Jump to content

krystenwithay

Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by krystenwithay

  1. I'm sorry, I haven't had internet connection. I'm ready to follow any further instructions today though. Everything has been working great this morning to the best of my knowledge, nothing has come up on the malwarebytes scan. Thanks
  2. I actually have to leave where I currently am and don't get internet access at my home. I will complete the step you have just posted tomorrow morning and get back with you. Again, thank you so much! Have a great evening, talk to you tomorrow.
  3. So far so good! Thanks a lot, I truly appreciate it
  4. # AdwCleaner v3.010 - Report created 24/10/2013 at 20:00:56 # Updated 20/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits) # Username : Twyla - TWYLA-PC # Running from : C:\Users\Twyla\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Secure Search ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\Twyla\AppData\Roaming\Mozilla\Firefox\Profiles\7wmoih13.default\prefs.js ] -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\Twyla\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [19119 octets] - [24/10/2013 17:17:20] AdwCleaner[R1].txt - [1107 octets] - [24/10/2013 17:58:31] AdwCleaner[R2].txt - [1258 octets] - [24/10/2013 19:01:36] AdwCleaner[R3].txt - [1292 octets] - [24/10/2013 19:27:18] AdwCleaner[s0].txt - [19183 octets] - [24/10/2013 17:23:15] AdwCleaner[s1].txt - [1331 octets] - [24/10/2013 19:02:35] AdwCleaner[s2].txt - [1217 octets] - [24/10/2013 20:00:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1277 octets] ########## Should I run anything to see if they were actually cleared?
  5. Thank you, I did as you said with Ccleaner and it removed it from the programs list. Should I be concerned that AVG items are still showing up on the adWcleaner scan? Should I try to remove them again through adWcleaner? (so far I have only ran the scan and not taken action) Thank you again.
  6. Sorry, I'm not deliberately not following instructions, but by "stay away form the registry cleaner" do you mean adWcleaner? Because I re-ran it when the computer re-started to see if it eradicated the AVG items and they are still showing up. I haven't installed the Ccleaner yet.
  7. sorry, here is the log from adWcleaner: # Updated 20/10/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)# Username : Twyla - TWYLA-PC# Running from : C:\Users\Twyla\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\ParetoLogicFolder Deleted : C:\ProgramData\Alawar Stargaze ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKLM\Software\AVG Secure Search ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\Twyla\AppData\Roaming\Mozilla\Firefox\Profiles\7wmoih13.default\prefs.js ] -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\Twyla\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [19119 octets] - [24/10/2013 17:17:20]AdwCleaner[R1].txt - [1107 octets] - [24/10/2013 17:58:31]AdwCleaner[R2].txt - [1258 octets] - [24/10/2013 19:01:36]AdwCleaner[s0].txt - [19183 octets] - [24/10/2013 17:23:15]AdwCleaner[s1].txt - [1191 octets] - [24/10/2013 19:02:35] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1251 octets] ##########
  8. I re-ran adWcleaner which picked up AVG secure search and supposedly deleted it, but upon restarting my computer AVG safeguard toolbar still appears under the list of programs, and still will not uninstall. Just to be clear, there is not actually the toolbar in my web browser, just the program listed.
