Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

left computer with roommates for 3 months, FULL of popups and randsomeware


  • Please log in to reply
47 replies to this topic

#1 krazyistkarl

krazyistkarl

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 13 August 2015 - 03:53 PM

 

I was on the reoad for 3 months and left my coputer back at home, it was used while I was away and now its full of popups, and what apears to be some randsomeware saying to call 1-800-264-5133 to have popups disabled

 

I turn to you Bleeping computer, whats my first plan of attack?

 

thanks in advance

 

Karl

 


BC AdBot (Login to Remove)

 


m

#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Malware Study Hall Senior
  • 2,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:01:18 AM

Posted 15 August 2015 - 02:14 AM

Sorry for the delay in getting to your problem. First thing is to see what we're up against.

Please download AdwCleaner by Xplode and save to your Desktop. This will only scan your computer. I like to know what will be removed before it is removed. Just cautious that way.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

To err is Human. To blame it on someone else is even more Human.

#3 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 17 August 2015 - 11:58 PM

 

hi, I apologize for my lateness, I was away for the weekend, but here ais the log

 

# AdwCleaner v2.300 - Logfile created 05/01/2013 at 00:14:23
# Updated 28/04/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : Karl - KARL
# Boot Mode : Normal
# Running from : C:\Users\Karl\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

# AdwCleaner v5.001 - Logfile created 17/08/2015 at 22:51:54
# Updated 17/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Karl - KARL
# Running from : C:\Users\Karl\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : mcaudrv_simple
Service Found : ManyCam
Service Found : e47f97f2

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\eSupport.com
Folder Found : C:\Program Files (x86)\Probit Software
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Wajam
Folder Found : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Found : C:\Program Files (x86)\bestadblocker
Folder Found : C:\Program Files (x86)\LightningDownloader
Folder Found : C:\Program Files (x86)\bestadblocker
Folder Found : C:\Program Files (x86)\BestSaVeForYou
Folder Found : C:\Program Files (x86)\BestSaveForYouu
Folder Found : C:\Program Files (x86)\BestSaVVeForYoui
Folder Found : C:\Program Files (x86)\CutThePrice
Folder Found : C:\Program Files (x86)\CUtThePricue
Folder Found : C:\Program Files (x86)\CutTTHePrice
Folder Found : C:\Program Files (x86)\DDiscounotExtensi
Folder Found : C:\Program Files (x86)\DiscouontEXtensi
Folder Found : C:\Program Files (x86)\DiscouuntuExtiennssi
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\8718029030620689852
Folder Found : C:\ProgramData\{76a35d12-1ea2-2d67-76a3-35d121ea7448}
Folder Found : C:\ProgramData\{9edb5967-2f69-5a5a-9edb-b59672f6659c}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightningDownloader
Folder Found : C:\Users\Karl\AppData\Local\Conduit
Folder Found : C:\Users\Karl\AppData\Local\NativeMessaging
Folder Found : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfehmiknpngmjkhiieampgfppicbncid
Folder Found : C:\Users\Karl\AppData\LocalLow\Conduit
Folder Found : C:\Users\Karl\AppData\Roaming\LightningDownloader
Folder Found : C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Probit Software
Folder Found : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\Extensions\2XfF@4zl.org
Folder Found : C:\Users\Karl\Documents\Updater

***** [ Files ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Found : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lipgolpfajiadodbcbljdpmbmbdmfcil
File Found : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gfehmiknpngmjkhiieampgfppicbncid_0.localstorage
File Found : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gfehmiknpngmjkhiieampgfppicbncid_0.localstorage-journal
File Found : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\searchplugins\WebSearch.xml
File Found : C:\Users\Public\Desktop\LightningDownloader.lnk
File Found : C:\WINDOWS\Sysnative\drivers\mcaudrv_x64.sys
File Found : C:\WINDOWS\Sysnative\drivers\mcvidrv.sys

