Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Optimizer Pro popups and Vosteran hijacking Chrome


  • Please log in to reply
1 reply to this topic

#1 jatbr5

jatbr5

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:21 PM

Posted 11 January 2015 - 04:09 PM

One of my kids accidentally downloaded Optimizer Pro, Vosteran, and numerous other unwanted programs. I have attempted to uninstall all; most of them seem to have disappeared but Optimizer Pro and Vosteran persist. Malwarebytes hasn't done the job. I've uninstalled and reinstalled Chrome but Vosteran continues to hijack this browser. Help please! And thanks in advance!

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041
Run by Amy at 15:32:57 on 2015-01-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2039.592 [GMT -5:00]
.
AV: AVG AntiVirus 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Optimizer Pro 3.20\OptProReminder.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Optimizer Pro] c:\program files\optimizer pro 3.20\OptProLauncher.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{094B7650-59E2-4C4C-9B04-E8DDBA1BEEA4} : DHCPNameServer = 192.168.16.2
TCP: Interfaces\{094B7650-59E2-4C4C-9B04-E8DDBA1BEEA4}\255434F455059445 : DHCPNameServer = 192.168.16.2
TCP: Interfaces\{67A0886F-2F79-494F-909C-A50A643D2E07} : DHCPNameServer = 192.168.16.2
TCP: Interfaces\{B28A4E0A-0C6B-4349-89E6-5816B99CE07E} : DHCPNameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{B28A4E0A-0C6B-4349-89E6-5816B99CE07E}\14D6075646F575962756C6563737 : DHCPNameServer = 192.168.0.10
TCP: Interfaces\{B28A4E0A-0C6B-4349-89E6-5816B99CE07E}\34631343 : DHCPNameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{B28A4E0A-0C6B-4349-89E6-5816B99CE07E}\3516E666F62746F57457563747 : DHCPNameServer = 10.196.0.1
TCP: Interfaces\{B28A4E0A-0C6B-4349-89E6-5816B99CE07E}\3547163697E28456E6E656E62E0899370296051646 : DHCPNameServer = 69.78.96.14 66.174.92.14
TCP: Interfaces\{B28A4E0A-0C6B-4349-89E6-5816B99CE07E}\74F6D4F6F62786561646 : DHCPNameServer = 216.239.0.75 216.239.0.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
Hosts: 0.0.0.0 tracking.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\amy\appdata\roaming\mozilla\firefox\profiles\ivbuf4rj.default\
FF - prefs.js: browser.search.selectedEngine - Vosteran
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-11-18 154904]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-5 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-6-18 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-6-18 69392]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-12-8 208152]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-28 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-10 200984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-12-18 3432976]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-12-18 298080]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2015-1-10 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-1-10 969016]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 104264]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-11-9 227896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-1-10 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-1-10 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-1-10 51928]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-6-18 33552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-4-6 88192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-5-19 108032]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-18 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2015-01-11 16:00:38    9054624    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{4ab91f8b-0b6f-4187-be8a-eff102124fce}\mpengine.dll
2015-01-11 04:21:02    220784    ----a-w-    c:\program files\mozilla firefox\sandboxbroker.dll
2015-01-11 04:19:58    48240    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2015-01-11 04:19:57    74864    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2015-01-11 04:19:57    20080    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2015-01-11 04:08:19    --------    d-----w-    c:\users\amy\appdata\roaming\Avg_Update_1014av
2015-01-11 04:07:37    --------    d-----w-    c:\programdata\Avg_Update_1014av
2015-01-11 03:58:18    --------    d-----w-    c:\users\amy\appdata\roaming\AVG2015
2015-01-11 03:56:52    --------    d-----w-    c:\users\amy\appdata\roaming\TuneUp Software
2015-01-11 03:55:38    --------    d--h--w-    C:\$AVG
2015-01-11 03:55:38    --------    d-----w-    c:\programdata\AVG2015
2015-01-11 03:54:23    --------    d-----w-    c:\program files\AVG
2015-01-11 03:49:17    --------    d--h--w-    c:\programdata\Common Files
2015-01-11 03:49:17    --------    d-----w-    c:\users\amy\appdata\local\MFAData
2015-01-11 03:49:17    --------    d-----w-    c:\users\amy\appdata\local\Avg2015
2015-01-11 03:49:17    --------    d-----w-    c:\programdata\MFAData
2015-01-10 16:23:18    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-10 16:22:16    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-01-10 16:22:16    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-01-10 16:22:16    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-01-10 16:22:15    --------    d-----w-    c:\programdata\Malwarebytes
2015-01-10 16:22:15    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2015-01-10 15:43:35    908840    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{356c268a-b1c1-440a-b6bf-381dec628597}\gapaengine.dll
2015-01-10 15:42:09    9054624    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2015-01-10 04:26:01    --------    d-----w-    c:\program files\predm
2015-01-06 01:50:17    --------    d-----w-    c:\programdata\Browser
2015-01-04 23:37:30    22528    ----a-w-    c:\users\amy\appdata\local\dsisetup1741335732.exe
2015-01-03 03:51:17    --------    d-----w-    c:\windows\system32\Flash
2015-01-03 03:43:48    628496    ----a-w-    c:\users\amy\appdata\local\nse5195.tmp
2015-01-03 03:43:41    --------    d-sh--w-    c:\users\amy\appdata\roaming\AnyProtectEx
2015-01-03 03:35:04    --------    d-----w-    c:\programdata\Unchecky
2015-01-02 23:46:01    --------    d-----w-    c:\users\amy\appdata\local\com
2015-01-02 23:43:03    --------    d-----w-    c:\users\amy\appdata\roaming\Optimizer Pro
2015-01-02 23:42:38    332568    ----a-w-    c:\windows\system32\ColorMedia.dll
2015-01-02 23:42:22    2522    ----a-w-    c:\windows\patsearch.bin
2015-01-02 23:41:57    --------    d-----w-    c:\program files\Optimizer Pro 3.20
2015-01-02 23:41:07    --------    d-----w-    c:\users\amy\appdata\local\Programs
.
==================== Find3M  ====================
.
2014-12-31 11:13:47    249488    ------w-    c:\windows\system32\MpSigStub.exe
2014-12-09 02:25:06    208152    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2014-11-19 02:41:58    154904    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 15:38:57.69 ===============
 



BC AdBot (Login to Remove)

 


m

#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,834 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:21 PM

Posted 11 January 2015 - 06:41 PM

:welcome:
 
thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Download AdwCleaner from here. Save the file to the desktop.
  
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
 
Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  •  
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
  • AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
  • adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

Launch and update MalwareBytes AntiMawale

  • Once the program has loaded, select "Scan Now".
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click on Quanrantee All,.
  • When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
  • Upon restart, launch Malwarebytes Antimalware and select History.
  • Double click on the last scan done, then on Copy to Clipboard.
  • Right click on your next reply and select Paste.
  • Submit your reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

Edited by JSntgRvr, 11 January 2015 - 06:42 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users