Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help- Snapdo issue, virus in rootkit or registry


  • Please log in to reply
8 replies to this topic

#1 shaynestacy

shaynestacy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 21 December 2014 - 01:36 AM

Hi,
   My system no longer allows me to access the internet with IE11. The "Use a Proxy Server for Your LAN" is permanently checked- I can't get it to uncheck, and when I try to use IE, I get an error message "The Proxy Server Isn't Responding". Proxy settings are 127.0.0.1:53348.
Please help. Thanks in advance. How do I donate to the cause?
Shayne

Edited by Queen-Evie, 21 December 2014 - 03:34 AM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


m

#2 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 21 December 2014 - 04:30 AM

Hello there     :welcome:
 
Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this.
 
:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox.
  • Select the following and then press go.
  • Post the log in your next reply.

Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points
 
:step2: Please download Malwarebytes Anti-Malware to your desktop

  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log.

  • On the dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

:step3: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open, called checkup.txt.
  • Please post the contents of it in your next reply.

:step4: Non-malware removal steps
 
Run System File Checker - http://support.microsoft.com/KB/929833
Run Disk Check - http://support.microsoft.com/kb/2641432
Run Disk Cleanup - http://windows.microsoft.com/en-gb/windows/delete-files-using-disk-cleanup

Thanks and good luck!



#3 shaynestacy

shaynestacy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 21 December 2014 - 01:01 PM

Thank you for replying. Here is the info:

 

Mini tool box log:

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

=========================== Installed Programs ============================
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{B2D328BE-45AD-4D92-96F9-2151490A203E}) (Version: 1.3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - ?Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
CD Wave Editor version 1.72 (HKLM-x32\...\CD Wave_is1) (Version: 1.72 - )
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3226 - CyberLink Corp.)
CyberLink Blu-ray Disc Suite (x32 Version: 6.0.3226 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.3714 - CyberLink Corp.)
CyberLink LG Burning Tool (x32 Version: 6.2.3714 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2919.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2919.52 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1520 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.1.1520 - CyberLink Corp.) Hidden
eMusic Download Manager 6 (HKLM-x32\...\eMusic Download Manager 6) (Version: 6.0.4 - emusic.com)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}) (Version: 9.2.1.5 - Apple Inc.)
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime (HKLM-x32\...\{3D9892BB-A751-4E48-ADC8-E4289956CE1D}) (Version: 7.66.73.0 - Apple Inc.)
r8brain 1.9 (HKLM-x32\...\r8brain) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Salus (HKLM-x32\...\Salus) (Version: 1.0.14.28 - Salus)
Smilebox (HKCU\...\Smilebox) (Version: 1.0.0.26929 - Smilebox, Inc.)
Sony Sound Forge Audio Studio 9.0 (HKLM-x32\...\{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}) (Version: 9.0.232 - Sony)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 2.26 - NCH Software)
Trader's Little Helper 2.7.0 (HKLM-x32\...\TradersLittleHelper_is1) (Version: 2.7.0 - Robert Hoffmann)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WonderFox DVD Ripper (HKCU\...\WonderFoxDVDRipperBasic) (Version:  - WonderFox Soft, Inc. All Rights Reserved.)
========================= Restore Points ==================================

15-12-2014 02:35:14 Windows Update
15-12-2014 09:00:24 Windows Backup
19-12-2014 02:35:05 Windows Update

 

 

MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/21/2014
Scan Time: 7:48:30 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.21.03
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Shayne and Janice

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317883
Time Elapsed: 7 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.PurpleRain.A, C:\ProgramData\PurpleRain\PurpleRain.exe, Quarantined, [7601303536468caaefc0dd1a8b767d83],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Security check:

Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

Thanks again
 



#4 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 21 December 2014 - 01:14 PM

Hello there,

:step1: Enable Windows Security Centre

  • Click Start, type services.msc in the Start Search box, and press Enter.
  • In the Services console, double-click the service called Security Center.
  • Change the Startup Type to Automatic and click Start under Service status.

:step2: Please download rKill to your desktop

  • Double click it (Win 7, 8 and Vista users, right-click and select run as admin)
  • The tool will run and then a log file should open.
  • Please post the contents of it in your next reply.

Please don't restart your computer before running the next step.

:step3: Please download AdwCleaner to your desktop

  • Double click adwcleaner_x.xxx.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once your computer's restarted, a log should appear.
  • Please post this in your next reply.

:step4: Please download Junkware Removal Tool to your desktop

  • Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.

:step5: Please visit the ESET Online Scanner webpage
:exclame: Internet Explorer MUST be used for this step.  :exclame:

  • Click the checkbox next to 'Yes, I accept the Terms of Use' and click start.
  • Select the checkboxes which are displayed in the picture below.

jqnp8z.png

  • Press start and the scan will now begin - this scan will take a long time.
  • When the scand finished, select list threats and then export.
  • Choose a name for the log (e.g ESET) and click save (to your desktop)
  • Press the back button and then click finish. Please include the contents of the log in your reply.


