Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dregol in Mozilla Firefox


  • Please log in to reply
10 replies to this topic

#1 farts

farts

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 PM

Posted 20 August 2015 - 05:31 PM

Hi, so I went on Mozilla Firefox to discover that dregol was the site it starts up on. I googled what dregol was and it's an adware?

How do I get rid of this?

 

Thank you.



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:48 AM

Posted 20 August 2015 - 05:34 PM

Hello farts,

 

Yes, it is an adware.

 

Let's try with this:

 

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.


If you already have MBAM 2.0 installed:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

-------------

 

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  Click on Scan button.

§  When the scan has finished click on Clean button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[S0].txt as well.

------------------

 

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

----------------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 farts

farts
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 PM

Posted 20 August 2015 - 06:44 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/20/2015
Scan Time: 5:46 PM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.20.06
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kenny
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 442831
Time Elapsed: 48 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.Dregol.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ihokndmjeombjojnfkmapfnjeghjohim, Quarantined, [7f97b9528a0192a48c49988ea063fd03], 
PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [f6207c8f48433df935750f916d978d73], 
PUP.Optional.Dregol.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ihokndmjeombjojnfkmapfnjeghjohim, Quarantined, [45d1da31f9926bcb16bf7caa10f3e21e], 
PUP.Optional.Dregol.A, HKU\S-1-5-21-1009618338-383610618-3942214274-1005\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ihokndmjeombjojnfkmapfnjeghjohim, Quarantined, [80965eadd7b450e6d204d05624dfa35d], 
PUP.Optional.Dregol.A, HKU\S-1-5-21-1009618338-383610618-3942214274-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [21f5818ad8b316202188287892727d83], 
PUP.Optional.ProductSetup.A, HKU\S-1-5-21-1009618338-383610618-3942214274-1005\SOFTWARE\PRODUCTSETUP, Quarantined, [6aac66a5fb90f343f5d90c9f21e36997], 
 
Registry Values: 12
PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyBzzzzyEtA0C0AyBtC0DzzyEtB0C0ByCtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FtAyCtD0F0AyDtGyBtBzy0FtG0E0EyByCtGyCtB0EyBtGyEyDyEyByEtDzytAyBzz0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0D0E0DtB0EtDtCtGzy0E0ByDtGyEzz0DtBtGzz0BtA0EtG0D0Azz0AtCtB0E0CyC0AyB0A2QtN0A0LzutB&cr=1870103220&ir=, Quarantined, [f6207c8f48433df935750f916d978d73]
PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyBzzzzyEtA0C0AyBtC0DzzyEtB0C0ByCtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FtAyCtD0F0AyDtGyBtBzy0FtG0E0EyByCtGyCtB0EyBtGyEyDyEyByEtDzytAyBzz0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0D0E0DtB0EtDtCtGzy0E0ByDtGyEzz0DtBtGzz0BtA0EtG0D0Azz0AtCtB0E0CyC0AyB0A2QtN0A0LzutB&cr=1870103220&ir=, Quarantined, [ff1751ba99f21d19dad0901011f37e82]
PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Users\Kenny\AppData\LocalLow\Microsoft\Internet Explorer\Services\Run_Dregol.ico, Quarantined, [e3332fdc9dee9e982288ccd434d0fb05]
PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Dregol, Quarantined, [3bdbcc3f1378cd693872f1af7e867c84]
PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Dregol, Quarantined, [27efba519af135016a40f8a817ed2ad6]
PUP.Optional.Dregol.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Run_Dregol\\, Quarantined, [cb4bf516abe02a0cb351ef3329da8a76]
PUP.Optional.Dregol.A, HKU\S-1-5-21-1009618338-383610618-3942214274-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyBzzzzyEtA0C0AyBtC0DzzyEtB0C0ByCtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FtAyCtD0F0AyDtGyBtBzy0FtG0E0EyByCtGyCtB0EyBtGyEyDyEyByEtDzytAyBzz0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0D0E0DtB0EtDtCtGzy0E0ByDtGyEzz0DtBtGzz0BtA0EtG0D0Azz0AtCtB0E0CyC0AyB0A2QtN0A0LzutB&cr=1870103220&ir=, Quarantined, [21f5818ad8b316202188287892727d83]
PUP.Optional.Dregol.A, HKU\S-1-5-21-1009618338-383610618-3942214274-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyBzzzzyEtA0C0AyBtC0DzzyEtB0C0ByCtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FtAyCtD0F0AyDtGyBtBzy0FtG0E0EyByCtGyCtB0EyBtGyEyDyEyByEtDzytAyBzz0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0D0E0DtB0EtDtCtGzy0E0ByDtGyEzz0DtBtGzz0BtA0EtG0D0Azz0AtCtB0E0CyC0AyB0A2QtN0A0LzutB&cr=1870103220&ir=, Quarantined, [9b7bae5dfa9183b3f9b027797c88ee12]
PUP.Optional.Dregol.A, HKU\S-1-5-21-1009618338-383610618-3942214274-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Users\Kenny\AppData\LocalLow\Microsoft\Internet Explorer\Services\Run_Dregol.ico, Quarantined, [8096d9326e1d86b0bdec425eaa5aa45c]
PUP.Optional.Dregol.A, HKU\S-1-5-21-1009618338-383610618-3942214274-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Dregol, Quarantined, [19fd95761873bc7a5f4a3d6360a47d83]
PUP.Optional.Dregol.A, HKU\S-1-5-21-1009618338-383610618-3942214274-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Dregol, Quarantined, [be58f417f8930f27d1d8e5bb3cc84eb2]
PUP.Optional.ProductSetup.A, HKU\S-1-5-21-1009618338-383610618-3942214274-1005\SOFTWARE\PRODUCTSETUP|tb, 0P1R1Q1B1F1R2W0E, Quarantined, [6aac66a5fb90f343f5d90c9f21e36997]
 
