Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Office Computer


  • Please log in to reply
1 reply to this topic

#1 melecity

melecity

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:04:48 AM

Posted 04 April 2014 - 12:33 PM

Several computers have been acting slow, recieving at least one spam message a day in their Outlook email program, and occasionally recieve too many popups and other PUPs. They were like this when I was hired, so I am trying to clean everything up. There were infected registry key hits with AdwCleaner and I know the registry is sensitive so I'm unsure what to "clean" and what to leave alone. The log is below.

 

# AdwCleaner v3.023 - Report created 04/04/2014 at 13:15:07
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
# Username : Admin - PEGGY-PC
# Running from : C:\Users\Admin\Desktop\7_adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Found : C:\Users\Peggy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Peggy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Peggy\AppData\Roaming\Mozilla\Firefox\Profiles\g23zzdgs.default\searchplugins\Askcom.xml
File Found : C:\Windows\System32\Tasks\Advanced System Protector
File Found : C:\Windows\System32\Tasks\Advanced System Protector_startup
Folder Found : C:\Users\Peggy\AppData\Roaming\Mozilla\Firefox\Profiles\g23zzdgs.default\Extensions\ScorpionSaver@jetpack
Folder Found C:\Program Files\Level Quality Watcher
Folder Found C:\Users\Peggy\AppData\Roaming\Systweak
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Advanced System Protector
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Advanced System Protector_startup
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54ABAD67-A9DE-47D5-8A74-4B2B76802DE2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54ABAD67-A9DE-47D5-8A74-4B2B76802DE2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A97D3213-A6E4-41C0-9EF7-014603AA566F}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Peggy\AppData\Roaming\Mozilla\Firefox\Profiles\g23zzdgs.default\prefs.js ]
 
Line Found : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "Conduit Search");
 
[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cmlq5j37.default\prefs.js ]
 
 
[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\rbzu3nt8.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Peggy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
 
[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5134 octets] - [04/04/2014 13:15:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5194 octets] ##########

 

 

I have another two computer logs from the same office network. I will definitely follow up with at least one of them.



BC AdBot (Login to Remove)

 


#2 melecity

melecity
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:04:48 AM

Posted 04 April 2014 - 01:36 PM

Just found the posting guide for logs! Sorry about that! Not sure how to delete this. :/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users