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\P58D4B970_4222_4DB4_96C2_234FB20D35DF_.P58D4B970_4222_4DB4_96C2_234FB20D35DF_
Key Found : HKLM\SOFTWARE\Classes\P58D4B970_4222_4DB4_96C2_234FB20D35DF_.P58D4B970_4222_4DB4_96C2_234FB20D35DF_.9
Key Found : HKLM\SOFTWARE\Classes\P58D7D66C_5D66_4432_8B4A_B51FCB601204_.P58D7D66C_5D66_4432_8B4A_B51FCB601204_
Key Found : HKLM\SOFTWARE\Classes\P58D7D66C_5D66_4432_8B4A_B51FCB601204_.P58D7D66C_5D66_4432_8B4A_B51FCB601204_.9
Key Found : HKLM\SOFTWARE\Classes\P6A99C2E4_D29C_4B11_9272_B9A6B7A9D734_.P6A99C2E4_D29C_4B11_9272_B9A6B7A9D734_
Key Found : HKLM\SOFTWARE\Classes\P6A99C2E4_D29C_4B11_9272_B9A6B7A9D734_.P6A99C2E4_D29C_4B11_9272_B9A6B7A9D734_.9
Key Found : HKLM\SOFTWARE\Classes\P8781123A_9C3C_467D_8AC1_5FE6A04DE8D4_.P8781123A_9C3C_467D_8AC1_5FE6A04DE8D4_
Key Found : HKLM\SOFTWARE\Classes\P8781123A_9C3C_467D_8AC1_5FE6A04DE8D4_.P8781123A_9C3C_467D_8AC1_5FE6A04DE8D4_.9
Key Found : HKLM\SOFTWARE\Classes\PC4B770FF_219E_4D52_9DC7_2171CB5B259D_.PC4B770FF_219E_4D52_9DC7_2171CB5B259D_
Key Found : HKLM\SOFTWARE\Classes\PC4B770FF_219E_4D52_9DC7_2171CB5B259D_.PC4B770FF_219E_4D52_9DC7_2171CB5B259D_.9
Key Found : HKLM\SOFTWARE\Classes\PC936D8AF_CAB2_414D_89AF_E2A9B7603237_.PC936D8AF_CAB2_414D_89AF_E2A9B7603237_
Key Found : HKLM\SOFTWARE\Classes\PC936D8AF_CAB2_414D_89AF_E2A9B7603237_.PC936D8AF_CAB2_414D_89AF_E2A9B7603237_.9
Key Found : HKLM\SOFTWARE\Classes\PFF5C3F88_6BBB_4544_9FBB_737858239858_.PFF5C3F88_6BBB_4544_9FBB_737858239858_
Key Found : HKLM\SOFTWARE\Classes\PFF5C3F88_6BBB_4544_9FBB_737858239858_.PFF5C3F88_6BBB_4544_9FBB_737858239858_.9
Key Found : HKLM\SOFTWARE\f029cde7-0193-4a8b-f513-d5894a88da7c
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{e47f97f2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{58D4B970-4222-4DB4-96C2-234FB20D35DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{58D7D66C-5D66-4432-8B4A-B51FCB601204}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6A99C2E4-D29C-4B11-9272-B9A6B7A9D734}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8781123A-9C3C-467D-8AC1-5FE6A04DE8D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C4B770FF-219E-4D52-9DC7-2171CB5B259D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C936D8AF-CAB2-414D-89AF-E2A9B7603237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FF5C3F88-6BBB-4544-9FBB-737858239858}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CC6F4F54-6EF8-4E84-BDC6-ABC6F83100BE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8781123A-9C3C-467D-8AC1-5FE6A04DE8D4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58D4B970-4222-4DB4-96C2-234FB20D35DF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF5C3F88-6BBB-4544-9FBB-737858239858}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58D4B970-4222-4DB4-96C2-234FB20D35DF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF5C3F88-6BBB-4544-9FBB-737858239858}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{58D4B970-4222-4DB4-96C2-234FB20D35DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{58D7D66C-5D66-4432-8B4A-B51FCB601204}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6A99C2E4-D29C-4B11-9272-B9A6B7A9D734}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8781123A-9C3C-467D-8AC1-5FE6A04DE8D4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4B770FF-219E-4D52-9DC7-2171CB5B259D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C936D8AF-CAB2-414D-89AF-E2A9B7603237}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FF5C3F88-6BBB-4544-9FBB-737858239858}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58D4B970-4222-4DB4-96C2-234FB20D35DF}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58D7D66C-5D66-4432-8B4A-B51FCB601204}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{6A99C2E4-D29C-4B11-9272-B9A6B7A9D734}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{8781123A-9C3C-467D-8AC1-5FE6A04DE8D4}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{C4B770FF-219E-4D52-9DC7-2171CB5B259D}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{C936D8AF-CAB2-414D-89AF-E2A9B7603237}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FF5C3F88-6BBB-4544-9FBB-737858239858}]
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{58D4B970-4222-4DB4-96C2-234FB20D35DF}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{58D7D66C-5D66-4432-8B4A-B51FCB601204}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6A99C2E4-D29C-4B11-9272-B9A6B7A9D734}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{8781123A-9C3C-467D-8AC1-5FE6A04DE8D4}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{C4B770FF-219E-4D52-9DC7-2171CB5B259D}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{C936D8AF-CAB2-414D-89AF-E2A9B7603237}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{FF5C3F88-6BBB-4544-9FBB-737858239858}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8781123A-9C3C-467D-8AC1-5FE6A04DE8D4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\PrivitizeVPNInstallDates
Key Found : HKCU\Software\WajIEnhance
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3H-6E62-4961-A14B-95323C512F9B}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\PrivitizeVPNInstallDates
Key Found : [x64] HKCU\Software\WajIEnhance
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90
Data Found : HKU\S-1-5-21-3599311508-1225117502-3980116514-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Data Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {BB82DE59-BC4C-4172-9AC4-73315F71CFFE}