#5 shaynestacy

shaynestacy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 21 December 2014 - 06:35 PM

Hi,

   I followed all of the steps below. When I performed the ESET scan, it hung for about 2 hours on the one file you see at the bottom of the list. I stopped the scan and exported what I could.

 

RKILL:

Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/21/2014 10:47:33 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  ÿþ1 2 7 . 0 . 0 . 1               l o c a l h o s t
 
   : : 1               l o c a l h o s t
 
  

Program finished at: 12/21/2014 10:48:02 AM
Execution time: 0 hours(s), 0 minute(s), and 28 seconds(s)

 

ADWCLEANER:

# AdwCleaner v4.106 - Report created 21/12/2014 at 10:55:31
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Shayne and Janice - SHAYNEANDJANICE
# Running from : J:\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : b786bdb3c67d

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\PurpleRain
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Shayne and Janice\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Shayne and Janice\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Shayne and Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Shayne and Janice\Documents\Optimizer Pro
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\netfilter64.sys

***** [ Scheduled Tasks ] *****

Task Deleted : LaunchSignup
Task Deleted : LuckyTab

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smilebox Bundle\Smilebox Bundle.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Salus]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\SpeeditUp
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\SimpleFiles
Key Deleted : HKLM\SOFTWARE\LookSafe
Key Deleted : HKLM\SOFTWARE\PicColor Utility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Salus
Key Deleted : [x64] HKLM\SOFTWARE\PicColor Utility
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [7554 octets] - [21/12/2014 10:49:41]
AdwCleaner[S0].txt - [7395 octets] - [21/12/2014 10:55:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7455 octets] ##########

 

JUNKWARE:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Shayne and Janice on Sun 12/21/2014 at 11:00:55.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/21/2014 at 11:03:40.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ESET:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\SoundTap\soundtap.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\SoundTap\soundtapsetup_v2.26.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Restored files from old hd\C\Users\shayne and janice\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Restored files from old hd\C\Users\shayne and janice\AppData\LocalLow\entrusted11\hk64tbentr.dll Win64/Toolbar.Conduit.B potentially unwanted application
C:\Restored files from old hd\C\Users\shayne and janice\AppData\LocalLow\entrusted11\hktbentr.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\Restored files from old hd\C\Users\shayne and janice\AppData\LocalLow\entrusted11\ldrtbentr.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Restored files from old hd\C\Users\shayne and janice\AppData\LocalLow\entrusted11\tbentr.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Restored files from old hd\C\Users\shayne and janice\AppData\LocalLow\entrusted11\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Restored files from old hd\C\Users\shayne and janice\Desktop\blu-ray-creator-express.exe Win32/Toolbar.Zugo potentially unwanted application
C:\Restored files from old hd\C\Users\shayne and janice\Desktop\SetupImgBurn_2.5.4.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Shayne and Janice\AppData\Roaming\KUBKCJBX JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Shayne and Janice\AppData\Roaming\XGYONR JS/Toolbar.Crossrider.C potentially unwanted application
C:\Windows\Installer\MSI33D9.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application
C:\Windows\Installer\MSI33D9.tmp-\spbe.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application
C:\Windows\Installer\MSI33D9.tmp-\sppsm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\Windows\Installer\MSI33D9.tmp-\spusm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\Windows\Installer\MSI33D9.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C potentially unwanted application
C:\Windows\Installer\MSI33D9.tmp-\srbu.dll a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\Windows\Installer\MSI33D9.tmp-\srptc.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\Windows\Installer\MSID85F.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application
C:\Windows\Installer\MSID85F.tmp-\sppsm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\Windows\Installer\MSID85F.tmp-\spusm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\Windows\Installer\MSID85F.tmp-\srbu.dll a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\Windows\Installer\MSID85F.tmp-\srptc.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\Windows\System32\ColorMedia.dll a variant of Win32/Adware.PicColor.C application
C:\Windows\SysWOW64\ColorMedia.dll a variant of Win32/Adware.PicColor.C application
I:\SHAYNEANDJANICE\Backup Set 2014-09-28 203133\Backup Files 2014-09-28 203133\Backup files 112.zip Win32/OpenCandy potentially unsafe application

 

Thanks

 



#6 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 21 December 2014 - 06:39 PM

Unfortunately ESET didn't remove what it found, due to it being cancelled early. ESET is known to take a large amount of time, so it may be advisable to leave it running over night.

 

How is the PC now?



#7 shaynestacy

shaynestacy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 21 December 2014 - 07:07 PM

it runs well-thanks a lot! I'll make a donation to the site. I'll run ESET overnight, but it really seemed like it hung up. Should I just remove the threats once it completes, or should I report back here?



#8 shaynestacy

shaynestacy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 21 December 2014 - 07:11 PM

and, I can't figure out how to donate to the site. let me know if I can



#9 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 22 December 2014 - 04:46 AM

Hello there,

 

Bleeping Computer doesn't currently accept donations as a whole site.

 

ESET should automatically remove all the threats once the scan's finished, if you followed my instructions for it properly (clicking remove threats in advanced options)

 

Thanks,

Lighthouse Party






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users