Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware: Adventures in Supreme Savings, Default Tab, and Optimizer Pro


  • Please log in to reply
14 replies to this topic

#1 shawbeg

shawbeg

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 04 May 2013 - 01:36 PM

Hello.  I have been reading this log http://www.bleepingcomputer.com/forums/t/493491/supreme-savings-extension/
in hopes of resolving a similar issue. 

I ended up with a triple whammy: Optimizer Pro, Default Tab and Supreme Savings on my Lenovo ThinkPad running Windows 7 and Chrome. I didn't even realize the two Chrome extensions existed and thought my issues were stemming solely from the Optimizer Pro, which showed up as a desktop icon out of the blue. Before reading the above thread, I had already attempted to uninstall Optimizer Pro which was "successful" except for the message indicating that some items would have to be removed manually.  :orange: 

For the record, AVG (free version) was current and running, but I strongly suspect the problems came in when my teenager uninstalled iTunes and attempted to download a new version. I should have been paying closer attention. Grrr!

So, since the uninstall, Optimizer Pro no longer shows up in Programs, but I don't know how to determine if there are residual elements lurking about. Not seeing any problems that appear related (no random PC Optimizing-type windows or the like).

I have also disabled "Default Tab."

But, "Supreme Savings" does not give me the option to disable or delete.

 

Thanks for your help.

 

 



BC AdBot (Login to Remove)

 


#2 Francis Houle

Francis Houle

  • Members
  • 436 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St-Basile-le-Grand, QC, Canada
  • Local time:05:55 PM

Posted 04 May 2013 - 01:49 PM

Security Check

§  Download Security Check from here or here and save it to your Desktop.

§  Double-click on SecurityCheck.exe

§  Follow the on-screen instructions.

§  Notepad document should open automatically called checkup.txt.

§  Please post the content of that document.

 

Farbar Service Scanner

§  Download Farbar Service Scanner.

§  Run it on the computer.

§  Make sure the following options are checked:

o    Internet Services

o    Windows Firewall

o    System Restore

o    Security Center/Action Center

o    Windows Update

o    Windows Defender

o    Other Services

§  Press "Scan".

§  It will create a log (FSS.txt) in the same directory where you run the tool.

§  Please copy and paste the log to your reply.

 

MiniToolBox

§  Download MiniToolBox

§  Run it on the computer.

§  Checkmark following boxes:

§  Report IE Proxy Settings

§  Report FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices (do NOT change any settings here)

§  List Users, Partitions and Memory size

§  Click Go and post the result.

 

Malwarebytes’ Anti-Malware

§  Download Malwarebytes' Anti-Malware http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

§  Double-click mbam-setup.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

§  If an update is found, it will download and install the latest version.

§  Once the program has loaded, select Perform quick scan, then click Scan.

§  When the scan is complete, click OK, then Show Results to view the results.

§  Be sure that everything is checked, and click Remove Selected.

§  When completed, a log will open in Notepad.

§  Post the log back here.

§  Be sure to restart the computer.

§  The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

Malwarebytes’ Anti-Rootkit

§  Download Malwarebytes Anti-Rootkit from HERE to your Desktop.

§  Unzip downloaded file.

§  Open the folder where the contents were unzipped and run mbar.exe

§  Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

§  DO NOT click on the Cleanup button. Simply exit the program.

§  When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

 AdwCleaner

·         Please download AdwCleaner by Xplode onto your desktop.

·         Close all open programs and internet browsers.

·         Double click on adwcleaner.exe to run the tool.

·         Click on Delete.

·         Confirm each time with Ok.

·         Your computer will be rebooted automatically. A text file will open after the restart.

·         Please post the contents of that logfile with your next reply.

·         You can find the logfile at C:\AdwCleaner[S1].txt as well.

Junkware Removal Tool

§  Please download Junkware Removal Tool to your desktop.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

 

Temp File Cleaner

§  Download Temp File Cleaner (TFC) Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

§  Double click on TFC.exe to run the program.

§  Click on Start button to begin cleaning process.

§  TFC will close all running programs, and it may ask you to restart computer.

§  NOTE. If it freezes in normal mode run it from safe mode. Be patient

 

Reset browsers

 

How to restore Google Chrome:
1. Close the Google Chrome browser, if it is running.
2. Go to Start menu, search for Run and open it. Or find it out from the Start menu, All programs, Accessories.
3. Type the following line according to the OS in the run box.

%LOCALAPPDATA%\Google\Chrome\User Data\ (in Windows 8/7/Vista)
%USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\ (in Windows Xp). And hit Enter.

4. There is a folder named Default and this folder contains all the current settings.

5. Rename the Default folder to Default.old.

6. Now lunch the Google Chrome.

See, all the original settings are restored. A new folder "Default" will be created and it will hold all settings for now.