  9. Malwarebytes is no longer picking up anything, my only remaining issue is that when I go into control panel>programs>programs and features AVG Safeguard Toolbar shows up in the programs list. When I highlight it and click "uninstall/change" the cursor turns into the blue circle as if it is loading but it does not uninstall or give me any options at all. It simply appears to be loading and then goes back to the pointer without making any changes. I googled how to uninstall it, but the only thing coming up is what I have already done (control panel, uninstall). Thanks
  10. adWare cleaner log: # AdwCleaner v3.010 - Report created 24/10/2013 at 17:23:15 # Updated 20/10/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)# Username : Twyla - TWYLA-PC# Running from : C:\Users\Twyla\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** Service Deleted : BackupStackService Deleted : MyWebSearchService[#] Service Deleted : Update Swift Browse[#] Service Deleted : Util Swift BrowseService Deleted : vToolbarUpdater17.0.12 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\ParetoLogicFolder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\ProgramData\Alawar StargazeFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic[!] Folder Deleted : C:\Program Files\MyPC Backup Folder Deleted : C:\Program Files\MyPC BackupFolder Deleted : C:\Program Files\MyWebSearchFolder Deleted : C:\Program Files\ParetoLogicFolder Deleted : C:\Program Files\Swift BrowseFolder Deleted : C:\Program Files\Yontoo Layers ClientFolder Deleted : C:\Program Files\ZyngaFolder Deleted : C:\Program Files\Common Files\AVG Secure SearchFolder Deleted : C:\Program Files\Common Files\ParetoLogicFolder Deleted : C:\Users\Twyla\AppData\Local\ConduitFolder Deleted : C:\Users\Twyla\AppData\Local\ZyngaFolder Deleted : C:\Users\Twyla\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Twyla\AppData\LocalLow\FunWebProductsFolder Deleted : C:\Users\Twyla\AppData\LocalLow\iacFolder Deleted : C:\Users\Twyla\AppData\LocalLow\MyWebSearchFolder Deleted : C:\Users\Twyla\AppData\LocalLow\ZyngaFolder Deleted : C:\Users\Twyla\AppData\Roaming\iWinFolder Deleted : C:\Users\Twyla\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgapglgghagmhogfjkdlnnmbdfddeedbFile Deleted : C:\ENDFile Deleted : C:\Users\Twyla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnkFile Deleted : C:\Users\Twyla\Desktop\MyPC Backup.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jgapglgghagmhogfjkdlnnmbdfddeedbKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlcValue Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLLKey Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.ApiKey Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dllValue Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pssKey Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddinKey Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddinKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backupValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/PluginKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3752473D-EDE7-42D1-848B-9103602624C7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF6-072E-44CF-8957-5838F569A31D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3752473D-EDE7-42D1-848B-9103602624C7}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]Key Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Cr_InstallerKey Deleted : HKCU\Software\FunWebProductsKey Deleted : HKCU\Software\MyWebSearchKey Deleted : HKCU\Software\Swift BrowseKey Deleted : HKCU\Software\ToolbarKey Deleted : HKCU\Software\ZyngaKey Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\AppDataLow\Software\Fun Web ProductsKey Deleted : HKCU\Software\AppDataLow\Software\FunWebProductsKey Deleted : HKCU\Software\AppDataLow\Software\MyWebSearchKey Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanaticKey Deleted : HKCU\Software\AppDataLow\Software\ZyngaKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\FocusInteractiveKey Deleted : HKLM\Software\Fun Web ProductsKey Deleted : HKLM\Software\MyWebSearchKey Deleted : HKLM\Software\Swift BrowseKey Deleted : HKLM\Software\systweakKey Deleted : HKLM\Software\Tarma InstallerKey Deleted : HKLM\Software\TelevisionFanaticKey Deleted : HKLM\Software\ToolbarKey Deleted : HKLM\Software\ZyngaKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC BackupKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstallKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swift BrowseKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zynga ToolbarKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494 ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\Twyla\AppData\Roaming\Mozilla\Firefox\Profiles\7wmoih13.default\prefs.js ] -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\Twyla\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : icon_url ************************* AdwCleaner[R0].txt - [19119 octets] - [24/10/2013 17:17:20]AdwCleaner[s0].txt - [19041 octets] - [24/10/2013 17:23:15] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [19102 octets] ########## MBAM log:Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.10.24.07 Windows 7 Service Pack 1 x86 NTFSInternet Explorer 10.0.9200.16721Twyla :: TWYLA-PC [administrator] 10/24/2013 5:34:24 PMmbam-log-2013-10-24 (17-34-24).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 205135Time elapsed: 10 minute(s), 35 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 2HKCR\Typelib\{79F2E347-1D36-4E2E-A676-76550A20D541} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully.HKCR\Interface\{47ADEAA5-2986-44B2-A914-5D8516E58443} (PUP.Optional.SwiftBrowse.A) -> Quarantined and deleted successfully. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  11. I re-ran adWcleaner and nothing came up this time. I re-ran rogue killer and here is the log: RogueKiller V8.6.3 [Jul 17 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser : Twyla [Admin rights]Mode : Scan -- Date : 10/24/2013 18:08:57| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤[RUN][sUSP PATH] HKLM\[...]\Run : ShopAtHomeWatcher (C:\Users\Twyla\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [x]) -> FOUND[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][ROGUE ST] 4710 : wscript.exe - C:\Users\Twyla\AppData\Local\Temp\launchie.vbs //B -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts I haven't done anything with rogue killer except run the scan and get the log, not used any other options just because I don't know what they do. As far as the realplayer, I found the location of the file in c:drive>programfiles>real. If I delete it from there will it delete all of it? There is no option to uninstall it. Thanks
  12. Also, upon searching something just now, google chrome redirected me to an AVG search and a pop-up occured stating that my version (of what, who knows) is outdated prompting me to download the latest verson. I x-ed out of the prompt and am currently changing my search settings back to google on chrome.
