kyleboudreau
-
Posts
6 -
Joined
-
Last visited
-
Malware Freezes During Removal of Infections
kyleboudreau replied to kyleboudreau's topic in Resolved Malware Removal Logs
I wanted to let you know I did a little more cleaning and was able to get the last of the infections cleared. All seems good. Greatly appreciate your help and guidance. -
Malware Freezes During Removal of Infections
kyleboudreau replied to kyleboudreau's topic in Resolved Malware Removal Logs
I will give it a shot and thanks for your help and patience. -
Malware Freezes During Removal of Infections
kyleboudreau replied to kyleboudreau's topic in Resolved Malware Removal Logs
I printed the log report before clicking remove all. Once I clicked remove all, the program froze. -
Malware Freezes During Removal of Infections
kyleboudreau replied to kyleboudreau's topic in Resolved Malware Removal Logs
Below is the file from Adw Cleaner: # AdwCleaner v3.003 - Report created 10/09/2013 at 20:30:58# Updated 07/09/2013 by Xplode# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)# Username : Dad - DAD-PC# Running from : C:\Users\Dad\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** Service Deleted : BrowserDefendert[#] Service Deleted : GuffinsService ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\Babylon[!] Folder Deleted : C:\ProgramData\boost_interprocess[!] Folder Deleted : C:\ProgramData\BrowserDefender[!] Folder Deleted : C:\ProgramData\PCFixSpeed[!] Folder Deleted : C:\ProgramData\Tarma Installer[!] Folder Deleted : C:\ProgramData\Trymedia[!] Folder Deleted : C:\Program Files (x86)\Conduit[!] Folder Deleted : C:\Program Files (x86)\DealPly[!] Folder Deleted : C:\Program Files (x86)\Guffins[!] Folder Deleted : C:\Program Files (x86)\OApps[!] Folder Deleted : C:\Program Files (x86)\PlaySushi[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search[!] Folder Deleted : C:\Users\Dad\AppData\Local\Conduit[!] Folder Deleted : C:\Users\Dad\AppData\Local\cre[!] Folder Deleted : C:\Users\Dad\AppData\Local\SwvUpdater[!] Folder Deleted : C:\Users\Dad\AppData\Local\Temp\AirInstaller[!] Folder Deleted : C:\Users\Dad\AppData\LocalLow\BabylonToolbar[!] Folder Deleted : C:\Users\Dad\AppData\LocalLow\Conduit[!] Folder Deleted : C:\Users\Dad\AppData\LocalLow\FunWebProducts[!] Folder Deleted : C:\Users\Dad\AppData\LocalLow\Guffins[!] Folder Deleted : C:\Users\Dad\AppData\LocalLow\MixiDJ_V30[!] Folder Deleted : C:\Users\Dad\AppData\LocalLow\MyWebSearch[!] Folder Deleted : C:\Users\Dad\AppData\LocalLow\PriceGong[!] Folder Deleted : C:\Users\Dad\AppData\Roaming\24x7 help[!] Folder Deleted : C:\Users\Dad\AppData\Roaming\Babylon[!] Folder Deleted : C:\Users\Dad\AppData\Roaming\DealPly[!] Folder Deleted : C:\Users\Dad\AppData\Roaming\PCFixSpeed[!] Folder Deleted : C:\Users\Dad\AppData\Roaming\registry mechanic[!] Folder Deleted : C:\Users\Dad\AppData\Roaming\SearchProtect[!] Folder Deleted : C:\Users\Dad\AppData\Roaming\Systweak[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Conduit[!] Folder Deleted : C:\Users\Administrator\AppData\Local\cre[!] Folder Deleted : C:\Users\Administrator\AppData\LocalLow\BabylonToolbar[!] Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit[!] Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Guffins[!] Folder Deleted : C:\Users\Administrator\AppData\LocalLow\PriceGong[!] Folder Deleted : C:\Users\Administrator\AppData\Roaming\SearchProtectFile Deleted : C:\ENDFile Deleted : C:\Windows\System32\roboot64.exeFile Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\bProtector Web DataFile Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferencesFile Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorageFile Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorageFile Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journalFile Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journalFile Deleted : C:\Windows\System32\Tasks\DealplyFile Deleted : C:\Windows\System32\Tasks\DealPlyUpdate ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [Lyrics@LyricsContainer.co]Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [u4ffxtbr@Guffins.com]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojhKey Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipjeKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipjeKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofValue Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettingsKey Deleted : HKLM\SOFTWARE\Classes\AppID\PSText.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exeKey Deleted : HKLM\SOFTWARE\Classes\driverscannerKey Deleted : HKLM\SOFTWARE\Classes\Guffins.DynamicBarButtonKey Deleted : HKLM\SOFTWARE\Classes\Guffins.DynamicBarButton.1Key Deleted : HKLM\SOFTWARE\Classes\Guffins.FeedManagerKey Deleted : HKLM\SOFTWARE\Classes\Guffins.FeedManager.1Key Deleted : HKLM\SOFTWARE\Classes\Guffins.HTMLMenuKey Deleted : HKLM\SOFTWARE\Classes\Guffins.HTMLMenu.1Key Deleted : HKLM\SOFTWARE\Classes\Guffins.HTMLPanelKey Deleted : HKLM\SOFTWARE\Classes\Guffins.HTMLPanel.1Key Deleted : HKLM\SOFTWARE\Classes\Guffins.MultipleButtonKey Deleted : HKLM\SOFTWARE\Classes\Guffins.MultipleButton.1Key Deleted : HKLM\SOFTWARE\Classes\Guffins.PseudoTransparentPluginKey Deleted : HKLM\SOFTWARE\Classes\Guffins.PseudoTransparentPlugin.1Key Deleted : HKLM\SOFTWARE\Classes\Guffins.RadioKey Deleted : HKLM\SOFTWARE\Classes\Guffins.Radio.1Key