Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

YourSearchResults.biz Firefox search Hijack


  • Please log in to reply
9 replies to this topic

#1 skyshrimp

skyshrimp

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 24 November 2015 - 06:59 AM

Hi,

 

This is a Windows 10 Pro PC.  I tried to download a PCB schematic and got a bundle of viruses instead with toolbars and Chinese popups that brought my PC to a halt.

 

I ran Adwcleaner and Malwarebytes which got rid of the bulk, but my one-click search engine in Firefox 42 remains infected.

 

If I highlight and right click a word, I get 'search YourSeachResults for "xyz"' instead of s'earch Google. for "xyz"'.

 

When I choose Tools > Options > Search and delete YourSearchResults from the One-click search engine defaults, it goes back to Google.

 

When I close Firefox and restart, the One-click search is set back to YourSearchResults.

 

I've tried Open Menu > Open Help Menu >  Trouble Shooting Information > Refresh Firefox

 

I've tried Open Menu > Open Help Menu >  Trouble Shooting Information > Profile Folder  > Show Folder > and deleted 'search JSON File', 'search-metadata JSON.File' and the 'Search folder'  but they rebuild with the same issue.

 

I've tried uninstalling and reinstalling Firefox.

 

How can I get rid of this please?

 

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,901 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:58 AM

Posted 24 November 2015 - 07:31 AM

Welcome to BC !

 

Use the programs below to find and remove the junk.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .
  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Malware Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 skyshrimp

skyshrimp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 24 November 2015 - 10:39 AM

Thank you Buddy215 :)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 10 Pro x64
Ran by Admin (Administrator) on 24/11/2015 at 12:48:34.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\ProgramData\free youtube downloader (Folder)
Successfully deleted: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\yac.lnk (Shortcut)
Successfully deleted: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\omx7ume6.default-1448101707388\searchplugins\YourSearchResults.xml (File)
Successfully deleted: C:\Users\Public\qiyi (Folder)

Deleted the following from C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\omx7ume6.default-1448101707388\prefs.js
user_pref(browser.search.searchengine.alias, );
user_pref(browser.search.searchengine.iconURL, hxxp://www.google.com/favicon.ico);
user_pref(browser.search.searchengine.name, Google );
user_pref(browser.search.searchengine.ref, );
user_pref(browser.search.searchengine.ts, );
user_pref(browser.search.searchengine.type, );
user_pref(browser.search.searchengine.uid, hitachixhdt721010sla360_stf607mh32nthk32nthkx);
user_pref(browser.search.searchengine.url, hxxp://www.google.com/search?q={searchTerms});



Registry: 1

Successfully deleted: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{47FFFF98-262D-427F-B26A-43C06DFB5A60} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/11/2015 at 12:50:06.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Emsisoft Emergency Kit - Version 10.0
Last update: 24/11/2015 13:31:21
User account: DESKTOP-66LAEAP\Admin

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    24/11/2015 13:34:31
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AC3\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMR\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMV\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.APE\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASS\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.BIK\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CSF\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.F4V\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLAC\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLV\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.GPLF\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.IDX\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MKV\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP5\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPC\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGG\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGM\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PFV\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMF\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMP\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PVA\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QSV\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QT\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RA\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RAM\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RM\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMVB\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SRT\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SSA\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SUB\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TP\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TTA\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3G2\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP2\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GPP\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AAC\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIF\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIFF\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASF\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASX\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AVI\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CDA\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.DVR-MS\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M2TS\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4A\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4B\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4P\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4V\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MID\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MIDI\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOD\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOV\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP2\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP3\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP4\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPE\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPEG\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPG\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMI\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TS\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.VOB\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WM\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMA\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMV\OPENWITHLIST\GEEPLAYER.EXE     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}     detected: Application.Toolbar (A)
C:\Users\Admin\Favorites\shop     detected: Adware.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E70FE57A-19AA-4A4C-B39A-408D49D73851}     detected: Adware.Win32.Leyuq (A)
Value: HKEY_USERS\S-1-5-21-3066412241-3781747931-1616130539-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3066412241-3781747931-1616130539-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\FREE YOUTUBE DOWNLOADER     detected: Application.InstallAd (A)
C:\Program Files (x86)\Common Files\Truetrax\uninstall.exe     detected: Gen:Variant.Adware.Graftor.253773 (B)

