Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant delete isearch.omiga-plus


  • Please log in to reply
26 replies to this topic

#1 Habertrot

Habertrot

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 04 February 2015 - 07:44 PM

Good evening, my brother recently downloaded a program and the omiga wepage startup hijacking program was bundled with the installer; i haven`t been able to get rid of it. I`ve tried uninstalling with iOBIT Uninstaller, scanning with AVG and Malwarebytes, deleting suspicious files from C:Program Files, and also fiddling around with Regedit. The problem still persists and I am out of ideas, I`m not that good myself with getting into technical terms with programming and thus I`m asking for help. What should I do? 

Thank you in advance!


Edited by hamluis, 04 February 2015 - 07:48 PM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 AM

Posted 04 February 2015 - 08:35 PM

Welcome to BC !

 

First, run a scan using Shortcut Cleaner. Shortcut Cleaner Download

When run, Shortcut Cleaner will scan various locations on your computer for Windows shortcuts.  When a shortcut is detected it will check properties for a possible hijacking. If one is detected, it will automatically clean the shortcut so that it no longer opens the offending program or  web site. When the Shortcut Cleaner has finished scanning your hard drive it will create a log file on your desktop called sc-cleaner.txt and then display it.  This log file will contains a list of all the shortcuts that were detected and cleaned. Please post the results of the scan.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Habertrot

Habertrot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 04 February 2015 - 08:46 PM

Shall I post the results after every step, or do I post all the results when I finish with the instructions?



#4 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 AM

Posted 04 February 2015 - 08:49 PM

Whatever is easiest for you. Each of the scans usually take less than 15 minutes except for the last one....the most important one...usually takes more than hour.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Habertrot

Habertrot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 04 February 2015 - 09:28 PM

So I'm running the last scan and it will take a while... Here are the logs generated by SCcleaner, Adware Cleaner, and JRT. THank you again for your help!

 

SCCLEANER

Shortcut Cleaner 1.3.4 by Lawrence Abrams (Grinler)

Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 
Windows Version: Windows 8.1 Single Language 
Program started at: 02/04/2015 07:42:18 PM.
 
Scanning for registry hijacks:
 
 * No issues found in the Registry.
 
Searching for Hijacked Shortcuts:
 
Searching C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\
 
  * Shortcut Cleaned: C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1423005839&from=cor&uid=ST320LT012-9WS14C_W0V1FWTCXXXXW0V1FWTC
 
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
 
  * Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=1423005839&from=cor&uid=ST320LT012-9WS14C_W0V1FWTCXXXXW0V1FWTC
 
Searching C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
 
  * Shortcut Cleaned: C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=1423005839&from=cor&uid=ST320LT012-9WS14C_W0V1FWTCXXXXW0V1FWTC
 
  * Shortcut Cleaned: C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1423005839&from=cor&uid=ST320LT012-9WS14C_W0V1FWTCXXXXW0V1FWTC
 
  * Shortcut Cleaned: C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=1423005839&from=cor&uid=ST320LT012-9WS14C_W0V1FWTCXXXXW0V1FWTC
 
  * Shortcut Cleaned: C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=1423005839&from=cor&uid=ST320LT012-9WS14C_W0V1FWTCXXXXW0V1FWTC
 
Searching C:\Users\Public\Desktop\
 
Searching C:\Users\Gabriel\Desktop
 
 
6 bad shortcuts found.
 
Program finished at: 02/04/2015 07:42:19 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)
 
ADWCLEANER
 
# AdwCleaner v4.109 - Report created 04/02/2015 at 19:56:25
# Updated 24/01/2015 by Xplode
# Database : 2015-02-04.1 [Live]
# Operating System : Windows 8.1 Single Language  (64 bits)
# Username : Gabriel - GABRIEL
# Running from : C:\Users\Gabriel\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : torchcrashhandler
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\torchcrashhandler
Folder Deleted : C:\Users\Gabriel\AppData\Local\torch
Folder Deleted : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
File Deleted : C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
File Deleted : C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
File Deleted : C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\TorchVLC
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\torch
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v40.0.2214.94
 
[C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : bmiabdepfhhiieiipmeecdmeljggmfee
 
*************************
 
AdwCleaner[R0].txt - [2677 octets] - [04/02/2015 19:54:03]
AdwCleaner[S0].txt - [2260 octets] - [04/02/2015 19:56:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2320 octets] ##########
 
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Single Language x64
Ran by Gabriel on 04/02/2015 at 20:04:50.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/02/2015 at 20:08:13.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 Habertrot

Habertrot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 05 February 2015 - 12:04 AM

So here are the results from the ESET Scan... it did take quite a long time aha.

