Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BlockUtubeAD - chrome extension


  • This topic is locked This topic is locked
15 replies to this topic

#1 JP Smit

JP Smit

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 23 February 2014 - 11:01 PM

Hi there, and thanks in advance for your help. Recently I seem to have downloaded various nasties. I think I have gotten rid of most of them, though I can't seem to uninstall snap.do from my programs list. More crucially, I have BlockUtubeAd as an extension in Chrome (see picture) It will not allow me to uninstall through Chrome and I can't find any other way. I am running Windows 7

 

thanks!

JP

 

scan3_zps2d4b1b3d.jpg



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:46 PM

Posted 24 February 2014 - 04:17 AM

:welcome:

Hello,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


3. Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:46 AM

Posted 24 February 2014 - 04:45 AM

Hello JP Smit -

There is not a Rootkit in this problem, and it is a downloaded Add-on / Extension.

 

If the program is not listed in Add/Remove or Programs and Features, and there is no uninstaller in the program's folder, the next place to check is your browser extensions and add-ons/plug-ins.

Check each browser for links to this Add-on/Plug-in and remove it where you find it.

 

Note that the Extension should  be called Snap.do or a similar name.

Check each browser for the Extension, and remove it where ever you find it.

This is an add-on that is installed with another program that has been recently installed.

Make sure that you reset your Browser Home page back to the correct version.

 

If needed you may want (need) to fully uninstall Chrome program, and then reinstall it.

 

Please download these programs to desktop to run them

After you run them, please Copy and Paste the logs back here.

 

 

First -

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Please download MiniToolBox and run it.
Checkmark following boxes:

* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size

Click Go and Copy / Paste the result. (result.txt)

 

 

Next -

Please download and run RKill by Grinler.

A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully. At most the tool will run for about 2 minutes

Please post the log back here.

 

Now -

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Next -

Download Malwarebytes' Anti-Malware Free (aka MBAM): to your desktop.
- Do not accept the Free Pro Trial Version at this time -
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer if requested.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

 

Last -

Clear Cache / Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
• For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.



#4 JP Smit

JP Smit
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 24 February 2014 - 04:02 PM

Thank you so very much for your willingness to help!

 

noknojon, I followed your instructions and the BlockUtubeAD is gone from the extensions is gone! thanks!

 

here is the result from security check:

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
avast! Antivirus                
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 
Malwarebytes log:
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.24.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
John-Peter :: JOHN-PETER-PC [administrator]
 
24/02/2014 10:33:05 AM
MBAM-log-2014-02-24 (15-50-22).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 374830
Time elapsed: 2 hour(s), 21 minute(s), 24 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.wajam.chrome.messaging.host (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
 
Registry Values Detected: 2
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 1763663503490809855 -> No action taken.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 1763663503490809855 -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Users\John-Peter\AppData\Local\Temp\CT3324066 (PUP.Optional.Conduit.A) -> No action taken.
 
Files Detected: 3
C:\Users\John-Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6X7A0W3N\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\John-Peter\Downloads\Hitman_Pro_TSV14MOYW.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\John-Peter\AppData\Local\Temp\CT3324066\ddt.csf (PUP.Optional.Conduit.A) -> No action taken.
 
(end)
 
Minitoolbox:
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by John-Peter (administrator) on 24-02-2014 at 15:53:59
Running from "C:\Users\John-Peter\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/24/2014 00:12:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8050
 
Error: (02/24/2014 00:12:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8050
 
Error: (02/24/2014 00:12:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/23/2014 10:31:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/23/2014 10:01:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/23/2014 09:50:04 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (02/23/2014 09:49:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26295279
 
Error: (02/23/2014 09:49:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26295279
 
Error: (02/23/2014 09:49:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/23/2014 09:49:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26292939
 
 
System errors:
=============
Error: (02/23/2014 10:30:40 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows net-clean
 
Error: (02/23/2014 10:27:33 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (02/23/2014 10:00:42 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows net-clean
 
Error: (02/23/2014 09:57:54 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (02/22/2014 09:48:51 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows net-clean
 
Error: (02/17/2014 04:12:50 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (02/17/2014 01:13:23 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows net-clean
 
Error: (02/17/2014 01:10:46 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (02/15/2014 10:17:00 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
Error: (02/24/2014 00:12:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8050
 
Error: (02/24/2014 00:12:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8050
 
Error: (02/24/2014 00:12:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/23/2014 10:31:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/23/2014 10:01:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/23/2014 09:50:04 PM) (Source: Windows Backup)(User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (02/23/2014 09:49:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26295279
 
Error: (02/23/2014 09:49:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26295279
 
Error: (02/23/2014 09:49:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/23/2014 09:49:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26292939
 
 
=========================== Installed Programs ============================
 
7-Zip 9.22beta
Adobe Flash Player 12 ActiveX (Version: 12.0.0.70)
Adobe Flash Player 12 Plugin (Version: 12.0.0.70)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Aff Packages
AMD APP SDK Runtime (Version: 2.4.650.9)
AMD Media Foundation Decoders (Version: 1.0.60628.2255)
AMD VISION Engine Control Center (Version: 2011.0628.2340.40663)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 11.6.0.10628)
ATI Catalyst Install Manager (Version: 3.0.829.0)
avast! Free Antivirus (Version: 9.0.2013)
Bonjour (Version: 3.0.0.10)
Byki (Version: 4.0)
Byki Express (Version: 4.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0628.2340.40663)
Catalyst Control Center InstallProxy (Version: 2011.0628.2340.40663)
Catalyst Control Center Localization All (Version: 2011.0628.2340.40663)
Catalyst Control Center Profiles Mobile (Version: 2011.0628.2340.40663)
CCC Help Chinese Standard (Version: 2011.0628.2339.40663)
CCC Help Chinese Traditional (Version: 2011.0628.2339.40663)
CCC Help Czech (Version: 2011.0628.2339.40663)
CCC Help Danish (Version: 2011.0628.2339.40663)
CCC Help Dutch (Version: 2011.0628.2339.40663)
CCC Help English (Version: 2011.0628.2339.40663)
CCC Help Finnish (Version: 2011.0628.2339.40663)
CCC Help French (Version: 2011.0628.2339.40663)
CCC Help German (Version: 2011.0628.2339.40663)
CCC Help Greek (Version: 2011.0628.2339.40663)
CCC Help Hungarian (Version: 2011.0628.2339.40663)
CCC Help Italian (Version: 2011.0628.2339.40663)
CCC Help Japanese (Version: 2011.0628.2339.40663)
CCC Help Korean (Version: 2011.0628.2339.40663)
CCC Help Norwegian (Version: 2011.0628.2339.40663)
CCC Help Polish (Version: 2011.0628.2339.40663)
CCC Help Russian (Version: 2011.0628.2339.40663)
CCC Help Spanish (Version: 2011.0628.2339.40663)
CCC Help Swedish (Version: 2011.0628.2339.40663)
CCC Help Thai (Version: 2011.0628.2339.40663)
CCC Help Turkish (Version: 2011.0628.2339.40663)
ccc-utility64 (Version: 2011.0628.2340.40663)
CCleaner (Version: 4.10)
CDBurnerXP (Version: 4.5.0.3717)
Citrix Online Launcher (Version: 1.0.168)
Conexant HD Audio (Version: 8.54.4.50)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
CyberLink YouCam (Version: 3.1.3728)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Disk SpeedUp 1.4.0.888 (Version: 1.4.0.888)
Dropbox (Version: 2.4.11)
EgisTec ES603 WDM Driver (Version: 3.0.20.0)
Energy Management (Version: 6.0.2.1)
Epson CreativeZone
Epson Easy Photo Print 2 (Version: 2.2.3.1)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0001)
EPSON NX620 Series Printer Uninstall
EPSON Scan
EpsonNet Print (Version: 2.4j)
EpsonNet Setup 3.3 (Version: 3.3b)
Evernote v. 5.1.1 (Version: 5.1.1.2334)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Glary Undelete 1.8.0.468
Glary Utilities 2.50.0.1632 (Version: 2.50.0.1632)
Google Chrome (Version: 33.0.1750.117)
Google Drive (Version: 1.13.5782.599)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.22.5)
GoToMeeting 6.0.0.1259 (Version: 6.0.0.1259)
GPL Ghostscript (Version: 9.05)
HitmanPro 3.7 (Version: 3.7.9.212)
iCloud (Version: 3.0.2.163)
InterActual Player
iTunes (Version: 11.1.3.8)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Lenovo EasyCamera (Version: 13.11.616.1)
Lenovo EE Boot Optimizer (Version: 0.0.1.7)
Lenovo OneKey Recovery (Version: 7.0.0.2525)
Lenovo Security Suite (Version: 2.0.13.0)
LTCM Client
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Publisher 2002 (Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MotoCast (Version: 2.0.31)
Motorola Device Manager (Version: 2.4.5)
Motorola Device Software Update (Version: 13.09.3001)
MOTOROLA MEDIA LINK (Version: 1.9.0002.0)
Motorola Mobile Drivers Installation 6.3.0 (Version: 6.3.0)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Open Freely (Version: 1.0)
Port Locker (Version: 1.0.5.24)
Power2Go (Version: 5.6.0.7303)
PowerXpressHybrid (Version: 1.00.0000)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Quick Search 1.1.0.189 (Version: 1.1.0.189)
Quick Startup 2.9.0.823
QuickTime (Version: 7.74.80.86)
Ralink RT2860 Wireless LAN Card (Version: 1.2.0.30)
Realtek Ethernet Controller Driver (Version: 7.42.304.2011)
Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10008)
Registry Repair 4.1.0.388 (Version: 4.1.0.388)
Scribus 1.4.1 (Version: 1.4.1)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call (Version: 7.0.14735.1561)
Skype™ 6.11 (Version: 6.11.102)
Snap.Do (Version: 10.206.1.14585)
Software Update 2.1.0.186 (Version: 2.1.0.186)
Synaptics Pointing Device Driver (Version: 15.2.7.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
UserGuide (Version: 1.0.0.6)
VeriFace (Version: 4.0.0.1224)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows net-clean
Xvid Video Codec (Version: 1.3.2)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 44%
Total physical RAM: 5734.11 MB
Available physical RAM: 3158.95 MB
Total Pagefile: 11466.4 MB
Available Pagefile: 8499.87 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.95 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:421.81 GB) (Free:338.07 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.12 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\JOHN-PETER-PC
 
