Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox opens tabs to sites like "findsection.net". Also, popups. Logs included


  • Please log in to reply
5 replies to this topic

#1 MacFall

MacFall

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 PM

Posted 16 December 2013 - 10:54 PM

This started about a week ago. I get popups like this: http://i.imgur.com/woPGCeq.png (screenshot) and webpages all stick double-underlined links into their text like this: http://i.imgur.com/w0zDkVW.png (screenshot).
 
I ran Malwarebytes, it removed a bunch of stuff, but apparently not what is causing these symptoms. Here's my log:
 
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.14.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476MacFall :: MACFALL-PC [administrator]12/14/2013 12:58:10 PMmbam-log-2013-12-14 (12-58-10).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 222271Time elapsed: 9 minute(s), 46 second(s)Memory Processes Detected: 1C:\ProgramData\QuickSet\SK.Enabler\SK.Enabler.exe (PUP.Optional.MultiPlug.A) -> 696 -> No action taken.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 5HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1495795506 (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Quarantined and deleted successfully.HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 1HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Bad: (c:\progra~2\sksupp~1\psupport.dll) Good: () -> Quarantined and repaired successfully.Folders Detected: 6C:\Users\MacFall\AppData\Roaming\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Local\Temp\ct3227976 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Local\Temp\ct3227976\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Local\Temp\ct3227976\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Local\Temp\ct3227976\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.Files Detected: 22C:\ProgramData\QuickSet\SK.Enabler\SK.Enabler.exe (PUP.Optional.MultiPlug.A) -> Delete on reboot.C:\Program Files (x86)\SK Supporter\psupport.dll (PUP.Optional.SProtect.A) -> Delete on reboot.C:\Users\MacFall\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Local\Temp\lXKpPeZ8.exe.part (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Local\Temp\nswD9EF.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\MacFall\Downloads\minecraftdl_7938.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.C:\Users\MacFall\Local Settings\Temporary Internet Files\Content.IE5\DSCWK7YB\agent2[1].exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.C:\Users\MacFall\Local Settings\Temporary Internet Files\Content.IE5\JDWXA1B5\psupport_install[1].exe (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Roaming\PerformerSoft\PC Performer\rcpupdate.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Roaming\PerformerSoft\PC Performer\eng_rcp.dat (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Roaming\PerformerSoft\PC Performer\ExcludeList.rcp (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Roaming\PerformerSoft\PC Performer\log_03-09-2013.log (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Roaming\PerformerSoft\PC Performer\log_03-10-2013.log (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Roaming\PerformerSoft\PC Performer\log_03-11-2013.log (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Roaming\PerformerSoft\PC Performer\log_03-12-2013.log (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Roaming\PerformerSoft\PC Performer\log_03-13-2013.log (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Roaming\PerformerSoft\PC Performer\results.rcp (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Roaming\PerformerSoft\PC Performer\TempHLList.rcp (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Windows\Tasks\PC Performer_DEFAULT.job (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Windows\Tasks\PC Performer_UPDATES.job (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\MacFall\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.(end)
I ran Security Check, got this back:
Results of screen317's Security Check version 0.99.77   Windows 7 Service Pack 1 x64 (UAC is enabled)   Internet Explorer 11  [b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]  Windows Firewall Enabled!   Windows Firewall Disabled!   [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] [b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]  Spybot - Search & Destroy  Malwarebytes Anti-Malware version 1.75.0.1300   JavaFX 2.1.1     Java 7 Update 45   Adobe Flash Player 11.9.900.170   Adobe Reader 10.1.7 [color=red][b]Adobe Reader out of Date![/b][/color]   Mozilla Firefox (25.0.1)  Google Chrome 31.0.1650.57   Google Chrome 31.0.1650.63  [b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]   [b][color=red]Spybot Teatimer.exe is disabled![/color][/b] [b][u]`````````````````System Health check`````````````````[/b][/u]  Total Fragmentation on Drive C: 1% [b][u]````````````````````End of Log``````````````````````[/b][/u]
I ran Clamwin, but it kept being denied access to stuff. I eventually gave up and cancelled it because it was chewing up a lot of CPU.
 
