Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MALWARE ADWARE ISSUE?


  • Please log in to reply
18 replies to this topic

#1 parafanaylya

parafanaylya

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 05 March 2015 - 02:51 AM

Trying to fix my wife's pc. 

 

These folders look very suspect. Any advice?

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Havachat

Havachat

  • Members
  • 964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sleepy Hollow - Geelong - Go Cats.
  • Local time:05:51 PM

Posted 05 March 2015 - 05:26 AM

Trying to fix my wife's pc. 

 

These folders look very suspect. Any advice?

They are not suspect , they are a part of Google Chrome , and Webpage Scripts etc.

What seems to be the issues you are having ?

If you think you are infected in some way , run JRT , MalwareBytes , Adwcleaner - you can find them in the Download section of BC.

Also run Speccy and post results on your next post.



#3 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:01:51 AM

Posted 05 March 2015 - 08:53 AM

If you think you are infected in some way , run JRT , MalwareBytes , Adwcleaner - you can find them in the Download section of BC.
Also run Speccy and post results on your next post.


You also need to post JRT, Malwarebytes and AdwCleaner logs if you run those tools.

Follow the directions here for running Speccy http://www.bleepingcomputer.com/forums/t/323892/publish-a-snapshot-using-speccy/

Edited by Queen-Evie, 05 March 2015 - 08:55 AM.


#4 parafanaylya

parafanaylya
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 05 March 2015 - 08:59 AM

 

Trying to fix my wife's pc. 

 

These folders look very suspect. Any advice?

They are not suspect , they are a part of Google Chrome , and Webpage Scripts etc.

What seems to be the issues you are having ?

If you think you are infected in some way , run JRT , MalwareBytes , Adwcleaner - you can find them in the Download section of BC.

Also run Speccy and post results on your next post.

 

Sporadic popup ads that prevent normal browsing and interaction

 

Please tell me what JRT and BC mean. And where do I find Speccy?

 

errr - BC = here mybad


Edited by parafanaylya, 05 March 2015 - 09:01 AM.


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:01:51 AM

Posted 05 March 2015 - 09:02 AM

JRT stands for Junkware Removal Tool, a malware removal tool aiming at adware, browser hijackers, junkwares and PUPs. BC stands for BleepingComputer, the website/forum you are currently on. Speccy can be downloaded from free here:

https://www.piriform.com/speccy/download/standard

Edited by Aura., 05 March 2015 - 09:03 AM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 parafanaylya

parafanaylya
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 05 March 2015 - 09:03 AM

 

If you think you are infected in some way , run JRT , MalwareBytes , Adwcleaner - you can find them in the Download section of BC.
Also run Speccy and post results on your next post.


You also need to post JRT, Malwarebytes and AdwCleaner logs if you run those tools.

Follow the directions here for running Speccy http://www.bleepingcomputer.com/forums/t/323892/publish-a-snapshot-using-speccy/

 

thanks - will do so tomorrow and give feedback


JRT stands for Junkware Removal Tool, a malware removal tool aiming at adware, browser hijackers, junkwares and PUPs.

BC stands for BleepingComputer, the website/forum you are currently on. Speccy can be downloaded from free here:

https://www.piriform.com/speccy/download/standard

thanks - you guys are quick



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:01:51 AM

Posted 05 March 2015 - 09:04 AM

It would be best if you start by listing your programs prior to running JRT, since if they are installed on your system, uninstalling them first will be cleaner than running JRT.

3Al62Pm.pngList Installed Programs
  • Download MiniToolBox and move it to your Desktop;
  • Execute it by double-clicking on it;
  • Check the "List Installed Programs" checkbox;
    dE2KOUZ.png
  • Click on the Go button;
  • Once the scan is complete, a log will open.
    wRKHMXW.png
  • Copy/paste (select the Notepad, press Ctrl + A then Ctrl + C to copy, and Ctrl + V to paste) the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 parafanaylya

parafanaylya
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 06 March 2015 - 12:45 AM

MiniToolBox by Farbar  Version: 05-03-2015
Ran by User (administrator) on 06-03-2015 at 07:43:48
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
 
