Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me with Spigot removal


  • This topic is locked This topic is locked
17 replies to this topic

#1 willmo

willmo

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 01 September 2015 - 06:47 AM

Hello all, I have searched and searched for a way to remove this annoying program but nothing seems to work for me. Any assistance would be greatly appreciated.

 

Searchme toolbar v9.6 by Spigot INC is causing the problem. It will not be manually uninstalled, it attempts to rewrite the hard drive itself on any attempt but AVAST blocks it. Problem is, AVAST is not detecting the malware or removing it, it is the free version though. This malware is causing ad pop ups and has replaced Google Chrome with YAHOO!. But it is not listed under toolbar extensions.

 

I have manually searched for the files for SPIGOT, SEARCHPROTECT and SEARCHME TOOLBAR, and have erased them all. I tried searching also in registry editor but could not locate them there. I believe the virus came within a codec pack, I have deleted those files as a precaution also.

 

I suppose the best thing to do is try another anti virus program, but since YAHOO! has co-opted my search engine I am loathe to trust it, but the download section here came recommended on a search. What would be my best option here? I don't mind paying for good protection, including upgrading AVAST but there are so many upgrade options I must confess to being a little unsure of what will actually help!

 

Thanks in advance

Will



BC AdBot (Login to Remove)

 


#2 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 AM

Posted 01 September 2015 - 06:49 AM

Hello,
 
please download MiniToolBox by Farbar and save it to your desktop.
 
Run tool as Administrator and make sure that these options are checked :
 
  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
  • List Installed Programs
 
Post log here .


#3 willmo

willmo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 01 September 2015 - 06:59 AM

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by will (administrator) on 01-09-2015 at 12:55:53
Running from "C:\Users\will\Desktop"
Microsoft Windows 8.1  (X64)
Model: GA-78LMT-USB3 Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

=========================== Installed Programs ============================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{EDC0E654-60C7-758D-6B81-C8D3ACCEDEE5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4814.02 - CyberLink Corp.)
Easy Tune 6 B13.0323.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Hidden
Easy Tune 6 B13.0323.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
EverQuest (HKCU\...\soe-EverQuest) (Version: 1.0.3.183 - Sony Online Entertainment)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
InstallConverter (HKLM-x32\...\InstallConverter) (Version: 1.0 - InstallConverter) Hidden
InstallConverter bundle uninstaller (HKLM-x32\...\InstallConverter bundle uninstaller) (Version: 2.0.0.5 - InstallConverter)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NETGEAR WNA3100M N300 Wireless USB Adapter (HKLM-x32\...\{D3580358-0F78-402A-BE53-2E9D06383E04}) (Version: 1.2.0.3 - NETGEAR)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.16.10.61 - Client Connect LTD) Hidden
SearchMe Toolbar v9.6 (HKLM-x32\...\{D7FDD4AB-D4AB-4153-A5CF-14A68B3BEB09}) (Version: 9.6 - Spigot, Inc.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version:  - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - Telltale Games)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Websteroids (HKLM-x32\...\Websteroids) (Version: 2.6.63 - Creative Island Media, LLC) Hidden

**** End of log ****

 

 

 

 

Thank you!



#4 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 AM

Posted 01 September 2015 - 07:10 AM

First of all we will need to remove some unwanted / unneeded programs :

 

  • Google Toolbar for Internet Explorer
  • InstallConverter bundle uninstaller
  • Search Protect
  • SearchMe Toolbar v9.6

If you can't find Search Protect, ignore and proceed to following steps :

 

Download AdwCleaner by Xplode and save it to your desktop.

 
Run tool as Administrator, accept terms of usage, and wait while database is updating.
 
After it's done with updating, click Scan button and wait while it's scanning.
 
All found items remove by clicking on Cleaning button, and allow tool to restart.
 
After restart will make a log which you will attach or paste in your reply.
 
Download JRT by Malwarebytes and save it to your desktop.
 
