
  • Launch Malwarebytes Anti-Malware
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    oGHz2fO.png
  • Go back to Dashboard and click the green Scan Now button.
  • If threats are detected click on Apply actions, the program will ask to reboot the machine.
    MBAMReboot_zps9089ab30.jpg
  • Click Yes.
  • On completion of the scan (or after the reboot) select View Detailed Log
  • Click on Export Button, select Text File, give it the name MBAM Log and save the log to your Desktop.
  • Copy and Paste the contents of the log in your next reply.


    Step2 - ESET on line scan


    Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here. If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG

  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

    Things for your next post:
  • MBAM log
  • ESET log
  • How does your computer seem to be now?

    Thanks

  • 0

#22
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

I already had MBAM on my computer.  Here is the scan results, and I asked you a question on my last post regarding what I should have on my computer to run scans with, ie. AdwCleaner, JRT, etc.  And my computer has been running okay since I finally got it restored to a previous point but was sure there was still Maleware on it.  I downloaded the Eset from Chrome and ran it.  I don't know if I did it right or not.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/12/2015
Scan Time: 10:53:46 PM
Logfile: MBAM log.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.07.12.04
Rootkit Database: v2015.07.10.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Me
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 447725
Time Elapsed: 14 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 

 

(end)
________________________________________________
 
C:\FRST\Quarantine\C\ProgramData\IObit\ASCDownloader\ASC8\Driver Booster 2.exe a variant of Win32/OpenCandy.C potentially unsafe application
 

  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Bruce is away for a few days so I will finish off :)
 

Should I keep AdwCleaner and JRT on my computer to run every so often

As these programmes are continuously updated then just download and use as required
 

Also, do I need to change all my passwords that I've used since this problem?

There were no indications of a key logger so you should be OK

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#24
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Essexboy, thank you for following up with Bruce.  I have a few questions before we close this thread, if that's okay with you.  First, I ran Delfix and then tried to find Java in my Control Panel but could not locate it.  I can't locate it in Chrome and haven't tried going directly to IE yet.  I haven't used IE or FireFox for a very long time, because I only use Chrome, so not sure how to find it in those browsers.  If you could please walk me through finding Java in control panel and disabling it for all browsers, I would appreciate it.  If you don't know already, I am using Win7.  I already have MBAM but do you think I need to uninstall and download from the site you recommended?  I have been using it for a very, very long time.  One last question (I promise... :yes:  )....I believe it was Bruce (but not sure, it could have been another moderator from a different thread) who told me to uninstall my PC Tools Firewall because it was discontinued.  He said that Windows Firewall is sufficient.   What is your take on that?  Should I continue to use Win Firewall or install a third party firewall with my avast!?  Just want to make sure I am using the right combination to keep my computer safe.  And thanks so much for yours and Bruce's help!!   :spoton: 


  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Java was showing as installed in your control panel : Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

In this case as you do not use it, then rather than search for it run Javara to remove all Java elements :)

I already have MBAM but do you think I need to uninstall and download from the site you recommended? I have been using it for a very, very long time

No I forgot to remove that instruction from my list :wacko:
 

I believe it was Bruce (but not sure, it could have been another moderator from a different thread) who told me to uninstall my PC Tools Firewall because it was discontinued.  He said that Windows Firewall is sufficient.   What is your take on that?

The firewall with windows 7 is more than sufficient for normal usage
 
You can set Avast to stop PUP's (Potentially Unwanted Programmes) installing
 
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
pups.JPG
  • 0

Advertisements


#26
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

I went to Cnet to download JavaRa but can't figure out how to use it.  It wanted me to update to a newer version, and now I have two versions and still can't figure out how to use them.

I want to put a screenshot on here, but don't know how to do it.  I googled how to do a print screen then tried using the sniping tool, and also the PrntScrn button, but they won't let me copy and paste here.  OMG I'm so computer illiterate!!  I thought I knew a FEW things, but dang it, I guess I need a nanny..ha.  I'm so sorry I'm taking up so much of your time.  You and Bruce have been so patient with me.  If you could just tell me how to do a screen print and paste it here, I can show you what I mean.  Thanks again.  


  • 0

#27
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Okay so I found out how to use Photobucket to paste a screenshot.  If there's another simpler way, please let me know.  Thanks

 

JavaRA_zpsbuwghex9.png


Edited by BeachBumBum, 15 July 2015 - 02:46 PM.

  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Click the remove java runtime button and follow the prompts

Capture.JPG

Press Run uninstaller
Capture1.JPG
  • 0

#29
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Okay did that.  It kept asking me if I wanted to get the latest version again, though.  But I just ignored it, and continued.  Was using Photobucket the best and fastest way to do a screenshot?  It wasn't fast for me.  Took me a long time to do it.  If there were a faster way, I would love to know.

 

Anyways, thank you so very much for all your help.  And I guess I am done with everything.  You and Bruce have been so sweet and patient to help me.  God bless you both and have a wonderful day.   :spoton:


  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You can use the windows snipping tool :)

http://www.7tutorial...e-snipping-tool
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP