Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet redirects me to other webpages, possible virus, I want it to stop


  • Please log in to reply
7 replies to this topic

#1 christinaann7

christinaann7

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:08 AM

Posted 26 February 2014 - 11:41 PM

In need of help, I have not bought an antivirus software yet but I believe I have a virus because each time I click on a tab it redirects me to an ad webpage or another web page while I'm on the internet.


Edited by Orange Blossom, 27 February 2014 - 12:39 AM.
Moved from Windows 7 to AII. ~ OB


BC AdBot (Login to Remove)

 


m

#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:05:08 PM

Posted 27 February 2014 - 12:46 AM

Use malwarebytes and do a scan and also do an online scan with ESET online scanner.

it sounds like you have been done with a browser hijack.



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:08 PM

Posted 27 February 2014 - 04:57 AM

Hello -

First choose only one of the FREE Antivirus programs from the list below, or many of the other Antivirus programs have a Free Trial Time.

Uncheck any included toolbars or offers with these free versions -

Free Antivirus programs: (choose and install only one).
* avast! Free Antivirus <- includes Google Chrome pre-checked by default during installation but gives you the option to uncheck
* Microsoft Security Essentials <- includes the option to join the customer experience improvement program
* BitDefender Antivirus Free Edition
* Avira Free Antivirus <- includes Ask.com Toolbar pre-checked by default during installation
* AVG Anti-Virus Free Edition <- includes AVG Security Toolbar - AVG Secure Search pre-checked by default during installation but gives you the option to uncheck

Once you select one of these (if you are not sure, use Microsoft Security Essentials) set it to scan daily and to update daily.

 

Now run a Full Scan with it and post back the results -

 

 

Run these few programs -

Please download AdwCleaner by Xplode and save to your Desktop.

  • NOTE : Please close or save all work, as the computer will be Rebooted

  • Double-click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button. (only once)
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.  
  • Next: Click on the Clean button (only once) to remove the selected items. 
  • You will receive a message telling you that all programs will be close so that the infections can be removed. 
  • Click on OK, and then OK again to confirm the reboot.
  • When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop. 
  • Please copy and the paste this log in your next post.

    A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Next -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If the tool does not run from any of the links provided, please let me know.

Note - If normal mode still doesn't work, run the tool from safe mode. (Always ask if you need more directions)
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

 

Next -

Download Malwarebytes' Anti-Malware Free (aka MBAM)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Be sure to Post the log back here.when the scan is completed.
Be sure to reboot the computer if required, after you post the log.

* Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 

 

Now clean up -

Please download Temp File Cleaner by Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK to reboot your computer and finish the cleanup.
  • No log is produced (or required) from TFC program.


#4 christinaann7

christinaann7
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:08 AM

Posted 27 February 2014 - 10:44 PM

# AdwCleaner v3.020 - Report created 27/02/2014 at 21:39:26
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alfonso Gonzalez - ALFONSOGONZALEZ
# Running from : C:\Users\Alfonso Gonzalez\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : CltMngSvc
Service Deleted : DefaultTabUpdate
Service Deleted : lssvc
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Linksicle
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\Linksicle
Folder Deleted : C:\Users\Alfonso Gonzalez\AppData\Local\Conduit
Folder Deleted : C:\Users\Alfonso Gonzalez\AppData\Local\genienext
Folder Deleted : C:\Users\Alfonso Gonzalez\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Alfonso Gonzalez\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Alfonso Gonzalez\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Alfonso Gonzalez\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\Alfonso Gonzalez\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Alfonso Gonzalez\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Alfonso Gonzalez\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Alfonso Gonzalez\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Alfonso Gonzalez\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Alfonso Gonzalez\Documents\Mobogenie
Folder Deleted : C:\Users\Alfonso Gonzalez\AppData\Roaming\Mozilla\Firefox\Profiles\ekaekjtz.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Alfonso Gonzalez\AppData\Roaming\Mozilla\Firefox\Profiles\ekaekjtz.default\searchplugins\bingp.xml
File Deleted : C:\Users\Alfonso Gonzalez\AppData\Roaming\Mozilla\Firefox\Profiles\ekaekjtz.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Alfonso Gonzalez\AppData\Roaming\Mozilla\Firefox\Profiles\ekaekjtz.default\user.js
File Deleted : C:\Users\Alfonso Gonzalez\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3292583
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zune-software_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zune-software_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DrvUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Alfonso Gonzalez\AppData\Roaming\Mozilla\Firefox\Profiles\ekaekjtz.default\prefs.js ]
 
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dnldstr0101");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyBzzzzyEtA0C0BtAyBtCyCtCtCyBtAyCtN0D0Tzu0SyBtBzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1317908274");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0101&cd=2XzuyEtN2Y1L1QzuyBzzzzyEtA0C0BtAyBtCyCtCtCyBtAyCtN0D0Tzu0SyBtBzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "78843CB371611736");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16068");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldstr0101&cd=2XzuyEtN2Y1L1QzuyBzzzzyEtA0C0BtAyBtCyCtCtCyBtAyCtN0D0Tzu0SyBtBzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldstr0101&cd=2XzuyEtN2Y1L1QzuyBzzzzyEtA0C0BtAyBtCyCtCtCyBtAyCtN0D0Tzu0SyBtBzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:21:45");
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\Alfonso Gonzalez\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [12863 octets] - [27/02/2014 21:25:55]
AdwCleaner[S0].txt - [12034 octets] - [27/02/2014 21:39:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12095 octets] ##########


#5 christinaann7

christinaann7
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:08 AM

Posted 27 February 2014 - 10:50 PM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/27/2014 09:49:33 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 02/27/2014 09:50:04 PM
Execution time: 0 hours(s), 0 minute(s), and 30 seconds(s)


#6 christinaann7

christinaann7
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:08 AM

Posted 27 February 2014 - 11:07 PM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.28.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Alfonso Gonzalez :: ALFONSOGONZALEZ [administrator]
 
Protection: Enabled
 
2/27/2014 9:55:38 PM
mbam-log-2014-02-27 (21-55-38).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230777
Time elapsed: 10 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> No action taken.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSNFD (PUP.Optional.Linksicle) -> No action taken.
 
Registry Values Detected: 2
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|linksicle@linksicle.com (PUP.Optional.Linksicle.A) -> Data: C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 2
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\ct3285873 (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com (PUP.Optional.Linksicle.A) -> No action taken.
 
Files Detected: 42
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\checktbexist.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\HomePageDLL.dll.251293867 (PUP.Optional.Installcore) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\HomePageDLL.dll.882885599 (PUP.Optional.Installcore) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\HomePageDLL.dll.883046077 (PUP.Optional.Installcore) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\nsiE5D3.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\nsy520E.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\AU\SPSetup.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\ct3285873\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\ct3285873\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\ct3285873\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\is1275519350\251243239_stp\RightSurfSetup.exe (PUP.Optional.RightSurf.A) -> No action taken.
C:\Windows\Temp\nsc6562.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Windows\Temp\nss6747.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Windows\Temp\nss69B5.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Windows\Temp\nssC214.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Alfonso Gonzalez\Downloads\HD_Player__CD5MTCD15543_0_0_0_0_02ec218aadff6456a9f69b2f784b699dc540d0d3-78-3.exe (PUP.Optional.Downloadius) -> No action taken.
C:\Users\Alfonso Gonzalez\Downloads\HD_Player__CD5MTCD15543_0_0_0_0_ab02c81bd356473b127322d452675811fd4b5b23-78-3.exe (PUP.Optional.Downloadius) -> No action taken.
C:\Users\Alfonso Gonzalez\Local Settings\Temporary Internet Files\Content.IE5\1DPEQL77\IE11_setup.exe (PUP.Optional.InstallCore.A) -> No action taken.
C:\Users\Alfonso Gonzalez\Local Settings\Temporary Internet Files\Content.IE5\1DPEQL77\Setup[1].exe (PUP.Optional.RightSurf.A) -> No action taken.
C:\Users\Alfonso Gonzalez\Local Settings\Temporary Internet Files\Content.IE5\2XO9LT6F\IE11_setup.exe (PUP.Optional.InstallCore.A) -> No action taken.
C:\Users\Alfonso Gonzalez\Local Settings\Temporary Internet Files\Content.IE5\54D69UCP\MixiDJ_V1[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\Local Settings\Temporary Internet Files\Content.IE5\54D69UCP\PCFixSpeedSetup[1] (PUP.Optional.PCFixSpeed) -> No action taken.
C:\Users\Alfonso Gonzalez\Local Settings\Temporary Internet Files\Content.IE5\EJF4ZNTW\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\Local Settings\Temporary Internet Files\Content.IE5\KLZ70DKW\MixiCND_CID2[1] (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\Local Settings\Temporary Internet Files\Content.IE5\KLZ70DKW\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\Local Settings\Temporary Internet Files\Content.IE5\KLZ70DKW\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Alfonso Gonzalez\Local Settings\Temporary Internet Files\Content.IE5\Q1RBPXN9\DefaultTabSetup_1500[1] (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Alfonso Gonzalez\Local Settings\Temporary Internet Files\Content.IE5\Q1RBPXN9\SolidSavings[1] (PUP.Optional.CrossRider) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\ct3285873\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\ct3285873\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alfonso Gonzalez\AppData\Local\Temp\ct3285873\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com\browser.js (PUP.Optional.Linksicle.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com\browser.xul (PUP.Optional.Linksicle.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com\chrome.manifest (PUP.Optional.Linksicle.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com\icon-48.png (PUP.Optional.Linksicle.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com\icon-64.png (PUP.Optional.Linksicle.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com\install.rdf (PUP.Optional.Linksicle.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com\vitruvian.bootstrap.js (PUP.Optional.Linksicle.A) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com\vitruvian.plugin-api.js (PUP.Optional.Linksicle.A) -> No action taken.
 
(end)


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:08 PM

Posted 28 February 2014 - 05:55 AM

First -

Follow the directions below to check that Linksicle and RightSurf have been fully removed.

This is one of the main redirecting programs that you have installed -

  1. Click the Windows Start Orb
  2. Select “Control Panel
  3. Go to “Programs and Features
  4. Click on Linksicle or any similar program
  5. Click Uninstall and follow the uninstaller prompts
  6. Also look for RightSurfSetup, or just RightSurf

 

Next -

Open your Malwarebytes program, and click on Settings on the top line.

Now click Scanner Settings and in the new page, Tick all the boxes on the Left side

On the same page, there are 3 "Dropdown Menus" on the right side

Click the " \/ " Down arrows on the Top 2 Menus, and select "Show in results list and check for removal".

 

Now re-run the Full Scan and make sure the results are marked -> Quarantined and deleted successfully. and not  -> No action taken, (as they currently are).

 

 

Next -

You need to reset Windows7 Hosts file to protect the computer.
Click in this Fix It link > http://go.microsoft.com/?linkid=9668866 and then click Run, and follow any directions

 

 

Have you selected and installed any Antivirus program yet ??

 

 

Now -

Open AdwAware program and this time click Uninstall to remove the program, and all the items it Quarantined.

 

Keep Malwarebytes' Anti-Malware updated and run a Full Scan with it about once every week.

 

Has anything changed (improved) with your computer yet ??



#8 christinaann7

christinaann7
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:08 AM

Posted 28 February 2014 - 08:26 PM

Have you selected and installed any Antivirus program yet ?? Yes Microsoft Essentials to run full scan daily

Computer is not redirecting and ads are completely off.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users