Scanned    73565
Found    72

Scan end:    24/11/2015 13:40:16
Scan time:    0:05:45

C:\Program Files (x86)\Common Files\Truetrax\uninstall.exe    Quarantined Gen:Variant.Adware.Graftor.253773 (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\FREE YOUTUBE DOWNLOADER    Quarantined Application.InstallAd (A)
Value: HKEY_USERS\S-1-5-21-3066412241-3781747931-1616130539-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3066412241-3781747931-1616130539-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E70FE57A-19AA-4A4C-B39A-408D49D73851}    Quarantined Adware.Win32.Leyuq (A)
C:\Users\Admin\Favorites\shop    Quarantined Adware.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMV\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMA\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WM\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.VOB\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TS\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMI\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPG\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPEG\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPE\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP4\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP3\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP2\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOV\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOD\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MIDI\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MID\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4V\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4P\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4B\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4A\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M2TS\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.DVR-MS\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CDA\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AVI\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASX\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASF\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIFF\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIF\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AAC\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GPP\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP2\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3G2\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TTA\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TP\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SUB\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SSA\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SRT\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMVB\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RM\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RAM\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RA\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QT\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QSV\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PVA\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMP\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMF\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PFV\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGM\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGG\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPC\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP5\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MKV\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.IDX\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.GPLF\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLV\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLAC\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.F4V\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CSF\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.BIK\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASS\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.APE\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMV\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMR\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AC3\OPENWITHLIST\GEEPLAYER.EXE    Quarantined Application.Toolbar (A)

Quarantined    72
 

 

