Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VO Package, Search Protect and rts.dsrite


  • Please log in to reply
38 replies to this topic

#1 annie367

annie367

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 12 October 2014 - 08:15 PM

I'm using Windows 7.  I got infected by VO Package, Search Protect, and rts.dsrite when somehow TornTV downloaded on my system.. I have run Malwarebytes three times, SuperAntiSpyware once, and Esnet twice. The reason why I ran Malwarebytes three times is because it found three more items during the second time. The third time it didn't find anything. I ran Esnet twice because I wanted to make sure on the second time there was nothing left over. I tried to download ADWCleaner, but Avast wouldn't let me. It says it's infected with Win32:Evo-gen [Susp]

 

When I checked my Add-ons in Firefox, it lists Search Helper has been disabled due to security or stability issues. There is not a Remove button, so I could remove it.

 

I can't get rid of rts.dsrite. Whenever I open up a new tab in Firefox, it opens with a blank page containing three links. Whenever I open new tabs, it should always be the blank page. I checked in options to make sure it's about:blank, and it is.

 

Down below are two Malwarebytes scan logs (third log was clean) and one Esnet log (second log was clean).

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.10.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ann :: ANN-HP [administrator]

10/12/2014 12:02:12 PM
mbam-log-2014-10-12 (12-02-12).txt
 

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 446860
Time elapsed: 42 minute(s), 28 second(s)

Memory Processes Detected: 4
C:\Program Files (x86)\Appstein\updateAppstein.exe (PUP.Optional.Appstein.A) -> 2644 -> Delete on reboot.
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro) -> 3544 -> Delete on reboot.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe (PUP.Optional.PayByAds.A) -> 4336 -> Delete on reboot.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe (PUP.Optional.PayByAds.A) -> 3460 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKLM\SYSTEM\CurrentControlSet\Services\Update Appstein (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
HKCR\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage (PUP.Optional.VOPackage.A) -> Quarantined and deleted successfully.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
HKCU\Software\Appstein (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKLM\Software\Appstein (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yahoo! Search (PUP.Optional.PayByAds.A) -> Data: C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage|UninstallString (PUP.Optional.VOPackage) -> Data: "C:\Users\ann\AppData\Roaming\VOPackage\uninstall.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SearchProtect|InstallDir (PUP.Optional.SearchProtect.A) -> Data: C:\PROGRA~2\SearchProtect -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Trovi.A) -> Bad: (http://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=MC5233A3E-C4AE-48FC-B699-BD579D2E0A74&SearchSource=55&CUI=&UM=6&UP=SP7CA17255-DB37-47D9-97E1-ED9D63D723FF&SSPV=) Good: (www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 32
C:\Users\ann\AppData\Roaming\VOPackage (PUP.Optional.VOPackage.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage (PUP.Optional.VOPackage) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Appstein (PUP.Optional.Appstein.A) -> Delete on reboot.
C:\Program Files (x86)\Appstein\bin (PUP.Optional.Appstein.A) -> Delete on reboot.
C:\Program Files (x86)\Appstein\bin\plugins (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\SearchProtect\SearchProtect\STG (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\Pay-By-Ads (PUP.Optional.PayByAds.A) -> Delete on reboot.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search (PUP.Optional.PayByAds.A) -> Delete on reboot.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4 (PUP.Optional.PayByAds.A) -> Delete on reboot.

