Jump to content

Need help removing Widgi.B and HiddenStart.A


Recommended Posts

Hello roffer! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
The path to the log file is "C:\Program Files\ESET\ESET Online Scanner\log.txt". To view this file, navigate to the file location and double-click log.txt. Post the log file in your next reply.
Link to post
Share on other sites

Borislav -

 

Thanks so much for your help. Since the last scan did not seem to complete I am halfway through a second scan with ESET (10 of 20 hours). Let me know if you want me to complete the scan, it currently identified six infected files, I attached a screenshot so you could see.

 

Here is the ESET Online log content, I think it is from an old scan in June rather than the last scan which seems to have been aborted.

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=203ebcfbd5b2bd468597428bc7bfe9aa
# engine=14439
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-18 04:54:42
# local_time=2013-07-18 12:54:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 0 136673067 0 0
# compatibility_mode=5893 16776574 100 85 0 125709932 0 0
# scanned=671580
# found=36
# cleaned=36
# scan_time=75047
sh=A56FF8B2399D43DF8268CF943291FC7263C2F888 ft=1 fh=714d56fd7dd51d9e vn="Win32/NetTool.Portscan.AC application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Advanced Port Scanner\Advanced Port Scanner.exe"
sh=EFEAC355C4EAD270AC44BD41C7CE306329BF56E5 ft=1 fh=181b86f2aa11def5 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
sh=E5A8D56595761FCA7921123499B14528D9DA679C ft=1 fh=498c48f68bd089f5 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll"
sh=8753C4FB0635872D4E619ED776DE8EA2A873D4AA ft=1 fh=e8ac9f9f4429dc89 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.10"
sh=D0BFD3C974240AC0053C19DA8810D0ADAD84BB5D ft=1 fh=909cb2bc55b36f56 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.11"
sh=A357D2CC69C35F56A2182DFD54D3D7B523E55A9A ft=1 fh=8f978dfa22e780db vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.12"
sh=B4C04F3C4F8A4A7D663B0E44A0CAD82E7F89C662 ft=1 fh=6c380ca4c8a2b115 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.13"
sh=F314B985928F9FCF00E3824CC2FC184542E30A91 ft=1 fh=8acff9007157703c vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.14"
sh=AC16C6D9964999548CCDA51243FC6CA9DD0FB6ED ft=1 fh=be2748a192e5c4f7 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.15"
sh=F64FA89C2BDB4484E02B1E07B02DF66B413B09E9 ft=1 fh=6384371bcc03218c vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.16"
sh=9512CB175AD50D2F42A2D1E14DCF5CEDDF40B2AD ft=1 fh=04f9d51f3528b4dc vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.17"
sh=E5A8D56595761FCA7921123499B14528D9DA679C ft=1 fh=498c48f68bd089f5 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.18"
sh=7FF2D37D596EAD37184EFEE9F6E946F3F8C84632 ft=1 fh=6a310b6499d04532 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.19"
sh=458B340B0B5F20CEFD16622711BCAAA29E298423 ft=1 fh=a213a7911b09e990 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.20"
sh=EC6DDBF645F9280CBE7AA90B1DAAF2370448D8D4 ft=1 fh=ecb6df05d14aec6f vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.21"
sh=E6627105E2B65F58DFD546FCB241062444C4DCD7 ft=1 fh=8e5aaa292574bcae vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.5"
sh=8D0F10345516D3F482C821F6E30DD4DF9078FD3C ft=1 fh=a101325d79e6344e vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.6"
sh=46F1EE611BA293575DB1D4071A9153F9E5ED4FFB ft=1 fh=acc2dee5dbd77bc0 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.7"
sh=E0E082F8720E2C903B471AA8BDF2FB1CB60148E9 ft=1 fh=a55711d04407fc9e vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.8"
sh=708CFA2237817C5D48FA7F8FC61F2109A059893B ft=1 fh=64f74aeb3d21ac51 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\FF\components\freeripFF.dll.9"
sh=8E79CD1B4E07D5BC1B7253661A5B0D870564AC96 ft=1 fh=f651f8d70b02061e vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\FreeRIP Toolbar\IE\7.0\freeripToolbarIE.dll"
sh=FEB447CE5314AC81BC441F8240977E2EE0065BDB ft=1 fh=c9a0aad813f848fd vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\GFI\LanGuard 10\Repository\English\_rRHzlMUrIG8RB+CQJd+LuAGW9s=_winamp5623_full_emusic-7plus_en-us.exe"
sh=A04EAD094048F919AA5546B8CC380857C3EDC5AE ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\6a9003.msi"
sh=1A275280BF5DD1485AE890FA3EA7E4209226E8C7 ft=1 fh=127d4a03f448a281 vn="a variant of Win32/InstallIQ.A application (cleaned by deleting - quarantined)" ac=C fn="D:\$RECYCLE.BIN\S-1-5-21-727337286-4188640703-514546527-1000\$RDRHHW7.exe"
sh=D69D0027701D6D07C1A580DFC10BA100130245A0 ft=1 fh=312df24fce7d5547 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="D:\Users\Ron\Documents\cpu-z_1.56-setup-en.exe"
sh=0808A9E84F38E19112DECEBA0897486F66568B40 ft=1 fh=85960dd2f02dcc61 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="D:\Users\Ron\Documents\disk-defrag-setup.exe"
sh=328BBB00E77387AA8C49665DD627F9337C8B5872 ft=1 fh=60f61abdbbe05bdf vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="D:\Users\Ron\Documents\FreeFileSync_5.6_setup.exe"
sh=9D99A2446AA54F00AF0B049F54AFA52617A6A473 ft=1 fh=f350764002ec8c2a vn="Win32/NetTool.Portscan.C application (cleaned by deleting - quarantined)" ac=C fn="D:\Users\Ron\Documents\ipscan.exe"
sh=4F99986C8FB3DBBD8A09754400B26A6B660415CD ft=1 fh=31688d33e6b4469d vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="D:\Users\Ron\Documents\winscp433setup.exe"
sh=B2F812848AC9C7C7ED3F72AC5A9E05C703617847 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.CW application (deleted - quarantined)" ac=C fn="D:\Users\Ron\Documents\Archived Folders\archive - software, drivers and firmware\Adobe\Adobe Photoshop CS2\Adobe.PhotoShop.CS2.KeyGen-PANTHEON.rar"
sh=D544887E4D3B21E8223DBF6A3A900D8C07B8C155 ft=0 fh=0000000000000000 vn="Win32/PsExec.131 application (deleted - quarantined)" ac=C fn="D:\Users\Ron\Documents\Archived Folders\archive - software, drivers and firmware\SysInternals\Pstools.zip"
sh=01D4DD6E9F1E5EB23AB08CEE3A445B25E725EB92 ft=0 fh=0000000000000000 vn="probably a variant of Win32/NetTool.Portscan.AA application (deleted - quarantined)" ac=C fn="D:\Users\Ron\Documents\Downloads\Angry IP Scanner.v2.10.HH.rar"
sh=AA410F35DE0F2AF7BB98E3C35CBFA89F5BFF7EA9 ft=1 fh=497a306c3d891efd vn="a variant of Win32/Keygen.AF application (deleted - quarantined)" ac=C fn="D:\Users\Ron\Documents\Downloads\DVD X Copy Platinum - Full Install & KeyGen v3.2.1.0.exe"
sh=929B422B0D2028B502003C906B10AFA435ADE833 ft=1 fh=cea99d02cf28fa2c vn="a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined)" ac=C fn="D:\Users\Ron\Documents\Downloads\Veritas Backup Exec 9.0 Keygen.exe"
sh=C8727F5012BF7C92EBE7971F65CC6001C6D82480 ft=1 fh=2888fda2cd8ab444 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="D:\Users\Ron\Documents\Software Installations\Windows Desktop installs\CuteWriter.exe"
sh=C5EE67AC58A00C9C0005D7ADBC277E7E23A89BA6 ft=1 fh=6c0c63b9d21e8f5e vn="probably a variant of Win32/PSWTool.PdfCracker.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Users\Ron\Documents\Software Installations\Windows Desktop installs\pwdremover.exe"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
 