***** [ Web browsers ] *****

[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\prefs.js] [Preference] Found : user_pref("browser.startup.homepage", "hxxp://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90");
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\prefs.js] [Preference] Found : user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=44f84e5d00000000000052b7c34eaa12");
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\prefs.js] [Preference] Found : user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=44f84e5d00000000000052b7c34eaa12");
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\prefs.js] [Preference] Found : user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=44f84e5d00000000000052b7c34eaa12");
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\prefs.js] [Preference] Found : user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=44f84e5d00000000000052b7c34eaa12&q=");
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename", "WebSearch");
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("browser.search.defaulturl", "hxxp://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90&l=1&q=");
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("browser.search.order.1", "WebSearch");
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("browser.search.order.1,S", "WebSearch");
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "WebSearch");
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("browser.startup.homepage", "hxxp://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90");
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("extensions.DRMA2lPX9n9U1TPI.scode", "(function(){try{if(window.location.href.indexOf(\"rja5rjk7qTC5pds6qdY9rdw9rTw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("extensions.ERHEqe0yAtIzKD8j.scode", "(function(){try{if(window.location.href.indexOf(\"rja5rjk7qTC5pds6qdY9rdw9rTw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("extensions.QP9pCnjsp4iuIVO0.scode", "(function(){try{if(window.location.href.indexOf(\"rja5rjk7qTC5pds6qdY9rdw9rTw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("extensions.cjBge5bFzVM0x7Jc.scode", "(function(){try{if(window.location.href.indexOf(\"rja5rjk7qTC5pds6qdY9rdw9rTw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("extensions.m6bsloGJGVvvKiwx.scode", "(function(){try{if(window.location.href.indexOf(\"rja5rjk7qTC5pds6qdY9rdw9rTw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Found : user_pref("keyword.URL", "hxxp://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90&l=1&q=");
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.conduit.com
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : websearch
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90

*************************

C:\AdwCleaner[R1].txt - [14050 bytes] - [01/05/2013 00:11:22]
C:\AdwCleaner[R2].txt - [1196 bytes] - [03/05/2013 01:06:14]
C:\AdwCleaner[S1].txt - [287 bytes] - [30/04/2013 23:21:35]
C:\AdwCleaner[S2].txt - [17500 bytes] - [01/05/2013 00:14:23]
C:\AdwCleaner[S3].txt - [14602 bytes] - [01/05/2013 15:28:56]
C:\AdwCleaner[S4].txt - [1262 bytes] - [03/05/2013 01:09:05]

########## EOF - C:\AdwCleaner[S2].txt - [17688 bytes] ##########
 

 



#4 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Malware Study Hall Senior
  • 2,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:01:18 AM

Posted 18 August 2015 - 12:50 AM

# AdwCleaner v2.300 - Logfile created 05/01/2013 at 00:14:23
# Updated 28/04/2013 by Xplode

 
Did you download AdwCleaner from the link that I provided in Post 2? I can't figure out why you wound up with a much earlier version, and the log generated is dated 05/01/2013.

Edited by Bezukhov, 18 August 2015 - 12:50 AM.

To err is Human. To blame it on someone else is even more Human.

#5 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 18 August 2015 - 12:54 AM

 

yes i did dowload it from the link.  I have had a previous version on here at some point but I thought I had it deleted once everyting was back to normal.

I double checked and the Version I have is 5.001



#6 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Malware Study Hall Senior
  • 2,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:01:18 AM

Posted 18 August 2015 - 01:01 AM

Run the new version, please.

ETA: Did you install ManyCam, or did your roommate?

Edited by Bezukhov, 18 August 2015 - 01:02 AM.

To err is Human. To blame it on someone else is even more Human.

#7 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 18 August 2015 - 01:19 AM

I belive I did a while back, trying to get my DSLR to be a web cam but it never worked out and i forgot about it.

 

I re ran the scan, but as per your instructions I cant find the REPORT button, only a logfile button, which when I click it, it shows a log with the same 2013 generation date



#8 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Malware Study Hall Senior
  • 2,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:01:18 AM

Posted 18 August 2015 - 01:23 AM

We'll get back to AdwCleaner later.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.
  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and paste the mbam.log in your next reply.
.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

To err is Human. To blame it on someone else is even more Human.