C:\AdwCleaner\Quarantine\C\Program Files\groover081020151853\Igyvkefc.dll.vir    a variant of Win32/RiskWare.Komodia.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\groover081020151853\Igyvkefc.EXE.vir    a variant of Win32/RiskWare.Komodia.J application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\groover081020151853\Igyvkefc64.dll.vir    a variant of Win64/Riskware.Komodia.D application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\groover081020151853\jyhlijbufil.exe.vir    a variant of Win32/RiskWare.Komodia.C application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\groover081020151853\jyhlijbufil64.exe.vir    a variant of Win64/Riskware.Komodia.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\groover081020151853\KezsMomoce.exe.vir    a variant of Win32/Adware.PennyBee.AD application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\groover081020151853\rmvall.exe.vir    a variant of Win32/Adware.PennyBee.AD application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\03000200-1444320427-0500-0006-000700080009\hnse6132.tmp.vir    a variant of Win32/Adware.ConvertAd.ABZ application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\03000200-1444320427-0500-0006-000700080009\jnsq4C02.tmp.vir    a variant of Win32/Adware.ConvertAd.ABN application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\03000200-1444320427-0500-0006-000700080009\knsx3529.tmpfs.vir    a variant of Win32/Adware.ConvertAd.AAI application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\03000200-1444320427-0500-0006-000700080009\rnsf494F.exe.vir    a variant of Win32/Adware.ConvertAd.AAQ application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\03000200-1444320427-0500-0006-000700080009\vnsj20FA.tmp.vir    multiple threats    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\03000200-1447718233-0500-0006-000700080009\hnsoD464.tmp.vir    a variant of Win32/Adware.ConvertAd.ACO application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\03000200-1447718233-0500-0006-000700080009\jnsaBE98.tmp.vir    a variant of Win32/Adware.AdService.AU application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\03000200-1447718233-0500-0006-000700080009\knsu8A24.tmpfs.vir    a variant of Win32/Adware.ConvertAd.ACX application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\03000200-1447718233-0500-0006-000700080009\rnsnA00F.exe.vir    a variant of Win32/Adware.ConvertAd.ACY application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\03000200-1447718233-0500-0006-000700080009\vnsq73C6.tmp.vir    a variant of Win32/Adware.ConvertAd.ACX application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\03000200-1447718301-0500-0006-000700080009\vnsb7F3D.tmp.vir    a variant of Win32/Adware.ConvertAd.ACX application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_gb_005010109\gamesdesktop_widget.exe.vir    a variant of Win32/AdWare.EoRezo.AU application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_gb_005010109\gmsd_gb_005010109.exe.vir    a variant of Win32/AdWare.EoRezo.AU application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_gb_005010109\predm.exe.vir    a variant of Win32/Adware.EoRezo.BD application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_gb_014010116\mbot_gb_014010116.exe.vir    a variant of Win32/AdWare.EoRezo.AU application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_gb_014010116\mybestofferstoday_widget.exe.vir    a variant of Win32/AdWare.EoRezo.AU application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_gb_014010146\mbot_gb_014010146.exe.vir    a variant of Win32/AdWare.EoRezo.AU application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_gb_014010146\mybestofferstoday_widget.exe.vir    a variant of Win32/AdWare.EoRezo.AU application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_gb_014010146\predm.exe.vir    a variant of Win32/Adware.EoRezo.BD application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Probit Software\Easy Driver Pro\EasyDriverPro.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AM application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Probit Software\Easy Driver Pro\EDPTray.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AL application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe.vir    a variant of Win32/Adware.Vitruvian.F application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe.vir    a variant of MSIL/Adware.Vitruvian.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\aatartkxiiiv.dll.vir    a variant of Win64/Adware.Weiduan.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\NSISHelper.dll.vir    a variant of Win32/Adware.CouponMarvel.Q application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\LolliScan\LolliScan32.dll.vir    a variant of Win32/Adware.CouponMarvel.S application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\LolliScan\LolliScan64.dll.vir    a variant of Win64/Adware.CouponMarvel.K application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\LolliScan\NSISHelper.dll.vir    a variant of Win32/Adware.CouponMarvel.Q application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\LolliScan\uninstall.exe.vir    a variant of Win32/Adware.CouponMarvel.Q.gen application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Service7609\Service7609.exe.vir    a variant of Win32/Adware.CouponMarvel.R.gen application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\uiksdl201510816\gboxi.dll.vir    a variant of Win32/Adware.Weiduan.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\03000200-1444324066-0500-0006-000700080009\onsfBD0F.tmp.vir    Win32/Adware.ConvertAd.AAG application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\03000200-1444324066-0500-0006-000700080009\rnsfBD0E.exe.vir    a variant of Win32/Adware.ConvertAd.AAQ application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\03000200-1444324066-0500-0006-000700080009\snsfBD0D.tmp.vir    Win32/Adware.ConvertAd.ZE application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\03000200-1447718284-0500-0006-000700080009\onsw410A.tmp.vir    a variant of Win32/Adware.ConvertAd.PD application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\03000200-1447718284-0500-0006-000700080009\rnsw4109.exe.vir    a variant of Win32/Adware.ConvertAd.ACY application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\03000200-1447718284-0500-0006-000700080009\snsw4108.tmp.vir    a variant of Win32/Adware.ConvertAd.ACK application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\gmsd_gb_005010109\upgmsd_gb_005010109.exe.vir    a variant of Win32/Adware.EoRezo.AJ application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\mbot_gb_014010116\upmbot_gb_014010116.exe.vir    a variant of Win32/Adware.EoRezo.AJ application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\mbot_gb_014010146\upmbot_gb_014010146.exe.vir    a variant of Win32/Adware.EoRezo.AJ application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Temp\task.vbs.vir    VBS/TrojanDownloader.Agent.NSW trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\ASPackage\ASPackage.exe.vir    a variant of Win32/Adware.ConvertAd.ACX application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\VOPackage\VOPackage.exe.vir    multiple threats    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\SysNative\Igyvkefc64.dll.vir    a variant of Win64/Riskware.Komodia.D application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\nethfdrv.sys.vir    a variant of Win64/Riskware.NetFilter.C application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\hfnapi.dll.vir    a variant of Win32/RiskWare.NetFilter.U application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\hfpapi.dll.vir    a variant of Win32/RiskWare.NetFilter.L application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\Igyvkefc.dll.vir    a variant of Win32/RiskWare.Komodia.I application    cleaned by deleting - quarantined
 