Files Detected: 108
C:\Program Files (x86)\Appstein\bin\Appstein.BrowserAdapter.exe (PUP.Optional.AppStein.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\Appstein\updateAppstein.exe (PUP.Optional.Appstein.A) -> Delete on reboot.
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro) -> Delete on reboot.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe (PUP.Optional.PayByAds.A) -> Delete on reboot.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe (PUP.Optional.PayByAds.A) -> Delete on reboot.
C:\Program Files (x86)\Appstein\bin\d1c0eac9f46940b8943e.dll (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Appstein\bin\{d1c0eac9-f469-40b8-943e-bad63f865887}.dll (PUP.Optional.Appstein.A) -> Delete on reboot.
C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\res.dll (PUP.Optional.PayByAds.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\Temp\nsa56FC.tmp\pp.exe (PUP.Optional.Linkular) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\Temp\nsj8655.tmp\APSSetup.exe (PUP.Optional.BPlug) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\Temp\nsq681B.tmp\SimpleInstaller.exe (PUP.Optional.Linkular) -> Quarantined and deleted successfully.
C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Roaming\VOPackage\Uninstall.exe (PUP.Optional.VOPackage.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Roaming\VOPackage\runasu.exe (PUP.Optional.VOPackage.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Roaming\VOPackage\VOPackage.exe (PUP.Optional.VOPackage.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk (PUP.Optional.TornTV.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk (PUP.Optional.VOPackage) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb (PUP.Optional.SearchProtect) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Appstein\Appstein.ico (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Appstein\AppsteinUninstall.exe (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Appstein\updateAppstein.InstallState (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Appstein\bin\7za.exe (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Appstein\bin\Appstein.BrowserAdapter64.exe (PUP.Optional.Appstein.A) -> Delete on reboot.
C:\Program Files (x86)\Appstein\bin\BrowserAdapter.7z (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Appstein\bin\d1c0eac9f46940b8943e64.dll (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Appstein\bin\utilAppstein.exe (PUP.Optional.Appstein.A) -> Delete on reboot.
C:\Program Files (x86)\Appstein\bin\utilAppstein.InstallState (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Appstein\bin\{d1c0eac9-f469-40b8-943e-bad63f865887}64.dll (PUP.Optional.Appstein.A) -> Delete on reboot.
C:\Program Files (x86)\Appstein\bin\plugins\Appstein.BrowserAdapter.dll (PUP.Optional.Appstein.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\SearchProtect\UI\rep\UIRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\app.ini (PUP.Optional.PayByAds.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\gljkwWkX.dll (PUP.Optional.PayByAds.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\ieds.xml (PUP.Optional.PayByAds.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\J5omjlns.dll (PUP.Optional.PayByAds.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\rvt.js (PUP.Optional.PayByAds.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\serp.js (PUP.Optional.PayByAds.A) -> Quarantined and deleted successfully.
C:\Users\ann\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\sqlite.dll (PUP.Optional.PayByAds.A) -> Quarantined and deleted successfully.

(end)

 

This is the second Malwarebytes log.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.10.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ann :: ANN-HP [administrator]

10/12/2014 4:46:46 PM
mbam-log-2014-10-12 (16-46-46).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 446447
Time elapsed: 43 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\374311380 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Detected: 1
C:\ProgramData\374311380\BITDF5.tmp (Rogue.Multiple) -> Quarantined and deleted successfully.

(end)

This is the first Esnet.

 

C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$R2WS6YV.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$R85JO5Q.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RAK02ZK.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RBVVNS6.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RE4QKCG.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$REH0CQ7.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RKB5XBA.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RKM3AU7.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RKYIA8T.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RP9NMBK.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RPW6HQN.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RS7OZ2W.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RTSD641.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RUTV3QJ.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\ann\AppData\Local\Temp\ICReinstall_nsa26F2.tmp    a variant of Win32/InstallCore.PL potentially unwanted application    deleted - quarantined
C:\Users\ann\AppData\Local\Temp\ICReinstall_nsj7FB1.tmp    a variant of Win32/InstallCore.PL potentially unwanted application    deleted - quarantined
C:\Users\ann\AppData\Local\Temp\nsa26F2.tmp    a variant of Win32/InstallCore.PL potentially unwanted application    deleted - quarantined
C:\Users\ann\AppData\Local\Temp\nsj7FB1.tmp    a variant of Win32/InstallCore.PL potentially unwanted application    deleted - quarantined
C:\Users\ann\AppData\Local\Temp\optprosetup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\ann\AppData\Local\Temp\__tmp_22adb88b    a variant of Win32/SProtector.D potentially unwanted application    deleted - quarantined
C:\Users\ann\AppData\Local\Temp\nsj8655.tmp\COISetup.exe    Win32/AdWare.Linkular.AH application    cleaned by deleting - quarantined
C:\Users\ann\AppData\Local\Temp\nsj8655.tmp\InstallDaddy_RelevantKnowledge.exe    Win32/AdWare.Linkular.AH application    cleaned by deleting - quarantined
C:\Users\ann\AppData\Local\Temp\nsj8655.tmp\OPTISetup.exe    a variant of Win32/AdWare.SpeedingUpMyPC.N application    cleaned by deleting - quarantined
C:\Users\ann\Desktop\ccsetup405.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\ann\Desktop\ccsetup407.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\ann\Desktop\ccsetup413(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\ann\Desktop\ccsetup413.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\ann\Desktop\ccsetup414.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\ann\Desktop\ccsetup415.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\ann\Desktop\ccsetup416.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\ann\Desktop\ccsetup417(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\ann\Desktop\ccsetup417.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined


 


Edited by annie367, 12 October 2014 - 08:17 PM.


BC AdBot (Login to Remove)

 


#2 MillardPrograms

MillardPrograms

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 PM

Posted 12 October 2014 - 09:18 PM

Disable Avast, download AdwCleaner. Once done, PM with your TeamViewer ID so we can fix your firefox settings back to normal

.



