Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

service.exe Search Safer prompt at Startup and Conduit add on


  • Please log in to reply
23 replies to this topic

#1 saraflo26

saraflo26

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 10 May 2014 - 10:33 AM

Hi,
I have a Toshiba Satellite L855 laptop, running Windows 8.1. Every time I start up I get a prompt from Search Safer to allow it to run, which I click no. I also uninstalled some Windows PC optimizer and a few other programs that appeared to be unwanted. I ran the Norton antivirus and Lavasofts Ad-aware and it did not show me any threats. However, I think there is still something wrong. When I checked add-ons in the web browser I saw one for Conduit and I can't remove it. 
 
Can you help? I think these are viruses.

Edited by Queen-Evie, 10 May 2014 - 10:40 AM.
moved from Windows 8 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 10 May 2014 - 12:22 PM

Hallo saraflo26 and :welcome:

Would you do the following:

Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Thank you!



#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,460 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:57 PM

Posted 10 May 2014 - 01:17 PM

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 saraflo26

saraflo26
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 10 May 2014 - 06:14 PM

Ran AdwCleaner here is the report: 

 

# AdwCleaner v3.207 - Report created 10/05/2014 at 19:07:50
# Updated 05/05/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Sara - HOMELAPTOP
# Running from : C:\Users\Sara\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : APNMCP
[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A91196222
[#] Service Deleted : SystemkService
[#] Service Deleted : SystemkService2
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
[!] Folder Deleted : C:\ProgramData\systemk
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\Linkey
Folder Deleted : C:\Program Files (x86)\Retrogamer_4w
[!] Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Users\Sara\AppData\Local\Retrogamer_4w
Folder Deleted : C:\Users\Sara\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Sara\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Sara\AppData\LocalLow\iac
Folder Deleted : C:\Users\Sara\AppData\LocalLow\Retrogamer_4w
Folder Deleted : C:\Users\Sara\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Sara\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Sara\AppData\Roaming\SecureSearch
Folder Deleted : C:\Users\Sara\AppData\Roaming\Systweak
File Deleted : C:\END
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\thd3ff7s.default\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
File Deleted : C:\WINDOWS\Tasks\bench-sys.job
File Deleted : C:\WINDOWS\System32\Tasks\bench-sys
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4wffxtbr@Retrogamer_4w.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\CLASSES\Linkey.Linkey
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@Retrogamer_4w.com/Plugin
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{130A3F48-89CB-4EE1-88CC-76D25A5A3BAE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32272B5A-0B32-4C54-9E7B-3BF25AF566A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3392CFEC-56F8-41EE-BDB4-4E301EFD2C93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{543E73AC-0743-4592-A91F-D943FB0C1125}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{566A8145-9476-4615-95AE-5966651670CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58C93435-04CC-4CC3-8519-6A8FD403EA68}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5FDF0490-AF67-495B-921D-2257A38ED9FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70809736-9F62-444C-9F72-A198B4E61B86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{795B1212-0909-4C2F-A6A2-A26CCAF6D82C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D43CEC4-4610-4847-94F2-A9F0B6C049C4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7DF0ADF8-A019-48E9-A1A9-5FC523A3B4D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F8AD3E1-DE57-4FBC-B928-47D6395A0EA9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A13CC898-9CA9-4578-9629-B328422FF014}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF5A2478-AE74-4A39-AC55-D10B999CAE44}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B4F0C972-0E1A-4083-9A7E-054DEE447DA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E4351982-882F-46A6-B843-C789689473F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F523D9A7-E4FD-4BF7-A63A-7E8C93DFA073}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBC56FEF-B890-414E-9ED6-0909E5075291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD44FF38-75AB-4AF8-85B6-37E64A6D42DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28725C03-CBA1-4CF7-ACBE-586DC13286A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2FCFC6FD-409C-43AD-88C4-1F7610125B87}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AE3EE8-05D3-4DAF-8A0B-2530394FD8CB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A7C43421-AB2B-4373-AADD-F4B7AE15FDBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9581658-20F7-405B-B487-5CC26902E218}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F81A9A20-F851-46A7-AD69-C2780DBC377C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3392CFEC-56F8-41EE-BDB4-4E301EFD2C93}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3392CFEC-56F8-41EE-BDB4-4E301EFD2C93}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{130A3F48-89CB-4EE1-88CC-76D25A5A3BAE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{543E73AC-0743-4592-A91F-D943FB0C1125}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{566A8145-9476-4615-95AE-5966651670CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70809736-9F62-444C-9F72-A198B4E61B86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A13CC898-9CA9-4578-9629-B328422FF014}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FBC56FEF-B890-414E-9ED6-0909E5075291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2FCFC6FD-409C-43AD-88C4-1F7610125B87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DF0ADF8-A019-48E9-A1A9-5FC523A3B4D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28725C03-CBA1-4CF7-ACBE-586DC13286A0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2FCFC6FD-409C-43AD-88C4-1F7610125B87}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AE3EE8-05D3-4DAF-8A0B-2530394FD8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A7C43421-AB2B-4373-AADD-F4B7AE15FDBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9581658-20F7-405B-B487-5CC26902E218}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F81A9A20-F851-46A7-AD69-C2780DBC377C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SystemK
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Linkey
Key Deleted : HKLM\Software\SystemK
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Linkey
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\thd3ff7s.default\prefs.js ]
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [13671 octets] - [10/05/2014 19:03:29]
AdwCleaner[S0].txt - [12514 octets] - [10/05/2014 19:07:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12575 octets] ##########


