Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Me Remove Launchapge.org


  • This topic is locked This topic is locked
8 replies to this topic

#1 jackwill

jackwill

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 27 February 2017 - 09:57 PM

Hello

 

Yesterday I got browser hijacked by launchpage.org. It infected all three of my browsers Google Chrome, Firefox, and Internet Explorer. I fixed IE and Chrome by resetting those browsers. However I can't remove it from Firefox. Launchpage.org is my start page now no matter what I do including refreshing Firefox, restoring start page to default and to my original start page. To make matters worse I can't find launchpage.org anywhere in my system It's not in program files, add/remove programs, the registry, startup, services,  and not in processes when I open task manager. I have removed all addons and extensions from Firefox as well. I have run Microsoft Security Essentials and Superantispyware and am running House call atm

I'm running Windows 7

 

Thank you for your help

Jack


 


Edited by jackwill, 28 February 2017 - 05:39 AM.


BC AdBot (Login to Remove)

 


#2 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 27 February 2017 - 10:23 PM

Ran Hitman Pro Here's the log:

HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : DD-PC
   Windows . . . . . . . : 6.1.1.7601.X64/6
   User name . . . . . . : DD-PC\DD
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-02-27 19:12:50
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 44s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 70

   Objects scanned . . . : 2,469,135
   Files scanned . . . . : 72,241
   Remnants scanned  . . : 490,678 files / 1,906,216 keys

Suspicious files ____________________________________________________________

   C:\Users\DD\Desktop\Stuff\PCMaintenance\FRST64.exe
      Size . . . . . . . : 1,957,098 bytes
      Age  . . . . . . . : 1213.3 days (2013-11-02 11:44:00)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C0E50E041A96E55E24BDA7675530DCC2BF16BCD2491BB3CD4A09822084148808
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Malware remnants ____________________________________________________________

   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\cltmng_RASAPI32\ (SearchProtect)

Potential Unwanted Programs _________________________________________________

   ask.com
   C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Web Data

   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DF51AD29-5239-441A-B921-E655C8162060}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}\ (DealPly)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}\ (DealPly)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Microsoft\Tracing\dmwu_RASAPI32\ (Sweetpacks)
   HKLM\SOFTWARE\Microsoft\Tracing\dmwu_RASMANCS\ (Sweetpacks)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job (DealPly)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job.fp (DealPly)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job (DealPly)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job.fp (DealPly)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player)
   HKLM\SOFTWARE\Wow6432Node\Auslogics\Google Analytics Package\ (TweakBit)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\luckyleap_Setup_RASAPI32\ (LuckyLeap)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}\ (DealPly)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}\ (DealPly)
   HKLM\SYSTEM\ControlSet001\services\eventlog\Application\Update lucky leap\ (LuckyLeap)
   HKLM\SYSTEM\ControlSet002\services\eventlog\Application\Update lucky leap\ (LuckyLeap)
   HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Update lucky leap\ (LuckyLeap)
   HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player)

Cookies _____________________________________________________________________

   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:addthis.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:adnxs.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:adsymptotic.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:agkn.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:atdmt.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:bidswitch.net
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:bitdefender.tt.omtrdc.net
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:bluekai.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:demdex.net
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:dotomi.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:doubleclick.net
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:dpm.demdex.net
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:everesttech.net
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:googleadservices.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:gssprt.jp
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:krxd.net
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:lijit.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:mathtag.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:rfihub.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:rlcdn.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:ru4.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:scorecardresearch.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:serving-sys.com
   C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\cookies.sqlite:sxp.smartclip.net



 

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 28 February 2017 - 02:23 PM

Great ! also do these now.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • _xxxx_log.txt[/b]. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 28 February 2017 - 11:03 PM

Ok here is eset log Couldn't get the export to txt file to work sorry Had to do basic copy/paste w/clipboard

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\uninst.exe.vir            a variant of Win32/DealPly.EW potentially unwanted application       cleaned by deleting

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\uninstall.exe.vir            a variant of Win32/InstallCore.ACJ potentially unwanted application  cleaned by deleting