#3 annie367

annie367
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 12 October 2014 - 09:42 PM

I can't run AdwCleaner. I don't use TeamViewer.



#4 MillardPrograms

MillardPrograms

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 PM

Posted 12 October 2014 - 09:52 PM

I can't run AdwCleaner. I don't use TeamViewer.

Okkkay buddy, you are ridiculous. I just gave you instructions to help your computer, and you completely rejected them. 

DISABLE AVAST, and run AdwCleaner. I already told you that

Then, DOWNLOAD TeamViewer - http://www.teamviewer.com/en/download/windows.aspx - if you're still having problems. If you don't want someone to actually help, then so be it, but I have tons of experience on this matter and it will be an easy fix. But you're going to have to follow my instructions.



#5 annie367

annie367
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 12 October 2014 - 10:09 PM

No, I'm not being ridiculous. I'm being safe. Why would I give you remote access to my computer? I prefer someone from the staff helps me.

#6 MillardPrograms

MillardPrograms

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 PM

Posted 12 October 2014 - 10:15 PM

No, I'm not being ridiculous. I'm being safe. Why would I give you remote access to my computer? I prefer someone from the staff helps me.

Haha okay, I was not even making you use TV, that was just an extra if you couldn't figure out how to put your settings back. TV can be ended at any time. It's extremely safe. The ridiculous part is that you won't run AdwCleaner.
Whatever buddy, your loss. I am not the one who needs their computer fixed.  



#7 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:11:16 AM

Posted 13 October 2014 - 09:21 AM

I can't run AdwCleaner. I don't use TeamViewer.


Okkkay buddy, you are ridiculous. I just gave you instructions to help your computer, and you completely rejected them. 
DISABLE AVAST, and run AdwCleaner. I already told you that
Then, DOWNLOAD TeamViewer - http://www.teamviewer.com/en/download/windows.aspx - if you're still having problems. If you don't want someone to actually help, then so be it, but I have tons of experience on this matter and it will be an easy fix. But you're going to have to follow my instructions.


 

No, I'm not being ridiculous. I'm being safe. Why would I give you remote access to my computer? I prefer someone from the staff helps me.


MillardPrograms, maybe you did not notice when Annie said "I can't run AdwCleaner".
Maybe there is a problem and she cannot get to run. You did not ask about that; instead you went on the attack and assumed she did not want to run it.

Annie, good policy you have. It is not ridiculous to tell someone you don't know that you will not give them access to your computer.
Please ignore everything said by MillardPrograms. I will make sure someone who knows what he is doing steps in to help you with approved Bleeping Computer accepted methods.

Millard, one more thing for you:
Due to several issues, one being liability, since the contact took place here we cannot support the process of remote assistance. We have no way of gauging the competency of those who offer the remote help. This is not to say I doubt your sincerity, or ability. This means that if we allow it, how can we be assured that each and every one who would offer are competent and trustworthy. It becomes a matter of acting in the best interests of our members security and safety. We have no control of the content of help being offered remotely. We do have full control over quality and safety of the content shared on the forums. Add to that we all learn when a thread is posted for others to learn from which does not happen privately with remote assistance.

Edited by Queen-Evie, 13 October 2014 - 09:23 AM.


#8 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:16 PM

Posted 13 October 2014 - 10:04 AM

Hi :)

 

My name's Naat and I will try to help you. Please ignore MiiardPrograms instructions.

 

Describe me your current issues and we will go from there :)


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#9 annie367

annie367
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 13 October 2014 - 11:50 AM

Naat,

 

I posted in my first post what I'm having issues with. I don't know if everything related to VO Package and Search Protect have been removed. I'm still having a problem with rts.dsrite. When using Firefox and opening up new tabs, instead of getting a blank page, I get a blank page that has three links in them. I tried to download ADWCleaner again, but Avast wouldn't let me. It says it's infected with Win32:Evo-gen [Susp] I ran Malwarebytes again this morning, and it found 3 issues.

 

Objects scanned: 446755

 

Time elapsed: 38 minute(s), 24 second(s)

 

Memory Processes Detected: 0 (No malicious items detected)

 

Memory Modules Detected: 0 (No malicious items detected)

 

Registry Keys Detected: 0 (No malicious items detected)

 

Registry Values Detected: 0 (No malicious items detected)

 

Registry Data Items Detected: 0 (No malicious items detected)

 

Folders Detected: 0 (No malicious items detected)

 

Files Detected: 3

 

C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RQ4DTA4.exe (PUP.Optional.Downloader) -> No action taken.