#9 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 19 August 2015 - 09:28 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-08-18
Scan Time: 12:43:48 AM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.03.09.05
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Karl

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433692
Time Elapsed: 25 hr, 53 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 1
PUP.Optional.SystemPower.A, C:\Program Files (x86)\SystemPower\SystemPower.dll, Delete-on-Reboot, [5c1d41023159043231523e6ea55eb44c],

Registry Keys: 8
PUP.Optional.Multiplug, HKU\S-1-5-21-3599311508-1225117502-3980116514-1001_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [adcc72d1e4a63600537eb06ae122f10f],
PUP.Optional.Multiplug, HKU\S-1-5-21-3599311508-1225117502-3980116514-1001_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [adcc72d1e4a63600537eb06ae122f10f],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}, Quarantined, [32470d363456c96db6c2bd70ff03659b],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B138259A-351E-33FA-2726-8D71704F1DA9}, Quarantined, [770272d193f7b97dbebafe2f669c28d8],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{e47f97f2}, Quarantined, [4d2cd07353375adcdbab22af9172d828],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [1d5c74cfbad03ff7ebca9f25778c37c9],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3599311508-1225117502-3980116514-1001\SOFTWARE\WajIEnhance, Quarantined, [c5b471d29eec30061f8b7b37db283ec2],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajInterEnhancer, Quarantined, [afcad96a1d6d37ff153fc7a211f2a25e],

Registry Values: 0
(No malicious items detected)

Registry Data: 2
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90, Good: (www.google.com), Bad: (http://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90),Replaced,[83f6b88b9eec25119472ad2b699caa56]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-3599311508-1225117502-3980116514-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90, Good: (www.google.com), Bad: (http://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90),Replaced,[94e50b38e7a39f97b3524d8b8a7ba759]

Folders: 6
PUP.Optional.SystemPower.A, C:\Program Files (x86)\SystemPower, Delete-on-Reboot, [5c1d41023159043231523e6ea55eb44c],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, Quarantined, [afcad96a1d6d37ff153fc7a211f2a25e],
PUP.Optional.ConnectDLC.A, C:\Users\Karl\AppData\LocalLow\Connect_DLC_5, Quarantined, [73062b18acde053164fa612dee157888],
PUP.Optional.ConnectDLC.A, C:\Users\Karl\AppData\LocalLow\Connect_DLC_5\Logs, Quarantined, [73062b18acde053164fa612dee157888],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\BestSaVeForYou, Quarantined, [83f68fb485050a2c2109a2ee946f6b95],
PUP.Optional.CutThePrice.A, C:\Program Files (x86)\CutThePrice, Quarantined, [0178f2515a3049edbde4256e5ea551af],

Files: 18
PUP.Optional.Multiplug, C:\Users\Karl\AppData\Local\Temp\D1C0\temp\Cubase75v32b64b.exe, Quarantined, [adcc72d1e4a63600537eb06ae122f10f],
Trojan.Agent.DE, C:\Users\Karl\Desktop\Patch.exe, Quarantined, [a9d03a09d9b179bdc4f99ab38d751be5],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\BestSaVeForYou\BestSaVeForYou.exe, Quarantined, [7801043fb1d90b2bc4b4220b56ac3dc3],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\QR Code Maker and Decoder\QR Code Maker and Decoder.exe, Quarantined, [32470d363456c96db6c2bd70ff03659b],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\CircleCountcom\CircleCountcom.exe, Quarantined, [aacf390adeacfb3b1068a68760a23dc3],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\DDiscounotExtensi\DDiscounotExtensi.exe, Quarantined, [aacf3d067515082e2f4933faa55ded13],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\DiscouontEXtensi\NS8QT4wzA10UDk.exe, Quarantined, [aacffb48ec9eed49661251dc986afd03],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\DiscouuntuExtiennssi\CSpKvgNmZL5A1C.exe, Quarantined, [770272d193f7b97dbebafe2f669c28d8],
PUP.Optional.MultiPlug.A, C:\Users\Karl\AppData\Local\Temp\D1C0\temp\hpds_setup.exe, Quarantined, [d6a393b01c6e7db9e6ee8db9ca381fe1],
PUP.Optional.MultiPlug.A, C:\Users\Karl\AppData\Local\Temp\52C8\temp\hpds_setup.exe, Quarantined, [9fda043f6327cf6705cf64e2df23639d],
Trojan.Agent.DE, C:\Users\Karl\AppData\Local\Temp\Resolume Arena v4.1.8 - DVT [deepstatus][h33t][1337x]\d-000re.r26, Quarantined, [f7825ce7048664d28f2ee9649d6552ae],
Trojan.Agent.DE, C:\Users\Karl\AppData\Local\Temp\Resolume Arena v4.1.8 - DVT [deepstatus][h33t][1337x]\Resolume Arena v4.1.8 - DVT [deepstatus][h33t][1337x]\d-000re.r26, Quarantined, [9adf7dc6ff8bb383b5086edfeb17fd03],
PUP.Optional.SystemPower.A, C:\Program Files (x86)\SystemPower\SystemPower.dll, Delete-on-Reboot, [5c1d41023159043231523e6ea55eb44c],
PUP.Optional.WebSearch.A, C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\searchplugins\WebSearch.xml, Quarantined, [68112f144248e74f079024c736cde21e],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\uninstall.exe, Quarantined, [afcad96a1d6d37ff153fc7a211f2a25e],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\BestSaVeForYou\BestSaVeForYou.dat, Quarantined, [83f68fb485050a2c2109a2ee946f6b95],
PUP.Optional.CutThePrice.A, C:\Program Files (x86)\CutThePrice\dtkfrWq4WGeMuC.dat, Quarantined, [0178f2515a3049edbde4256e5ea551af],
PUP.Optional.CutThePrice.A, C:\Program Files (x86)\CutThePrice\dtkfrWq4WGeMuC.tlb, Quarantined, [0178f2515a3049edbde4256e5ea551af],