C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3286042\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application        cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\ch20UPD.dll.vir          a variant of Win32/Toolbar.Conduit.AU potentially unwanted application     cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\plugins\ConduitChromeApiPlugin.dll.vir   a variant of Win32/Toolbar.Conduit.AU potentially unwanted application  cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\ch20UPD.dll.vir        a variant of Win32/Toolbar.Conduit.AU potentially unwanted application     cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins\ConduitChromeApiPlugin.dll.vir   a variant of Win32/Toolbar.Conduit.AU potentially unwanted application  cleaned by deleting

C:\FRST\Quarantine\extensions\staged\ffxtlbr@mysearchdial.com\content\mtstart.js            Win32/Toolbar.Montiera.AK potentially unwanted application      cleaned by deleting


Here is log of Junkware Removal Tool:

File System: 30

Successfully deleted: C:\ProgramData\1321120790.bdinstall.bin (File)
Successfully deleted: C:\Users\DD\AppData\Local\ysearchutil (Folder)
Successfully deleted: C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1O5RLJO3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DAIEXFQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7LV6YCRG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT2A2JW6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMESRX6P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDMS103K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7WXLAZV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5TCJ3AU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIJ93F0N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROU9QK02 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1GXXDA4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3QM7WIJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1O5RLJO3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DAIEXFQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7LV6YCRG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT2A2JW6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMESRX6P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDMS103K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7WXLAZV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5TCJ3AU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIJ93F0N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROU9QK02 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1GXXDA4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3QM7WIJ (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/28/2017 at 15:47:22.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Here is MiniToolBox log:

Version: 17-06-2016
Ran by DD (administrator) on 28-02-2017 at 15:32:52
Running from "C:\Users\DD\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: GA-78LMT-USB3 6.0 Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1    localhost
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection 2 (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DD-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No




AdwCleaner's log:

# AdwCleaner v6.043 - Logfile created 28/02/2017 at 20:04:10
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-28.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : DD - DD-PC
# Running from : C:\Users\DD\Downloads\AdwCleaner(1).exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\ProgramData\Auslogics
Folder Found:  C:\ProgramData\Application Data\Auslogics
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil


***** [ Files ] *****

File Found:  C:\Windows\SysNative\LavasoftTcpService64.dll
File Found:  C:\Windows\SysNative\LavasoftTcpServiceOff.ini
File Found:  C:\Windows\SysWOW64\lavasofttcpservice.dll
File Found:  C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{DF51AD29-5239-441A-B921-E655C8162060}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Web Assistant
Key Found:  HKLM\SOFTWARE\Lavasoft\Web Companion
Key Found:  HKLM\SOFTWARE\Auslogics
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found:  HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Key Found:  HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Key Found:  HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Key Found:  HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12127 Bytes] - [28/02/2017 02:25:44]
C:\AdwCleaner\AdwCleaner[R0].txt - [15001 Bytes] - [20/08/2013 13:56:22]
C:\AdwCleaner\AdwCleaner[R10].txt - [1936 Bytes] - [18/09/2013 16:29:55]
C:\AdwCleaner\AdwCleaner[R11].txt - [2057 Bytes] - [22/09/2013 11:48:36]
C:\AdwCleaner\AdwCleaner[R12].txt - [9729 Bytes] - [22/09/2013 11:55:57]
C:\AdwCleaner\AdwCleaner[R13].txt - [2300 Bytes] - [22/09/2013 11:59:52]
C:\AdwCleaner\AdwCleaner[R14].txt - [2362 Bytes] - [23/09/2013 14:25:20]
C:\AdwCleaner\AdwCleaner[R15].txt - [2423 Bytes] - [30/09/2013 16:07:50]
C:\AdwCleaner\AdwCleaner[R16].txt - [4025 Bytes] - [05/10/2013 17:40:22]
C:\AdwCleaner\AdwCleaner[R17].txt - [2663 Bytes] - [07/10/2013 16:46:34]
C:\AdwCleaner\AdwCleaner[R18].txt - [2726 Bytes] - [08/10/2013 16:32:43]
C:\AdwCleaner\AdwCleaner[R19].txt - [3505 Bytes] - [10/10/2013 16:30:47]
C:\AdwCleaner\AdwCleaner[R1].txt - [992 Bytes] - [22/08/2013 09:11:07]
C:\AdwCleaner\AdwCleaner[R20].txt - [3079 Bytes] - [18/10/2013 12:37:09]
C:\AdwCleaner\AdwCleaner[R21].txt - [3095 Bytes] - [19/10/2013 18:52:35]
C:\AdwCleaner\AdwCleaner[R22].txt - [3217 Bytes] - [20/10/2013 14:44:34]
C:\AdwCleaner\AdwCleaner[R23].txt - [3336 Bytes] - [25/10/2013 15:41:05]
C:\AdwCleaner\AdwCleaner[R24].txt - [3478 Bytes] - [27/10/2013 11:29:16]
C:\AdwCleaner\AdwCleaner[R25].txt - [4237 Bytes] - [24/06/2014 14:45:42]
C:\AdwCleaner\AdwCleaner[R2].txt - [1051 Bytes] - [22/08/2013 17:35:00]
C:\AdwCleaner\AdwCleaner[R3].txt - [1373 Bytes] - [24/08/2013 18:43:06]
C:\AdwCleaner\AdwCleaner[R4].txt - [1453 Bytes] - [01/09/2013 11:00:21]
C:\AdwCleaner\AdwCleaner[R5].txt - [13239 Bytes] - [11/09/2013 16:12:31]
C:\AdwCleaner\AdwCleaner[R6].txt - [2498 Bytes] - [11/09/2013 16:25:25]
C:\AdwCleaner\AdwCleaner[R7].txt - [1575 Bytes] - [16/09/2013 08:41:06]
C:\AdwCleaner\AdwCleaner[R8].txt - [1695 Bytes] - [16/09/2013 16:49:39]
C:\AdwCleaner\AdwCleaner[R9].txt - [1815 Bytes] - [17/09/2013 16:08:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [14932 Bytes] - [20/08/2013 13:56:58]
C:\AdwCleaner\AdwCleaner[S10].txt - [9818 Bytes] - [22/09/2013 11:56:24]
C:\AdwCleaner\AdwCleaner[S11].txt - [3937 Bytes] - [05/10/2013 17:40:55]
C:\AdwCleaner\AdwCleaner[S12].txt - [2727 Bytes] - [07/10/2013 16:47:02]
C:\AdwCleaner\AdwCleaner[S13].txt - [2788 Bytes] - [08/10/2013 16:33:02]
C:\AdwCleaner\AdwCleaner[S14].txt - [3468 Bytes] - [10/10/2013 16:31:26]
C:\AdwCleaner\AdwCleaner[S15].txt - [3143 Bytes] - [18/10/2013 12:37:41]
C:\AdwCleaner\AdwCleaner[S16].txt - [3157 Bytes] - [19/10/2013 18:53:09]
C:\AdwCleaner\AdwCleaner[S17].txt - [3279 Bytes] - [20/10/2013 14:45:03]
C:\AdwCleaner\AdwCleaner[S18].txt - [3398 Bytes] - [25/10/2013 15:41:50]
C:\AdwCleaner\AdwCleaner[S19].txt - [3540 Bytes] - [27/10/2013 11:29:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [1113 Bytes] - [22/08/2013 17:35:22]
C:\AdwCleaner\AdwCleaner[S20].txt - [4315 Bytes] - [24/06/2014 14:46:25]
C:\AdwCleaner\AdwCleaner[S21].txt - [11415 Bytes] - [28/02/2017 02:22:04]
C:\AdwCleaner\AdwCleaner[S22].txt - [9258 Bytes] - [28/02/2017 15:36:06]
C:\AdwCleaner\AdwCleaner[S23].txt - [9331 Bytes] - [28/02/2017 15:40:11]
C:\AdwCleaner\AdwCleaner[S24].txt - [9405 Bytes] - [28/02/2017 15:41:33]
C:\AdwCleaner\AdwCleaner[S25].txt - [8670 Bytes] - [28/02/2017 20:04:10]
C:\AdwCleaner\AdwCleaner[S2].txt - [1403 Bytes] - [01/09/2013 11:00:55]
C:\AdwCleaner\AdwCleaner[S3].txt - [12858 Bytes] - [11/09/2013 16:12:52]
C:\AdwCleaner\AdwCleaner[S4].txt - [2527 Bytes] - [11/09/2013 16:25:52]
C:\AdwCleaner\AdwCleaner[S5].txt - [1636 Bytes] - [16/09/2013 08:41:42]
C:\AdwCleaner\AdwCleaner[S6].txt - [1756 Bytes] - [16/09/2013 16:50:05]
C:\AdwCleaner\AdwCleaner[S7].txt - [1876 Bytes] - [17/09/2013 16:08:38]
C:\AdwCleaner\AdwCleaner[S8].txt - [1997 Bytes] - [18/09/2013 16:30:20]
C:\AdwCleaner\AdwCleaner[S9].txt - [2118 Bytes] - [22/09/2013 11:48:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S25].txt - [9329 Bytes] ##########
 


Edited by jackwill, 28 February 2017 - 11:08 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 01 March 2017 - 11:34 AM

Good remove what ADWcleaner found, restart machine and see how it is.