C:\Users\Gabriel\Downloads\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Gabriel\Downloads\Total.War.ROME.II-RELOADED\rld-twrome2.iso a variant of Win32/HackTool.Crack.CA potentially unsafe application deleted (after the next restart)
C:\Users\Gabriel\Downloads\Total.War.ROME.II.Emperor.Edition.Update.v2.2.0.Incl.DLC-RELOADED\rld-twr2eeu220.rar a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted - quarantined
D:\My Games\Data folders-noninstalled games\Total.War.ROME.II.Emperor.Edition.Update.v2.2.0.Incl.DLC-RELOADED\rld-twr2eeu220.rar a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted - quarantined


#7 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 AM

Posted 05 February 2015 - 05:57 AM

So, how is the computer doing...is it running up to par?

 

Reset Google Chrome

Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

  1. In the top-right corner of the browser window, click the Chrome menu
  2. Select Settings.
  3. At the bottom, click Show advanced settings.
  4. Under the section "Reset settings,” click Reset settings.
  5. In the dialog that appears, click Reset.

 

Open CCleaner. Click on Tools and choose Startups. On that page you will see a list of Windows Startups and at the top you will see buttons for

each browser and Tasks. At the bottom right of that page you will see a button when clicked will allow you to copy and paste the list of Windows Startups

into your next post. Then click on the Tasks button and Copy and Paste that list of Tasks into your next post.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Habertrot

Habertrot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 05 February 2015 - 04:03 PM

So here are the checkups you asked for

 

CCLEANER WINDOWS STARTUP

 

Yes HKCU:Run VDownloader "C:\Program Files\VDownloader\VDownloader4.exe" /silent

Yes HKLM:Run Persistence Intel Corporation "C:\WINDOWS\system32\igfxpers.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\WINDOWS\system32\igfxtray.exe"
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\WINDOWS\system32\hkcmd.exe"
Yes HKLM:Run HDAudDeck VIA C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
Yes HKLM:Run DptfPolicyLpmServiceHelper Intel Corporation C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
Yes HKCU:Run DAEMON Tools Lite Disc Soft Ltd "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run AVG_UI AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
Yes HKLM:Run ATUninstallIcon "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
Yes HKLM:Run ATLauncher "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
Yes HKLM:Run ASUSWebStorage ASUS Cloud Corporation C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S
Yes HKLM:Run ASUSPRP ASUSTek Computer Inc. "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKCU:Run Advanced SystemCare 8 IObit "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
 
CCLEANER TASKS STARTUP
 
Yes Task ASC8_SkipUac_Gabriel IObit "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe" /SkipUac
Yes Task ASUS Live Update ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
Yes Task ASUS Live Update1 ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe -critical
Yes Task ASUS Live Update2 ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe -check
Yes Task ASUS P4G ASUS C:\Program Files\ASUS\P4G\BatteryLife.exe
Yes Task ASUS Patch for Touch Panel ASUSTek Computer INC. C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
Yes Task ASUS Patch for VIA Audio ASUSTek Computer INC. C:\Windows\system32\AsPatchViaAudio.exe
Yes Task ASUS Splendid ACMON ASUS C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
Yes Task ASUS Splendid ColorU ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
Yes Task ASUS USB Charger Plus ASUSTek Computer Inc. "C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
Yes Task ASUS VivoBook ASUSTeK Computer Inc. C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No Task Optimize Start Menu Cache Files-S-1-5-21-3491550801-1595165061-90639678-1001
Yes Task Uninstaller_SkipUac_Gabriel IObit "C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" /UninstallExplorer
 
SECURITY CHECKUP
 Results of screen317's Security Check version 0.99.96  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
Windows Defender                  
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Google Chrome (40.0.2214.93) 
 Google Chrome (40.0.2214.94) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#9 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 AM

Posted 05 February 2015 - 04:53 PM

Disable these startups: (you can use CCleaner. Open the Windows Startup page. Click on each item to highlight it and then choose disable on the right.)

Yes HKCU:Run VDownloader "C:\Program Files\VDownloader\VDownloader4.exe" /silent

Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\WINDOWS\system32\igfxtray.exe"
Yes HKCU:Run DAEMON Tools Lite Disc Soft Ltd "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run ATUninstallIcon "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
Yes HKLM:Run ATLauncher "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
Yes HKLM:Run ASUSWebStorage ASUS Cloud Corporation C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKCU:Run Advanced SystemCare 8 IObit "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto (Uninstall from Add/ Remove program list...risky and adware)
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
 
Disable these Tasks: (use CCleaner...)
Yes Task ASC8_SkipUac_Gabriel IObit "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe" /SkipUac
Yes Task ASUS Live Update ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
Yes Task ASUS Live Update1 ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe -critical
Yes Task ASUS Live Update2 ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe -check
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Uninstaller_SkipUac_Gabriel IObit "C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" /UninstallExplorer
 
The Security scan says your antivirus is out of date. Open AVG and check for updates. Not sure if it is referring Windows Defender, but make
sure AVG is updated.
 
