Need help removing the same malware over and over again.

[Shadow956]

Hello all,

 

I'm here seeking help in removing an annoying malware that keeps coming back over and over again. I run Malwarebytes, it finds the malware, I delete the malware and reboot the computer. After some time, I run Malwarebytes again and the same malware is there.

 

Vendor: PUP.Optional.Conduit

Category: Registry Value

Item: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer

Other: Value: Run|BackgroundContainer

 

Is this harmful to my computer?? Can it be deleted permamently?? Please help.

 

Thank you,

Shadow

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

• Double click on AdwCleaner.exe to run the tool.
  
• Vista/Windows 7/8 users right-click and select Run As Administrator
  
• Click on the Scan button.
  
• AdwCleaner will begin...be patient as the scan may take some time to complete.
  
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  
• Look over the log especially under Files/Folders for any program you want to save.
  
• If there's a program you want to save, just uncheck it from AdwCleaner.
  
• If you're not sure, post the log for review.
  
• If you're ready to clean it all up.....click the Clean button.
  
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  
• To restore an item that has been deleted (if necessary):
  
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Post the produced logs,

 

Kevin

[Shadow956]

# AdwCleaner v3.014 - Report created 09/12/2013 at 04:22:24

# Updated 01/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : JAVIER - JAVIER-HP

# Running from : C:\Users\JAVIER\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : vToolbarUpdater17.1.2

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

Folder Deleted : C:\ProgramData\Conduit

Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Searchprotect

Folder Deleted : C:\Program Files (x86)\SweetTunes

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Windows\SysWOW64\ARFC

Folder Deleted : C:\Windows\SysWOW64\jmdp

Folder Deleted : C:\Windows\SysWOW64\WNLT

Folder Deleted : C:\Windows\System32\ljkb

Folder Deleted : C:\Users\JAVIER\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\JAVIER\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\JAVIER\AppData\Local\Conduit

Folder Deleted : C:\Users\JAVIER\AppData\Local\NativeMessaging

Folder Deleted : C:\Users\JAVIER\AppData\Local\Temp\Conduit

Folder Deleted : C:\Users\JAVIER\AppData\Local\Temp\NativeMessaging

Folder Deleted : C:\Users\JAVIER\AppData\Local\Temp\Smartbar

Folder Deleted : C:\Users\JAVIER\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\JAVIER\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\JAVIER\AppData\LocalLow\SweetPacks

Folder Deleted : C:\Users\JAVIER\AppData\LocalLow\SweetTunes

Folder Deleted : C:\Users\JAVIER\AppData\Roaming\Searchprotect

File Deleted : C:\END

File Deleted : C:\Windows\System32\dmwu.exe

File Deleted : C:\Windows\System32\ImhxxpComm.dll

File Deleted : C:\Users\JAVIER\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js

File Deleted : C:\Users\JAVIER\AppData\Roaming\Mozilla\Firefox\Profiles\c08231r1.default\searchplugins\Conduit.xml

File Deleted : C:\Users\JAVIER\AppData\Roaming\Mozilla\Firefox\Profiles\c08231r1.default\searchplugins\MyStart Search.xml

File Deleted : C:\Users\JAVIER\AppData\Roaming\Mozilla\Firefox\Profiles\c08231r1.default\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml

File Deleted : C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage

File Deleted : C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal

File Deleted : C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Deleted : C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

File Deleted : C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage

File Deleted : C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal

File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Classes\pokki

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [backgroundContainer]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311875

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AC29227E-AC4E-438F-B1D8-9E588C29D26A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC29227E-AC4E-438F-B1D8-9E588C29D26A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36EC23E3-EF10-4450-BAAF-923147C67BAE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A305019-2A80-4B83-8CA8-533613BEE03F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{06E89787-D7B6-4688-9765-79EA88BFABF1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0272F030-0C88-4B87-934E-28D4E5C2B2AA}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\SearchProtect