Deleted : HKLM\SOFTWARE\Classes\Guffins.RadioSettingsKey Deleted : HKLM\SOFTWARE\Classes\Guffins.RadioSettings.1Key Deleted : HKLM\SOFTWARE\Classes\Guffins.ScriptButtonKey Deleted : HKLM\SOFTWARE\Classes\Guffins.ScriptButton.1Key Deleted : HKLM\SOFTWARE\Classes\Guffins.SettingsPluginKey Deleted : HKLM\SOFTWARE\Classes\Guffins.SettingsPlugin.1Key Deleted : HKLM\SOFTWARE\Classes\Guffins.ThirdPartyInstallerKey Deleted : HKLM\SOFTWARE\Classes\Guffins.ThirdPartyInstaller.1Key Deleted : HKLM\SOFTWARE\Classes\Guffins.UrlAlertButtonKey Deleted : HKLM\SOFTWARE\Classes\Guffins.UrlAlertButton.1Key Deleted : HKLM\SOFTWARE\Classes\Guffins.XMLSessionPluginKey Deleted : HKLM\SOFTWARE\Classes\Guffins.XMLSessionPlugin.1Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\MozillaPlugins\@Guffins.com/PluginKey Deleted : HKCU\Software\5f088dbe768eb40Key Deleted : HKLM\SOFTWARE\5f088dbe768eb40Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{006BFF73-D6B8-4CC0-A982-1E041D625B08}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B3F043D-1AFC-4BC1-8C5E-6DC54EAD3AE1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1D69E858-32D5-4888-A395-579C8124112B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F28C606-9536-4078-B89F-143B5C01571C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{224469FC-D32A-423E-90C3-0F69EF5724B8}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{442D3D85-B938-4FF8-9C15-027405DEA3EC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47B3F06E-CEC0-4670-AE2F-033F46EA5177}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{49A32F81-0BA1-4B43-856C-9A61425E5BF1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71A84035-08AD-4964-B6E9-9FFC06390057}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8013018C-73F4-4642-B2D1-9D83C2AAFBC2}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{956E5A3F-B1C2-4E81-9F30-84349CE7BAF0}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A04E19D-AAF5-4D2B-87C6-2F01B7E205B4}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6405EC8-0E8A-49AF-978E-F7FAC946950B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A916EEFE-6A17-4D7D-A131-2738B260BB55}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE71CA5E-F67D-4507-8EE3-2C64C79131FE}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B52A4484-AB18-44D5-BB8E-5631573FE90F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3D3840C-12EA-4461-A61D-190555FECC82}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D6A34ACB-76FA-4A14-88EA-5D54797A2028}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DAD15D1B-6E60-4312-B1DB-0590A1C6858E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8E548A0-AD49-456C-A72C-977D06415C68}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D22421A9-9464-4365-AE9B-D4AD70B99924}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF777BF5-D424-4519-A61E-2B5BB204894D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0B070B7B-5574-4735-B4AA-0543DF03FDFA}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{18E5FE5F-481D-4991-B833-CA21803D5E7D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D00DBBA-73F1-4784-88D3-2EEC61B2E99B}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3F6160FE-2EBC-45D6-B1B7-12687D267036}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{71A63FCB-02F9-4632-B7CE-2D136BF2EAC8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7832DE29-0904-406C-AD68-E0D5C3C3A4EA}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7C75F6AB-5FB4-4AB2-AC5C-8A9AE211553E}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8EF6E3A3-2C8D-4CD3-8FA3-8E901D8EFA90}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A7AE7537-9C87-4F9C-A494-84FA5AD092F0}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC480FBE-24AB-4372-9A32-02AB0BAE8B6B}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F379BD31-1B3D-41F7-9349-35004298B4C6}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A916EEFE-6A17-4D7D-A131-2738B260BB55}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6A34ACB-76FA-4A14-88EA-5D54797A2028}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8013018C-73F4-4642-B2D1-9D83C2AAFBC2}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A916EEFE-6A17-4D7D-A131-2738B260BB55}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6A34ACB-76FA-4A14-88EA-5D54797A2028}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A916EEFE-6A17-4D7D-A131-2738B260BB55}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D6A34ACB-76FA-4A14-88EA-5D54797A2028}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{006BFF73-D6B8-4CC0-A982-1E041D625B08}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D69E858-32D5-4888-A395-579C8124112B}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8013018C-73F4-4642-B2D1-9D83C2AAFBC2}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{956E5A3F-B1C2-4E81-9F30-84349CE7BAF0}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AE71CA5E-F67D-4507-8EE3-2C64C79131FE}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DAD15D1B-6E60-4312-B1DB-0590A1C6858E}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D2AA885-2C50-4758-A262-17254662A5D5}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49A32F81-0BA1-4B43-856C-9A61425E5BF1}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C277597D-C02B-4C09-9778-671530D2700F}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D22421A9-9464-4365-AE9B-D4AD70B99924}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF777BF5-D424-4519-A61E-2B5BB204894D}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C3D3840C-12EA-4461-A61D-190555FECC82}]Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\DealPlyKey