IOBit is risk ware, spyware and adware intensive. Best not to have it. If you have a problem uninstalling it, use Revo Uninstaller. Use Advanced mode.
 
REPEAT....How is the computer....is it running up to par?

Edited by buddy215, 05 February 2015 - 05:05 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Habertrot

Habertrot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 05 February 2015 - 05:09 PM

So far it looks like I was able to get rid of the hijacking program. Chrome doesn't start up on isearch-omiga-plus. I was viewing the programs in the download section. Is it recommendable to download Emisoft, and should I download any other? Already disabled the start ups, I'm guessing that will speed up the startup. I did not know that IObit is not a recommendable program. I will restart the laptop and will check if the hijacking program is really gone or not.

 

Thank you for all your help



#11 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 AM

Posted 05 February 2015 - 05:19 PM

The most annoying problem was caused by what Shortcut Cleaner fixed....omiga-plus shortcut hijacker.

Do you plan to replace AVG? One antivirus and one antispyware is sufficient. Occassionally scanning with the programs I used to

remove adware is recommended after installing programs/ add-ons. Using CCleaner regularly will help to keep the computer purring.

 

You're welcome...enjoyed working with you...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 Habertrot

Habertrot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 05 February 2015 - 05:29 PM

I am thinking of replacing AVG with Emissoft and Hitman. I will also be conducting scans when I install new programs. Already restarted the laptop and its working fine. 

Again thank you and sorry for your time



#13 ylvilove

ylvilove

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 06 February 2015 - 06:56 AM

Hello,

I am new to this forum and not especially good at computers, but my partner's computer had become infected with isearch.omiga and after having tried to follow manual removal advice incl going into regedit and HKEYS (neither of which I know what they are by the way), it just wasn't shifting. Because there is so much rubbish online it's impossible for a relative novice to know what advice is safe and what isn't in terms of downloads but in the end I took a risk and went with your advice, Buddy215, and I am so glad I did. It has saved me!!!!!

I am currently halfway through the last stage, the ESET scan, but I thought I'd post the other results in the meantime in case they are of interest to you or anyone else :) My only niggle is, while the Shortcut cleaner seems to have singlehandedly removed the isearch.omiga from coming up in any of my search engines, it is still present as an option in Chrome settings when I open it up (even though it doesn't appear when I use the search engine). To clarify, when I go to Settings - Search and click on Manage Search Engines, it is still there as an option (along with other previously removed, thoroughly unwanted options such as Bing, Ask Jeeves etc). Any way of killing these permanently - or will the ESET scan take care of this? I have ESET on my own laptop and can't recommend them highly enough, however my partner's computer is 2 steps from death and he is unlikely to get a new one any time soon, so currently uses Microsoft Security Essentials which is more or less pointless imo.

 

Also, the ESET scan has found a lnk.URL.Trojan B - how bad is that and can I get rid of it?

 

OK, here are the scan results anyway.

 

SC cleaner: This came up as notepad originally but now I can't seem to open it, (had to close everything for the next scan) some kind of warning message comes up and I only have the option to put it into regedit... Stupid question for you experienced people maybe but would that release the isearch.omiga beast again? When I attempt to open with Notepad, it says there are no files to match :/

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows Vista ™ Home Premium x86
Ran by Tyra on 06/02/2015 at 10:17:16.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Tyra\appdata\local\{B0781FB7-8F79-4ED9-9368-51927E7B13C2}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/02/2015 at 10:34:49.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Adware cleaner:
 