 
=========================== Installed Programs ============================
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bible Study (HKCU\...\0b72e7b1cee2a191) (Version: 5.4.1.1492 - Olive Tree Bible Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
e-Sword (HKLM\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
Extreme Blocker (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Extreme Blocker)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (Version: 2.8.31.13 - Oracle Corporation) Hidden
Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version:  - Lexmark International, Inc.)
LighterMonitor (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{c647e42f}) (Version:  - Software Publisher)
Linksys Wireless-G PCI Adapter (HKLM\...\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Security Client (Version: 4.7.0205.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.50908 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Pastel Partner Version 12 (HKLM\...\{4FDDC2F0-4F85-4CFF-96FA-8281D5B7201F}) (Version: 12.1.16 - Sage Pastel)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.0 - pdfforge)
Pervasive System Analyzer (HKLM\...\Pervasive System Analyzer) (Version:  - )
Pervasive.SQL 9.60 Workgroup for Windows (HKLM\...\{D8C0330E-C815-4C6F-9BFD-0FD570155790}) (Version: 9.60.016.000 - Pervasive Software Inc. )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Sage Connected Services (HKLM\...\{24AA48FB-1129-4EAB-A274-33F6AF9CB731}) (Version: 1.00.24 - Sage South Africa)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.7280 - Analog Devices)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (Version: 1.0.0 - RealNetworks) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
 
**** End of log ****


#9 parafanaylya

parafanaylya
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 06 March 2015 - 01:06 AM

2 more logs done so far. I ran the MTB utility after running JRT. So I started over, ran MTB - result above.

 

Then JRT and MWB logs below. Now doing speccy.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional x86
Ran by User on Fri 03/06/2015 at  7:46:49.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/06/2015 at  7:48:37.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/6/2015
Scan Time: 7:35:30 AM
Logfile: mwb log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.06.01
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368497
Time Elapsed: 22 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\mystartsearchSoftware, , [82c7bc86107aa4923660407444bf37c9], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{c647e42f}, , [82c744fe2c5e1e18d09c0fbe3cc754ac], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, , [ad9cb68c2b5f5bdb5d3e9a26b44f817f], 
 
Registry Values: 1
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [bb8e3b07b9d11c1a450179b12fd68878]
 
Registry Data: 4
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type=ds&ts=1422455987&from=wpc&uid=ST3250318AS_9VMCMVW3XXXX9VMCMVW3&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1422455987&from=wpc&uid=ST3250318AS_9VMCMVW3XXXX9VMCMVW3&q={searchTerms}),,[e6636ad8553595a1520909c725e0a759]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type=ds&ts=1422455987&from=wpc&uid=ST3250318AS_9VMCMVW3XXXX9VMCMVW3&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1422455987&from=wpc&uid=ST3250318AS_9VMCMVW3XXXX9VMCMVW3&q={searchTerms}),,[0d3c71d1cac0a690dc7f02ce0bfa3ac6]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, http://www.mystartsearch.com/web/?type=ds&ts=1422455987&from=wpc&uid=ST3250318AS_9VMCMVW3XXXX9VMCMVW3&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1422455987&from=wpc&uid=ST3250318AS_9VMCMVW3XXXX9VMCMVW3&q={searchTerms}),,[58f15ae882083006df7edef217ee946c]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://www.mystartsearch.com/web/?type=ds&ts=1422455987&from=wpc&uid=ST3250318AS_9VMCMVW3XXXX9VMCMVW3&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1422455987&from=wpc&uid=ST3250318AS_9VMCMVW3XXXX9VMCMVW3&q={searchTerms}),,[6adf94ae0b7fda5c95c8e4ec6e97fb05]
 
Folders: 0
(No malicious items detected)
 
Files: 4
PUP.Optional.Multiplug, C:\Program Files\LighterMonitor\LighterMonitor.dll, , [6bde5ce63258f93d87b87fade220e818], 
PUP.Optional.EZDownloader.A, C:\Users\User\AppData\Local\Temp\e602\temp\EzDownloader_setup.exe, , [1732aa98cebc78bee32e1010f60aef11], 
PUP.Optional.MultiPlug.A, C:\Users\User\AppData\Local\Temp\e602\temp\hpds_setup.exe, , [8ebb043e7911c17544074afa3dc5857b], 
PUP.Optional.MyStartSearch.A, C:\Users\User\AppData\Local\Temp\3fA65e83264\temp\wpc_mystartsearch.exe, , [87c21a285a30d0661682b75eb05628d8], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 

 



#10 parafanaylya

parafanaylya
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 06 March 2015 - 01:09 AM

http://speccy.piriform.com/results/trKakfh4GrDU0HX2KTrkBRR



#11 parafanaylya

parafanaylya
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 06 March 2015 - 01:17 AM