 

How to restore Internet Explorer in Windows 8:

1.     Swipe in from the right edge of the screen (if you're using a mouse, point to the upper-right corner of the screen and move the mouse pointer down), and then tap or click Search. Enter Internet options in the search box, and then tap or click Settings.

 

2.     In the search results, tap or click Internet Options. Tap or click the Advanced tab and then tap or click Reset… 
Note:
 Select the Delete personal settings check box if you would also like to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data. 

 

3.     In the Reset Internet Explorer Settings window tap or click Reset 
Note: 
To delete all personal settings,tap or click the checkbox for Delete personal settings.

 

4.     Close and then restart Internet Explorer for the changes to take effect.

 

How to restore Internet Explorer in Windows XP, Vista or 7:

1.     Exit all programs, including Internet Explorer.

 

2.     If you use Windows XP, click Start, and then click Run. Type the following command in the Open box, and then press Enter: inetcpl.cpl

If you use Windows 7 or Windows Vista, click Start

Type the following command in the Search box, and then press Enter: inetcpl.cpl

The Internet Options dialog box appears.

 

3.     Click the Advanced tab.

 

4.     Under Reset Internet Explorer settings, click Reset. Then click Reset again.
Click to select the Delete personal settings check box if you also want to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data.

 

5.     When Internet Explorer finishes resetting the settings, click Close in the Reset Internet Explorer Settings dialog box.

 

6.     Start Internet Explorer again.

 

How to restore Firefox:

1. At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu
and select Troubleshooting Information.

2. Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.

3. To continue, click Reset Firefox in the confirmation window that opens.

4. Firefox will close and be reset. When it's done, a window will list the information that was imported. Click Finish and Firefox will open.

 

Please do the following :

§  Update Internet Explorer, Mozilla Firefox and Google Chrome

§  Update Java

§  Update Adobe Flash, Shockwave, Air and Reader

§  Update Windows

 

NOTE 1. Make sure all logs are pasted not attached.

NOTE 2. You must have only ONE antivirus on the computer. I recommend a paid antivirus like Norton 360, Kaspersky Pure or Malwarebytes Pro or a free antivirus like Avast, AVG or Microsoft Security Essentials



#3 shawbeg

shawbeg
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 23 May 2013 - 04:56 PM

Security Check log:



Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 10.1.0 Adobe Reader out of Date!  
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 Intel Intel® Small Business Advantage UI IntelSmallBusinessAdvantage.exe 
 Intel Intel® Small Business Advantage Service Intel.SmallBusinessAdvantage.WindowsService.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 

 

 

=========================

 

Farbar Service Scanner log



Farbar Service Scanner Version: 14-04-2013
Ran by Elizabeth (administrator) on 23-05-2013 at 17:33:09
Running from "C:\Users\Elizabeth\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================

 

 

Mini Toolbox Log

 

Hung up on "Getting IPconfig...


=======================

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.05.23.12
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Elizabeth :: ELIZABETH-THINK [administrator]
 
5/23/2013 5:47:11 PM
mbam-log-2013-05-23 (17-47-11).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258932
Time elapsed: 5 minute(s), 57 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 4
C:\Users\Guest\Downloads\FlashPlayer_transaction_id=10291aa18dda1312f99e0b8788769f (1).exe (PUP.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Guest\Downloads\FlashPlayer_transaction_id=10291aa18dda1312f99e0b8788769f.exe (PUP.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Guest\Downloads\mplayer_Setup (1).exe (Adware.IBryte) -> Quarantined and deleted successfully.
C:\Users\Guest\Downloads\mplayer_Setup.exe (Adware.IBryte) -> Quarantined and deleted successfully.
 
(end)
 

===========================

Posting this now so that I can restart computer.............

More to come.



#4 shawbeg

shawbeg
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 23 May 2013 - 05:40 PM

The Malware Bytes Rootkin Scan....

....indicated "No Malware Found" but I was not able to find the logs requested. I have something called a "system log" in the mbar folder which, when open, is nothing but random characters. I do not have Word, only Open Office, so I'm not sure if this is the issue.  

I do not see and mbar log at all.



#5 Francis Houle

Francis Houle

  • Members
  • 436 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St-Basile-le-Grand, QC, Canada
  • Local time:05:55 PM

Posted 23 May 2013 - 09:27 PM

Please continue with the other steps :)



#6 shawbeg

shawbeg
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 24 May 2013 - 05:42 AM

Completed remaining steps last night. 

Temp File Cleaner ran w/out freezing.

Chrome and IE reset (and, it appears restored) without issue.

Was not able to update IE - Had one important update, but error message (sorry...will have to try it again if you need that, as I forgot to write it down) was not among the specific errors listed in Fix It Report, and the general troubleshooting fix claimed to work but did eliminate the problem. 

I....think I forgot to try to update Chrome. Oops. 