Physical Sectors: 0
(No malicious items detected)


(end)



#10 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 19 August 2015 - 09:31 AM

woops lets try that again

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-08-18
Scan Time: 12:43:48 AM
Logfile: malwarebytescan.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.03.09.05
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Karl

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433692
Time Elapsed: 25 hr, 53 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 1
PUP.Optional.SystemPower.A, C:\Program Files (x86)\SystemPower\SystemPower.dll, Delete-on-Reboot, [5c1d41023159043231523e6ea55eb44c],

Registry Keys: 8
PUP.Optional.Multiplug, HKU\S-1-5-21-3599311508-1225117502-3980116514-1001_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [adcc72d1e4a63600537eb06ae122f10f],
PUP.Optional.Multiplug, HKU\S-1-5-21-3599311508-1225117502-3980116514-1001_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [adcc72d1e4a63600537eb06ae122f10f],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}, Quarantined, [32470d363456c96db6c2bd70ff03659b],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B138259A-351E-33FA-2726-8D71704F1DA9}, Quarantined, [770272d193f7b97dbebafe2f669c28d8],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{e47f97f2}, Quarantined, [4d2cd07353375adcdbab22af9172d828],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [1d5c74cfbad03ff7ebca9f25778c37c9],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3599311508-1225117502-3980116514-1001\SOFTWARE\WajIEnhance, Quarantined, [c5b471d29eec30061f8b7b37db283ec2],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajInterEnhancer, Quarantined, [afcad96a1d6d37ff153fc7a211f2a25e],

Registry Values: 0
(No malicious items detected)

Registry Data: 2
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90, Good: (www.google.com), Bad: (http://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90),Replaced,[83f6b88b9eec25119472ad2b699caa56]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-3599311508-1225117502-3980116514-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90, Good: (www.google.com), Bad: (http://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90),Replaced,[94e50b38e7a39f97b3524d8b8a7ba759]

Folders: 6
PUP.Optional.SystemPower.A, C:\Program Files (x86)\SystemPower, Delete-on-Reboot, [5c1d41023159043231523e6ea55eb44c],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, Quarantined, [afcad96a1d6d37ff153fc7a211f2a25e],
PUP.Optional.ConnectDLC.A, C:\Users\Karl\AppData\LocalLow\Connect_DLC_5, Quarantined, [73062b18acde053164fa612dee157888],
PUP.Optional.ConnectDLC.A, C:\Users\Karl\AppData\LocalLow\Connect_DLC_5\Logs, Quarantined, [73062b18acde053164fa612dee157888],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\BestSaVeForYou, Quarantined, [83f68fb485050a2c2109a2ee946f6b95],
PUP.Optional.CutThePrice.A, C:\Program Files (x86)\CutThePrice, Quarantined, [0178f2515a3049edbde4256e5ea551af],