#4 buddy215

buddy215

  • BC Advisor
  • 12,901 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:58 AM

Posted 24 November 2015 - 11:12 AM

Rerun AdwCleaner and if it finds anything be sure to choose Clean. Looks like all Eset found was already quarantined by AdwCleaner. AdwCleaner

sometimes finds more on the second run.

 

Are searches in Firefox still being hijacked? If so, you will need to do a clean UNinstall of Firefox...that means removing your Firefox profile, too.

You can save your bookmarks before doing that. Click on Bookmarks > click on Show All Bookmarks > click on import and backup > choose to export

to html.

After uninstalling Firefox you download a new copy from Download Firefox — Free Web Browser — Mozilla

 

 

Post the three lists mentioned below using CCleaner.

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 skyshrimp

skyshrimp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 24 November 2015 - 12:10 PM

Thanks buddy215,

 

Uninstalling Firefox and deleting the profile seems to have fixed the YoursearchResults search issue.

 

Here is the CCleaner info.

 

Startup

 

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    iCloudDrive    Apple Inc.    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
Yes    HKCU:Run    iCloudPhotos    Apple Inc.    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
Yes    HKCU:Run    iCloudServices    Apple Inc.    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Yes    HKCU:Run    OneDrive    Microsoft Corporation    "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
No    HKLM:Run    AdVPN    Alto Cloud Media Ltd.    C:\Program Files (x86)\AdVPN\AdVPN.exe
Yes    HKLM:Run    AveoSTI    AVEO    C:\Program Files (x86)\SOFTWARE R&D CENTER\SOFTWARE R&D CENTER                  \AveoSTI.exe
Yes    HKLM:Run    BCSSync    Microsoft Corporation    "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"
Yes    HKLM:Run    RtHDVCpl    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 

Scheduled,

 