Registry Data: 1
PUP.Optional.Dregol.A, HKU\S-1-5-21-1009618338-383610618-3942214274-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyBzzzzyEtA0C0AyBtC0DzzyEtB0C0ByCtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FtAyCtD0F0AyDtGyBtBzy0FtG0E0EyByCtGyCtB0EyBtGyEyDyEyByEtDzytAyBzz0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0D0E0DtB0EtDtCtGzy0E0ByDtGyEzz0DtBtGzz0BtA0EtG0D0Azz0AtCtB0E0CyC0AyB0A2QtN0A0LzutB&cr=1870103220&ir=, Good: (www.google.com), Bad: (http://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyBzzzzyEtA0C0AyBtC0DzzyEtB0C0ByCtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FtAyCtD0F0AyDtGyBtBzy0FtG0E0EyByCtGyCtB0EyBtGyEyDyEyByEtDzytAyBzz0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0D0E0DtB0EtDtCtGzy0E0ByDtGyEzz0DtBtGzz0BtA0EtG0D0Azz0AtCtB0E0CyC0AyB0A2QtN0A0LzutB&cr=1870103220&ir=),Replaced,[d244f31825661a1c89390c3ef3125aa6]
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Dregol.C, C:\Users\Kenny\AppData\LocalLow\Microsoft\Internet Explorer\Services\Run_Dregol.ico, Quarantined, [4bcbb952a6e559ddee0c53ce9c67f60a], 
PUP.Optional.Dregol.C, C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihokndmjeombjojnfkmapfnjeghjohim_0.localstorage, Quarantined, [4accbd4e404b1e18537424fe51b22bd5], 
PUP.Optional.Dregol.A, C:\Users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\cxvgj9l7.default\searchplugins\Dregol.xml, Quarantined, [2de9f11a6a21d95d667379ad14eff20e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 farts

farts
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 PM

Posted 20 August 2015 - 06:59 PM

# AdwCleaner v5.003 - Logfile created 20/08/2015 at 18:50:04
# Updated 20/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Kenny - KC
# Running from : C:\Users\Kenny\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : 56201080
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814av
[-] Folder Deleted : C:\Users\Kenny\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PackageAware
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Kenny\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\DeviceVM
[-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
[-] Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\cxvgj9l7.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "Dregol");
[-] [C:\Users\Kenny\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Kenny\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Kenny\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] [Search Provider] Deleted : genieo
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
:: IE policies deleted
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5494 bytes] ##########
 


#5 farts

farts
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 PM

Posted 20 August 2015 - 07:21 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 7 Home Premium x64
Ran by Kenny on Thu 08/20/2015 at 19:14:35.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Kenny\Appdata\Local\{0000C73F-D8CB-4271-886E-8BA43FB48998}
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Kenny\AppData\Roaming\mozilla\firefox\profiles\cxvgj9l7.default\minidumps [16 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
 
[C:\Users\Kenny\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Kenny\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Kenny\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Kenny\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/20/2015 at 19:19:01.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:48 AM

Posted 20 August 2015 - 10:17 PM

Do you still have a problem?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#7 farts

farts
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 PM

Posted 21 August 2015 - 10:15 AM

How would you suppose I check if I have a problem?



#8 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:48 AM

Posted 21 August 2015 - 10:23 AM

Do you see Dregol?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#9 farts

farts
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 PM

Posted 22 August 2015 - 09:04 AM

Yes, it shows up. When I type in "dreg" in the search bar on mozilla firefox, it shows up as dregol search:

 

http://i.imgur.com/5QbWq2W.png



#10 farts

farts
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 PM

Posted 22 August 2015 - 09:07 AM

Never mind. It's gone. I used CCleaner and it doesn't show up anymore.


Thanks for all your help!



#11 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:48 AM

Posted 22 August 2015 - 09:10 AM

Great.  :thumbup2:

 

Empty your temp folders using TFC (Temporary File Cleaner)

§  Please download TFC by Old Timer and save it to your desktop.
alternate download link

§  Save any unsaved work. (TFC will close ALL open programs including your browser!)

§  Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)

§  Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

§  Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

-----

 

This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download  DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

§  Activate UAC (optional; some users prefer to keep it off)

§  Remove disinfection tools

§  Create registry backup

§  Purge System Restore

Now click "Run" and wait patiently.
Once finished, a logfile will be created. You don't have to attach it to your next reply.

-------


Edited by severac, 22 August 2015 - 09:10 AM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users