Run tool as Administrator,accept disclaimer by pressing Y, and wait while it's scanning system.
 
Tool will automatically scan and remove all found items, if tool requires restart, allow it to do so.
 
Attach log here.


#5 willmo

willmo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 01 September 2015 - 07:50 AM

# AdwCleaner v5.005 - Logfile created 01/09/2015 at 13:37:14
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : will - WILL69
# Running from : C:\Users\will\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : SPPD
[-] Service Deleted : Websteroids

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Application Updater
[-] Folder Deleted : C:\Program Files (x86)\Iminent
[-] Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
[-] Folder Deleted : C:\ProgramData\Browser
[-] Folder Deleted : C:\ProgramData\Websteroids
[-] Folder Deleted : C:\ProgramData\NetEngine
[-] Folder Deleted : C:\ProgramData\radio
[!] Folder Not Deleted : C:\ProgramData\NetEngine
[-] Folder Deleted : C:\Users\will\AppData\Local\SearchProtect
[-] Folder Deleted : C:\Users\will\AppData\Local\Slick Savings
[-] Folder Deleted : C:\Users\will\AppData\Local\Websteroids
[-] Folder Deleted : C:\Users\will\AppData\Local\Temp\Iminent
[-] Folder Deleted : C:\Users\will\AppData\LocalLow\Search Settings
[-] Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Local\speed browser

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage
[-] File Deleted : C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
[-] File Deleted : C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage
[-] File Deleted : C:\Users\will\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
[-] File Deleted : C:\windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : NetEngine

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Iminent
[-] Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
[-] Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
[-] Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B9C767DD-F66A-40B4-8F12-4199A9A4393C}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B9C767DD-F66A-40B4-8F12-4199A9A4393C}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B9C767DD-F66A-40B4-8F12-4199A9A4393C}]
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
[-] Key Deleted : HKU\.DEFAULT\Software\Browser
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKCU\Software\Search Settings
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\Video Player
[-] Key Deleted : HKCU\Software\Browser
[-] Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
[-] Key Deleted : HKLM\SOFTWARE\Application Updater
[-] Key Deleted : HKLM\SOFTWARE\IMGUPDATER
[-] Key Deleted : HKLM\SOFTWARE\Iminent
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\Search Settings
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Umbrella
[-] Key Deleted : HKLM\SOFTWARE\SpeedBrowser
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\Myfree Codec
[!] Key Not Deleted : [x64] HKCU\Software\Search Settings
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\Video Player
[!] Key Not Deleted : [x64] HKCU\Software\Browser
[-] Key Deleted : [x64] HKLM\SOFTWARE\Iminent
[!] Key Not Deleted : HKU\S-1-5-21-744387042-1316414566-1726130482-1002\Software\AppDataLow\Software\DynConIE
[!] Key Not Deleted : HKU\S-1-5-21-744387042-1316414566-1726130482-1002\Software\AppDataLow\Software\Search Settings
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datamngrCoordinator.exe
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
[!] Key Not Deleted : HKU\S-1-5-21-744387042-1316414566-1726130482-1002\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[!] Key Not Deleted : HKU\S-1-5-21-744387042-1316414566-1726130482-1002\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}

***** [ Web browsers ] *****

[-] [C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mhkaekfpcppmmioggniknbnbdbcigpkk
[-] [C:\Users\will\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nbljechdpodpbchbmjcoamidppmpnmlc

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11659 bytes] ##########

 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 8.1 x64
Ran by will on 01/09/2015 at 13:44:06.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\windows\SysWOW64\C2MP