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 01 March 2017 - 07:16 PM

Hi boop

Thank you for your help

 

It didn't work. I still got launchpage.org as my start page

Here is the AdwCleaner log


# AdwCleaner v6.044 - Logfile created 01/03/2017 at 16:09:01
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-01.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : DD - DD-PC
# Running from : C:\Users\DD\Downloads\AdwCleaner(3).exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Auslogics
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Auslogics
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil


***** [ Files ] *****

[-] File deleted: C:\Windows\SysNative\LavasoftTcpService64.dll
[-] File deleted: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[-] File deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll
[-] File deleted: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DF51AD29-5239-441A-B921-E655C8162060}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Web Assistant
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\Auslogics
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12127 Bytes] - [28/02/2017 02:25:44]
C:\AdwCleaner\AdwCleaner[C2].txt - [5672 Bytes] - [01/03/2017 16:09:01]
C:\AdwCleaner\AdwCleaner[R0].txt - [15001 Bytes] - [20/08/2013 13:56:22]
C:\AdwCleaner\AdwCleaner[R10].txt - [1936 Bytes] - [18/09/2013 16:29:55]
C:\AdwCleaner\AdwCleaner[R11].txt - [2057 Bytes] - [22/09/2013 11:48:36]
C:\AdwCleaner\AdwCleaner[R12].txt - [9729 Bytes] - [22/09/2013 11:55:57]
C:\AdwCleaner\AdwCleaner[R13].txt - [2300 Bytes] - [22/09/2013 11:59:52]
C:\AdwCleaner\AdwCleaner[R14].txt - [2362 Bytes] - [23/09/2013 14:25:20]
C:\AdwCleaner\AdwCleaner[R15].txt - [2423 Bytes] - [30/09/2013 16:07:50]
C:\AdwCleaner\AdwCleaner[R16].txt - [4025 Bytes] - [05/10/2013 17:40:22]
C:\AdwCleaner\AdwCleaner[R17].txt - [2663 Bytes] - [07/10/2013 16:46:34]
C:\AdwCleaner\AdwCleaner[R18].txt - [2726 Bytes] - [08/10/2013 16:32:43]
C:\AdwCleaner\AdwCleaner[R19].txt - [3505 Bytes] - [10/10/2013 16:30:47]
C:\AdwCleaner\AdwCleaner[R1].txt - [992 Bytes] - [22/08/2013 09:11:07]
C:\AdwCleaner\AdwCleaner[R20].txt - [3079 Bytes] - [18/10/2013 12:37:09]
C:\AdwCleaner\AdwCleaner[R21].txt - [3095 Bytes] - [19/10/2013 18:52:35]
C:\AdwCleaner\AdwCleaner[R22].txt - [3217 Bytes] - [20/10/2013 14:44:34]
C:\AdwCleaner\AdwCleaner[R23].txt - [3336 Bytes] - [25/10/2013 15:41:05]
C:\AdwCleaner\AdwCleaner[R24].txt - [3478 Bytes] - [27/10/2013 11:29:16]
C:\AdwCleaner\AdwCleaner[R25].txt - [4237 Bytes] - [24/06/2014 14:45:42]
C:\AdwCleaner\AdwCleaner[R2].txt - [1051 Bytes] - [22/08/2013 17:35:00]
C:\AdwCleaner\AdwCleaner[R3].txt - [1373 Bytes] - [24/08/2013 18:43:06]
C:\AdwCleaner\AdwCleaner[R4].txt - [1453 Bytes] - [01/09/2013 11:00:21]
C:\AdwCleaner\AdwCleaner[R5].txt - [13239 Bytes] - [11/09/2013 16:12:31]
C:\AdwCleaner\AdwCleaner[R6].txt - [2498 Bytes] - [11/09/2013 16:25:25]