I deleted all unwanted/unused extensions in Chrome's settings.
Deleted AVG Safe Search and Toolbar which act so much like Malware that they ought to be called that.
And deleted Sendori which had appeared in the past 3-4 days.  :nono:

 

 

Hope that covered everything. Got some very distressing news right as I was wrapping up the process and had a bit of difficulty making sure I had covered all the bases. 

 

I still have AVG as the only anti-virus program running on this machine.



OH...Firefox. Haven't downloaded it onto this machine, so nothing to do there.

 

.....



#7 shawbeg

shawbeg
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 24 May 2013 - 05:44 AM

Erm....no. Strike that. Looks like Malware Bytes is here as well (makes sense), I just didn't see a desktop/taskbar icon for it so thought maybe it hadn't stuck around. 



#8 Francis Houle

Francis Houle

  • Members
  • 436 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St-Basile-le-Grand, QC, Canada
  • Local time:05:55 PM

Posted 24 May 2013 - 05:05 PM

Did you run Adwcleaner?



#9 shawbeg

shawbeg
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 24 May 2013 - 08:53 PM

Strange. I was sure I had posted about that one.

Anyway, yes. I ran AdwCleaner. 

Here's the log ==

# AdwCleaner v2.301 - Logfile created 05/23/2013 at 18:41:06
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Elizabeth - ELIZABETH-THINK
# Boot Mode : Normal
# Running from : C:\Users\Elizabeth\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : CltMngSvc
Found : DefaultTabSearch
Found : DefaultTabUpdate

***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DefaultTab
Folder Found : C:\Program Files (x86)\MixiDJ_V31
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files\DomaIQ Uninstaller
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\ELIZAB~1\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\Elizabeth\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Elizabeth\AppData\Local\Conduit
Folder Found : C:\Users\Elizabeth\AppData\Local\Supreme Savings
Folder Found : C:\Users\Elizabeth\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Elizabeth\AppData\LocalLow\Conduit
Folder Found : C:\Users\Elizabeth\AppData\LocalLow\MixiDJ_V31
Folder Found : C:\Users\Elizabeth\AppData\Roaming\DefaultTab
Folder Found : C:\Users\Elizabeth\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Elizabeth\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\MixiDJ_V31
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298567
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{61F6DAF6-F6DE-4A6E-8862-D87E8C98EF1A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\MixiDJ_V31
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Supreme Savings
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{61F6DAF6-F6DE-4A6E-8862-D87E8C98EF1A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0A57F7E0-584A-4142-A21B-53D93ECF5067}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8B685EC-F74D-4C42-87C7-768F36337ECF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V31 Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKU\S-1-5-21-1989445166-4290577185-1420609878-501\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3298567&octid=CT3298567&SearchSource=61&CUI=UN63493454422756322&UM=2&UP=SP97D800CC-A3C4-4A7D-8DF2-9084259FAD72

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9766 octets] - [23/05/2013 18:41:06]

########## EOF - C:\AdwCleaner[R1].txt - [9826 octets] ##########



#10 Francis Houle

Francis Houle

  • Members
  • 436 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St-Basile-le-Grand, QC, Canada
  • Local time:05:55 PM

Posted 25 May 2013 - 07:55 AM

You did the scan but you need to do the removal

#11 shawbeg

shawbeg
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 25 May 2013 - 11:49 AM

My recollection of the removal is a little fuzzy now, but I definitely did it. As I recall, I clicked "delete" once but was not prompted to do so repeatedly, the computer rebooted, and that was it.

I can run it again if that's best.

Oh, and since I haven't said so up to now....THANK YOU for working with me!



#12 Francis Houle

Francis Houle

  • Members
  • 436 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St-Basile-le-Grand, QC, Canada
  • Local time:05:55 PM

Posted 25 May 2013 - 08:34 PM

No problem :)

 

Is it solved?



#13 shawbeg

shawbeg
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 26 May 2013 - 12:23 PM

Sure seems to be solved!   :bananas: No more unwanted ads, Super Saver extension is gone, Sendori and AVG Toolbar & Safe Search are gone (giving myself a little pat on the back for those two). 

My only remaining concern is in having Malwarebytes and AVG running on the same machine. Isn't that bad form?

Incidentally, is there any way to figure out how this garbage found us in the first place? Is that answer buried in all those logs somewhere?



#14 Francis Houle

Francis Houle

  • Members
  • 436 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St-Basile-le-Grand, QC, Canada
  • Local time:05:55 PM

Posted 27 May 2013 - 09:49 AM

You can uninstall Malwarebytes now!

 

Incidentally, is there any way to figure out how this garbage found us in the first place? 

Maybe you clicked on an advertisement saying to update flash/download something from a non recommended website by using a software like limewire or utorrent.

 

Is that answer buried in all those logs somewhere? No.



#15 shawbeg

shawbeg
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 27 May 2013 - 07:49 PM

I appreciate your help! I will uninstall Malwarebytes and be on my way. Best to you!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users