  13. AdWCleaner pulled up a few items that I recognize as definite troublemakers, it worries me that it pulled up Yontoo, which I have had issues with before on another computer but Malwarebytes has not shown me this as a virus. Do you think that is a cause for concern? Upon re-running malwarebytes with the suggested changes, it pulled up two new registry viruses (PUP.optional.swiftbrowse.a) and says that they have successfully been quarantined and removed. I have another question, that, again, may be unrelated but may not be. I noticed today that there is a desktop icon for Realplayer that I don't believe was there previously. When I open the start menu and search for "real" under programs nothing comes up. I also tried to go into the control panel, uninstall, and look for it to no avail. I use google chrome and when I clicked the menu to the right of the favorites button in that menu there was a notification stating that realplayer was given access to make changes in google chrome. I reversed that by clicking on it in the menu but believe it has something to do with a/the virus still on the computer. Thanks.
  14. Thank you, I am about to follow your instructions now but just wanted to update you, before I received your response I began trying to uninstall java applications from the computer and ran into an issue uninstalling java 6 update 14. I used Microsoft Fixit which supposedly fixed and unisatalled the program, I don't know if it pertains to this issue but it gave me a log so I figured I'd post it. Program Install and Uninstall troubleshooter Publisher details Issues found Cannot install or uninstall a program Fixed Uninstall and cleanup? Java 6 Update 14 Succeeded Issues checked Corrupt Patch Registry keys Checked Problem registry key Checked Issues found Detection details Anchor 6 Cannot install or uninstall a program Fixed Looks for problems that can stop you installing and uninstalling a program Issues checked Detection details Anchor 6 Corrupt Patch Registry keys Checked Detects corrupt or missing patch cache Anchor 6 Problem registry key Checked Detects problems with the registry (Wow64 issue) Anchor Detection details Collection information Computer Name: TWYLA-PC Windows Version: 6.1 Architecture: x86 Time: Thursday, October 24, 2013 4:54:06 PM Anchor Publisher details Program Install and Uninstall troubleshooter Looks for problems that can stop you installing and uninstalling a program Package Version: 1.3 Publisher: Microsoft Corporation Again, thank you, I appreciate your help and am about to follow your instructions now.
  15. Since the initial posting I have backed up my registry with ERUNT as well as downloaded rogue killer and rkill. Here is the rkill log: (ran first) Rkill 2.6.2 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2013 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 10/24/2013 03:58:20 PM in x86 mode.Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 10/24/2013 04:00:32 PMExecution time: 0 hours(s), 2 minute(s), and 11 seconds(s) Here is the rogue killer log (only ran, nothing "fixed")RogueKiller V8.6.3 [Jul 17 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser : Twyla [Admin rights]Mode : Scan -- Date : 10/24/2013 16:36:48| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤[RUN][sUSP PATH] HKLM\[...]\Run : ShopAtHomeWatcher (C:\Users\Twyla\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [x]) -> FOUND[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][ROGUE ST] 4710 : wscript.exe - C:\Users\Twyla\AppData\Local\Temp\launchie.vbs //B -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++--- User ---[MBR] fe010bc855da5228d96aff91eaf24da8[bSP] faeb527e18b9aae1fff1dad991a62111 : Windows Vista MBR CodePartition table:0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228633 Mo2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471314432 | Size: 8341 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_10242013_163648.txt >>
  16. Hey, I've read a forum or two on how others were instructed to eradicate this virus, but because it asks for each person to start a new thread as each computer may be different, I have. I really appreciate any help. I just got this computer form someone else and there were a few spyware type viruses on it. Malwarebytes seems to have eradicated all of them except for this one. It successfully causes pop-ups. I know registry viruses can be tricky and appreciate any help. Thanks in advance! Here is the log upon running a quick scan: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.10.21.05 Windows 7 Service Pack 1 x86 NTFSInternet Explorer 10.0.9200.16721Twyla :: TWYLA-PC [administrator] 10/24/2013 10:58:44 AMMBAM-log-2013-10-24 (15-25-27).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 205635Time elapsed: 15 minute(s), 15 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.