 

~~~ Chrome

[C:\Users\will\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\will\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\will\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\will\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/09/2015 at 13:48:05.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Thank you ever so much!



#6 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 AM

Posted 01 September 2015 - 07:53 AM

How is the situation now ?



#7 willmo

willmo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 01 September 2015 - 07:59 AM

Yahoo is still claiming the default browser, Searchme Toolbar v9.6 by Spigot still won't be removed either sadly.



#8 willmo

willmo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 01 September 2015 - 08:06 AM

Redid the MTB in case you need it, Persistent little thing heh!

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by will (administrator) on 01-09-2015 at 14:02:33
Running from "C:\Users\will\Desktop"
Microsoft Windows 8.1  (X64)
Model: GA-78LMT-USB3 Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

=========================== Installed Programs ============================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{EDC0E654-60C7-758D-6B81-C8D3ACCEDEE5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4814.02 - CyberLink Corp.)
Easy Tune 6 B13.0323.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Hidden
Easy Tune 6 B13.0323.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
EverQuest (HKCU\...\soe-EverQuest) (Version: 1.0.3.183 - Sony Online Entertainment)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
InstallConverter (HKLM-x32\...\InstallConverter) (Version: 1.0 - InstallConverter) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
NETGEAR WNA3100M N300 Wireless USB Adapter (HKLM-x32\...\{D3580358-0F78-402A-BE53-2E9D06383E04}) (Version: 1.2.0.3 - NETGEAR)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SearchMe Toolbar v9.6 (HKLM-x32\...\{D7FDD4AB-D4AB-4153-A5CF-14A68B3BEB09}) (Version: 9.6 - Spigot, Inc.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version:  - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - Telltale Games)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)

**** End of log ****



#9 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 AM

Posted 01 September 2015 - 08:10 AM

Scan with Zemana Antimalware
 
Download Zemana Antimalware and install it on your system.
 
Under Scan type choose Full Scan and let the tool scan system.
 
If malware is found click Next to remove it, if tool asks for restart, allow it .
 
If no malware is found , just exit program.
 
NOTE: Leave actions at default.
 
Attach log here.


#10 willmo

willmo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 01 September 2015 - 08:31 AM

Zemana AntiMalware 2.17.2.116 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/9/1
Operating System       : Windows 8.1 64-bit
Processor              : 8X AMD FX™-8350 Eight-Core Processor
BIOS Mode              : Legacy
CUID                   : 0039F208FBABDB4F414B85
Scan Type              : Deep Scan
Duration               : 10m 5s
Scanned Objects        : 222430
Detected Objects       : 31
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------

nszC8BE.exe
Status             : Scanned
Object             : %systemroot%\temp\nszc8be.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nszc8be.exe

nsz8AC9.exe
Status             : Scanned
Object             : %systemroot%\temp\nsz8ac9.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsz8ac9.exe

nsy7147.exe
Status             : Scanned
Object             : %systemroot%\temp\nsy7147.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsy7147.exe

nsxAC14.exe
Status             : Scanned
Object             : %systemroot%\temp\nsxac14.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsxac14.exe

nsi9DE0.exe
Status             : Scanned
Object             : %systemroot%\temp\nsi9de0.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsi9de0.exe

nsmE1C7.exe
Status             : Scanned
Object             : %systemroot%\temp\nsme1c7.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsme1c7.exe

nsnC2DE.exe
Status             : Scanned
Object             : %systemroot%\temp\nsnc2de.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsnc2de.exe

nsoA892.exe
Status             : Scanned
Object             : %systemroot%\temp\nsoa892.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsoa892.exe

nsp4C0A.exe
Status             : Scanned