# AdwCleaner v4.110 - Logfile created 06/02/2015 at 10:02:03
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Tyra - TYRA-IS-HAPPY
# Running from : C:\Users\Tyra\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : APNMCP
Service Deleted : WindowsMangerProtect
Service Deleted : IHProtect Service
[#] Service Deleted : {1007bb60-cbfa-4fb2-991d-e8357416f5fb}t
[#] Service Deleted : {70577838-ef7e-45d3-a249-5d43ed500b6b}t
[#] Service Deleted : {713f4525-9b38-40c8-81c7-6dd3bd0d9646}t
[#] Service Deleted : {873e9c4a-7b09-499b-bc47-9fc4bc35c8e9}t
[#] Service Deleted : {ec48494d-e0d5-40c8-93d5-69612e9b1df0}t
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\HotbarSA
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\IminentToolbar
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\Coupons
Folder Deleted : C:\Program Files\XTab
Folder Deleted : C:\Program Files\Optimizer Pro 3.33
Folder Deleted : C:\Users\Tyra\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Tyra\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Tyra\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\Tyra\AppData\Roaming\Hotbar
Folder Deleted : C:\Users\Tyra\AppData\Roaming\Nosibay
Folder Deleted : C:\Users\Tyra\AppData\Roaming\Store
Folder Deleted : C:\Users\Tyra\AppData\Roaming\WeatherDPA
Folder Deleted : C:\Users\Tyra\AppData\Roaming\WTools
Folder Deleted : C:\Users\Tyra\Documents\Optimizer Pro
Folder Deleted : C:\Users\Tyra\AppData\Roaming\Mozilla\Firefox\Profiles\ei2rs2oe.default-1417539730880\Extensions\faststartff@gmail.com
Folder Deleted : C:\Users\Tyra\AppData\Roaming\Mozilla\Firefox\Profiles\ei2rs2oe.default-1417539730880\Extensions\fftoolbar2014@etech.com
File Deleted : C:\Windows\system32\drivers\{1007bb60-cbfa-4fb2-991d-e8357416f5fb}t.sys
File Deleted : C:\Windows\system32\drivers\{70577838-ef7e-45d3-a249-5d43ed500b6b}t.sys
File Deleted : C:\Windows\system32\drivers\{713f4525-9b38-40c8-81c7-6dd3bd0d9646}t.sys
File Deleted : C:\Windows\system32\drivers\{873e9c4a-7b09-499b-bc47-9fc4bc35c8e9}t.sys
File Deleted : C:\Windows\system32\drivers\{ec48494d-e0d5-40c8-93d5-69612e9b1df0}t.sys
File Deleted : C:\Users\Tyra\AppData\Roaming\Bubble Dock.boostrap.log
File Deleted : C:\Users\Tyra\AppData\Roaming\Bubble Dock.installation.log
File Deleted : C:\Users\Tyra\AppData\Roaming\WindApp.installation.log
File Deleted : C:\Users\Tyra\AppData\Roaming\Selection Tools.installation.log
File Deleted : C:\Users\Tyra\AppData\Roaming\Mozilla\Firefox\Profiles\ei2rs2oe.default-1417539730880\user.js
File Deleted : C:\Users\Tyra\AppData\Roaming\Mozilla\Firefox\Profiles\ei2rs2oe.default-1417539730880\searchplugins\omiga-plus.xml
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Hotbar@Hotbar.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WeatherDPA]
Key Deleted : HKLM\SOFTWARE\Classes\CntntCntr.CntntDic
Key Deleted : HKLM\SOFTWARE\Classes\CntntCntr.CntntDic.1
Key Deleted : HKLM\SOFTWARE\Classes\CntntCntr.CntntDisp
Key Deleted : HKLM\SOFTWARE\Classes\CntntCntr.CntntDisp.1
Key Deleted : HKLM\SOFTWARE\Classes\CoreSrv.CoreServices
Key Deleted : HKLM\SOFTWARE\Classes\CoreSrv.CoreServices.1
Key Deleted : HKLM\SOFTWARE\Classes\CoreSrv.LfgAx
Key Deleted : HKLM\SOFTWARE\Classes\CoreSrv.LfgAx.1
Key Deleted : HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp
Key Deleted : HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1
Key Deleted : HKLM\SOFTWARE\Classes\HBMain.CommBand
Key Deleted : HKLM\SOFTWARE\Classes\HBMain.CommBand.1
Key Deleted : HKLM\SOFTWARE\Classes\hbr.HbMain
Key Deleted : HKLM\SOFTWARE\Classes\hbr.HbMain.1
Key Deleted : HKLM\SOFTWARE\Classes\HostIE.Bho
Key Deleted : HKLM\SOFTWARE\Classes\HostIE.Bho.1
Key Deleted : HKLM\SOFTWARE\Classes\HostOL.MailAnim
Key Deleted : HKLM\SOFTWARE\Classes\HostOL.MailAnim.1
Key Deleted : HKLM\SOFTWARE\Classes\HostOL.WebmailSend
Key Deleted : HKLM\SOFTWARE\Classes\HostOL.WebmailSend.1
Key Deleted : HKLM\SOFTWARE\Classes\HotbarAx.Info
Key Deleted : HKLM\SOFTWARE\Classes\HotbarAx.Info.1
Key Deleted : HKLM\SOFTWARE\Classes\HotbarAX.UserProfiles
Key Deleted : HKLM\SOFTWARE\Classes\HotbarAX.UserProfiles.1
Key Deleted : HKLM\SOFTWARE\Classes\HotbarWeather.WeatherController
Key Deleted : HKLM\SOFTWARE\Classes\HotbarWeather.WeatherController.1
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Srv.CoreServices
Key Deleted : HKLM\SOFTWARE\Classes\Srv.CoreServices.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.HtmlMenuUI
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.HtmlMenuUI.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarCtl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarCtl.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Selection Tools]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D00AA2A-69EF-487A-8A40-B3E27F07C91E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2F9AD413-2E0B-4A85-BB2A-CF961238262A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E67DAA-DA01-4DA5-98BE-3088B554A11E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D95C7240-0282-4C01-93F5-673BCA03DA86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D1063603-F045-475F-AFBC-8CBA7D5797FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{76D54105-99EB-4ECB-95B2-A944F50CC566}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CDC73256-A88D-4642-844E-A8F20B76789C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A3E67DAA-DA01-4DA5-98BE-3088B554A11E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D95C7240-0282-4C01-93F5-673BCA03DA86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4BFC-9DBE-E7C85941335B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A12BB81E-E3F6-4BC3-854C-300197DEE92A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5E6F45B-3AD4-4FAB-B2B4-1D33E59FBBBE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\45914InstEnd
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\hotbarsa
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\WTools
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Hotbar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\DomaIQ
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Hotbar
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\Supreme Savings
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 
-\\ Mozilla Firefox v
 