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\smartbarbackup

Key Deleted : HKCU\Software\smartbarlog

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\SweetPacks

Key Deleted : HKCU\Software\AppDataLow\Software\SweetTunes

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\Software\SweetPacks

Key Deleted : HKLM\Software\SweetTunes

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt

Key Deleted : [x64] HKLM\SOFTWARE\wnlt

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v25.0.1 (en-US)

 

[ File : C:\Users\JAVIER\AppData\Roaming\Mozilla\Firefox\Profiles\c08231r1.default\prefs.js ]

 

Line Deleted : user_pref("CT3298568.FF19Solved", "true");

Line Deleted : user_pref("CT3298568.UserID", "UN37328588842280555");

Line Deleted : user_pref("CT3298568.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3298568.fullUserID", "UN37328588842280555.IN.20131109023123");

Line Deleted : user_pref("CT3298568.installDate", "09/11/2013 02:31:26");

Line Deleted : user_pref("CT3298568.installSessionId", "{AD461152-0D69-4EB8-9204-33B9D6C45D2C}");

Line Deleted : user_pref("CT3298568.installSp", "TRUE");

Line Deleted : user_pref("CT3298568.installerVersion", "1.8.0.14");

Line Deleted : user_pref("CT3298568.keyword", "true");

Line Deleted : user_pref("CT3298568.originalHomepage", "www.youtube.com");

Line Deleted : user_pref("CT3298568.originalSearchEngine", "SweetPacks Customized Web Search");

Line Deleted : user_pref("CT3298568.originalSearchEngineName", "SweetPacks Customized Web Search");

Line Deleted : user_pref("CT3298568.searchRevert", "false");

Line Deleted : user_pref("CT3298568.searchUserMode", "2");

Line Deleted : user_pref("CT3298568.smartbar.homepage", "true");

Line Deleted : user_pref("CT3298568.toolbarInstallDate", "09-11-2013 02:31:24");

Line Deleted : user_pref("CT3298568.versionFromInstaller", "10.21.1.7");

Line Deleted : user_pref("CT3298568.xpeMode", "0");

Line Deleted : user_pref("CT3310511.FF19Solved", "true");

Line Deleted : user_pref("CT3310511.UserID", "UN95827591690704424");

Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3310511.fullUserID", "UN95827591690704424.IN.20131105090019");

Line Deleted : user_pref("CT3310511.installDate", "05/11/2013 09:00:23");

Line Deleted : user_pref("CT3310511.installSessionId", "{5387EFD6-DF01-4F70-883E-7065BAA2DEA5}");

Line Deleted : user_pref("CT3310511.installSp", "TRUE");

Line Deleted : user_pref("CT3310511.installerVersion", "1.8.0.14");

Line Deleted : user_pref("CT3310511.keyword", "true");

Line Deleted : user_pref("CT3310511.originalHomepage", "www.google.com");

Line Deleted : user_pref("CT3310511.originalSearchEngine", "SweetTunes Customized Web Search");

Line Deleted : user_pref("CT3310511.originalSearchEngineName", "SweetTunes Customized Web Search");

Line Deleted : user_pref("CT3310511.searchRevert", "false");

Line Deleted : user_pref("CT3310511.searchUserMode", "2");

Line Deleted : user_pref("CT3310511.smartbar.homepage", "true");

Line Deleted : user_pref("CT3310511.toolbarInstallDate", "05-11-2013 09:00:19");

Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.21.1.7");

Line Deleted : user_pref("CT3310511.xpeMode", "0");

Line Deleted : user_pref("CT3311875_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1383668531448,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");

Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");

Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3311875");

Line Deleted : user_pref("browser.search.defaultenginename", "MixiDJ V32 Customized Web Search");

Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V32 Customized Web Search");

Line Deleted : user_pref("browser.search.selectedEngine", "MixiDJ V32 Customized Web Search");

Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);

Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298568");

Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298568");

Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298568");

Line Deleted : user_pref("smartbar.machineId", "ENZTKIMXELWCQAVIMOYTOG8MS/824FIWA7VJIT2GP8CSXQGIVTFIIGS6MP7IJIB+FC2LYUJIRKJKKAZLNHJL/Q");

 

[ File : C:\Users\Yendi\AppData\Roaming\Mozilla\Firefox\Profiles\evexvvrd.default\prefs.js ]

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [18341 octets] - [09/12/2013 04:18:16]

AdwCleaner[s0].txt - [18091 octets] - [09/12/2013 04:22:24]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [18152 octets] ##########

[kevinf80]

Thanks for AdwCleaner log, post other logs when ready..

