Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

erunt.3xe


  • Please log in to reply
21 replies to this topic

#1 Cutches100

Cutches100

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 25 January 2013 - 12:31 PM

Hi, I do a malware scan (malwarebytes) every week but then about once a month I run combofix but the last two times of running it and getting the same error I thought it was about time to try and get it sorted, Any help much appreciated

Im not up on all the computer language but can I can follow instructions!
forgot to mention pc win7 64 bit

Attached Files


Edited by Cutches100, 25 January 2013 - 12:34 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:57 PM

Posted 26 January 2013 - 10:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

You may be asked to update ComboFix. Please do before proceeding.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#3 Cutches100

Cutches100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 28 January 2013 - 06:57 PM

Hi I ran combofix but at every stage I got This message that's attached combofix.jpg I also the combo.jpg a couple of times I've also attached the combofix.txt I dony know much about computer but the combofix report didnt look good to me!Attached File  ComboFix.txt   66.64KB   3 downloadsAttached File  combofix.JPG   20.6KB   5 downloadsAttached File  combo.JPG   34.97KB   6 downloads

#4 Cutches100

Cutches100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 28 January 2013 - 07:03 PM

I also ran the screen317s

Attached Files

  • Attached File  317s.txt   872bytes   0 downloads


#5 Cutches100

Cutches100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 28 January 2013 - 07:11 PM

btw totally of subject but noticed the android I have a gnex thats I rooted at mo im running AOKP build 3 but some how god knows how the internal sd seems to have got partitioned dont know how but it has now clockwork mod wont work on the device so I installed TWRP recovery and that works after all that the question is can I unpartition the phone some how I know this is the wrong forum but you never Know till you ask

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:57 PM

Posted 29 January 2013 - 02:13 PM

Important - Hot news/


Jan. 29 2013.
Unfortunately it has come to light that the program ComboFix had a file in it that is infected with the Sality virus.

Information about ComboFix being infected and what you should do
http://www.bleepingcomputer.com/forums/topic483431.html

As suggested on the Bleepingcomputer topic please check your computer to make sure it's not infected.
======

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:57 PM

Posted 04 February 2013 - 09:50 AM

Are you still with me?

#8 Cutches100

Cutches100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 04 February 2013 - 11:19 AM

yeah I thought you must have a lot of work on as I only had that reply about the combofix, but Ive just realised I havent done the ADW scan ooooops

#9 Cutches100

Cutches100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 04 February 2013 - 11:25 AM

the ADW report

# AdwCleaner v2.110 - Logfile created 02/04/2013 at 16:21:17
# Updated 03/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : fletch - FLETCH-PC
# Boot Mode : Normal
# Running from : C:\Users\fletch\Downloads\Programmes\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Web Assistant Updater

***** [Files / Folders] *****

File Found : C:\user.js
File Found : C:\Users\fletch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free M4a to MP3 Converter.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk ( arg. : /lite hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Snagit 10.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70f62c6a7f1739bd\pinned.lnk ( arg. : C:\Windows\system32\shell32.dll,Options_RunDLL 1 hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\ConvertXtoDVD 4.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sticky Notes.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ConvertXtoDVD 4.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PeerBlock.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : -extoff hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
File Infected : C:\Users\fletch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192)
Folder Found : C:\Program Files (x86)\1ClickDownload
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Babylon
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\Media Finder
Folder Found : C:\Program Files (x86)\My_Voucher_Codes
Folder Found : C:\Program Files (x86)\NCH_EN
Folder Found : C:\Program Files (x86)\Perion
Folder Found : C:\Program Files (x86)\PriceGong
Folder Found : C:\Program Files (x86)\Protected Search
Folder Found : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\Program Files\Web Assistant
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Administrator\AppData\LocalLow\Conduit
Folder Found : C:\Users\Administrator\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Administrator\AppData\LocalLow\My_Voucher_Codes
Folder Found : C:\Users\Administrator\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Administrator\AppData\LocalLow\Vuze_Remote
Folder Found : C:\Users\fletch\AppData\Local\AVG Secure Search
Folder Found : C:\Users\fletch\AppData\Local\Babylon
Folder Found : C:\Users\fletch\AppData\Local\Conduit
Folder Found : C:\Users\fletch\AppData\Local\DownTango
Folder Found : C:\Users\fletch\AppData\Local\Giant Savings Extension
Folder Found : C:\Users\fletch\AppData\Local\Ilivid Player
Folder Found : C:\Users\fletch\AppData\Local\OpenCandy
Folder Found : C:\Users\fletch\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\fletch\AppData\LocalLow\BrotherSoft_Extreme
Folder Found : C:\Users\fletch\AppData\LocalLow\Conduit
Folder Found : C:\Users\fletch\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\fletch\AppData\LocalLow\My_Voucher_Codes
Folder Found : C:\Users\fletch\AppData\LocalLow\NCH_EN
Folder Found : C:\Users\fletch\AppData\LocalLow\PriceGong
Folder Found : C:\Users\fletch\AppData\LocalLow\searchquband
Folder Found : C:\Users\fletch\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\fletch\AppData\Roaming\Babylon
Folder Found : C:\Users\fletch\AppData\Roaming\Media Finder
Folder Found : C:\Users\fletch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registry] *****