Ran Spybot S&S, here's what happened:
Search results from Spybot - Search & Destroy12/14/2013 11:25:23 PMScan took 00:21:12.81 items found.Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\a.blip.tv\com.conviva.livePass.sol  Properties.size=123  Properties.md5=81F2EE301912CAE897548DA12A5F1C5B  Properties.filedate=1386132104  Properties.filedatetext=2013-12-03 23:41:43Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\a.blip.tv\neighborLoadingStart.sol  Properties.size=54  Properties.md5=93ACA674E318D469B4569E6AAC823EC3  Properties.filedate=1382511141  Properties.filedatetext=2013-10-23 01:52:20Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\a.blip.tv\volumeSet.sol  Properties.size=48  Properties.md5=7902B448D6F367C1F1D4446F54D18586  Properties.filedate=1382515098  Properties.filedatetext=2013-10-23 02:58:17Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\appassets.kickstatic.com\analytics.sol  Properties.size=257  Properties.md5=2176E49BFCC432F63B08502226B2670E  Properties.filedate=1385525464  Properties.filedatetext=2013-11-26 23:11:04Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\appassets.kickstatic.com\so_512083.sol  Properties.size=85  Properties.md5=D131B80BB6902739A6384FBA9103F7B4  Properties.filedate=1385521856  Properties.filedatetext=2013-11-26 22:10:56Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\cdn.abclocal.go.com\com.quantserve.sol  Properties.size=51  Properties.md5=EA0C356EC701634230DA994C39773A98  Properties.filedate=1386618053  Properties.filedatetext=2013-12-09 14:40:52Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\cdn.zopim.com\wEK6wdmkW2h5LIKFQIxFwHUrUW4pjoUPSession_SO.sol  Properties.size=1206  Properties.md5=DA784002B1CB91F971D14F3EBD25104E  Properties.filedate=1386549301  Properties.filedatetext=2013-12-08 19:35:00Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\cdn.zopim.com\wEK6wdmkW2h5LIKFQIxFwHUrUW4pjoUPVolatile_SO.sol  Properties.size=233  Properties.md5=A184659812252A61BEB66146843CAECD  Properties.filedate=1386549301  Properties.filedatetext=2013-12-08 19:35:00Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\cfiles.5min.com\Storage5minCookie.sol  Properties.size=62  Properties.md5=5D6D6BBA9A7B71F8048432BE29C250AE  Properties.filedate=1382383370  Properties.filedatetext=2013-10-21 14:22:49Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\effectivemeasure.net\EM_APP.sol  Properties.size=100  Properties.md5=7385E89E534888B3891BF29AAE916864  Properties.filedate=1384397539  Properties.filedatetext=2013-11-13 21:52:18Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\flash.quantserve.com\com.quantserve.sol  Properties.size=51  Properties.md5=D093A9D60A000D66B58C96D5EFEB4BF4  Properties.filedate=1386618048  Properties.filedatetext=2013-12-09 14:40:48Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\mochiads.com\com.mochiads.sol  Properties.size=88  Properties.md5=7B634B52F867B63DFE42467399275DB7  Properties.filedate=1382582304  Properties.filedatetext=2013-10-23 21:38:23Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\mochiads.com\mochiLCStatus.sol  Properties.size=154  Properties.md5=3977AB1690987826011179701AEEA93C  Properties.filedate=1382582407  Properties.filedatetext=2013-10-23 21:40:07Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\mochiads.com\services.mochiads.com.sol  Properties.size=781  Properties.md5=01485C24167829363E5C46F9C085A54D  Properties.filedate=1382582407  Properties.filedatetext=2013-10-23 21:40:07Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\mochiads.com\__coinsEventLC__.sol  Properties.size=249  Properties.md5=EADF6F7C2C15777D09B5C1441DD8E527  Properties.filedate=1382582304  Properties.filedatetext=2013-10-23 21:38:23Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\mochiads.com\__ms_1382582301316_58727.sol  Properties.size=2399  Properties.md5=A6C93B39499C102B2B0FB603DC134CEF  Properties.filedate=1382582407  Properties.filedatetext=2013-10-23 21:40:07Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\mochiads.com\__ms_1382582301316_58727_fromgame.sol  Properties.size=70  Properties.md5=90A0BB8A9ED813593AA7E12181F9D552  Properties.filedate=1382582406  Properties.filedatetext=2013-10-23 