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    Amyzhalc        "C:\Program Files\groover081020151853\Gaetsefj.bat"
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    gte3014        C:\PROGRA~2\FAST-S~1\gte3014.exe
Yes    Task    lmkiHw1yFHHjtOHZ        C:\Users\Admin\AppData\Roaming\lmkiHw1yFHHjtOHZ.exe --c=uIDdEba2FwRxqHpQLrLfljaRK/dMbYMZWNMtgZkB81XOnQj4iUFEnoNeaDwVcbxFcVvBsuPY5Owor2M9FTLlD7t3XvjMerCmfZABUxQFlWeAzElBKHQkS5WwTxAXT4h+Xh4okC0PK47zE2ncjtAoIPOet4Dby3YC/gZN20/vPV4Igq0CeEf733FavNOIcl73RbpZ/kHwTVDZCXCub62pk2uT/PMSchBaBNPxOyJt3LLtPsgAfa4ECIJzCvk8MFZv7hPRke2xKffnC9g/dmaJpzWj8n9FmEJql1nosZ4UYsX+yt54pQXA9hmjLEkyZaPVl7RCjPShr6CVXmKk++Ps6g==
Yes    Task    MRh3djHndoL8iUURCzUDh8Oq4Ku        C:\Users\Admin\AppData\Roaming\MRh3djHndoL8iUURCzUDh8Oq4Ku.exe --c=h8JG0HydztwKmYyKN/kNBCrhzuUDcTbiSF2CNZDJiPpkMUfGU5UwNj6ZljfDi0R+Y4B1q7O7eu/HvH99+0GXkB/yOZ8vmcoylHdp5PS49IR5fvHV1JyxQrgPpX0FJQh2NCFMLzqh/tph63huDvE7MzIUTMknFuSt08EFxK+2sDMEiOw4+CRrOVRfNTMBKlHc5lrwcyGXGX+6vDK/YeQgltaWedI1RT0hPN3G/4sd6GgHmOUpFsMV9e4IC9uSkeWbe/FnTHL9IRZm9fstfzX3Ak8vXSTjhqhHXFdN4Z6BIOosEe9jUDjlz6vRGdysZDDd/9Sbg7eJosSh4a+WAsO8rQ==
Yes    Task    RkXg3LYVz49Si9        C:\Users\Admin\AppData\Roaming\RkXg3LYVz49Si9.exe --c=ldjFWWt0rYB58XqdOh5pCjvb8jANMMBxIKgxB8s935Sn9H039p1uVkYSJXKA6Mq+pPo2yVt3HqatR0dBqcGUgU3V01s2Cs24bQl+Ss4CmisJjiORRBc1jpQByKscGjH2IrSX7hNnC9Fqmgr6CXYnGYw8mB4v+eoqh8a6UemFdCVjFAIcdrEZY26VtmToedK3vw6Diuln93FNeyF+GfHS6Ixnv+k4wUZfkXaPu/REdyp/lahr94bLpLxu65mcMgb4HWvvFvWiiyaQM+Ru7XahLNH6/OObBOZ0ShSbczubw5SEzcMFqo5PUmMI2w+Gcm8+Zn5kTvnaJBvnFeaF7oegkQ==
 

 

Uninstall,

 