Files: 18
PUP.Optional.Multiplug, C:\Users\Karl\AppData\Local\Temp\D1C0\temp\Cubase75v32b64b.exe, Quarantined, [adcc72d1e4a63600537eb06ae122f10f],
Trojan.Agent.DE, C:\Users\Karl\Desktop\Patch.exe, Quarantined, [a9d03a09d9b179bdc4f99ab38d751be5],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\BestSaVeForYou\BestSaVeForYou.exe, Quarantined, [7801043fb1d90b2bc4b4220b56ac3dc3],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\QR Code Maker and Decoder\QR Code Maker and Decoder.exe, Quarantined, [32470d363456c96db6c2bd70ff03659b],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\CircleCountcom\CircleCountcom.exe, Quarantined, [aacf390adeacfb3b1068a68760a23dc3],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\DDiscounotExtensi\DDiscounotExtensi.exe, Quarantined, [aacf3d067515082e2f4933faa55ded13],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\DiscouontEXtensi\NS8QT4wzA10UDk.exe, Quarantined, [aacffb48ec9eed49661251dc986afd03],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\DiscouuntuExtiennssi\CSpKvgNmZL5A1C.exe, Quarantined, [770272d193f7b97dbebafe2f669c28d8],
PUP.Optional.MultiPlug.A, C:\Users\Karl\AppData\Local\Temp\D1C0\temp\hpds_setup.exe, Quarantined, [d6a393b01c6e7db9e6ee8db9ca381fe1],
PUP.Optional.MultiPlug.A, C:\Users\Karl\AppData\Local\Temp\52C8\temp\hpds_setup.exe, Quarantined, [9fda043f6327cf6705cf64e2df23639d],
Trojan.Agent.DE, C:\Users\Karl\AppData\Local\Temp\Resolume Arena v4.1.8 - DVT [deepstatus][h33t][1337x]\d-000re.r26, Quarantined, [f7825ce7048664d28f2ee9649d6552ae],
Trojan.Agent.DE, C:\Users\Karl\AppData\Local\Temp\Resolume Arena v4.1.8 - DVT [deepstatus][h33t][1337x]\Resolume Arena v4.1.8 - DVT [deepstatus][h33t][1337x]\d-000re.r26, Quarantined, [9adf7dc6ff8bb383b5086edfeb17fd03],
PUP.Optional.SystemPower.A, C:\Program Files (x86)\SystemPower\SystemPower.dll, Delete-on-Reboot, [5c1d41023159043231523e6ea55eb44c],
PUP.Optional.WebSearch.A, C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\searchplugins\WebSearch.xml, Quarantined, [68112f144248e74f079024c736cde21e],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\uninstall.exe, Quarantined, [afcad96a1d6d37ff153fc7a211f2a25e],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\BestSaVeForYou\BestSaVeForYou.dat, Quarantined, [83f68fb485050a2c2109a2ee946f6b95],
PUP.Optional.CutThePrice.A, C:\Program Files (x86)\CutThePrice\dtkfrWq4WGeMuC.dat, Quarantined, [0178f2515a3049edbde4256e5ea551af],
PUP.Optional.CutThePrice.A, C:\Program Files (x86)\CutThePrice\dtkfrWq4WGeMuC.tlb, Quarantined, [0178f2515a3049edbde4256e5ea551af],

Physical Sectors: 0
(No malicious items detected)


(end)



#11 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Malware Study Hall Senior
  • 2,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:01:18 AM

Posted 19 August 2015 - 12:46 PM

That cleaned out a lot. Sorry that took so long. I don't think we're finished quite yet.

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next we're going to uninstall AdwCleaner.

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
Now download AdwCleaner again, this time for the fix:

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Let me know how things are going.
To err is Human. To blame it on someone else is even more Human.

#12 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 20 August 2015 - 12:27 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 8.1 x64
Ran by Karl on 2015-08-19 at 13:09:00.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] e47f97f2 [Reboot required]



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8781123A-9C3C-467D-8AC1-5FE6A04DE8D4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8781123A-9C3C-467D-8AC1-5FE6A04DE8D4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{8781123A-9C3C-467D-8AC1-5FE6A04DE8D4}



~~~ Files

Successfully deleted: [File] C:\Program Files (x86)\GUTF735.tmp
Successfully deleted: [File] C:\Users\Karl\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\ProgramData\1397672115.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1397676225.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1397681416.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1399063208.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1399063222.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1399063268.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1399063423.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1399356635.bdinstall.bin
Successfully deleted: [File] C:\Users\Public\Desktop\lightningdownloader.lnk



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\bestadblocker
Successfully deleted: [Folder] C:\Program Files (x86)\BestSaveForYouu
Successfully deleted: [Folder] C:\Program Files (x86)\conduit
Successfully deleted: [Folder] C:\Program Files (x86)\CUtThePricue
Successfully deleted: [Folder] C:\Program Files (x86)\esupport.com
Successfully deleted: [Folder] C:\Program Files (x86)\lightningdownloader
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\Program Files (x86)\probit software
Successfully deleted: [Folder] C:\Program Files (x86)\searchprotect
Successfully deleted: [Folder] C:\Program Files (x86)\statfoobar
Successfully deleted: [Folder] C:\Program Files (x86)\winzip registry optimizer
Successfully deleted: [Folder] C:\ProgramData\conduit
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\esupport.com
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lightningdownloader
Successfully deleted: [Folder] C:\Users\Karl\Appdata\Local\conduit
Successfully deleted: [Folder] C:\Users\Karl\Appdata\Local\cre
Successfully deleted: [Folder] C:\Users\Karl\Appdata\Local\nativemessaging
Successfully deleted: [Folder] C:\Users\Karl\Appdata\LocalLow\conduit
Successfully deleted: [Folder] C:\Users\Karl\AppData\Roaming\lightningdownloader
Successfully deleted: [Folder] C:\Users\Karl\AppData\Roaming\nico mak computing
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\amd64
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\x86
Successfully deleted: [Folder] C:\ProgramData\8718029030620689852



