Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Pop ups, slow, general problems with possible Browser hijacker [Closed


  • This topic is locked This topic is locked
7 replies to this topic

#1 fancywhat

fancywhat

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 03 December 2014 - 03:20 PM

I have had this for so long first it was from downloading a program and clicking to fast through the agreements and I got the MySearchDial toolbar.  Never really got totally rid of it. 

 

Then I was scammed by a phone call claiming to be microsoft and I let the tech in via team viewer. They did several things to my computer including locking me out.

 

I have been working with support@malwarebytes but I have not been able to do some of the tasks.  I have let time pass inbetween working on it and it has gotten worse.  I am using IE8, I was using Chrome and before that Firefox they are all very bogged down, crashing all the time.  It is very very frustrating.

 

I have Microsoft Security Essentials free,  Spybot S&D ( I didn't get till after I had the first Issue with MySearchDial)

and I have Malwarebytes (Pay version)

 

I was unable to disarm Spybot S&D with the directions on this website and was directed to you by your support center if I had problems with any of the instructions given.  So here I am.

 

I tried to follow the instructions of a newpost but they are a bit confusing.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Denise (administrator) on DENISE-PC on 03-12-2014 12:16:44
Running from C:\Users\Denise\Desktop
Loaded Profile: Denise (Available profiles: Denise)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
() C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(AVAST Software) C:\Users\Denise\Desktop\aswMBR.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Denise at 2014-12-03 12:17:48
Running from C:\Users\Denise\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced DHTML Popup Pro V3 (HKLM-x32\...\adppro3_is1) (Version: 3.11.00.22 - Digital Flow Software)
ASUS VGA Driver (x32 Version: 3.0.0.1 - ASUSTek) Hidden
Bidnapper Homelink (HKLM-x32\...\{2A442EA0-1A1A-4841-9DDF-CA62C1425E06}) (Version: 1.4 - Bidnapper)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
Cloud System Booster (HKLM-x32\...\Cloud System Booster) (Version: 3.0 - Anvisoft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant)
Dell System Detect (HKU\S-1-5-21-1370422411-3828375866-1003123910-1000\...\9204f5692a8faf3b) (Version: 5.2.0.11 - Dell)
Dell System Detect Bootstrapper (HKU\S-1-5-21-1370422411-3828375866-1003123910-1000\...\8e3135b376bd523e) (Version: 5.1.0.41 - Dell)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Glary Utilities PRO 5.8 (HKLM-x32\...\Glary Utilities 5) (Version: 5.8.0.15 - Glarysoft Ltd)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.8.208 - SurfRight B.V.)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NETGEAR WNA1000M Wireless USB 2.0 Adapter (HKLM-x32\...\InstallShield_{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}) (Version: 1.01.10 - NETGEAR)
NETGEAR WNA1000M Wireless USB 2.0 Adapter (x32 Version: 1.01.10 - NETGEAR) Hidden
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.54 - BVRP Software, Inc)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
OLYMPUS CAMEDIA Master 2.0 (HKLM-x32\...\OLYMPUS CAMEDIA Master 2.0) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.7 - VS Revo Group, Ltd.)
Spotmau PowerSuite Golden 2012 (build 7.0.1) (HKLM-x32\...\{182201E0-FCBA-4667-B226-B5AE3F4C623D}_is1) (Version:  - Spotmau Software Co., Ltd.)
TagBot (HKLM-x32\...\TagBot) (Version:  - )
Topaz e-Signatures SigPlus 4.4.0.16 (HKLM-x32\...\Topaz e-Signatures SigPlus 4.4.0.16) (Version: 4.4.0.16 - Topaz Systems, Inc.)
WinX HD Video Converter Deluxe 5.0.2 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
XviD MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - XviD Development Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