# AdwCleaner v4.111 - Logfile created 06/03/2015 at 08:14:55
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : User - FINANCES
# Running from : C:\Users\User\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\ProgramData\16368212050626426958
Folder Found : C:\ProgramData\5c36382000000a6e
Folder Found : C:\ProgramData\c654cfe800003e04
Folder Found : C:\ProgramData\dalhpigglhmehmoajicedefdnhpklink
Folder Found : C:\ProgramData\dalhpigglhmehmoajicedefdnhpklink
Folder Found : C:\ProgramData\hcojejnmphmjnpaojfdfbfilloegjcfl
Folder Found : C:\ProgramData\hcojejnmphmjnpaojfdfbfilloegjcfl
Folder Found : C:\Users\User\AppData\Local\Temp\apn
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71331529-e8c5-43ef-a49f-773f13cd0768}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ce150e-6acf-45c2-bc5a-4569d29e246c}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8b5c1f4c-aa87-4f15-b27a-acc568e2698d}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8f50e6e1-33fc-4bfd-91d7-015aba907a15}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9c385ebc-d290-4b05-b1a5-96a509c61837}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d83469f7-751c-47f5-a20b-4d9d026a7c0a}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fb65108c-0079-4aee-8cb8-489938f51059}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71331529-e8c5-43ef-a49f-773f13cd0768}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ce150e-6acf-45c2-bc5a-4569d29e246c}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b5c1f4c-aa87-4f15-b27a-acc568e2698d}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f50e6e1-33fc-4bfd-91d7-015aba907a15}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9c385ebc-d290-4b05-b1a5-96a509c61837}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d83469f7-751c-47f5-a20b-4d9d026a7c0a}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fb65108c-0079-4aee-8cb8-489938f51059}
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{71331529-e8c5-43ef-a49f-773f13cd0768}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83ce150e-6acf-45c2-bc5a-4569d29e246c}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8b5c1f4c-aa87-4f15-b27a-acc568e2698d}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8f50e6e1-33fc-4bfd-91d7-015aba907a15}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9c385ebc-d290-4b05-b1a5-96a509c61837}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{d83469f7-751c-47f5-a20b-4d9d026a7c0a}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{fb65108c-0079-4aee-8cb8-489938f51059}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found : HKLM\SOFTWARE\Classes\P71331529_e8c5_43ef_a49f_773f13cd0768_.P71331529_e8c5_43ef_a49f_773f13cd0768_
Key Found : HKLM\SOFTWARE\Classes\P71331529_e8c5_43ef_a49f_773f13cd0768_.P71331529_e8c5_43ef_a49f_773f13cd0768_.9
Key Found : HKLM\SOFTWARE\Classes\P83ce150e_6acf_45c2_bc5a_4569d29e246c_.P83ce150e_6acf_45c2_bc5a_4569d29e246c_
Key Found : HKLM\SOFTWARE\Classes\P83ce150e_6acf_45c2_bc5a_4569d29e246c_.P83ce150e_6acf_45c2_bc5a_4569d29e246c_.9
Key Found : HKLM\SOFTWARE\Classes\P8b5c1f4c_aa87_4f15_b27a_acc568e2698d_.P8b5c1f4c_aa87_4f15_b27a_acc568e2698d_
Key Found : HKLM\SOFTWARE\Classes\P8b5c1f4c_aa87_4f15_b27a_acc568e2698d_.P8b5c1f4c_aa87_4f15_b27a_acc568e2698d_.9
Key Found : HKLM\SOFTWARE\Classes\P8f50e6e1_33fc_4bfd_91d7_015aba907a15_.P8f50e6e1_33fc_4bfd_91d7_015aba907a15_
Key Found : HKLM\SOFTWARE\Classes\P8f50e6e1_33fc_4bfd_91d7_015aba907a15_.P8f50e6e1_33fc_4bfd_91d7_015aba907a15_.9
Key Found : HKLM\SOFTWARE\Classes\P9c385ebc_d290_4b05_b1a5_96a509c61837_.P9c385ebc_d290_4b05_b1a5_96a509c61837_
Key Found : HKLM\SOFTWARE\Classes\P9c385ebc_d290_4b05_b1a5_96a509c61837_.P9c385ebc_d290_4b05_b1a5_96a509c61837_.9
Key Found : HKLM\SOFTWARE\Classes\Pd83469f7_751c_47f5_a20b_4d9d026a7c0a_.Pd83469f7_751c_47f5_a20b_4d9d026a7c0a_
Key Found : HKLM\SOFTWARE\Classes\Pd83469f7_751c_47f5_a20b_4d9d026a7c0a_.Pd83469f7_751c_47f5_a20b_4d9d026a7c0a_.9
Key Found : HKLM\SOFTWARE\Classes\Pfb65108c_0079_4aee_8cb8_489938f51059_.Pfb65108c_0079_4aee_8cb8_489938f51059_
Key Found : HKLM\SOFTWARE\Classes\Pfb65108c_0079_4aee_8cb8_489938f51059_.Pfb65108c_0079_4aee_8cb8_489938f51059_.9
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ce150e-6acf-45c2-bc5a-4569d29e246c}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b5c1f4c-aa87-4f15-b27a-acc568e2698d}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f50e6e1-33fc-4bfd-91d7-015aba907a15}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d83469f7-751c-47f5-a20b-4d9d026a7c0a}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71331529-e8c5-43ef-a49f-773f13cd0768}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83ce150e-6acf-45c2-bc5a-4569d29e246c}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8b5c1f4c-aa87-4f15-b27a-acc568e2698d}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8f50e6e1-33fc-4bfd-91d7-015aba907a15}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9c385ebc-d290-4b05-b1a5-96a509c61837}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d83469f7-751c-47f5-a20b-4d9d026a7c0a}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fb65108c-0079-4aee-8cb8-489938f51059}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{c647e42f}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\mystartsearchSoftware
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1422455987&from=wpc&uid=ST3250318AS_9VMCMVW3XXXX9VMCMVW3&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1422455987&from=wpc&uid=ST3250318AS_9VMCMVW3XXXX9VMCMVW3&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1422455987&from=wpc&uid=ST3250318AS_9VMCMVW3XXXX9VMCMVW3&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1422455987&from=wpc&uid=ST3250318AS_9VMCMVW3XXXX9VMCMVW3&q={searchTerms}
 