~~~ FireFox

Successfully deleted the following from C:\Users\Karl\AppData\Roaming\mozilla\firefox\profiles\fd1f74mj.default\prefs.js

user_pref(browser.search.defaultenginename, WebSearch);
user_pref(browser.search.defaultenginename,S, WebSearch);
user_pref(browser.search.defaulturl, hxxp://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90&l=1&q=);
user_pref(browser.search.order.1, WebSearch);
user_pref(browser.search.order.1,S, WebSearch);
user_pref(browser.search.selectedEngine, WebSearch);
user_pref(browser.search.selectedEngine,S, WebSearch);
user_pref(browser.startup.homepage, hxxp://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90);
user_pref(extensions.DRMA2lPX9n9U1TPI.scode, (function(){try{if(window.location.href.indexOf(\rja5rjk7qTC5pds6qdY9rdw9rTw\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss
user_pref(extensions.ERHEqe0yAtIzKD8j.scode, (function(){try{if(window.location.href.indexOf(\rja5rjk7qTC5pds6qdY9rdw9rTw\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss
user_pref(extensions.QP9pCnjsp4iuIVO0.scode, (function(){try{if(window.location.href.indexOf(\rja5rjk7qTC5pds6qdY9rdw9rTw\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss
user_pref(extensions.cjBge5bFzVM0x7Jc.scode, (function(){try{if(window.location.href.indexOf(\rja5rjk7qTC5pds6qdY9rdw9rTw\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss
user_pref(extensions.m6bsloGJGVvvKiwx.scode, (function(){try{if(window.location.href.indexOf(\rja5rjk7qTC5pds6qdY9rdw9rTw\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss
user_pref(keyword.URL, hxxp://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90&l=1&q=);
Emptied folder: C:\Users\Karl\AppData\Roaming\mozilla\firefox\profiles\fd1f74mj.default\minidumps [1 files]



~~~ Chrome


[C:\Users\Karl\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Karl\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Karl\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Karl\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-08-19 at 13:16:52.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


# AdwCleaner v5.002 - Logfile created 19/08/2015 at 23:18:35
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Karl - KARL
# Running from : C:\Users\Karl\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[-] Service Deleted : mcaudrv_simple
[-] Service Deleted : ManyCam

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\BestSaVVeForYoui
[-] Folder Deleted : C:\Program Files (x86)\CutTTHePrice
[-] Folder Deleted : C:\Program Files (x86)\DDiscounotExtensi
[-] Folder Deleted : C:\Program Files (x86)\DiscouontEXtensi
[-] Folder Deleted : C:\Program Files (x86)\DiscouuntuExtiennssi
[-] Folder Deleted : C:\ProgramData\{76a35d12-1ea2-2d67-76a3-35d121ea7448}
[-] Folder Deleted : C:\ProgramData\{9edb5967-2f69-5a5a-9edb-b59672f6659c}
[-] Folder Deleted : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfehmiknpngmjkhiieampgfppicbncid
[-] Folder Deleted : C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Probit Software
[-] Folder Deleted : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\Extensions\2XfF@4zl.org
[-] Folder Deleted : C:\Users\Karl\Documents\Updater

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lipgolpfajiadodbcbljdpmbmbdmfcil
[-] File Deleted : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gfehmiknpngmjkhiieampgfppicbncid_0.localstorage
[-] File Deleted : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gfehmiknpngmjkhiieampgfppicbncid_0.localstorage-journal
[-] File Deleted : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\WINDOWS\Sysnative\drivers\mcaudrv_x64.sys
[-] File Deleted : C:\WINDOWS\Sysnative\drivers\mcvidrv.sys

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\P6A99C2E4_D29C_4B11_9272_B9A6B7A9D734_.P6A99C2E4_D29C_4B11_9272_B9A6B7A9D734_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P6A99C2E4_D29C_4B11_9272_B9A6B7A9D734_.P6A99C2E4_D29C_4B11_9272_B9A6B7A9D734_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\PC936D8AF_CAB2_414D_89AF_E2A9B7603237_.PC936D8AF_CAB2_414D_89AF_E2A9B7603237_
[-] Key Deleted : HKLM\SOFTWARE\Classes\PC936D8AF_CAB2_414D_89AF_E2A9B7603237_.PC936D8AF_CAB2_414D_89AF_E2A9B7603237_.9
[-] Key Deleted : HKLM\SOFTWARE\f029cde7-0193-4a8b-f513-d5894a88da7c