19-11-2014 11:03:33 Windows Update
20-11-2014 20:07:55 Installed Java 7 Update 71
23-11-2014 13:32:42 Windows Update
26-11-2014 14:40:48 Windows Update
28-11-2014 08:06:13 Installed Adblock Plus for IE (32-bit and 64-bit)
30-11-2014 21:46:47 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-05-09 07:42 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12BFDD06-6E12-4215-AAAF-E99B2E5603F4} - System32\Tasks\{51821062-5CE2-4E6C-9CDF-EB6FBE45C8F7} => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
Task: {2537BBA3-8BDF-4C02-A76D-BE56A2B0BD2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {2824AA10-1571-4AF5-84FF-13FC8E886E4F} - System32\Tasks\{A16025B4-6C80-406D-9FA8-F68DB1BD2D4A} => C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe [2012-01-04] ()
Task: {3AB7AC20-F6FD-463C-B235-581C8100C708} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {511F9050-55D9-4602-9C7F-2A7C0AD6B6AA} - System32\Tasks\{E8603DD1-B16B-4CC1-AC11-93B722A3FC79} => C:\Program Files (x86)\OLYMPUS\CAMEDIA Master\Olympus Camedia.exe [2000-02-22] ()
Task: {6DD986B7-6FE9-425D-9763-A86EEF367CDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {7A78DF6A-EDCA-48C6-9B78-EFA15D2C5231} - System32\Tasks\{4B387D55-733E-4F71-B5AF-AB8B5C4CF2E9} => C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe [2012-01-04] ()
Task: {83EE362A-2283-4E67-A930-17F12710B8FD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {88E2D762-87B3-42DF-A920-85DF33BDE16E} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-09-14] (Glarysoft Ltd)
Task: {90CA7C3B-1A60-4690-BBC0-E0914FC6B7F1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {91DDB58C-97EB-4BAB-B42E-0454701C74D7} - System32\Tasks\AdobeAAMUpdater-1.0-Denise-PC-Denise => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {9643346A-0C75-49FC-8BC7-1BC192F40A60} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {A1E47F41-2320-4A00-A23D-FE08D1096836} - System32\Tasks\{662773F6-0058-43EC-96E9-766D29784F42} => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil_.exe
Task: {B7DFBE91-ACA5-46B8-912E-D03B6833D42F} - System32\Tasks\{517708B0-4D92-4EC8-BB78-2082B72B90A2} => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil_.exe
Task: {D92D32E4-6E34-4C1C-8429-DA5AE7503F61} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-09-14] (Glarysoft Ltd)
Task: {DC58DC8E-52EE-4D1D-975F-6BA469D44887} - System32\Tasks\{23EAEC22-FC81-4A0D-B7F4-EC9F748A22A2} => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
Task: {DF156FFB-82D0-459F-9213-D5B59B4B9976} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {E80BE584-759F-402F-93DF-D657451BA470} - System32\Tasks\{7E05B452-97C1-4332-BDDB-E770C09CC9FB} => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
Task: {EF37E020-53B9-4DB3-B023-7E2F35820CBF} - System32\Tasks\{822E518C-F830-461F-A85D-3D7AE5104B70} => C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe [2012-01-04] ()
Task: {F1979541-3440-48BC-8F51-EAC0A37C7A42} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {F51ACB5C-5F31-4F9A-9AE6-C746A41C6690} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {FF8D4B6E-2A1C-4B2B-B2E0-7F48057DA63C} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-08 09:34 - 2013-10-08 09:34 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-20 22:42 - 2011-11-15 10:24 - 00146792 _____ () C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe
2011-06-30 21:23 - 2011-06-30 21:23 - 00167936 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe
2012-01-04 17:32 - 2012-01-04 17:32 - 00504064 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe
2013-10-08 09:34 - 2013-10-08 09:34 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-12-01 03:52 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-01 03:52 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-01 03:52 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-12-01 03:52 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-12-01 03:52 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-09-14 23:45 - 2014-09-14 23:45 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2011-12-26 12:48 - 2011-12-26 12:48 - 00237568 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WTmpl.dll
2011-12-26 12:43 - 2011-12-26 12:43 - 00327680 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\XParser.dll
2011-12-26 12:47 - 2011-12-26 12:47 - 00290816 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WDialog.dll
2011-12-26 12:44 - 2011-12-26 12:44 - 00512000 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WCtrls.dll
2011-12-13 09:18 - 2011-12-13 09:18 - 00286720 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WCommObj.dll
2011-12-26 12:45 - 2011-12-26 12:45 - 00319488 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WDraw.dll
2011-12-26 12:54 - 2011-12-26 12:54 - 00262144 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\GDIpProc.dll
2011-12-26 12:46 - 2011-12-26 12:46 - 00393216 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WWnd.dll
2011-12-13 10:10 - 2011-12-13 10:10 - 00413696 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WlanDll.dll
2011-12-13 09:18 - 2011-12-13 09:18 - 00307200 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WConn.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80231285.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80231285.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1370422411-3828375866-1003123910-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1370422411-3828375866-1003123910-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk => C:\Windows\pss\Install LastPass FF RunOnce.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1370422411-3828375866-1003123910-500 - Administrator - Disabled)
Denise (S-1-5-21-1370422411-3828375866-1003123910-1000 - Administrator - Enabled) => C:\Users\Denise
Guest (S-1-5-21-1370422411-3828375866-1003123910-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1370422411-3828375866-1003123910-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================


    Advertisements

Register to Remove


#2 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 04 December 2014 - 09:40 AM

Hello, 
 
Is your ticket with Malwarebytes Support still open? 
 

was directed to you by your support center

Are you referring to Malwarebytes Support?


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#3 fancywhat

fancywhat

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 04 December 2014 - 01:44 PM

Yes it is still open.  #570722  He didn't say to close it, should I?  I will stick here and try to get it solved, the only correspondence would be a courtesy email to let him know it is fixed.   Let me know if I should close it, I will do it immediately if you say I should.   I need to get this fixed it is getting way to frustrating to deal with the slow annoying problems that spyware cause.

Denise



#4 fancywhat

fancywhat

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 04 December 2014 - 02:44 PM

I don't know if I was clear, yes it is Malwarebytes Support.



#5 fancywhat

fancywhat

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 04 December 2014 - 03:38 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:32:52 PM, on 12/4/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Denise\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.verizon...ls_Malwarebytes
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - (no file)
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: NETGEAR WNA1000M Genie.lnk = C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: LastPass - file://C:\Users\Denise\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Denise\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Anvi Cloud System Booster Speed Service (AnviCsbSvc) - Anvisoft - C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
O23 - Service: CareMon - Unknown owner - C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10042 bytes

#6 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 05 December 2014 - 04:50 AM

Hello Denise, 
 
Sorry for the delay. 
 

Yes it is still open.  #570722  He didn't say to close it, should I?

I would close the ticket to avoid confusion. 
 
Please do the following.
 
STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for anything removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 4
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • JRT.txt
  • MBAM log
  • FRST.txt
  • Addition.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#7 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 07 December 2014 - 09:13 PM

Hello, 

 

Do you still require assistance?


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#8 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 08 December 2014 - 08:14 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users