21:40:05Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\msnbcmedia.msn.com\s_br.sol  Properties.size=35  Properties.md5=760FCA2DC2B18E30543493B04290322A  Properties.filedate=1383921376  Properties.filedatetext=2013-11-08 09:36:15Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\p1.soundcloud.com\analytics.sol  Properties.size=472  Properties.md5=4C7440208893CD3D6CAD782BE58E4A28  Properties.filedate=1382241685  Properties.filedatetext=2013-10-19 23:01:25Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\player.ooyala.com\auth.sol  Properties.size=47  Properties.md5=CB5E07DF965A72F7B88E0A4EBA133FAB  Properties.filedate=1386039751  Properties.filedatetext=2013-12-02 22:02:30Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\player.ooyala.com\auth2.sol  Properties.size=216  Properties.md5=A46563F3D95A33442FA1DAEE978E4C2F  Properties.filedate=1386356967  Properties.filedatetext=2013-12-06 14:09:26Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\player.ooyala.com\auth_id.sol  Properties.size=40  Properties.md5=4D8ABC885EBEA1988A6D0559C14C1E5A  Properties.filedate=1386039752  Properties.filedatetext=2013-12-02 22:02:31Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\player.ooyala.com\perf.sol  Properties.size=125  Properties.md5=B527C79D0A99BB7372CB37186C6D7060  Properties.filedate=1386356764  Properties.filedatetext=2013-12-06 14:06:03Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\plus.cnbc.com\com.conviva.livePass.sol  Properties.size=225  Properties.md5=BF3454A4984FCA88DF54D4183E77B4F5  Properties.filedate=1384401064  Properties.filedatetext=2013-11-13 22:51:04Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\s.ytimg.com\soundData.sol  Properties.size=49  Properties.md5=4404667CB6E538A7D0348930841AA297  Properties.filedate=1386889263  Properties.filedatetext=2013-12-12 18:01:02Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\secure-us.imrworldwide.com\_ggCvar.sol  Properties.size=74  Properties.md5=8326F7EEFC81A190C8E2AE6DD894A684  Properties.filedate=1386618052  Properties.filedatetext=2013-12-09 14:40:51Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\secure-us.imrworldwide.com\_ggCvar_temp.sol  Properties.size=79  Properties.md5=2C91E35749393F2C87F5D164F0C084B8  Properties.filedate=1386618052  Properties.filedatetext=2013-12-09 14:40:51Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\secure-us.imrworldwide.com\_ggMCvar_1.sol  Properties.size=270  Properties.md5=1A272D0E4C7B07C5E4A05BFBA5ED3688  Properties.filedate=1386618072  Properties.filedatetext=2013-12-09 14:41:12Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\static-cdn1.ustream.tv\com.conviva.livePass.sol  Properties.size=224  Properties.md5=08EA4E12D96060BD2023136D83B25938  Properties.filedate=1384756307  Properties.filedatetext=2013-11-18 01:31:46Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\static-cdn1.ustream.tv\flash.irc.sol  Properties.size=3395  Properties.md5=E25336D47D837634F52DD977E845E0D3  Properties.filedate=1384761087  Properties.filedatetext=2013-11-18 02:51:27Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\static-cdn1.ustream.tv\flash.viewer.sol  Properties.size=16284  Properties.md5=F430D617C487FFCCA48E35B32CE05FE6  Properties.filedate=1384756301  Properties.filedatetext=2013-11-18 01:31:41Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\video.nbcuni.com\checkSONBCcom.sol  Properties.size=47  Properties.md5=E0BCF4FD7A909F90325AF7690392F64A  Properties.filedate=1383541996  Properties.filedatetext=2013-11-04 00:13:16Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\video.nbcuni.com\com.conviva.livePass.sol  Properties.size=224  Properties.md5=31D3D87B2C8E16E4BC8D08266AA521EF  Properties.filedate=1383541995  Properties.filedatetext=2013-11-04 00:13:14Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\video.nbcuni.com\com.quantserve.sol  Properties.size=73  Properties.md5=23440D108AD2BA9C6F1EC6114072A087  Properties.filedate=1383542034  Properties.filedatetext=2013-11-04 00:13:54Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\video.nbcuni.com\PlaybackPreferenceStore_5-0_cookie.sol  Properties.size=68  Properties.md5=71CBD518AE9FE7AF48200C8BC04D4B14  Properties.filedate=1383541995  