-\\ Google Chrome v40.0.2214.115
 
 
-\\ Opera v0.0.0.0
 
*************************
 
AdwCleaner[R0].txt - [8547 bytes] - [06/03/2015 08:11:54]
AdwCleaner[R1].txt - [8468 bytes] - [06/03/2015 08:14:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [8527 bytes] ##########


#12 parafanaylya

parafanaylya
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 06 March 2015 - 01:26 AM

I ran a clean with AdwCleaner, rebooted and this is the result:

 

# AdwCleaner v4.111 - Logfile created 06/03/2015 at 08:19:48
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : User - FINANCES
# Running from : C:\Users\User\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\16368212050626426958
Folder Deleted : C:\ProgramData\5c36382000000a6e
Folder Deleted : C:\ProgramData\c654cfe800003e04
Folder Deleted : C:\Users\User\AppData\Local\Temp\apn
Folder Deleted : C:\ProgramData\dalhpigglhmehmoajicedefdnhpklink
Folder Deleted : C:\ProgramData\hcojejnmphmjnpaojfdfbfilloegjcfl
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\P71331529_e8c5_43ef_a49f_773f13cd0768_.P71331529_e8c5_43ef_a49f_773f13cd0768_
Key Deleted : HKLM\SOFTWARE\Classes\P71331529_e8c5_43ef_a49f_773f13cd0768_.P71331529_e8c5_43ef_a49f_773f13cd0768_.9
Key Deleted : HKLM\SOFTWARE\Classes\P83ce150e_6acf_45c2_bc5a_4569d29e246c_.P83ce150e_6acf_45c2_bc5a_4569d29e246c_
Key Deleted : HKLM\SOFTWARE\Classes\P83ce150e_6acf_45c2_bc5a_4569d29e246c_.P83ce150e_6acf_45c2_bc5a_4569d29e246c_.9
Key Deleted : HKLM\SOFTWARE\Classes\P8b5c1f4c_aa87_4f15_b27a_acc568e2698d_.P8b5c1f4c_aa87_4f15_b27a_acc568e2698d_
Key Deleted : HKLM\SOFTWARE\Classes\P8b5c1f4c_aa87_4f15_b27a_acc568e2698d_.P8b5c1f4c_aa87_4f15_b27a_acc568e2698d_.9
Key Deleted : HKLM\SOFTWARE\Classes\P8f50e6e1_33fc_4bfd_91d7_015aba907a15_.P8f50e6e1_33fc_4bfd_91d7_015aba907a15_
Key Deleted : HKLM\SOFTWARE\Classes\P8f50e6e1_33fc_4bfd_91d7_015aba907a15_.P8f50e6e1_33fc_4bfd_91d7_015aba907a15_.9
Key Deleted : HKLM\SOFTWARE\Classes\P9c385ebc_d290_4b05_b1a5_96a509c61837_.P9c385ebc_d290_4b05_b1a5_96a509c61837_
Key Deleted : HKLM\SOFTWARE\Classes\P9c385ebc_d290_4b05_b1a5_96a509c61837_.P9c385ebc_d290_4b05_b1a5_96a509c61837_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pd83469f7_751c_47f5_a20b_4d9d026a7c0a_.Pd83469f7_751c_47f5_a20b_4d9d026a7c0a_
Key Deleted : HKLM\SOFTWARE\Classes\Pd83469f7_751c_47f5_a20b_4d9d026a7c0a_.Pd83469f7_751c_47f5_a20b_4d9d026a7c0a_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pfb65108c_0079_4aee_8cb8_489938f51059_.Pfb65108c_0079_4aee_8cb8_489938f51059_
Key Deleted : HKLM\SOFTWARE\Classes\Pfb65108c_0079_4aee_8cb8_489938f51059_.Pfb65108c_0079_4aee_8cb8_489938f51059_.9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{c647e42f}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71331529-e8c5-43ef-a49f-773f13cd0768}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83ce150e-6acf-45c2-bc5a-4569d29e246c}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8b5c1f4c-aa87-4f15-b27a-acc568e2698d}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8f50e6e1-33fc-4bfd-91d7-015aba907a15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9c385ebc-d290-4b05-b1a5-96a509c61837}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{d83469f7-751c-47f5-a20b-4d9d026a7c0a}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{fb65108c-0079-4aee-8cb8-489938f51059}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ce150e-6acf-45c2-bc5a-4569d29e246c}