Object             : %systemroot%\temp\nsp4c0a.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsp4c0a.exe

nsp7AB5.exe
Status             : Scanned
Object             : %systemroot%\temp\nsp7ab5.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsp7ab5.exe

nsv361F.exe
Status             : Scanned
Object             : %systemroot%\temp\nsv361f.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsv361f.exe

nswC87F.exe
Status             : Scanned
Object             : %systemroot%\temp\nswc87f.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nswc87f.exe

nsh54C5.exe
Status             : Scanned
Object             : %systemroot%\temp\nsh54c5.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsh54c5.exe

nsbBC5B.exe
Status             : Scanned
Object             : %systemroot%\temp\nsbbc5b.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsbbc5b.exe

nsc8E5D.exe
Status             : Scanned
Object             : %systemroot%\temp\nsc8e5d.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsc8e5d.exe

nsa8BCA.exe
Status             : Scanned
Object             : %systemroot%\temp\nsa8bca.exe
MD5                : 02C162FD7706E887624DFCC410979355
Publisher          : -
Size               : 156061
Version            : 1.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\temp\nsa8bca.exe

Websteroids.B324755F3F87.dll
Status             : Scanned
Object             : %systemroot%\syswow64\websteroids.b324755f3f87.dll
MD5                : A6A927601091F8D6255A17DF1B869E6D
Publisher          : Creative Island Media, LLC
Size               : 1151864
Version            : -
Detection          : Adware:MSIL/PullUpdate
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\syswow64\websteroids.b324755f3f87.dll

Websteroids.B324755F3F87.2.6.80.dll
Status             : Scanned
Object             : %systemroot%\syswow64\websteroids.b324755f3f87.2.6.80.dll
MD5                : 5890A48F139F460B49DC74E6653E92CA
Publisher          : Creative Island Media, LLC
Size               : 1161080
Version            : -
Detection          : Adware:MSIL/PullUpdate
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\syswow64\websteroids.b324755f3f87.2.6.80.dll

Websteroids.B324755F3F87.2.6.80.dll
Status             : Scanned
Object             : %systemroot%\system32\websteroids.b324755f3f87.2.6.80.dll
MD5                : 4AE16E01FA6F48E33AD0A97F1A42E98A
Publisher          : Creative Island Media, LLC
Size               : 1356664
Version            : -
Detection          : Malware:Win64/Quarand!Alet
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\system32\websteroids.b324755f3f87.2.6.80.dll

SPVCLdr64.dll
Status             : Scanned
Object             : %systemroot%\apppatch\apppatch64\spvcldr64.dll
MD5                : 6C5C6AE63EE4D7E88EB846E36B06EACE
Publisher          : ClientConnect LTD
Size               : 232896
Version            : 2.16.10.61
Detection          : Adware:Win32/ClientConnect!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\apppatch\apppatch64\spvcldr64.dll

SoftonicDownloader_for_mkv-player.exe
Status             : Scanned
Object             : %userprofile%\downloads\softonicdownloader_for_mkv-player.exe
MD5                : 700CE70EA11BDA5A33FB3E77E53C6379
Publisher          : Softonic International
Size               : 366920
Version            : 1.41.3.4
Detection          : Adware:Win32/SoftonicBundle!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\softonicdownloader_for_mkv-player.exe

icc.dll
Status             : Scanned
Object             : %temp%\is1597349865\8035018_stp\icc.dll
MD5                : F03D8375C6696A85D58AAD9ADCE7F702
Publisher          : -
Size               : 214528
Version            : -
Detection          : Adware:Win32/InstallCore.Variant!Sig
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\is1597349865\8035018_stp\icc.dll

icc.dll
Status             : Scanned
Object             : %temp%\is1597349865\306624123_stp\icc.dll
MD5                : F03D8375C6696A85D58AAD9ADCE7F702
Publisher          : -
Size               : 214528
Version            : -
Detection          : Adware:Win32/InstallCore.Variant!Sig
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\is1597349865\306624123_stp\icc.dll

8034783_stp.EXE
Status             : Scanned
Object             : %temp%\is1597349865\8034783_stp.exe
MD5                : B8A24423AFCA368D030A5D728C8A8160
Publisher          : MyAppsCloud
Size               : 1915152
Version            : -
Detection          : Malware:Win32/Quarand!Alrl
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\is1597349865\8034783_stp.exe

306623980_stp.EXE
