Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with two search engines simultaneously (malware)


  • Please log in to reply
7 replies to this topic

#1 sffaith

sffaith

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 04 May 2013 - 09:26 PM

Hi.

I'm new here, and I really need your assistance.

 

Two or three days ago, I downloaded what I thought was an issue of a magazine, but it came in an .exe file. After downloading, I scanned for viruses using Avast and Malwarebytes. Both came up with no infections. I began to install it, but thought better of it and canceled. Then I noticed that when opening Chrome, I was redirected from my normal home page to one of two "search engines;" each had their own tab. One is called "websearch.youwillfind.info" and the other is called "search.conduit.com." This was happening in each browser I use: Chrome, Firefox, and IE. I went into Tools and removed these from "Manage my Search Engines," in Chrome and Firefox, and they no longer appear in "Manage My Search Engines." Although I've gotten my regular home page back in all three browswers, in Chrome, the other tabs still come up whenever I open the browser (in addition to my home page). In IE, I couldn't find that list, but did change my home page back to where I wanted it. However, I'm still getting both tabs in Chrome, and in doing a web search, I see that they are malware.

A friend (who referred me here) said that from what he's reading, at least regarding the search.conduit.com infection, it seems that people are having trouble getting rid of the infection(s).

 

I apologize if I was supposed to make separate posts about each infection, but since they hit me simultaneously and I have the same information regarding both, I figured I should probably just make it one post.

 

Obviously, I need help with this. I'm usually pretty savvy about avoiding malware, but clearly, I wasn't very smart about this download.

Thanks for any assistance you can give me.

Faith



BC AdBot (Login to Remove)

 


#2 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 04 May 2013 - 09:27 PM

Security Check

§  Download Security Check from here or here and save it to your Desktop.

§  Double-click on SecurityCheck.exe

§  Follow the on-screen instructions.

§  Notepad document should open automatically called checkup.txt.

§  Please post the content of that document.

 

Farbar Service Scanner

§  Download Farbar Service Scanner.

§  Run it on the computer.

§  Make sure the following options are checked:

o    Internet Services

o    Windows Firewall

o    System Restore

o    Security Center/Action Center

o    Windows Update

o    Windows Defender

o    Other Services

§  Press "Scan".

§  It will create a log (FSS.txt) in the same directory where you run the tool.

§  Please copy and paste the log to your reply.

 

MiniToolBox

§  Download MiniToolBox

§  Run it on the computer.

§  Checkmark following boxes:

§  Report IE Proxy Settings

§  Report FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices (do NOT change any settings here)

§  List Users, Partitions and Memory size

§  Click Go and post the result.

 

Malwarebytes’ Anti-Malware

§  Download Malwarebytes' Anti-Malware https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

§  Double-click mbam-setup.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

§  If an update is found, it will download and install the latest version.

§  Once the program has loaded, select Perform quick scan, then click Scan.

§  When the scan is complete, click OK, then Show Results to view the results.

§  Be sure that everything is checked, and click Remove Selected.

§  When completed, a log will open in Notepad.

§  Post the log back here.

§  Be sure to restart the computer.

§  The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

Malwarebytes’ Anti-Rootkit

§  Download Malwarebytes Anti-Rootkit from HERE to your Desktop.

§  Unzip downloaded file.

§  Open the folder where the contents were unzipped and run mbar.exe

§  Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

§  DO NOT click on the Cleanup button. Simply exit the program.

§  When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

 AdwCleaner

·         Please download AdwCleaner by Xplode onto your desktop.

·         Close all open programs and internet browsers.

·         Double click on adwcleaner.exe to run the tool.

·         Click on Delete.

·         Confirm each time with Ok.

·         Your computer will be rebooted automatically. A text file will open after the restart.

·         Please post the contents of that logfile with your next reply.

·         You can find the logfile at C:\AdwCleaner[S1].txt as well.

Junkware Removal Tool

§  Please download Junkware Removal Tool to your desktop.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

 

Temp File Cleaner

§  Download Temp File Cleaner (TFC) Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

§  Double click on TFC.exe to run the program.

§  Click on Start button to begin cleaning process.