post-57893-0-40770000-1380669221_thumb.j

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

FreeRIP Toolbar v7.0

Winamp Application Detect

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Ok, I was not successful in removing the FreeRIP Toolbar v7.0 application, but it seems like the Junkware Removal Tool did so anyway. Regretfully when I ran JRT in order it seems like the subsequent crash may have deleted the log file. I ran it a second time at the end of the process to capture another log. Also, when I ran AdwCleaner the first time it stopped responding and locked up the machine. I had to hard reboot and then it did not boot up the first time I tried logging in. I rebooted a second time and then reran ADwCleaner and it seemed to work fine. The Malwarebytes scan came up without finding any problems.

 

I have all the logs below:

 

# AdwCleaner v3.006 - Report created 02/10/2013 at 13:03:24

# Updated 01/10/2013 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Ron - RON-PC

# Running from : D:\Users\Ron\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3

Folder Deleted : C:\Users\Ron\AppData\Local\PackageAware

Folder Deleted : C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP

Folder Deleted : C:\Users\Administrator\AppData\Local\Babylon

Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Administrator\AppData\Roaming\Babylon

File Deleted : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\enatecte.default\Extensions\freerip@mybrowserbar.com

File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E634228A-03CF-4BC8-B0AB-668257F1FD8C}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E634228A-03CF-4BC8-B0AB-668257F1FD8C}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Search Settings

Key Deleted : HKLM\Software\Search Settings

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16686

 

 

-\\ Mozilla Firefox v18.0.2 (en-US)

 

[ File : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\enatecte.default\prefs.js ]

 

 

-\\ Google Chrome v29.0.1547.76

 

[ File : C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [8828 octets] - [02/10/2013 11:00:23]

AdwCleaner[R1].txt - [8947 octets] - [02/10/2013 12:59:50]

AdwCleaner[s0].txt - [327 octets] - [02/10/2013 11:02:39]

AdwCleaner[s1].txt - [8720 octets] - [02/10/2013 13:03:24]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [8780 octets] ##########

 

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.02.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

Ron :: RON-PC [administrator]

 

Protection: Enabled

 

10/02/13 1:10:13 PM

mbam-log-2013-10-02 (13-10-13).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 360782

Time elapsed: 12 minute(s), 53 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.3 (09.27.2013:1)

OS: Windows 7 Ultimate x64

Ran by Ron on 10/03/13 at  2:52:17.73

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Failed to delete: [Folder] C:\Users\Ron\AppData\Roaming\mozilla\firefox\profiles\enatecte.default\extensions\ytd@mybrowserbar.com

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 10/03/13 at  3:05:23.56

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP .

Step 4

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.