Key Found : HKCU\Software\
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\
Key Found : HKCU\Software\AppDataLow\Software\
Key Found : HKCU\Software\AppDataLow\Software\BrotherSoft_Extreme
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\My_Voucher_Codes
Key Found : HKCU\Software\AppDataLow\Software\NCH_EN
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{15B9700D-F5B7-4D0A-AE43-9B5099836A58}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15B9700D-F5B7-4D0A-AE43-9B5099836A58}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{934326D2-8B7A-4375-B041-D5D9D7247159}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\Software\
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\Software\BrotherSoft_Extreme
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\DealPly
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Funmoods
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\My_Voucher_Codes
Key Found : HKLM\Software\NCH_EN
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Web Assistant
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{396109AD-ABDC-4E6E-B5EE-9A23D846B377}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74524937-3E7F-4D62-BDAC-65FF98709BC1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8638043E-180A-40BA-9ED5-36C4EEBEF3DE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C34446E8-5165-49FD-8C9F-9755E394BFA6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA625138-A247-45E0-B37D-FD2A6D3FB31D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKLM\SOFTWARE\Web Assistant
Key Found : HKU\S-1-5-21-2591572769-639534822-2356307766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2591572769-639534822-2356307766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-2591572769-639534822-2356307766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Found : HKU\S-1-5-21-2591572769-639534822-2356307766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-2591572769-639534822-2356307766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKU\S-1-5-21-2591572769-639534822-2356307766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{15B9700D-F5B7-4D0A-AE43-9B5099836A58}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{51A86BB3-6602-4C85-92A5-130EE4864F13}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D709B3E8-6803-11E2-8870-C80AA9828D51}
[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
[HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192
[HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D709B3E8-6803-11E2-8870-C80AA9828D51}
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=

-\\ Google Chrome v24.0.1312.57

File : C:\Users\fletch\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\fletch\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [29979 octets] - [04/02/2013 16:21:17]

########## EOF - C:\AdwCleaner[R1].txt - [30040 octets] ##########

Attached Files


Edited by nasdaq, 04 February 2013 - 01:52 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:57 PM

Posted 04 February 2013 - 02:11 PM

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Please run ComboFix one more time.
You may be asked to update, please do.

Copy and paste the log for my review.

#11 Cutches100

Cutches100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 04 February 2013 - 02:57 PM

Hi I enclose the ADW report but how come either malwarebytes or avg didnt pick up on these pups also I regularly use ccleaner so dont understand how it has been able to get rid off all these keys to be on the safe side in the future should I da a ADW scan and delete every week?

Attached Files



#12 Cutches100

Cutches100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 04 February 2013 - 07:13 PM

why is it that since I have done the ADW scan everything has gone all jittery and laggy I have ran an AVG scan and thats come back clean I have ran a speed test speedtest.net but thats coming back as normal if you want I could always install team viewer also I have rebooted a few times but that didnt help

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:57 PM

Posted 05 February 2013 - 09:52 AM

No one tool and be up to date all of the time. Each one does what it is intended to do.
You can keep the AdwCleaner tool. Before you run it you must delete the version you have and download the latest.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List installed programs
Click Go and copy/paste the log (Result.txt) into your next post.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#14 Cutches100

Cutches100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 05 February 2013 - 11:19 AM

these are the latest results

Attached Files



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:57 PM

Posted 05 February 2013 - 11:30 AM

Any improvement?

If not run this scan.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

This may take awhile. Do it when you have time.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users