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A99C2E4-D29C-4B11-9272-B9A6B7A9D734}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C936D8AF-CAB2-414D-89AF-E2A9B7603237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CC6F4F54-6EF8-4E84-BDC6-ABC6F83100BE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6A99C2E4-D29C-4B11-9272-B9A6B7A9D734}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C936D8AF-CAB2-414D-89AF-E2A9B7603237}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{6A99C2E4-D29C-4B11-9272-B9A6B7A9D734}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{C936D8AF-CAB2-414D-89AF-E2A9B7603237}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6A99C2E4-D29C-4B11-9272-B9A6B7A9D734}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C936D8AF-CAB2-414D-89AF-E2A9B7603237}
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3H-6E62-4961-A14B-95323C512F9B}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}
[!] Key Not Deleted : [x64] HKCU\Software\eSupport.com
[!] Key Not Deleted : [x64] HKCU\Software\PrivitizeVPNInstallDates

***** [ Web browsers ] *****

[-] [C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.hotsearches.info/?pid=20598&r=2015/08/14&hid=10815667882748401421&lg=EN&cc=CA&unqvl=90");
[-] [C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\prefs.js] [Preference] Deleted : user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=44f84e5d00000000000052b7c34eaa12");
[-] [C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\prefs.js] [Preference] Deleted : user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=44f84e5d00000000000052b7c34eaa12");
[-] [C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\prefs.js] [Preference] Deleted : user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=44f84e5d00000000000052b7c34eaa12");
[-] [C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\prefs.js] [Preference] Deleted : user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=44f84e5d00000000000052b7c34eaa12&q=");
[-] [C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Deleted : user_pref("extensions.DRMA2lPX9n9U1TPI.scode", "(function(){try{if(window.location.href.indexOf(\"rja5rjk7qTC5pds6qdY9rdw9rTw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Deleted : user_pref("extensions.ERHEqe0yAtIzKD8j.scode", "(function(){try{if(window.location.href.indexOf(\"rja5rjk7qTC5pds6qdY9rdw9rTw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Deleted : user_pref("extensions.QP9pCnjsp4iuIVO0.scode", "(function(){try{if(window.location.href.indexOf(\"rja5rjk7qTC5pds6qdY9rdw9rTw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Deleted : user_pref("extensions.cjBge5bFzVM0x7Jc.scode", "(function(){try{if(window.location.href.indexOf(\"rja5rjk7qTC5pds6qdY9rdw9rTw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\fd1f74mj.default\prefs.js] [Preference] Deleted : user_pref("extensions.m6bsloGJGVvvKiwx.scode", "(function(){try{if(window.location.href.indexOf(\"rja5rjk7qTC5pds6qdY9rdw9rTw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch

*************************

:: Proxy settings cleared
:: Winsock settings cleared
:: Chrome policies deleted

*************************

C:\AdwCleaner[R1].txt - [14050 bytes] - [01/05/2013 00:11:22]
C:\AdwCleaner[R2].txt - [1196 bytes] - [03/05/2013 01:06:14]
C:\AdwCleaner[S1].txt - [287 bytes] - [30/04/2013 23:21:35]
C:\AdwCleaner[S2].txt - [17813 bytes] - [01/05/2013 00:14:23]
C:\AdwCleaner[S3].txt - [32128 bytes] - [01/05/2013 15:28:56]
C:\AdwCleaner[S4].txt - [18787 bytes] - [03/05/2013 01:09:05]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8616 bytes] ##########
 



#13 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Malware Study Hall Senior
  • 2,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:01:18 AM

Posted 20 August 2015 - 07:37 AM

Any improvement?
To err is Human. To blame it on someone else is even more Human.

#14 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 20 August 2015 - 09:54 AM

yes its getting much beter, but now I've got yahoo as my main page on firefox and everytime I open up a new tab



#15 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 20 August 2015 - 09:56 AM

and I just noticed I get redirected to advertisemets powered by gravity space without clicking anything






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users