Administrator            Guest                    John-Peter               
 
 
**** End of log ****
 
RKill Log:
 
Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/24/2014 03:56:42 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  54.204.28.26 nikdaiaidiiiogaidkkekcmokcgcdeac
 
Program finished at: 02/24/2014 03:58:07 PM
Execution time: 0 hours(s), 1 minute(s), and 24 seconds(s)
 
will post these and move on to Adwcleaner and TFC


#5 JP Smit

JP Smit
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 24 February 2014 - 04:14 PM

Here is the log for AdwCleaner:

 

# AdwCleaner v3.019 - Report created 24/02/2014 at 16:03:06

# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John-Peter - JOHN-PETER-PC
# Running from : C:\Users\John-Peter\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Deleted : C:\Users\John-Peter\AppData\Local\genienext
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\John-Peter\Desktop\Search.lnk
Shortcut Disinfected : C:\Users\John-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\Bench
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\John-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
 
 
[ File : C:\Users\John-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\lhvs77wf.default-1392262572450\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\John-Peter\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [16040 octets] - [12/02/2014 13:13:57]
AdwCleaner[R1].txt - [1395 octets] - [12/02/2014 13:29:41]
AdwCleaner[R2].txt - [1263 octets] - [12/02/2014 13:39:00]
AdwCleaner[R3].txt - [1383 octets] - [12/02/2014 13:49:36]
AdwCleaner[R4].txt - [1503 octets] - [12/02/2014 13:58:27]
AdwCleaner[R5].txt - [2607 octets] - [12/02/2014 14:17:58]
AdwCleaner[R6].txt - [3602 octets] - [24/02/2014 15:59:45]
AdwCleaner[S0].txt - [15740 octets] - [12/02/2014 13:15:44]
AdwCleaner[S1].txt - [1460 octets] - [12/02/2014 13:30:54]
AdwCleaner[S2].txt - [1324 octets] - [12/02/2014 13:41:44]
AdwCleaner[S3].txt - [1444 octets] - [12/02/2014 13:51:19]
AdwCleaner[S4].txt - [2684 octets] - [12/02/2014 14:19:26]
AdwCleaner[S5].txt - [3198 octets] - [24/02/2014 16:03:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [3258 octets] ##########


#6 bassfisher6522

bassfisher6522

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 24 February 2014 - 04:20 PM

Byki

 

CCC Help Chinese Standard (Version: 2011.0628.2339.40663)
CCC Help Chinese Traditional (Version: 2011.0628.2339.40663)
CCC Help Czech (Version: 2011.0628.2339.40663)
CCC Help Danish (Version: 2011.0628.2339.40663)
CCC Help Dutch (Version: 2011.0628.2339.40663)
CCC Help English (Version: 2011.0628.2339.40663)
CCC Help Finnish (Version: 2011.0628.2339.40663)
CCC Help French (Version: 2011.0628.2339.40663)
CCC Help German (Version: 2011.0628.2339.40663)
CCC Help Greek (Version: 2011.0628.2339.40663)
CCC Help Hungarian (Version: 2011.0628.2339.40663)
CCC Help Italian (Version: 2011.0628.2339.40663)
CCC Help Japanese (Version: 2011.0628.2339.40663)
CCC Help Korean (Version: 2011.0628.2339.40663)
CCC Help Norwegian (Version: 2011.0628.2339.40663)
CCC Help Polish (Version: 2011.0628.2339.40663)
CCC Help Russian (Version: 2011.0628.2339.40663)
CCC Help Spanish (Version: 2011.0628.2339.40663)
CCC Help Swedish (Version: 2011.0628.2339.40663)
CCC Help Thai (Version: 2011.0628.2339.40663)

CCC Help Turkish (Version: 2011.0628.2339.4

 

Citrix Online Launcher (Version: 1.0.168)

 

Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)

 

EgisTec ES603 WDM Driver (Version: 3.0.20.0)

 

Energy Management (Version: 6.0.2.1)

 

Galerie de photos Windows Live (Version: 15.4.3502.0922)
Glary Undelete 1.8.0.468
Glary Utilities 2.50.0.1632 (Version: 2.50.0.1632)
Google Chrome (Version: 33.0.1750.117)
 
Open Freely (Version: 1.0)
Port Locker (Version: 1.0.5.24)
 
Registry Repair 4.1.0.388 (Version: 4.1.0.388)
Scribus 1.4.1 (Version: 1.4.1)
 
Snap.Do (Version: 10.206.1.14585)
Software Update 2.1.0.186 (Version: 2.1.0.186)

 

UserGuide (Version: 1.0.0.6)
VeriFace (Version: 4.0.0.1224)
 
Windows net-clean
 
This list of software titles are suspicious to me....and some very suspicious.


#7 JP Smit

JP Smit
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 24 February 2014 - 04:29 PM

OK, I think that is everything. Please note that I have posted the logs in the order I ran the programs (Malwarebytes may be out of order?)

 

If there is anything else I need, please let me know and, once again, thank you for this!



#8 JP Smit

JP Smit
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 24 February 2014 - 04:36 PM

 

 

 
This list of software titles are suspicious to me....and some very suspicious.

 

 

Please advise on how to proceed. As I look at the list, the Glarysoft search utility is really the only one I use and it can be replaced if it is a problem.

 

thanks! 



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:46 AM

Posted 24 February 2014 - 05:06 PM

Snap.Do (Version: 10.206.1.14585) If this is still listed in Programs and Features, please remove it from there

 

You have 2 listed Antivirus programs, please uninstall one of them.