§  TFC will close all running programs, and it may ask you to restart computer.

§  NOTE. If it freezes in normal mode run it from safe mode. Be patient

 

Reset browsers

 

How to restore Google Chrome:
1. Close the Google Chrome browser, if it is running.
2. Go to Start menu, search for Run and open it. Or find it out from the Start menu, All programs, Accessories.
3. Type the following line according to the OS in the run box.

%LOCALAPPDATA%\Google\Chrome\User Data\ (in Windows 8/7/Vista)
%USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\ (in Windows Xp). And hit Enter.

4. There is a folder named Default and this folder contains all the current settings.

5. Rename the Default folder to Default.old.

6. Now lunch the Google Chrome.

See, all the original settings are restored. A new folder "Default" will be created and it will hold all settings for now.

 

How to restore Internet Explorer in Windows 8:

1.     Swipe in from the right edge of the screen (if you're using a mouse, point to the upper-right corner of the screen and move the mouse pointer down), and then tap or click Search. Enter Internet options in the search box, and then tap or click Settings.

 

2.     In the search results, tap or click Internet Options. Tap or click the Advanced tab and then tap or click Reset… 
Note:
 Select the Delete personal settings check box if you would also like to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data. 

 

3.     In the Reset Internet Explorer Settings window tap or click Reset 
Note: 
To delete all personal settings,tap or click the checkbox for Delete personal settings.

 

4.     Close and then restart Internet Explorer for the changes to take effect.

 

How to restore Internet Explorer in Windows XP, Vista or 7:

1.     Exit all programs, including Internet Explorer.

 

2.     If you use Windows XP, click Start, and then click Run. Type the following command in the Open box, and then press Enter: inetcpl.cpl

If you use Windows 7 or Windows Vista, click Start

Type the following command in the Search box, and then press Enter: inetcpl.cpl

The Internet Options dialog box appears.

 

3.     Click the Advanced tab.

 

4.     Under Reset Internet Explorer settings, click Reset. Then click Reset again.
Click to select the Delete personal settings check box if you also want to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data.

 

5.     When Internet Explorer finishes resetting the settings, click Close in the Reset Internet Explorer Settings dialog box.

 

6.     Start Internet Explorer again.

 

How to restore Firefox:

1. At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu
and select Troubleshooting Information.

2. Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.

3. To continue, click Reset Firefox in the confirmation window that opens.

4. Firefox will close and be reset. When it's done, a window will list the information that was imported. Click Finish and Firefox will open.

 

Please do the following :

§  Update Internet Explorer, Mozilla Firefox and Google Chrome

§  Update Java

§  Update Adobe Flash, Shockwave, Air and Reader

§  Update Windows

 

NOTE 1. Make sure all logs are pasted not attached.

NOTE 2. You must have only ONE antivirus on the computer. I recommend a paid antivirus like Norton 360, Kaspersky Pure or Malwarebytes Pro or a free antivirus like Avast, AVG or Microsoft Security Essentials



#3 sffaith

sffaith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 09 May 2013 - 11:40 PM

Francis:

While I appreciate your attempt to help me, I can't help but notice that you are posting this very same advice to a lot of people. It is overwhelming to me, and I wonder whether this massive set of instructions is necessary. In the last few days since I posted, you've gone from 161 posts to 348, and the ones I've checked out all offer the same advice.

 

I prefer to wait to hear from a staff member for advice.

 

Thank you.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:49 PM

Posted 10 May 2013 - 10:58 AM

Hello and welcome let's do this.

Please download Rkill by Grinler and save it to your desktop.
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.


    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
    • Copy and paste the contents of that file in your next reply.
    >>>>>

    ADW Cleaner

    Please download AdwCleaner by Xplode onto your desktop.
    •Close all open programs and internet browsers.
    •Double click on adwcleaner.exe to run the tool.
    •Click on Delete.
    •Confirm each time with Ok.
    •You will be prompted to restart your computer. A text file will open after the restart.
    •Please post the contents of that logfile with your next reply.
    •You can find the logfile at C:\AdwCleaner[S1].txt as well.