[ei2rs2oe.default-1417539730880\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[ei2rs2oe.default-1417539730880\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "omiga-plus");
[ei2rs2oe.default-1417539730880\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "omiga-plus");
[ei2rs2oe.default-1417539730880\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/web/favicon.ico");
[ei2rs2oe.default-1417539730880\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "omiga-plus");
[ei2rs2oe.default-1417539730880\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422478463&from=ild&uid=TOSHIBAXMK2555GSX_89VLFJADSXX89VLFJADS&q={searchTerms}");
[ei2rs2oe.default-1417539730880\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "omiga-plus");
[ei2rs2oe.default-1417539730880\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422478463&from=ild&uid=TOSHIBAXMK2555GSX_89VLFJADSXX89VLFJADS");
[ei2rs2oe.default-1417539730880\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14b3ba9055cd3cb6995e2888f66f65ea");
[ei2rs2oe.default-1417539730880\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[ei2rs2oe.default-1417539730880\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
 
-\\ Google Chrome v40.0.2214.93
 
 
*************************
 
AdwCleaner[R0].txt - [20769 bytes] - [06/02/2015 09:52:15]
AdwCleaner[S0].txt - [20246 bytes] - [06/02/2015 10:02:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20306  bytes] ##########
 

 

I will post the ESET results when it's done - it's on 28% atm and it has been running for 53 minutes. Oh, and is it safe to use things like Paypal, or shoulod I wait until all security scanning is done in case there is more malware?  :blink:



#14 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:39 AM

Posted 06 February 2015 - 08:16 AM

After Eset is finished and you have posted the results, run a scan using MBAM and then follow the instructions in my post #7.

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 ylvilove

ylvilove

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 06 February 2015 - 11:13 AM

ESET scan results:
 
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe.vir Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe.vir a variant of MSIL/DomaIQ.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\XTab\BrowerWatchCH.dll.vir Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\XTab\BrowerWatchFF.dll.vir Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\XTab\BrowserAction.dll.vir a variant of Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\XTab\CmdShell.exe.vir Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\XTab\HPNotify.exe.vir Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\XTab\IeWatchDog.dll.vir Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\XTab\ProtectService.exe.vir Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\XTab\SupTab.dll.vir a variant of Win32/ELEX.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk.vir LNK/URL.B trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.BH potentially unwanted application deleted - quarantined
C:\Users\Tyra\AppData\Local\Temp\amisetup0428__11083.exe a variant of Win32/Amonetize.DE potentially unwanted application deleted - quarantined
C:\Users\Tyra\AppData\Local\Temp\Apps\setup.exe a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\Users\Tyra\AppData\Roaming\PQK.exe a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application deleted - quarantined
C:\Users\Tyra\AppData\Roaming\SVUCJTBY.exe a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application deleted - quarantined
C:\Users\Tyra\Downloads\utorrent.exe a variant of Win32/Bunndle potentially unsafe application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2JHSPPU\91[1].js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users