3D Builder    Microsoft Corporation    07/10/2015        10.9.6.0
Adobe Flash Player 19 NPAPI    Adobe Systems Incorporated    11/11/2015    5.04 MB    19.0.0.245
Adobe Shockwave Player 12.2    Adobe Systems, Inc.    24/11/2015        12.2.2.172
AdVPN    Alto Cloud Media Ltd.    16/11/2015        v1.1
Alarms & Clock    Microsoft Corporation    18/11/2015        10.1511.61020.0
AMCap    Noël Danjou    22/11/2015        9.20.132.2
App connector    Microsoft Corporation    07/10/2015        1.3.3.0
Apple Application Support (32-bit)    Apple Inc.    23/10/2015    114 MB    4.1
Apple Application Support (64-bit)    Apple Inc.    23/10/2015    128 MB    4.1
Apple Mobile Device Support    Apple Inc.    23/10/2015    28.0 MB    9.1.0.6
Apple Software Update    Apple Inc.    08/10/2015    2.40 MB    2.1.4.131
Bonjour    Apple Inc.    07/10/2015    2.01 MB    3.1.0.1
Calculator    Microsoft Corporation    22/10/2015        10.1510.13020.0
Camera    Microsoft Corporation    30/10/2015        2015.1078.40.0
CCleaner    Piriform    14/11/2015        5.11
CoolingTech version 2.0    CoolingTech    22/11/2015    16.5 MB    2.0
CPUID CPU-Z 1.73        16/10/2015    3.85 MB    
ESET Online Scanner v3        24/11/2015        
Films & TV    Microsoft Corporation    18/11/2015        3.6.15361.0
Get Office    Microsoft Corporation    19/11/2015        17.6418.23501.0
Get Skype    Skype    07/10/2015        3.2.1.0
Get Started    Microsoft Corporation    10/11/2015        2.5.6.0
globalupdate Helper        07/10/2015        
Groove Music    Microsoft Corporation    11/11/2015        3.6.15131.0
iCloud    Apple Inc.    23/10/2015    119 MB    5.0.2.61
iTunes    Apple Inc.    23/10/2015    218 MB    12.3.1.23
Java 8 Update 66    Oracle Corporation    21/11/2015    21.1 MB    8.0.660.18
Mail and Calendar    Microsoft Corporation    17/11/2015        17.6416.42001.0
Malwarebytes Anti-Malware version 2.2.0.1024    Malwarebytes    21/10/2015    66.1 MB    2.2.0.1024
Maps    Microsoft Corporation    16/11/2015        4.1511.3161.0
Micam 1.6    Marien van Westen    22/11/2015        
Micro-Measure    Brightwell    22/11/2015    14.6 MB    1.0.0
Microsoft .NET Framework 4.5 Multi-Targeting Pack    Microsoft Corporation    23/10/2015    41.8 MB    4.5.50710
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack    Microsoft Corporation    23/10/2015    49.3 MB    4.5.50932
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)    Microsoft Corporation    23/10/2015    74.5 MB    4.5.50932
Microsoft .NET Framework 4.5.1 SDK    Microsoft Corporation    23/10/2015    19.4 MB    4.5.51641
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack    Microsoft Corporation    23/10/2015    49.4 MB    4.5.51209
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU)    Microsoft Corporation    23/10/2015    74.4 MB    4.5.51209
Microsoft .NET Framework 4.6 SDK    Microsoft Corporation    23/10/2015    20.0 MB    4.6.00081
Microsoft .NET Framework 4.6 Targeting Pack    Microsoft Corporation    23/10/2015    40.3 MB    4.6.00081
Microsoft .NET Framework 4.6 Targeting Pack (ENU)    Microsoft Corporation    23/10/2015    65.9 MB    4.6.00081
Microsoft Help Viewer 2.2    Microsoft Corporation    22/10/2015    12.1 MB    2.2.23107
Microsoft Office Professional Plus 2010    Microsoft Corporation    21/10/2015        14.0.4734.1000
Microsoft Silverlight    Microsoft Corporation    08/10/2015    22.6 MB    5.1.30514.0
Microsoft Solitaire Collection    Microsoft Studios    10/11/2015        3.5.11021.0
Microsoft SQL Server 2014 Management Objects     Microsoft Corporation    23/10/2015    24.7 MB    12.0.2000.8
Microsoft SQL Server 2014 Management Objects  (x64)    Microsoft Corporation    23/10/2015    17.4 MB    12.0.2000.8
Microsoft SQL Server 2014 T-SQL Language Service     Microsoft Corporation    23/10/2015    6.65 MB    12.0.2000.8
Microsoft SQL Server 2014 Transact-SQL ScriptDom     Microsoft Corporation    23/10/2015    6.17 MB    12.0.2000.8
Microsoft SQL Server Compact 4.0 SP1 x64 ENU    Microsoft Corporation    23/10/2015    18.1 MB    4.0.8876.1
Microsoft System CLR Types for SQL Server 2014    Microsoft Corporation    23/10/2015    5.61 MB    12.0.2402.11
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319    Microsoft Corporation    22/10/2015    12.3 MB    10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319    Microsoft Corporation    08/10/2015    9.89 MB    10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610    Microsoft Corporation    22/10/2015    20.5 MB    11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610    Microsoft Corporation    22/10/2015    17.3 MB    11.0.60610.1
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005    Microsoft Corporation    22/10/2015    20.5 MB    12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005    Microsoft Corporation    22/10/2015    17.1 MB    12.0.21005.1
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026    Microsoft Corporation    22/10/2015    22.4 MB    14.0.23026.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026    Microsoft Corporation    22/10/2015    18.6 MB    14.0.23026.0
Microsoft Visual Studio 2015 Tools for Unity    Microsoft Corporation    23/10/2015    27.8 MB    2.1.0.0
Microsoft Visual Studio Community 2015    Microsoft Corporation    22/10/2015    3.60 GB    14.0.23107.10
Money    Microsoft Corporation    17/11/2015        4.7.118.0
Mozilla Firefox 42.0 (x86 en-US)    Mozilla    24/11/2015    86.8 MB    42.0
Mozilla Maintenance Service    Mozilla    24/11/2015    250 KB    42.0
News    Microsoft Corporation    17/11/2015        4.7.118.0
OneNote    Microsoft Corporation    20/11/2015        17.6366.15391.0
People    Microsoft Corporation    03/11/2015        10.0.3030.0
Phone Companion    Microsoft Corporation    20/11/2015        10.1511.18010.0
Photos    Microsoft Corporation    21/11/2015        15.1120.13270.0
Plugable Digital Viewer    Plugable Technologies    22/11/2015    2.73 MB    3.1.07
QuickTime 7    Apple Inc.    23/10/2015    70.2 MB    7.76.80.95
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    07/10/2015        6.0.1.7572
SOFTWARE R&D CENTER    SOFTWARE R&D CENTER    21/11/2015        1.0.0.0
Sport    Microsoft Corporation    24/11/2015        4.7.130.0
Store    Microsoft Corporation    19/11/2015        2015.23.23.0
Tenorshare Reiboot    Tenorshare    09/10/2015        3.1.0.6
Unity    Unity Technologies ApS    22/10/2015        5.2.2f1
Unity Web Player    Unity Technologies ApS    16/11/2015    12.0 MB    4.6.1f1
VLC media player 2.1.3    VideoLAN    17/11/2015        2.1.3
Voice Recorder    Microsoft Corporation    20/11/2015        10.1511.17110.0
Weather    Microsoft Corporation    17/11/2015        4.7.118.0
Windows Boot Genius    Tenorshare, Inc.    09/10/2015        
Xbox    Microsoft Corporation    20/11/2015        11.11.19012.0
µTorrent    BitTorrent Inc.    09/10/2015        3.4.5.41202
 