Properties.filedatetext=2013-11-04 00:13:15Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\www.boundless.org\com.jeroenwijering.sol  Properties.size=50  Properties.md5=F411D196ADD94E1F964F1A5A2A569BC0  Properties.filedate=1383545533  Properties.filedatetext=2013-11-04 01:12:12Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\www.targetmap.com\analytics.sol  Properties.size=419  Properties.md5=EAD0318354E2C11853315ABF3DEB2F25  Properties.filedate=1382930369  Properties.filedatetext=2013-10-27 22:19:28Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\aa.online-metrix.net\fpc.swf\session.sol  Properties.size=76  Properties.md5=A19C50612FBC2164971B08500213ACE3  Properties.filedate=1383247780  Properties.filedatetext=2013-10-31 14:29:39Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\p1.soundcloud.com\player.swf\SCPlayer.sol  Properties.size=93  Properties.md5=928DBE0E87155B5BEF33D53F7549B50B  Properties.filedate=1382241434  Properties.filedatetext=2013-10-19 22:57:13Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\www.ajaxcdn.org\swf.swf\dm_cookie.sol  Properties.size=416  Properties.md5=1B12059AB690A70206F874F01C2D2395  Properties.filedate=1387051565  Properties.filedatetext=2013-12-14 15:06:04Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\cdn.zopim.com\swf\ZClientController2.swf\ZopConfig.sol  Properties.size=135  Properties.md5=C7FB25D5F630296FA3A9D6264B3477B5  Properties.filedate=1386036470  Properties.filedatetext=2013-12-02 21:07:49Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)  C:\Users\MacFall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DMCPBBDP\partners.cltrda.com\flash\gajsp.swf\transCheck.sol  Properties.size=51  Properties.md5=AD1135E1F152546C536C17672D056576  Properties.filedate=1387043283  Properties.filedatetext=2013-12-14 12:48:02DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: MacFall (default-1380909988811)) (Browser: Cookie, nothing done)  Statcounter: [SBI $8E73A7FB] Tracking cookie (Firefox: MacFall (default-1380909988811)) (Browser: Cookie, nothing done)  Log: [SBI $8E73A7FB]  Install: setupact.log (File, nothing done)  C:\Windows\setupact.log  Properties.size=3305  Properties.md5=D5E3E1C96449891CA554D77C47AEA754  Properties.filedate=1387049402  Properties.filedatetext=2013-12-14 14:30:01HTTrack Website Copier: [SBI $93C02757] Last used folder (Registry Change, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\WinHTTrack Website Copier\WinHTTrack Website Copier\DefaultValues\BasePathHTTrack Website Copier: [SBI $FB31D252] Recent file list (Registry Key, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\WinHTTrack Website Copier\WinHTTrack Website Copier\Recent File ListInternet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\Internet Explorer\TypedURLsInternet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User AgentInternet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User AgentInternet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User AgentMS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\Microsoft Management Console\Recent File ListMS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\MediaPlayer\Player\Settings\Client IDMS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\NameMS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\NameMS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\Direct3D\MostRecentApplication\NameMS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\NameMS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\NameMS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\DirectInput\MostRecentApplication\NameMS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\DirectInput\MostRecentApplication\IdMS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File ListWindows.OpenWith: [SBI $328FE1A4] Open with list - .AIFF extension (Registry