#5 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 11 May 2014 - 07:22 AM

Uninstall Ad-Aware.

Start AdwCleaner and click on Uninstall button and it will disappear.

Please download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

Close it.After that:

 

Download Malwarebytes' Anti-Malware Free HERE to your desktop.
    - Do not accept the Free Trial Version at this time -
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

 

Thank you!



#6 saraflo26

saraflo26
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 12 May 2014 - 09:42 PM

Here is the Junkware log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Sara on Mon 05/12/2014 at 22:25:28.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1616144292-68108504-4142982917-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\thd3ff7s.default\prefs.js
 
user_pref("browser.search.defaultenginename", "Conduit Search");
user_pref("browser.search.selectedEngine", "Conduit Search");
Emptied folder: C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\thd3ff7s.default\minidumps [5 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/12/2014 at 22:32:12.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 saraflo26

saraflo26
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 12 May 2014 - 10:42 PM

malware log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/12/2014
Scan Time: 11:20:01 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.05.13.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sara
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 272255
Time Elapsed: 31 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 7
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\Retrogamer_4w.SkinLauncherSettings, Quarantined, [8d5ab997c3b882b4a07ea1bb4bb7e61a], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\Retrogamer_4w.SkinLauncherSettings.1, Quarantined, [72759cb416658bab839b0c50758d837d], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Retrogamer_4w.SkinLauncherSettings, Quarantined, [72759cb416658bab839b0c50758d837d], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Retrogamer_4w.SkinLauncherSettings.1, Quarantined, [72759cb416658bab839b0c50758d837d], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\Retrogamer_4w, Quarantined, [dc0b6fe11d5e2115028023a5ab58ba46], 
PUP.Optional.StartSavin.A, HKLM\SOFTWARE\WOW6432NODE\Start Savin, Quarantined, [0bdcfb5597e4f93dd1d121a85ca79c64], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1616144292-68108504-4142982917-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Retrogamer_4w, Quarantined, [9057b89825565adc86fd1eaa7e853ec2], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 8
PUP.Optional.InstallCore.A, C:\Users\Sara\AppData\Local\Temp\ICReinstall_nsv30AD.tmp, Quarantined, [4c9b460a77041d1996cc0f61df227c84], 
PUP.Optional.ToolBarInstaller.A, C:\Users\Sara\Downloads\HD_Player__MTCD16044_2direkt_0_0_0_0.exe, Quarantined, [3cab3e12552625117acc05d240c319e7], 
PUP.Optional.RegCleanPro, C:\Users\Sara\Downloads\rcp_enprem79_sec_pd.exe, Quarantined, [81668ac68bf01026513dd55f619f06fa], 
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, Quarantined, [bf2865ebe299cf675ce1a8e110f28977], 
PUP.Optional.Conduit.A, C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\thd3ff7s.default\searchplugins\conduit-search.xml, Quarantined, [7d6acc84a8d389ad6476aedda45ee31d], 
PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-Updater removing.job, Quarantined, [fdea1b35aad19d99dcd0d0c8cd354ab6], 
PUP.Optional.Conduit.A, C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://www.msn.com/?pc=BDT3&ocid=BDT3DHP", "http://search.conduit.com/?gd=&ctid=CT3328693&octid=EB_ORIGINAL_CTID&ISID=M91D58E15-A177-4B17-8AF3-0B45D429320F&SearchSource=55&CUI=&UM=5&UP=SP884A575F-59D3-4FC8-ACE8-A84EB0C01B3F&SSPV=" ],), Replaced,[598ed57b2358ef47b398dd9518ec41bf]
PUP.Optional.Conduit.A, C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "search_url": "http://search.conduit.com/Results.aspx?gd=&ctid=CT3328693&octid=EB_ORIGINAL_CTID&ISID=M91D58E15-A177-4B17-8AF3-0B45D429320F&SearchSource=58&CUI=&UM=5&UP=SP884A575F-59D3-4FC8-ACE8-A84EB0C01B3F&q={searchTerms}&SSPV=",), Replaced,[a443b997413a3204e295254dd3318a76]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 13 May 2014 - 11:08 AM

Hallo saraflo26!