#6 buddy215

buddy215

  • BC Advisor
  • 12,901 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:58 AM

Posted 24 November 2015 - 01:05 PM

Delete these 5 Scheduled Tasks: Use CCleaner by clicking on each item and then choosing Delete on the right.

Yes    Task    Amyzhalc        "C:\Program Files\groover081020151853\Gaetsefj.bat"
Yes    Task    gte3014        C:\PROGRA~2\FAST-S~1\gte3014.exe
Yes    Task    lmkiHw1yFHHjtOHZ        C:\Users\Admin\AppData\Roaming\lmkiHw1yFHHjtOHZ.exe --c=uIDdEba2FwRxqHpQLrLfljaRK/dMbYMZWNMtgZkB81XOnQj4iUFEnoNeaDwVcbxFcVvBsuPY5Owor2M9FTLlD7t3XvjMerCmfZABUxQFlWeAzElBKHQkS5WwTxAXT4h+Xh4okC0PK47zE2ncjtAoIPOet4Dby3YC/gZN20/vPV4Igq0CeEf733FavNOIcl73RbpZ/kHwTVDZCXCub62pk2uT/PMSchBaBNPxOyJt3LLtPsgAfa4ECIJzCvk8MFZv7hPRke2xKffnC9g/dmaJpzWj8n9FmEJql1nosZ4UYsX+yt54pQXA9hmjLEkyZaPVl7RCjPShr6CVXmKk++Ps6g==
Yes    Task    MRh3djHndoL8iUURCzUDh8Oq4Ku        C:\Users\Admin\AppData\Roaming\MRh3djHndoL8iUURCzUDh8Oq4Ku.exe --c=h8JG0HydztwKmYyKN/kNBCrhzuUDcTbiSF2CNZDJiPpkMUfGU5UwNj6ZljfDi0R+Y4B1q7O7eu/HvH99+0GXkB/yOZ8vmcoylHdp5PS49IR5fvHV1JyxQrgPpX0FJQh2NCFMLzqh/tph63huDvE7MzIUTMknFuSt08EFxK+2sDMEiOw4+CRrOVRfNTMBKlHc5lrwcyGXGX+6vDK/YeQgltaWedI1RT0hPN3G/4sd6GgHmOUpFsMV9e4IC9uSkeWbe/FnTHL9IRZm9fstfzX3Ak8vXSTjhqhHXFdN4Z6BIOosEe9jUDjlz6vRGdysZDDd/9Sbg7eJosSh4a+WAsO8rQ==
Yes    Task    RkXg3LYVz49Si9        C:\Users\Admin\AppData\Roaming\RkXg3LYVz49Si9.exe --c=ldjFWWt0rYB58XqdOh5pCjvb8jANMMBxIKgxB8s935Sn9H039p1uVkYSJXKA6Mq+pPo2yVt3HqatR0dBqcGUgU3V01s2Cs24bQl+Ss4CmisJjiORRBc1jpQByKscGjH2IrSX7hNnC9Fqmgr6CXYnGYw8mB4v+eoqh8a6UemFdCVjFAIcdrEZY26VtmToedK3vw6Diuln93FNeyF+GfHS6Ixnv+k4wUZfkXaPu/REdyp/lahr94bLpLxu65mcMgb4HWvvFvWiiyaQM+Ru7XahLNH6/OObBOZ0ShSbczubw5SEzcMFqo5PUmMI2w+Gcm8+Zn5kTvnaJBvnFeaF7oegkQ==
 