Key, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIFF\OpenWithListWindows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithListWindows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRUWindows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerNameWindows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerNameWindows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerNameWindows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueIDWindows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueIDWindows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueIDWindows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumberWindows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumberWindows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumberWinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\WinRAR\ArcHistoryWinRAR: [SBI $A59A1C0A] Recent exe file list (Registry Key, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\WinRAR\DialogEditHistory\ArcNameWinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\WinRAR\General\LastFolderWinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)  HKEY_USERS\S-1-5-21-515768368-1156821681-4143579332-1000\Software\WinRAR\DialogEditHistory\ExtrPathCookie: [SBI $49804B54] Browser: Cookie (12) (Browser: Cookie, nothing done)  Cache: [SBI $49804B54] Browser: Cache (217) (Browser: Cache, nothing done)  History: [SBI $49804B54] Browser: History (138) (Browser: History, nothing done)  Cookie: [SBI $49804B54] Browser: Cookie (2250) (Browser: Cookie, nothing done)  --- Spybot - Search & Destroy version: 2.0.12.131  DLL (build: 20121113) ---2012-11-13 blindman.exe (2.0.12.151)2012-11-13 explorer.exe (2.0.12.173)2012-11-13 SDBootCD.exe (2.0.12.109)2012-11-13 SDCleaner.exe (2.0.12.110)2012-11-13 SDDelFile.exe (2.0.12.94)2012-11-13 SDFiles.exe (2.0.12.135)2012-11-13 SDFileScanHelper.exe (2.0.12.1)2012-11-13 SDFSSvc.exe (2.0.12.205)2012-11-13 SDImmunize.exe (2.0.12.130)2012-11-13 SDLogReport.exe (2.0.12.107)2012-11-13 SDPESetup.exe (2.0.12.3)2012-11-13 SDPEStart.exe (2.0.12.86)2012-11-13 SDPhoneScan.exe (2.0.12.27)2012-11-13 SDPRE.exe (2.0.12.13)2012-11-13 SDPrepPos.exe (2.0.12.10)2012-11-13 SDQuarantine.exe (2.0.12.103)2012-11-13 SDRootAlyzer.exe (2.0.12.116)2012-11-13 SDSBIEdit.exe (2.0.12.39)2012-11-13 SDScan.exe (2.0.12.173)2012-11-13 SDScript.exe (2.0.12.53)2012-11-13 SDSettings.exe (2.0.12.130)2012-11-13 SDShred.exe (2.0.12.105)2012-11-13 SDSysRepair.exe (2.0.12.101)2012-11-13 SDTools.exe (2.0.12.150)2012-11-13 SDTray.exe (2.0.12.127)2012-11-13 SDUpdate.exe (2.0.12.89)2012-11-13 SDUpdSvc.exe (2.0.12.76)2012-11-13 SDWelcome.exe (2.0.12.126)2012-11-13 SDWSCSvc.exe (2.0.12.2)2013-03-13 unins000.exe (51.1052.0.0)1999-12-02 xcacls.exe2012-08-23 borlndmm.dll (10.0.2288.42451)2012-09-05 DelZip190.dll (1.9.0.107)2012-09-10 libeay32.dll (1.0.0.4)2012-09-10 libssl32.dll (1.0.0.4)2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)2012-11-13 SDECon32.dll (2.0.12.113)2012-11-13 SDECon64.dll (2.0.12.113)2012-11-13 SDEvents.dll (2.0.12.2)2012-11-13 SDFileScanLibrary.dll (2.0.12.9)2012-11-13 SDHelper.dll (2.0.12.88)2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)2012-11-13 SDLists.dll (2.0.12.4)2012-11-13 SDResources.dll (2.0.12.7)2012-11-13 SDScanLibrary.dll (2.0.12.131)2012-11-13 SDTasks.dll (2.0.12.15)2012-11-13 SDWinLogon.dll (2.0.12.0)2012-08-23 sqlite3.dll2012-09-10 ssleay32.dll (1.0.0.4)2012-11-13 Tools.dll (2.0.12.36)2012-11-13 UninsSrv.dll (2.0.12.52)2012-11-14 Includes\Adware.sbi (*)2012-11-14 Includes\AdwareC.sbi (*)2010-08-13 Includes\Cookies.sbi (*)2012-11-14 Includes\Dialer.sbi (*)2012-11-14 Includes\DialerC.sbi (*)2012-11-14 Includes\HeavyDuty.sbi (*)2012-11-14 Includes\Hijackers.sbi (*)2012-11-14 Includes\HijackersC.sbi (*)2012-11-14 Includes\iPhone.sbi (*)2012-11-14 Includes\Keyloggers.sbi (*)2012-11-14 Includes\KeyloggersC.sbi (*)2012-11-14 Includes\Malware.sbi (*)2012-11-14 Includes\MalwareC.sbi (*)2012-11-14 Includes\PUPS.sbi (*)2012-11-14 Includes\PUPSC.sbi (*)2012-11-14 Includes\Security.sbi (*)2012-11-14 Includes\SecurityC.sbi (*)2008-06-03 Includes\Spybots.sbi (*)2008-06-03 Includes\SpybotsC.sbi (*)2012-11-14 Includes\Spyware.sbi (*)2012-11-14 Includes\SpywareC.sbi (*)2011-06-07 Includes\Tracks.sbi (*)2005-02-17 Includes\Tracks.uti (*)2012-11-14 Includes\Trojans.sbi (*)2012-11-14 Includes\TrojansC-02.sbi (*)2012-11-14 Includes\TrojansC-03.sbi (*)2012-11-14 Includes\TrojansC-04.sbi (*)2012-11-14 Includes\TrojansC-05.sbi (*)2012-11-14 Includes\TrojansC.sbi (*)
Anything else needed for a diagnosis?

