Ad viruses help!

[iyagura]

Hello, every time it go on the internet on google chrome and such I have random adds all over every website trying to fit in with the web pages. Such as youtube the ads will be links in the description and there's always a false google chrome update or some other program. NOTE: it is on all my browsers not just chrome..

[Maniac]

Hello iyagura! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

[iyagura]

I have quick scanned and deleted the misc. items which were all pups.

 

 

LOG:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.20.06

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19483

owner :: OWNER-PC [administrator]

 

11/23/2013 5:29:08 PM

mbam-log-2013-11-23 (17-29-08).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 197919

Time elapsed: 9 minute(s), 14 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

attach.txt

dds.txt

[Maniac]

Step 1

Please uninstall the following applications:

sAveNshAre

SaveShare 1.74

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 4

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.
• Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

  In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log

[iyagura]

Thanks for helping! I did try to uninstall sAveNshAre, but didn't uninstall, Although; SaveShare 1.74 did uninstall, but a message popped up saying something could not be found.

I continued to do what you told me to do and scanned with the programs that were listed. 

 

 

 

MBAM LOG:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.24.11

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19483

owner :: OWNER-PC [administrator]

 

11/24/2013 6:22:27 PM

mbam-log-2013-11-24 (18-22-27).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 199194

Time elapsed: 7 minute(s), 3 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

JRT.txt

AdwCleanerS0.txt

mbam-log-2013-11-24 (18-22-27).txt

[Maniac]

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Post the contents of JRT.txt into your next message.

Please post the content of that logfile with your next answer.

Copy&Paste the entire report in your next reply.

In your next reply, post the following log files:

[iyagura]

JRT.txt :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows Vista Home Premium x86

Ran by owner on Sun 11/24/2013 at 18:01:55.82

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-93349891-322595218-1250910063-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.incredibaresrvc

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.incredibaresrvc.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\nctaudiocdgrabber2.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\incredibar.com

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\incredibar.com

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\starapp"

Successfully deleted: [Folder] "C:\Users\owner\appdata\local\tempdir"

Successfully deleted: [Folder] "C:\Users\owner\appdata\locallow\incredibar.com"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\user.js

Successfully deleted: [File] C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\o85xrbyk.default\user.js

Successfully deleted: [File] C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\o85xrbyk.default\searchplugins\mystart search.xml

Successfully deleted the following from C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\o85xrbyk.default\prefs.js

 

user_pref("browser.search.defaultenginename", "MyStart Search");

user_pref("browser.search.selectedEngine", "MyStart Search");

user_pref("extensions.BabylonToolbar.prtkDS", 0);

user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

user_pref("extensions.adooS.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top && \"www.google.com,mail.googl

user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

user_pref("sweetim.toolbar.previous.keyword.URL", "");

user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

user_pref("sweetim.toolbar.searchguard.enable", "");

Emptied folder: C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\o85xrbyk.default\minidumps [419 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 11/24/2013 at 18:04:03.09

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

AdwCleanerS0.txt :

# AdwCleaner v3.013 - Report created 24/11/2013 at 18:14:28

# Updated 24/11/2013 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : owner - OWNER-PC

# Running from : C:\Users\owner\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\sAveNshAre

Folder Deleted : C:\Users\owner\AppData\Local\Temp\incredibar.com

File Deleted : C:\Users\owner\AppData\Local\Temp\Uninstall.exe

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F0356CB6-4AB7-425B-A31C-0369E0CB5E81}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.19483

 

 

-\\ Mozilla Firefox v24.0 (en-US)

 

[ File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\o85xrbyk.default\prefs.js ]

 

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Line Deleted : user_pref("aol_toolbar.default.search.check", false);

Line Deleted : user_pref("extensions.adooS.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top && \"www.google.com,mail.google.com,en.wikipedia.org,ww[...]

Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");

Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");

Line Deleted : user_pref("extensions.incredibar_i.did", "10589");

Line Deleted : user_pref("extensions.incredibar_i.excTlbr", "false");

Line Deleted : user_pref("extensions.incredibar_i.hardId", "2014404f0000000000000016ea4c2d64");

Line Deleted : user_pref("extensions.incredibar_i.id", "2014404f0000000000000016ea4c2d64");

Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");

Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15361");

Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");

Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");

Line Deleted : user_pref("extensions.incredibar_i.newTab", false);

Line Deleted : user_pref("extensions.incredibar_i.ppd", "");

Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");

Line Deleted : user_pref("extensions.incredibar_i.productid", "26");

Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");

Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");

Line Deleted : user_pref("extensions.incredibar_i.upn2", "6R8hCc90Cf");

Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92823718386946363");

Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");

Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.277:51:18");

Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");

 

-\\ Google Chrome v31.0.1650.57

 

[ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : homepage

 

*************************

 

AdwCleaner[R0].txt - [5657 octets] - [24/11/2013 18:12:50]

AdwCleaner[s0].txt - [5686 octets] - [24/11/2013 18:14:28]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5746 octets] ##########

 

 

mbam-log-2013-11-24 (18-22-27) :

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.24.11

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19483

owner :: OWNER-PC [administrator]

 

11/24/2013 6:22:27 PM

mbam-log-2013-11-24 (18-22-27).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 199194

Time elapsed: 7 minute(s), 3 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

[Maniac]

How are things now?