    >>>>

    Now I'd like us to scan your machine with ESET OnlineScan
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png
        icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by boopme, 10 May 2013 - 10:59 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 sffaith

sffaith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 10 May 2013 - 12:11 PM

Thank you! Will do that now.



#6 sffaith

sffaith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 10 May 2013 - 02:59 PM

Thank you so much! I believe it's fixed.

I see that a lot of infections came from Ask.com. I never purposely downloaded that, but it does come bundled with certain other downloads. I hate that!

Here are the logs.

 

Again, I really appreciate your help.

Faith

 

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/10/2013 01:20:05 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\FLuber\Desktop\rkill\rkill-05-10-2013-01-20-09.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 05/10/2013 01:20:21 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)
 

-----------------------

 

# AdwCleaner v2.300 - Logfile created 05/10/2013 at 13:27:27
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : FLuber - FAITH-PC
# Boot Mode : Normal
# Running from : C:\Users\FLuber\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\FLuber\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\continuetosave
Folder Deleted : C:\Program Files (x86)\WebSearch
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\FLuber\AppData\Local\APN
Folder Deleted : C:\Users\FLuber\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\FLuber\AppData\Local\Conduit
Folder Deleted : C:\Users\FLuber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\FLuber\AppData\Local\Lucky Savings
Folder Deleted : C:\Users\FLuber\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\FLuber\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings-InternalInstaller_RASMANCS
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.youwillfind.info/?pid=943&r=2013/05/02&hid=4225124919&lg=EN&cc=US --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\FLuber\AppData\Roaming\Mozilla\Firefox\Profiles\wt2drm11.default\prefs.js

Deleted : user_pref("CT3298573_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298573&octid=CT329857[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V37 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.filebulldog.com/results/1/vmn/___u[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3298573");
Deleted : user_pref("betterfacebook.faith.luber/prefs", "{\"installed_on_5\":1308708443611,\"last_message_chec[...]
Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V37 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.youwillfind.info/?pid=943&r=2013/05/02&hid=[...]
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.youwillfind.info/?pid=943&r=2013/05/02&hid=4225124919&lg=[...]
Deleted : user_pref("smartbar.machineId", "KYYGA6UDOT5R8NVHPDESLZLDHPHT/E+EFDNVYWQZ/PA3V+FLZB4L6JFKDEXETPZXPKW[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Users\FLuber\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.3707] : urls_to_restore_on_startup = [ "hxxps://www.facebook.com/", "hxxp://search.conduit.com/?ctid=[...]

*************************

AdwCleaner[S1].txt - [6975 octets] - [10/05/2013 13:27:27]