[Shadow956]

Hello Kevin,

 

Thank you for your help, here are the required files.

AdwCleanerS0.txt

Addition.txt

FRST.txt

[kevinf80]

Did you run Malwarebytes?

[Shadow956]

Yes sir I did a full scan, should I inclide the file?

[Shadow956]

And here is the Malwarebytes Full Scan

 

 

mbam-log-2013-12-09 (04-31-12).txt

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the Run ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
  
• When asked, allow the add/on to be installed
  Click Start
  
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings, ensure the options
  
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
  
• wait for the virus definitions to be downloaded
  
• Wait for the scan to finish
  

 

When the scan is complete

 

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
  
• close program
  
• report to me that nothing was found
  

 

If threats were found

 

• click on "list of threats found"
  
• click on "export to text file" and save it as ESET SCAN and save to the desktop
  
• Click on back
  
• put a checkmark in "Uninstall application on close"
  
• click on finish
  

 

close program

 

copy and paste the report in next reply

 

Post those logs, also give an update on any remaining issues or concerns..

 

Kevin...

 

 

 

fixlist.txt

[Shadow956]

Here are the required files:

 

 

Fixlog.txt

ESET SCAN.txt

[kevinf80]

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files
  
  

  :FilesC:\ProgramData\Xfire\xfire_updater_295.exeC:\Users\All Users\Xfire\xfire_updater_295.exeC:\Users\JAVIER\AppData\LocalLow\MixiDJ_V32\ldrtbMixi.dllC:\Users\JAVIER\AppData\LocalLow\MixiDJ_V32\tbMixi.dll:Commands[EmptyTemp]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post those logs, let me know if there are any remaining issues or concerns...

 

Kevin...

[Shadow956]

I couldn't find the checkup.txt file so I just pasted the contents here:

 

 Results of screen317's Security Check version 0.99.77  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 JavaFX 2.1.1    

 Java 7 Update 45  

 Adobe Flash Player 11.9.900.152  

 Mozilla Firefox (25.0.1) 

 Google Chrome 31.0.1650.57  

 Google Chrome 31.0.1650.63  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

 

12102013_005927.log

[Shadow956]

Anything further that I need to do so, sir??

[kevinf80]

All looks good to me, if no remaining issues or concerns we clean up:

 

We need to remove FRST,  first it is very important to deal with its Quarantine folder by using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

 

•  

   

• Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.

   

   

• Double click icon to start the program.

   

  If you are using Vista or Windows 7 accept UAC

   

• Then Click the big button.

   

   

• You will get a prompt saying "Begining Cleanup Process". Please select Yes.

   

   

• Restart your computer when prompted.

   

   

• This will remove tools we have used and itself.

   

   

 

 

Any tools/logs remaining on the Desktop or downloads folder can be deleted.

 

Next,

 

Uninstall adwcleaner.exe (unless you want to keep it)

 

•  

   

•   Please close all open programs and internet browsers.

   

   

•   Double click on adwcleaner.exe to run the tool.

   

   

•   Click on Uninstall

   

   

• Click Yes at Would you like to Uninstall Adwcleaner

   

   

 

 

Let me know if those steps complete ok, also if any remaining issues or concerns..

 

Kevin

fixlist.txt

[Shadow956]

After all the steps and a Malwarebytes scan, it all looks good. Your help is greatly appreciated sir, thank you and keep up the good work.

 

Javier

[kevinf80]

Excellent, just what we like to hear. Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Take care,

 

Kevin

[cindyg]

Hi,

 

I am glad your problem is resolved.  I am having the same problem but am not sure which files to uncheck after running the AdwCleaner scan.  Any assistance would be greatly appreciated.  Attached is the scan log.

 

Thanks.

AdwCleanerR0.txt

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.