Microsoft Security Essentials   
avast! Antivirus .
 
Most of the programs listed by bassfisher6522 are just normal Windows 7 programs.
 
-> No action taken) This is from your Malwarebytes scan.
The scan found the problem, but you did not remove it.
 
You must open the program and Click on Settings > Scanner settings > Now Tick all the boxes on the left side > Next select the 2 top Drop-down menus and select Show in results list and check for removal .


#10 JP Smit

JP Smit
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 24 February 2014 - 09:49 PM

Thanks!

 

1. I uninstalled Microsoft Security Essentials ( was that the best choice?)

 

2. I did as you requested with Malwarebytes - but after adjusting the two drop-down menus there didn't seem to be anything to do but exit - so I did. Have I missed something?

 

3. I tried to uninstall snap do using CCleaner (though I get the same results with windows)

 

a) in the program list, this is what I see:

 

snapdoa_zpscfba5dac.jpg

 

when I try to uninstall the first one, I get this message:

 

snapdo3_zpsdcb34b81.jpg

 

when I try to uninstall the second, I get this message:

 

snapdo1_zps538bf134.jpg

 

and when I hit OK, I get this message:

 

snapdo2_zps2570b1d3.jpg

 

and, I can't get beyond this.

 

any thoughts? thanks!


Edited by JP Smit, 24 February 2014 - 09:52 PM.


#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:46 AM

Posted 25 February 2014 - 12:25 AM

1. It did not matter

 

2. Rescan with Malwarebytes, and it should show Quarantined or Removed now.

The problems removed by Malwarebytes should look like this => C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\APISupport\APISupport.dll",DLLRunAPISupport -> Quarantined and deleted successfully.

 

3. Can you go Start Orb > Control Panel > Programs and Features and find the program.

Now try to Right click > Delete the listed programs, rather than via CCleaner.


Edited by noknojon, 25 February 2014 - 12:32 AM.


#12 JP Smit

JP Smit
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 26 February 2014 - 11:38 AM

Thanks for this - I ran malwarebytes again and it went as you instructed - thanks!

 

However, when I did number 3 above, I still could not uninstall snap do. The good news is that there is now only one listing, but, when I click uninstall nothng happens and when I right click the only option it puts forward is to uninstall and still nothing happens.

 

snapdo4_zps60563e2f.jpg



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:46 AM

Posted 26 February 2014 - 10:59 PM

As a final check, please use ESET Online Scanner

Please use Internet Explorer as the scanner uses ActiveX

 

If you will not use Internet Explorer, please see 3 - 1 & 3 - 2
1 .Hold down Control (Ctrl) key, and click on This link to open ESET OnlineScan in a new window.
2 .Click the ESET online button.
3 .For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
3 - 1 .Click on This Link to download the ESET Smart Installer. Save it to your desktop.
3 - 2 .Double click on esetsmartinstaller_enu on your desktop.
4 .Check "YES, I accept the Terms of Use."
5 .Click the Start button.
6 .Accept any security warnings from your browser.
7 .Under scan settings, check "Scan Archives" and "Remove found threats"
8 .Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 .ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
* My last scan on my XP 80% free space took 1.20 hours
10 .When the scan completes, click List Threats
11 .Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12 .Click the Back button.
13 .Click the Finish button.
* NOTE:Sometimes if ESET finds no infections it will not create a log.



#14 JP Smit

JP Smit
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 27 February 2014 - 09:35 PM

Here is the log. BTW I could not load Internet Explorer - so downloaded and installed again and still nothing. I am not too concerned as I don't use it anyway but, if you fell I should be concerned?