 

C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RQQ2U8Q.exe (PUP.Optional.Downloader) -> No action taken.

 

C:\$RECYCLE.BIN\S-1-5-21-3913706279-2267258337-3005876488-1000\$RVYHMG8.exe (PUP.Optional.Downloader) -> No action taken.

 

(end)


Edited by annie367, 13 October 2014 - 11:53 AM.


#10 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:16 PM

Posted 13 October 2014 - 11:59 AM

Hello annie :)
 
I am aware of what you have posted earlier. I'm asking about current issues & symptoms.
 
Please disable avast and download AdwCleaner.



adwcleaner_new.png Scan with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.

Please include the contents of that file in your reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#11 annie367

annie367
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 13 October 2014 - 12:12 PM

Naat,

 

This is what I'm still having a problem with. When using Firefox and opening up new tabs, instead of getting a blank page, I get a blank page that has three links in them. The links have to do with rts.dsrlte and yahoo search in them.

 

# AdwCleaner v4.000 - Report created 13/10/2014 at 12:05:40
# Updated 12/10/2014 by Xplode
# Database : 2014-10-13.4
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ann - ANN-HP
# Running from : C:\Users\ann\Desktop\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\ann\Desktop\Continue Live Installation.lnk
Folder Found : C:\Users\ann\Documents\Optimizer Pro

***** [ Scheduled Tasks ] *****

Task Found : Yahoo! Search
Task Found : Yahoo! Search Udpater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\powerpack
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.3
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v29.0.1 (en-US)

 

[m45l2ud5.default-1395601490106] - Line Found : user_pref("browser.newtab.url", "hxxp://rts.dsrlte.com/?m=tab");
[m45l2ud5.default-1395601490106] - Line Found : user_pref("keyword.URL", "hxxp://rts.dsrlte.com/?q=");

-\\ Google Chrome v

Found [Search Provider] : hxxp://rts.dsrlte.com/?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4610 octets] - [13/10/2014 12:05:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4670 octets] ##########


 


Edited by annie367, 13 October 2014 - 12:20 PM.


#12 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:16 PM

Posted 13 October 2014 - 01:25 PM

Very good. Now let's get rid of its findings.



adwcleaner_new.png Fix with AdwCleaner

Please re-run AdwCleaner.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

 

 

Any improvement?


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#13 annie367

annie367
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 13 October 2014 - 01:42 PM

# AdwCleaner v4.000 - Report created 13/10/2014 at 13:38:07
# DB v2014-10-13.5
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ann - ANN-HP
# Running from : C:\Users\ann\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\ann\Documents\Optimizer Pro
File Deleted : C:\Users\ann\Desktop\Continue Live Installation.lnk

***** [ Scheduled Tasks ] *****

Task Deleted : Yahoo! Search
Task Deleted : Yahoo! Search Udpater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.3
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v29.0.1 (en-US)

[m45l2ud5.default-1395601490106] - Line Deleted : user_pref("browser.newtab.url", "hxxp://rts.dsrlte.com/?m=tab");
[m45l2ud5.default-1395601490106] - Line Deleted : user_pref("keyword.URL", "hxxp://rts.dsrlte.com/?q=");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [4806 octets] - [13/10/2014 12:05:40]
AdwCleaner[R1].txt - [4866 octets] - [13/10/2014 13:34:32]
AdwCleaner[R2].txt - [4926 octets] - [13/10/2014 13:36:23]
AdwCleaner[S0].txt - [4395 octets] - [13/10/2014 13:38:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4455 octets] ##########
 



#14 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:16 PM

Posted 13 October 2014 - 01:44 PM

Very good. Now please update me what issues persist.



5204fb054866c-TFC_nieuw_25x25.png Clean Temporary Files with TFC

Please download TFC by OldTimer and save it to your desktop.

  • Right-click on 5204fb054866c-TFC_nieuw_25x25.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Close any open programs and save your current work.
  • Click the Start button to begin. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a couple of minutes.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

This tool doesn't generate any report. Instead I recommend to keep it for good maintenance of your machine.
 

 

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:

  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#15 annie367

annie367
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 13 October 2014 - 03:46 PM

I'm no longer having problems. :)

 

Before running TFC, I wish I would've known it would delete files in my recycle bin. There were important things in there, including pictures of my mom who died in March, I wanted to keep. I know it was my fault for not putting them somewhere else. It was easier for me to get to them. I use CCleaner on a daily basis and probably should have told you that. I use it because it has an option not to delete what's in the recycle bin.

 

I ran Eset.  The log file was blank because it didn't find anything.

 

Thank you for your help. :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users