EDIT: I added NoScript Security Suite for FireFox and I no longer have the symptoms, but I want to kill the bug!

Edited by MacFall, 16 December 2013 - 11:06 PM.

No king but Christ; no law but Liberty.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:21 PM

Posted 17 December 2013 - 11:32 AM


Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.

  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

4. As a final step, rescan again with Malwarebytes Anti-Malware.

DO NOT use code boxes or quotes to post your logs.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 MacFall

MacFall
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 PM

Posted 19 December 2013 - 09:03 PM

AdwCleaner log:

 

# AdwCleaner v3.015 - Report created 19/12/2013 at 20:38:46
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : MacFall - MACFALL-PC
# Running from : C:\Users\MacFall\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\MacFall\AppData\Local\Conduit
Folder Deleted : C:\Users\MacFall\AppData\Local\SanctionedMedia
Folder Deleted : C:\Users\MacFall\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\MacFall\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\MacFall\AppData\Roaming\StatusWinks
Folder Deleted : C:\Users\MacFall\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Folder Deleted : C:\Users\MacFall\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfoobonngngmgicaejcpanamnbabdaca
Folder Deleted : C:\Users\MacFall\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\END
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\MacFall\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\MacFall\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\MacFall\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\MacFall\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\MacFall\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\MacFall\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\PC Performer

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mfoobonngngmgicaejcpanamnbabdaca
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mfoobonngngmgicaejcpanamnbabdaca
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_c3a555dd
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227976
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\PerformerSoft
Key Deleted : HKCU\Software\SanctionedMedia
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Headlight
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Headlight
Key Deleted : HKLM\Software\PerformerSoft
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\MacFall\AppData\Roaming\Mozilla\Firefox\Profiles\3nn6mdzz.default-1380909988811\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.Kcpco.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\"[...]
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\MacFall\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [10817 octets] - [19/12/2013 20:15:33]
AdwCleaner[S0].txt - [10314 octets] - [19/12/2013 20:38:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10375 octets] ##########
 