Status             : Scanned
Object             : %temp%\is1597349865\306623980_stp.exe
MD5                : B8A24423AFCA368D030A5D728C8A8160
Publisher          : MyAppsCloud
Size               : 1915152
Version            : -
Detection          : Malware:Win32/Quarand!Alrl
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\is1597349865\306623980_stp.exe

IminentSetup_july17.exe
Status             : Scanned
Object             : %temp%\iminentsetup_july17.exe
MD5                : 3C8BED4EB3C3D87614A487C7FAA22028
Publisher          : SIEN S.A.
Size               : 626200
Version            : 1.22.1.1
Detection          : Win32/Adware.Iminent!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\iminentsetup_july17.exe

exthelper.exe
Status             : Scanned
Object             : %temp%\exthelper.exe
MD5                : 175407D87AB75C86B0CD83CD578D2035
Publisher          : Spigot, Inc.
Size               : 419176
Version            : 1.4.0.2
Detection          : Adware:Win32/Spigot!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\exthelper.exe

SPVC64Loader.dll
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-744387042-1316414566-1726130482-1002\$ri1as87\searchprotect\bin\spvc64loader.dll
MD5                : 6C5C6AE63EE4D7E88EB846E36B06EACE
Publisher          : ClientConnect LTD
Size               : 232896
Version            : 2.16.10.61
Detection          : Adware:Win32/ClientConnect!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\$recycle.bin\s-1-5-21-744387042-1316414566-1726130482-1002\$ri1as87\searchprotect\bin\spvc64loader.dll

$RL63J9G.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-744387042-1316414566-1726130482-1002\$rl63j9g.exe
MD5                : 5A275A569DCE6E2F2F0284D82D31310B
Publisher          : CBS Interactive
Size               : 699016
Version            : 5.4.0.213
Detection          : PUA:Win32/Zelion!Ikee
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\$recycle.bin\s-1-5-21-744387042-1316414566-1726130482-1002\$rl63j9g.exe

SPTool64.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-744387042-1316414566-1726130482-1002\$ri1as87\searchprotect\bin\sptool64.exe
MD5                : B5F8DE75260F7113D5191270CB557DA9
Publisher          : ClientConnect LTD
Size               : 1729984
Version            : 2.16.10.61
Detection          : Adware:Win32/ClientConnect!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\$recycle.bin\s-1-5-21-744387042-1316414566-1726130482-1002\$ri1as87\searchprotect\bin\sptool64.exe

WidgiHelper.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-744387042-1316414566-1726130482-1002\$rh0wvzk\widgihelper.exe
MD5                : CFB7A6BF7ECA17BD434B1F7F99F5DD1F
Publisher          : Spigot, Inc.
Size               : 112448
Version            : 9.6.0.3
Detection          : Adware:Win32/Spigot!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\$recycle.bin\s-1-5-21-744387042-1316414566-1726130482-1002\$rh0wvzk\widgihelper.exe

Cleaning Result
-------------------------------------------------------
Cleaned               : 31
Reported as safe      : 0
Failed                : 0

 

Done.

 

Spigot program still there, Yahoo! still won't budge.



#11 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 AM

Posted 01 September 2015 - 08:41 AM

Download TFC by OldTimer and save it to your desktop.
 
Run it as Administrator and click on Start button.
 
If programs need reboot, allow it to do so.
 
NOTE: IF your desktop disappears, don't panic, it's normal.
 
After that, reset your browser and do following :
 
Scan with Dr.Web Cure It !
 
Download Dr.Web Cure It ! and save it to your desktop.
 
Run the tool as Administrator,accept license agreement by putting a checkmark on it, and click Scan.
 
Scan may take a while so be patient !
 
If there's malware found, click on Neutralize button, if program asks for restart, allow it to do so.


#12 willmo

willmo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 01 September 2015 - 09:05 AM

Done, it removed some Trojans but problems still exist.



#13 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 AM

Posted 01 September 2015 - 09:11 AM

Ok i cannot help you further because i don't have permission so i will let MRT know.



#14 willmo

willmo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 01 September 2015 - 09:16 AM

Thanks for your time and patience, much appreciated!



#15 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 AM

Posted 01 September 2015 - 09:37 AM

No problem. MRT will take over for further assistance.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users