 

C:\Users\All Users\Windows net-clean\Windowsnet-clean_x64.dll a variant of Win64/SProtector.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
C:\ProgramData\Windows net-clean\Windowsnet-clean_x64.dll a variant of Win64/SProtector.A potentially unwanted application deleted - quarantined
C:\Users\John-Peter\Desktop\Old Firefox Data\f19uw5md.default\extensions\{203a52e6-c21d-dc1d-69cc-ba31468f4ff9}\components\SmartbarFireFoxRemotePlugin_20.dll Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Users\John-Peter\Desktop\Old Firefox Data\f19uw5md.default\extensions\{203a52e6-c21d-dc1d-69cc-ba31468f4ff9}\components\SmartbarFireFoxRemotePlugin_21.dll Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Users\John-Peter\Desktop\Old Firefox Data\f19uw5md.default\extensions\{203a52e6-c21d-dc1d-69cc-ba31468f4ff9}\components\SmartbarFireFoxRemotePlugin_22.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Users\John-Peter\Desktop\Old Firefox Data\f19uw5md.default\extensions\{203a52e6-c21d-dc1d-69cc-ba31468f4ff9}\components\SmartbarFireFoxRemotePlugin_23.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Users\John-Peter\Desktop\Old Firefox Data\f19uw5md.default\extensions\{203a52e6-c21d-dc1d-69cc-ba31468f4ff9}\components\SmartbarFireFoxRemotePlugin_24.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Users\John-Peter\Desktop\Old Firefox Data\f19uw5md.default\extensions\{203a52e6-c21d-dc1d-69cc-ba31468f4ff9}\components\SmartbarFireFoxRemotePlugin_25.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Users\John-Peter\Desktop\Old Firefox Data\f19uw5md.default\extensions\{203a52e6-c21d-dc1d-69cc-ba31468f4ff9}\components\SmartbarFireFoxRemotePlugin_26.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Users\John-Peter\Documents\Congregational Development Consultant\Oma\My Documents\Downloads\ccsetup315.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Documents\Congregational Development Consultant\Oma\My Documents\Downloads\ccsetup322.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Documents\Congregational Development Consultant\Oma\My Documents\Downloads\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\cbsidlm-cbsi134-PDF_Preview_for_Windows_7-ORG-75708681.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\John-Peter\Downloads\cbsidlm-cbsi145-HitmanPro_3_32bit-ORG-10895604.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\John-Peter\Downloads\ccsetup318.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\ccsetup319.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\ccsetup321.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\ccsetup325.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\cdbxp_setup_4.5.0.3717.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Downloads\FirefoxSetup.exe a variant of Win32/InstallCore.IK potentially unwanted application deleted - quarantined
C:\Users\John-Peter\Dropbox\Oma\My Documents\Downloads\ccsetup315.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Dropbox\Oma\My Documents\Downloads\ccsetup322.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\John-Peter\Dropbox\Oma\My Documents\Downloads\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined


#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:46 AM

Posted 28 February 2014 - 06:59 AM

The following is only a part of a quote from one of our Malware Response Persons in regard to the same problem that you have.

 

This included BloCkUTubeAd and a few other problems that are caused by Chrome Browser program.

Uninstall Chrome Completely.  When you uninstall you will be given an option to delete all browser history and cookies....be sure to do that.  Reinstall a fresh copy of Chrome.  Google Chrome can get a bit difficult to fix so this is by far the fastest and easiest way to go.  Let me know how it works out.

 

Step 1
First -

Please see => Results of screen317's Security Check version 0.99.79 

Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 (Internet Explorer is installed)

 

Reinstall Internet Explorer 9 - or - Internet Explorer 10 from the links I have left.
Both are currently suitable for Windows 7, even though I.E. 11 is the latest version.

 

Step 2

Now Fully uninstall Chrome Browser as this can not be simply removed from your computer.

 

Step 3

Since this may be a serious infection please follow the instructions in THIS PREP GUIDE starting at Step #6.

NOTE - If you cannot complete a step, skip it and continue.

 

 Once the proper DDS logs are created, then make a NEW TOPIC and post it to =>
Virus, Trojan, Spyware, and Malware Removal Logs. area -

 

They can use other tools to find the program that I can not use in this area.

 

If HelpBot replies, please follow its Step #1 and the team will be notified.

 

Tell me when you post the new topic so we can close this one and only let the Experts fix your problem.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users