[iyagura]

I am still have problems Ads are still popping up like crazy from browser and is hidden is everything.

 

[Maniac]

Don't worry.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

[iyagura]

uhh. I'm trying to post the OTL and extras txt, but a msg keeps popping up saying you must enter a post or your post is too small. what do you mean by post in your topic? post a new topic with the otl and extra txt?

[Maniac]

Post in a new reply here.

[iyagura]

Sorry but it is telling me to enter a post or that the post is too short :[, therefore I am attaching it just in case

OTL.Txt

Extras.Txt

[Maniac]

I have a problem with this post so I attach it too. Sorry about that!

fixlist.txt

[iyagura]

what do I do with the fixlist.txt ? I'm assuming that u put it in desktop, run OTL then fix, but I want to make sure if that's right o.o

[Maniac]

Follow the instructions in fixlist.txt .

[iyagura]

All processes killed

========== OTL ==========

Prefs.js: S", "" removed from browser.search.defaultenginename,S

Prefs.js: "" removed from browser.search.defaultthis.engineName

Prefs.js: "" removed from browser.search.defaulturl

Prefs.js: "" removed from browser.search.order.1

Prefs.js: S", "" removed from browser.search.order.1,S

Prefs.js: S", "" removed from browser.search.selectedEngine,S

Prefs.js: "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};new function(){var a=this;a.domain_storage=\"http://xls.searchfun.in\";a.prefix=\"if72ru4ruh7fewui\";a.conf={\"1\":{\"0\":1,\"1\":21600,\"2\":0,\"3\":0,\"4\":0,\"5\":21600,\"6\":21600,\"7\":0,\"8\":0,\"9\":21600,\"10\":21600,\"11\":0,\"12\":21600,\"13\":0,\"17\":0,\"18\":12345,\"19\":21600,\"20\":21600,\"21\":21600,\"22\":21600,\"29\":21600,\"30\":21600,\"32\":0,\"33\":21600,\"35\":21600,\"41\":0,\"44\":21600,\"45\":21600,\"46\":0,\"47\":21600},\"3\":{\"0\":1,\"1\":0,\"5\":0,\"6\":0,\"9\":0,\"10\":0,\"12\":0,\"13\":0,\"17\":0,\"19\":0,\"20\":0,\"21\":0,\"22\":0,\"29\":0,\"30\":0,\"32\":0,\"33\":0,\"35\":0,\"41\":0,\"44\":0,\"45\":0,\"46\":0,\"47\":0}};a.pop_collision_id=\"__ipu=1\";a.setStorage=function(d,b){localStorage.setItem(a.prefix+\"_\"+d+\"_\"+a.curr_vert,blocalStorage.setItem(a.prefix+\"_\"+d+\"_global\",b)};a.utils=new function(){var a=this;a.inject_script=function(a){if(a removed from extensions.adooS.scode

C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\o85xrbyk.default\extensions\cksr2eoai@rtotdbiay.com\content folder moved successfully.

C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\o85xrbyk.default\extensions\cksr2eoai@rtotdbiay.com folder moved successfully.

C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmogmkjblogfdpfdgdnaoaidjnbdlhip\5.10 folder moved successfully.

Registry value HKEY_USERS\S-1-5-21-93349891-322595218-1250910063-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\owner\Desktop\cmd.bat deleted successfully.

C:\Users\owner\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

Error: Unable to interpret <[emptytemp]> in the current context!

 

OTL by OldTimer - Version 3.2.69.0 log created on 11282013_085658

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

[Maniac]

One last script with OTL:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :Commands

  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[iyagura]

All processes killed

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: owner

->Temp folder emptied: 180864562 bytes

->Temporary Internet Files folder emptied: 183153821 bytes

->Java cache emptied: 59475 bytes

->FireFox cache emptied: 235533172 bytes

->Google Chrome cache emptied: 408516964 bytes

->Flash cache emptied: 255510 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 8670684584 bytes

RecycleBin emptied: 626432220 bytes

 

Total Files Cleaned = 9,828.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 11282013_095654

 

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\TMP0000001401A8F38C97AE685D not found!

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[Maniac]

Any progress now?

[iyagura]

Yes there is a huge progress

[Maniac]

Glad to hear that!

Step 1

Please run OTL and click on CleanUp button.

Step 2

• Double click on AdwCleaner.exe to run the tool.
• Click on Uninstall
• Confirm with Yes

Step 3

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!