Deleted : HKCU\Software\distromaticKey Deleted : HKCU\Software\ilividKey Deleted : HKCU\Software\systweakKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\AppDataLow\PlaySushiKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\AppDataLow\Software\Fun Web ProductsKey Deleted : HKCU\Software\AppDataLow\Software\FunWebProductsKey Deleted : HKCU\Software\AppDataLow\Software\LyricsContainerKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\Software\BabylonKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\Software\iLividSRTBKey Deleted : HKLM\Software\systweakKey Deleted : HKLM\Software\Uniblue\DriverScannerKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Guffinsbar UninstallKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPlyKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Guffinsbar UninstallKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Lyrics@LyricsContainer.coKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushiKey Deleted : [x64] HKLM\SOFTWARE\DataMngrKey Deleted : [x64] HKLM\SOFTWARE\Tarma Installer ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16502 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page Original] -\\ Google Chrome v28.0.1500.72 [ File : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage ************************* AdwCleaner[R0].txt - [22086 octets] - [10/09/2013 20:28:50]AdwCleaner[s0].txt - [21824 octets] - [10/09/2013 20:30:58] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [21885 octets] ########## ------------------------------------------------------------ Malware found 10 items, but froze up again (not responding) when trying to remove. Below is the log. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.09.11.01 Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421Dad :: DAD-PC [administrator] 9/10/2013 8:42:38 PMMBAM-log-2013-09-10 (20-51-04).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 258988Time elapsed: 8 minute(s), 6 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 9C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> No action taken.C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> No action taken.C:\Users\Dad\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> No action taken.C:\Users\Dad\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> No action taken.C:\Users\Dad\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> No action taken.C:\Users\Dad\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> No action taken.C:\Users\Dad\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> No action taken.C:\Users\Dad\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> No action taken.C:\Users\Dad\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> No action taken. Files Detected: 0(No malicious items detected) (end) -
Malware Freezes During Removal of Infections
kyleboudreau replied to kyleboudreau's topic in Resolved Malware Removal Logs
A computer search did not return any files named dds.txt or attach.txt. I downloaded RogueKiller for a 64 bit system as instructed and it launched automatically. I noticed it did kill two files with the "browser defender" reference. Here is the report. RogueKiller V8.6.10 _x64_ [sep 9 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Dad [Admin rights]Mode : Scan -- Date : 09/10/2013 19:11:14| ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤[sUSP PATH] BrowserDefender.exe -- C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [7] -> KILLED [TermProc][sUSP PATH] BrowserDefender.exe -- C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 6 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-122280195-3766559216-3995452035-1000UA.job : C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-122280195-3766559216-3995452035-1000Core.job : C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] DealPly : C:\Users\Dad\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND[V2][sUSP PATH] Google Updater and Installer : C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-122280195-3766559216-3995452035-1000Core : C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-122280195-3766559216-3995452035-1000UA : C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3500620AS ATA Device +++++--- User ---[MBR] f5a379b6b6a8adf74234f8f61aff62d1[bSP] 61d29ee1455153a82ada600daf045c9d : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 15360 Mo2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31555584 | Size: 461531 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09102013_191114.txt >> What should I do next? -
My computer has been running extremely slow. I ran Malware and found 183 infections. However, after selecting all and clicking remove, the status bar starts and then freezes midway, causing me to do a forced shutdown. I was able to remove a couple of infections before the freezing. After multiple scans and removal attempts, it seems the program is freezing on a file with the name Browser Defender/Firefox Extension. Any help would be greatly appreciated. I can get around the computer but I am no expert.