Uninstall These programs: Use CCleaner by clicking on each item and then choosing Uninstall on the right

ESET Online Scanner v3        24/11/2015

globalupdate Helper        07/10/2015       (If it won't uninstall using CCleaner, use Download Revo Uninstaller Freeware in Advanced Mode.

µTorrent    BitTorrent Inc.    09/10/2015        3.4.5.41202 (likely source of all bad stuff...most of downloads of free stuff will contain unwanted junk)


Edited by buddy215, 24 November 2015 - 01:06 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 skyshrimp

skyshrimp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 26 November 2015 - 07:47 AM

Hi,

 

I deleted those items. After rebooting my PC, Firefox had YourSearchResults as the one-click search engine again :smash:

 

I uninstalled Firefox again and deleted the profile in %APPDATA% and downloaded and ran Maiwarebytes Anti-Exploit Free. I ran Malwarebytes again which fould 3 things that I deleted. Ran Adwcleaner which didn't find anything. Rebooted the PC again. Downloaded Firefox from the safe link. Search was fine. Rebooted again and YourSearchResults is back.

 

I bet these viruses are created by the people that make programs like SpyHunter. They already quoted this thread,

 

http://computervirusremovalfixer.blogspot.co.uk/2015/11/yoursearchresultsbiz-removal-help-stop.html



#8 buddy215

buddy215

  • BC Advisor
  • 12,901 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:58 AM

Posted 26 November 2015 - 08:25 AM

Are you sure you deleted your Firefox profile when uninstalling Firefox? If not 100% sure, do a search for Mozilla and Mozilla Firefox after uninstalling. Delete

all of the Mozilla and Firefox files. If you saved your Bookmarks before uninstalling, suggest you backup the saved bookmarks either in an email to yourself or

on a flash drive before deleting all of the Firefox files.

 

I noted that the shortcuts for IE were hijacked so be sure that during the uninstall that ALL Firefox shortcuts are deleted, too. Shortcuts that appear in the

task bar, Start menu and desktop.

 

If the above doesn't solve the problem then you will need to start a new topic in the Malware Removal Forum by following the directions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 skyshrimp

skyshrimp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 26 November 2015 - 11:36 AM

Hi,

 

I uninstalled AdVPN with CCLeaner and YourSearchResults disappeared. I rebooted twice and it didn't come back.

 

I'll start a new thread as instructed if if reappears.

 

Thanks for your help buddy215 :)



#10 buddy215

buddy215

  • BC Advisor
  • 12,901 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:58 AM

Posted 26 November 2015 - 12:08 PM

Good...you had HKLM:Run    AdVPN    Alto Cloud Media Ltd.    C:\Program Files (x86)\AdVPN\AdVPN.exe Disabled in Windows Startups.

You can check to see if it is still there and delete it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users