So remove everything with Malwarebytes.

May you upload this - C:\ProgramData\boost_interprocess

to Virus Total - https://www.virustotal.com/

Also Start AdwCleaner and click Uninstall button and it will disappear.JRT just delete.

It is not good to have two antiviruses on your system if you mean AD Aware by Lavasoft,because I don`t know they have separate adware tool.

Download HitmanPro x64 from HERE onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.

 

Thank you!
 



#9 saraflo26

saraflo26
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 14 May 2014 - 09:00 PM

HitmanPro 3.7.9.216
www.hitmanpro.com
 
   Computer name . . . . : HOMELAPTOP
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : HOMELAPTOP\Sara
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-05-14 21:49:21
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 9m 6s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 155
 
   Objects scanned . . . : 1,922,444
   Files scanned . . . . : 66,893
   Remnants scanned  . . : 682,300 files / 1,173,251 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Sara\AppData\Local\nsn40C3.tmp
      Size . . . . . . . : 1,745,400 bytes
      Age  . . . . . . . : 3.6 days (2014-05-11 07:23:28)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1FD8E818A717FF3DC098F4607C3B0D81166351F36E96A82379BA1916C25DDDCC
      Product  . . . . . : AnyProtect
      Publisher  . . . . : AnyProtect.com
      Description  . . . : Any Protect Setup
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Copyright 2013
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Trojan.GenericKD.1671643
      Fuzzy  . . . . . . : 107.0
      Forensic Cluster
         -2.3s C:\Users\Sara\AppData\Local\Microsoft\Windows\INetCache\Sqm\iesqmdata0.sqm
          0.0s C:\Users\Sara\AppData\Local\nsn40C3.tmp
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Classes\AppID\iedll.dll\ (Linkey)
   HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}\ (Linkey)
   HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF\ (AskBar)
   HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}\ (Linkey)
   HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}\ (Linkey)
   HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1\ (Linkey)
   HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard\ (Linkey)
   HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}\ (Linkey)
   HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}\ (Linkey)
   HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}\ (AskBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\iedll.dll\ (Linkey)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}\ (Linkey)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}\ (Linkey)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}\ (Linkey)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{BD125908-5F10-409F-9C01-F2207CA18887}\ (AskBar)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}\ (Linkey)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}\ (Linkey)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06B42F08F6F40FA4F83EA94EF9F03F63\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06FCEE940712E4B4C8A7362CD8D249A1\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\085CE460BADC1D14EA94D8A62E517577\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B2690283E07C9B4085B3B794202E7F7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12D3738E79C70C74E9D808E162BD6691\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\189F6D048E923EA48B11D15B30CDAC81\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F0968491626AD249A2A6CBAC4DE352D\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22A78C977EC431247B2ECECC374DFE13\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2CAC1D959B4188B4F8E8C251A25DA9DB\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33990057697C62f47BB9FFD59CB4AEEB\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41BF64DDE5C2457478691CB0675759BA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42F5B13BF4BAD8D409578286A354E360\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4374E71C5355C4B4AACC93BBBF40E99F\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4410C9B6FF0094C418865CD2B243B258\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45B0A4620F799834C82DE0BD4E90E40B\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4859A93046C917F408248F3C16F75E77\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A3D29BA507550f4F87F6F33D42B24D6\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4E28C30B25E21BF4C9418857AEB2AF7C\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50390A9E27AD04A4698BF297EF564973\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D5D3B13CCBA08C479F107E50BD81C8A\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\661134B612233374391C95E8AC373BA3\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\734F787B99D52824EAB6CA1A89F801F7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\73A172B6C18A3594A9FA363311A187A3\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A0CF0C6A9F9B8642A392A1896DCCCF2\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE43E6BAE0DC0B43883C669D8DCE8B1\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7EC46CC5C43127A45A99762BF7A9C9E5\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFDE7BEC9977ac46B41B0A2BF7D88CD\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8011A895DAAC4CC45AF1397E3CE9CA16\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\81EE804DA9066C64A859E01A38075C59\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\879DDA62492E58A40898AD146BBB572E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88761D7BAC02ccc428CD5EF352BB933C\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CB53AD495D2C5443B95C9EE29E47902\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F85A4D374D5bf245B8722C062C2D00E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9516FC331A505934FA76C22DCFFEC47E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A08449608E3Ca1f4ABF236256A256754\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A431C8F3F57D7844B89242F5F7A5F62C\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A66E2D84F93A9E94FBA6AB3524D85958\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AA27FE018F87f5e4F97F31C09E7C5370\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC049320EE27170499EC0B6124142ED7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B448F401EF39C8346BF7BE9B8D1C7060\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5211271DD585A740AA28576B137D09D\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B58469E2C54833741B90BAD9CE5A1159\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6DA77032731EEE40B463A325128D613\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCC2BCA248E19F74F9AEDE4D1EFEFBC9\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C70C6F53DEE245249956FC291D801A71\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C7C0052DD04CBC84C81C0AC586485E50\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C879DCC3D00BE8E4282F02F1735E78DF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9FBD8E8A2691564FA012512BCC3748C\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB3AEBFFA9E907145906294AB669B1F2\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE142BFA81B72674892EB318BD603CB0\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE90A73A5D5A01a43A2EDCCF04BA9487\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D05B2B3F5629f9d41A7E57FB534168CA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D158B0E5D051EA046B8E08BF6B004842\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D45A81F48EF19334EABB33FF8871C4F5\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D538E650623CB2C43AD5FBF587227D55\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8D06C15BF8AFCD449EFF90B935AEF7C\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB1AE396B3BBfe940922C55C6EEF740A\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDF89DEE0C7E9A5448382117C4436818\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E55AA93871A0fde4490A708053AC6501\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E954A03F45EC92B419A55A0D4815C0A3\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E97C12D46BF588241856422D760336B4\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EA1332016439DD54C840C7D45CFB2705\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFBB6B0872B0DBB4D912A0F52986399D\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646\ (AskBar)
   HKU\.DEFAULT\Software\AskPartnerNetwork\ (AskBar)
   HKU\S-1-5-18\Software\AskPartnerNetwork\ (AskBar)
   HKU\S-1-5-21-1616144292-68108504-4142982917-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{54739D49-AC03-4C57-9264-C5195596B3A1} (Linkey)
 