C:\AdwCleaner\AdwCleaner[R7].txt - [1575 Bytes] - [16/09/2013 08:41:06]
C:\AdwCleaner\AdwCleaner[R8].txt - [1695 Bytes] - [16/09/2013 16:49:39]
C:\AdwCleaner\AdwCleaner[R9].txt - [1815 Bytes] - [17/09/2013 16:08:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [14932 Bytes] - [20/08/2013 13:56:58]
C:\AdwCleaner\AdwCleaner[S10].txt - [9818 Bytes] - [22/09/2013 11:56:24]
C:\AdwCleaner\AdwCleaner[S11].txt - [3937 Bytes] - [05/10/2013 17:40:55]
C:\AdwCleaner\AdwCleaner[S12].txt - [2727 Bytes] - [07/10/2013 16:47:02]
C:\AdwCleaner\AdwCleaner[S13].txt - [2788 Bytes] - [08/10/2013 16:33:02]
C:\AdwCleaner\AdwCleaner[S14].txt - [3468 Bytes] - [10/10/2013 16:31:26]
C:\AdwCleaner\AdwCleaner[S15].txt - [3143 Bytes] - [18/10/2013 12:37:41]
C:\AdwCleaner\AdwCleaner[S16].txt - [3157 Bytes] - [19/10/2013 18:53:09]
C:\AdwCleaner\AdwCleaner[S17].txt - [3279 Bytes] - [20/10/2013 14:45:03]
C:\AdwCleaner\AdwCleaner[S18].txt - [3398 Bytes] - [25/10/2013 15:41:50]
C:\AdwCleaner\AdwCleaner[S19].txt - [3540 Bytes] - [27/10/2013 11:29:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [1113 Bytes] - [22/08/2013 17:35:22]
C:\AdwCleaner\AdwCleaner[S20].txt - [4315 Bytes] - [24/06/2014 14:46:25]
C:\AdwCleaner\AdwCleaner[S21].txt - [11415 Bytes] - [28/02/2017 02:22:04]
C:\AdwCleaner\AdwCleaner[S22].txt - [9258 Bytes] - [28/02/2017 15:36:06]
C:\AdwCleaner\AdwCleaner[S23].txt - [9331 Bytes] - [28/02/2017 15:40:11]
C:\AdwCleaner\AdwCleaner[S24].txt - [9405 Bytes] - [28/02/2017 15:41:33]
C:\AdwCleaner\AdwCleaner[S25].txt - [9425 Bytes] - [28/02/2017 20:04:10]
C:\AdwCleaner\AdwCleaner[S26].txt - [9500 Bytes] - [01/03/2017 16:06:49]
C:\AdwCleaner\AdwCleaner[S2].txt - [1403 Bytes] - [01/09/2013 11:00:55]
C:\AdwCleaner\AdwCleaner[S3].txt - [12858 Bytes] - [11/09/2013 16:12:52]
C:\AdwCleaner\AdwCleaner[S4].txt - [2527 Bytes] - [11/09/2013 16:25:52]
C:\AdwCleaner\AdwCleaner[S5].txt - [1636 Bytes] - [16/09/2013 08:41:42]
C:\AdwCleaner\AdwCleaner[S6].txt - [1756 Bytes] - [16/09/2013 16:50:05]
C:\AdwCleaner\AdwCleaner[S7].txt - [1876 Bytes] - [17/09/2013 16:08:38]
C:\AdwCleaner\AdwCleaner[S8].txt - [1997 Bytes] - [18/09/2013 16:30:20]
C:\AdwCleaner\AdwCleaner[S9].txt - [2118 Bytes] - [22/09/2013 11:48:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [9651 Bytes] ##########
 



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 02 March 2017 - 11:17 AM

Hi, you're welcome. We need a deeper look to find the hook... Repost...
Start at step 6

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 02 March 2017 - 07:26 PM

ok I have tried to re-post in the Virus, Trojan, Spyware, and Malware Removal Logs forum but it keeps timing out

 

Edit: It just posted All's well :)


Edited by jackwill, 02 March 2017 - 07:35 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 03 March 2017 - 10:39 AM

New topic.

https://www.bleepingcomputer.com/forums/t/641244/please-help-me-remove-launchpageorg-browser-hijack/

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users