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b5c1f4c-aa87-4f15-b27a-acc568e2698d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f50e6e1-33fc-4bfd-91d7-015aba907a15}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d83469f7-751c-47f5-a20b-4d9d026a7c0a}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71331529-e8c5-43ef-a49f-773f13cd0768}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ce150e-6acf-45c2-bc5a-4569d29e246c}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b5c1f4c-aa87-4f15-b27a-acc568e2698d}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f50e6e1-33fc-4bfd-91d7-015aba907a15}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9c385ebc-d290-4b05-b1a5-96a509c61837}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d83469f7-751c-47f5-a20b-4d9d026a7c0a}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fb65108c-0079-4aee-8cb8-489938f51059}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71331529-e8c5-43ef-a49f-773f13cd0768}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ce150e-6acf-45c2-bc5a-4569d29e246c}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8b5c1f4c-aa87-4f15-b27a-acc568e2698d}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8f50e6e1-33fc-4bfd-91d7-015aba907a15}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9c385ebc-d290-4b05-b1a5-96a509c61837}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d83469f7-751c-47f5-a20b-4d9d026a7c0a}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fb65108c-0079-4aee-8cb8-489938f51059}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71331529-e8c5-43ef-a49f-773f13cd0768}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83ce150e-6acf-45c2-bc5a-4569d29e246c}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8b5c1f4c-aa87-4f15-b27a-acc568e2698d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8f50e6e1-33fc-4bfd-91d7-015aba907a15}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9c385ebc-d290-4b05-b1a5-96a509c61837}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d83469f7-751c-47f5-a20b-4d9d026a7c0a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fb65108c-0079-4aee-8cb8-489938f51059}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
 
-\\ Google Chrome v40.0.2214.115
 
 
-\\ Opera v0.0.0.0
 
 
*************************
 
AdwCleaner[R0].txt - [8547 bytes] - [06/03/2015 08:11:54]
AdwCleaner[R1].txt - [8606 bytes] - [06/03/2015 08:14:55]
AdwCleaner[S0].txt - [8079 bytes] - [06/03/2015 08:19:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8138  bytes] ##########


#13 RobertHD

RobertHD

  • Members
  • 348 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in Oz
  • Local time:05:21 PM

Posted 06 March 2015 - 01:33 AM

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56  The two ones conduit and mystartsearch adware bundled with Malware

Robert James Crawley Klopp


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:01:51 AM

Posted 06 March 2015 - 06:28 AM

Uninstall LighterMonitor, it's a malicious program as well.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 parafanaylya

parafanaylya
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 06 March 2015 - 07:16 AM

Uninstall LighterMonitor, it's a malicious program as well.

Thanks, will do

 

 

can't find it anywhere except the log files of software above


Edited by parafanaylya, 06 March 2015 - 07:24 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users