Cookies _____________________________________________________________________
 
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediaforge.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:journalregistercompany.122.2o7.net
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:map.media6degrees.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:network.realmedia.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:oasc05134.247realmedia.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.adotube.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.prd.inpwrd.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
   C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\thd3ff7s.default\cookies.sqlite:ads.pointroll.com
   C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\thd3ff7s.default\cookies.sqlite:ads.yahoo.com
   C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\thd3ff7s.default\cookies.sqlite:atdmt.com
   C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\thd3ff7s.default\cookies.sqlite:doubleclick.net
   C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\thd3ff7s.default\cookies.sqlite:msnportal.112.2o7.net
   C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\thd3ff7s.default\cookies.sqlite:specificclick.net
   C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\thd3ff7s.default\cookies.sqlite:www.googleadservices.com
 
 


#10 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 15 May 2014 - 08:48 AM

Hallo saraflo26!

Click Next to remove found threads. You may need to activate trial version.

After that say if you have still problems according to your first description.

As a last step:

Please download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When completed select Uninstall application on close if you so wish
    Now click on Finish

 

Thank you!


Edited by Alex&Vanko, 15 May 2014 - 09:32 AM.


#11 saraflo26

saraflo26
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 17 May 2014 - 07:34 AM

Thank you. I ran ESET and had a list of PUPs and threats removed. Let me know if there are any further steps to follow. Also do I uninstall HITMAN Pro? 



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,076 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:57 AM

Posted 17 May 2014 - 10:43 AM

Hello, because Alex is not available right now, I'll work with you from here. :)

 

Can you please let me know if you have any remaining problem?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 saraflo26

saraflo26
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 17 May 2014 - 12:16 PM

When I check Start Up I still see the service.exe file for Search Safer. 



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,076 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:57 AM

Posted 17 May 2014 - 03:55 PM

What service.exe file exactly? Please right click it and select Properties, let me know what its location is.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 saraflo26

saraflo26
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 18 May 2014 - 11:21 AM

The service.exe file is located:

 

C:\Program Files\pcreg

 

The digital signature of the certificate is from: Search Safer Inc.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users