########## EOF - C:\AdwCleaner[S1].txt - [7035 octets] ##########

------------------------------

C:\$Recycle.Bin\S-1-5-21-741427762-1603724700-2960441155-1001\$RNXF1QH.exe    Win32/InstalleRex.J application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-741427762-1603724700-2960441155-1001\$RSWT5MB.exe    Win32/InstalleRex.J application    cleaned by deleting - quarantined
C:\Users\FLuber\AppData\Local\Temp\A958.tmp    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\FLuber\AppData\Local\Temp\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\FLuber\AppData\Local\Temp\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\FLuber\AppData\Local\Temp\BITA52E.tmp    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\FLuber\AppData\Local\Temp\bundlesweetimsetup.exe    probably a variant of Win32/SweetIM.C application    cleaned by deleting - quarantined
C:\Users\FLuber\AppData\Local\Temp\Lucky-SavingsV3.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\FLuber\AppData\Local\Temp\LuckySavingsV3.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\FLuber\Documents\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\FLuber\Documents\Funstuff\Full_Felix2.exe    Win32/Joke.ScreenMate application    cleaned by deleting - quarantined
F:\Pictures\Downloads\m4a-to-mp3-converter.exe    a variant of Win32/Bundled.Toolbar.Ask.C application    cleaned by deleting - quarantined
C:\Users\FLuber\Downloads\cbsidlm-tr1_13-HCFA1500_Fill_and_Print_NPI-SEO-10912175.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\FLuber\Downloads\converter.exe    a variant of Win32/Bundled.Toolbar.Ask.C application    cleaned by deleting - quarantined
C:\Users\FLuber\Downloads\FreeYouTubeDownloaderInstaller.exe    a variant of Win32/Somoto.A application    cleaned by deleting - quarantined
C:\Users\FLuber\Downloads\m4a-to-mp3-converter (1).exe    a variant of Win32/Bundled.Toolbar.Ask.C application    cleaned by deleting - quarantined
C:\Users\FLuber\Downloads\m4a-to-mp3-converter.exe    a variant of Win32/Bundled.Toolbar.Ask.C application    cleaned by deleting - quarantined
F:\Documents\Documents\Funstuff\Full_Felix2.exe    Win32/Joke.ScreenMate application    cleaned by deleting - quarantined
F:\Documents May 4 2013\Documents\Documents\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
F:\Documents May 4 2013\Documents\Documents\Funstuff\Full_Felix2.exe    Win32/Joke.ScreenMate application    cleaned by deleting - quarantined
F:\Faith Documents - 10-03-12\Documents\Documents\Funstuff\Full_Felix2.exe    Win32/Joke.ScreenMate application    cleaned by deleting - quarantined
F:\Pictures\Downloads\cbsidlm-tr1_13-HCFA1500_Fill_and_Print_NPI-SEO-10912175.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
F:\Pictures\Downloads\converter.exe    a variant of Win32/Bundled.Toolbar.Ask.C application    cleaned by deleting - quarantined
F:\Pictures\Downloads\FreeYouTubeDownloaderInstaller.exe    a variant of Win32/Somoto.A application    cleaned by deleting - quarantined
F:\Pictures\Downloads\m4a-to-mp3-converter (1).exe    a variant of Win32/Bundled.Toolbar.Ask.C application    cleaned by deleting - quarantined
C:\Users\FLuber\Downloads\Avery Wizard 4.01 - US 20111209.exe    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
F:\FLUBER-PC\Backup Set 2011-05-27 120108\Backup Files 2011-12-15 110632\Backup files 1.zip    Win32/Joke.ScreenMate application    deleted - quarantined
F:\FLUBER-PC\Backup Set 2011-05-27 120108\Backup Files 2011-12-15 110632\Backup files 2.zip    multiple threats    deleted - quarantined
F:\FLUBER-PC\Backup Set 2011-05-27 120108\Backup Files 2011-12-15 110632\Backup files 7.zip    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
F:\FLUBER-PC\Backup Set 2012-10-03 120740\Backup Files 2012-10-03 120740\Backup files 1.zip    Win32/Joke.ScreenMate application    deleted - quarantined
F:\Pictures\Downloads\Avery Wizard 4.01 - US 20111209.exe    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
F:\FAITH-PC\Backup Set 2012-10-03 120740\Backup Files 2013-05-05 190001\Backup files 1.zip    multiple threats    deleted - quarantined
F:\FAITH-PC\Backup Set 2012-10-03 120740\Backup Files 2013-05-05 190001\Backup files 6.zip    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
F:\FLUBER-PC\Backup Set 2011-05-27 120108\Backup Files 2011-05-27 120108\Backup files 1.zip    Win32/Joke.ScreenMate application    deleted - quarantined
F:\FLUBER-PC\Backup Set 2011-05-27 120108\Backup Files 2011-05-27 120108\Backup files 17.zip    multiple threats    deleted - quarantined
F:\FLUBER-PC\Backup Set 2011-05-27 120108\Backup Files 2011-05-27 120108\Backup files 19.zip    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
 



#7 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 10 May 2013 - 05:07 PM

It is always necessary to make the steps I have written to be sure the computer is clean. Then I checked the logs you provided and I tell you what to do next.



#8 sffaith

sffaith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 10 May 2013 - 10:36 PM

Well, that's not the instruction I received from the Global Moderator, and his instructions worked just fine. He gave me four steps to follow; you gave me 10. And my browsers did not need to be restored, as you instructed me to do.

Again, I appreciate that you tried to help. But giving me all those steps was overwhelming and unnecessary.

 

Thanks again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users