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by MacFall on Thu 12/19/2013 at 20:53:14.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\MacFall\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\MacFall\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{0C664C9B-F37E-46A6-BFEA-8B716F6AC7F2}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{10DA7C7E-AF00-4E7A-8864-8C4F952A003C}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{11801899-44D8-4160-9918-E5979199FFA7}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{24732250-DC80-4A0F-8440-4E30B2CD0739}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{257BFFF2-6AD3-426C-9735-45B3519350E9}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{3F88E02E-E484-49B3-8190-1077746DFBE2}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{5958F238-7A56-408D-835C-F3C3C58145F5}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{5D5000C2-AD38-4688-A18C-B575FD2DF29B}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{767979F6-11DF-4D9A-961B-B35F0D93FB5C}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{7D3A0AAC-E076-4F5C-BEDB-9F55BC73EAE8}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{83F96FD1-ABEF-4927-9013-5A783E6D2FCD}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{882BC8FA-8394-40F5-AF05-50A398E84F8F}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{9118B4C9-E7C6-45BA-8877-C2024543652D}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{B38563D8-CFEC-4A96-9F12-F886C7F8261B}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{C000C3FD-2164-4152-B66F-24CE38556991}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{C2B90709-5AE6-4F38-A830-55491897F6E7}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{D1C24C46-7489-49E8-BFD9-4785F54AAC84}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{D7DBB2C6-7BF4-40C7-9BF9-CC891B1365AA}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{E0809F1C-99F9-4CB1-A7EB-A1A4A14B277D}
Successfully deleted: [Empty Folder] C:\Users\MacFall\appdata\local\{F8DA97F0-E88A-4622-9886-DBFBABED631B}



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\blekkotb.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\blekkotb.xml"
Successfully deleted the following from C:\Users\MacFall\AppData\Roaming\mozilla\firefox\profiles\3nn6mdzz.default-1380909988811\prefs.js

user_pref("extensions.Kcpco.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};try{new function(){if(null==document.getElementById(\"id_
Emptied folder: C:\Users\MacFall\AppData\Roaming\mozilla\firefox\profiles\3nn6mdzz.default-1380909988811\minidumps [20 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\MacFall\appdata\local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/19/2013 at 20:59:40.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

looks like I'm still having the same problem. :(


No king but Christ; no law but Liberty.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:21 PM

Posted 20 December 2013 - 05:40 AM


If resetting Firefox to all defaults does not resolve the problem you can try removing your user profile and perform a clean Unininstall/Reinstall of Firefox.

1. Uninstall Firefox via Programs and Features or Add/Remove Programs in Control Panel, then reboot. Alternatively, you can use a third-party utility like Revo Uninstaller Free or Portable which does a more comprehensive job of searching for and removing related registry entries, files and folders.

Uninstalling Firefox with the default options does not remove your user profile, which includes personal information such as bookmarks, passwords and cookies. If you also want to remove this information, you should remove the folder that contains your Firefox profile, which is stored in a separate location from the Firefox program.

Uninstalling Firefox

This step is only recommended if you want to completely remove Firefox from your system, and you do not want to save any of your data. This will remove your Firefox user profile data, which includes bookmarks, passwords, cookies, preference settings and added extensions.

Removing user profile data

2. Delete all of the following folders if they exist:

Windows 7:
C:\Program Files\Mozilla Firefox
C:\Program Files (x86)\Mozilla Firefox
C:\Users\username\AppData\Local\Mozilla\Firefox
C:\Users\username\AppData\Local\Mozilla Firefox
C:\Users\username\AppData\Roaming\Mozilla\Extensions
C:\Users\username\AppData\Roaming\Mozilla\Firefox


Windows XP:
C:\Program Files\Mozilla Firefox
C:\Documents and Settings\All Users\Application Data\Mozilla
C:\Documents and Settings\username\Application Data\Mozilla\Extensions
C:\Documents and Settings\username\Application Data\Mozilla\Firefox


Note:
%AppData%\Mozilla\ <- Delete the Firefox subfolder in the Mozilla folder. If you don't have any other Mozilla applications (i.e. Seamonkey, Thunderbird), then it is safe to delete the entire Mozilla folder.
%UserProfile%\Local Settings\Application Data\Mozilla\ <- Delete the Firefox subfolder in the Mozilla folder. If you don't have any other Mozilla applications (i.e. Seamonkey, Thunderbird), then it is safe to delete the entire Mozilla folder.

-- If you cannot find some of the folder(s), you may have to reconfigure Windows to show hidden files, folders.

3. Reboot and reinstall Firefox.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 MacFall

MacFall
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 PM

Posted 21 December 2013 - 12:53 AM

Thank you! That seems to have worked.


No king but Christ; no law but Liberty.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:21 PM

Posted 21 December 2013 - 06:08 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users