Jump to content

I have an extension xscBrwse 3.5.6 in Chrome that I cannot delete


Recommended Posts

hello,


 


i have an extension, xscBrwse 3.5.6 in Chrome, that i cannot delete. I have tried various malware deleting programs, including Malwarebytes Anti-malware, but none have worked. I have followed the instructions and run Farbar Recovery Scan Tool and have attached both logs.


 


I guess that means my security is not good enough. I'm now considering installing and running avg free instead..


 


Many thanks for your help in advance,


 


Luke


Addition.txt

FRST.txt

Link to post
Share on other sites

Welcome to the forum.

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

hello mrcharlie,

 

i have done as per the instructions above. please find below the roguekiller report

 

many thanks for your help

 

luke

 

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Luke [Admin rights]
Mode : Scan -- Date : 07/17/2014  10:41:32
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 16 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21B6A6F1-22C7-402C-BA6C-D7315317C45A} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32C45AFC-3305-4AD1-8101-36F8A8D42725} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{21B6A6F1-22C7-402C-BA6C-D7315317C45A} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{32C45AFC-3305-4AD1-8101-36F8A8D42725} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[suspicious.Path] \\SomotoUpdateCheckerAutoStart -- C:\Users\Luke\AppData\Local\FilesFrog Update Checker\update_checker.exe (/auto) -> FOUND
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] ggvbqpzg.default : Speed Analysis 2 [speedanalysis02@SpeedAnalysis.com] -> FOUND
[PUP][FIREFX:Addon] ggvbqpzg.default : Better-Surf [12x3q@3244516.com] -> FOUND
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVT-75A1YT0 +++++
--- User ---
[MBR] 5be646f464a885c66e355638ea4d03f8
[bSP] b6b3003675c5fc1bc1c463f379561e78 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: SDHC Card +++++
--- User ---
[MBR] 9316104665a782f81734208e2c0e3e52
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 30432 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_07162014_210629.log
Link to post
Share on other sites

Make sure you have created a restore point and.....
bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    --------------------------

    Please uninstall these: (adware)
    VIS
    Connect Conduit Toolbar Removal Tool


    ----------------------------

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
    Run FRST.exe/FRST64.exe and click Fix only once and wait
    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ----------------------------

    Please download AdwCleaner from HERE or HERE to your desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    Please run a Quick Scan with Malwarebytes like this: (Ver: 1.75)
    Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
    Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
    Make sure that everything is checked, and click Remove Selected.

    If you're using Malwarebytes 2.0, please run a Threat Scan
    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
    Same for PUM (Potentially Unwanted Modifications)
    Quarantine All that's found

    MrC
Link to post
Share on other sites

hello,

 

i am a bit confused with this section:

 

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

 

where do i get these: FRST.exe/FRST64.exe. from?

 

thanks

 

luke

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8.1 x64

Ran by Luke on 21/07/2014 at 22:39:31.37

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1342081678-937548546-2900714147-1001\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1880622B-C324-4FD3-9220-E97DAF99B3A4}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"

Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\Luke\AppData\Roaming\mozilla\firefox\profiles\ggvbqpzg.default\minidumps [7 files]

 

 

 


# AdwCleaner v3.216 - Report created 21/07/2014 at 22:27:16

# Updated 17/07/2014 by Xplode

# Operating System : Windows 8.1  (64 bits)

# Username : Luke - NELLY

# Running from : C:\Users\Luke\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\SearchProtect

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\AVG Security Toolbar

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Conduit

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files (x86)\Betcat

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\MyPC Backup

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Program Files\AVG SafeGuard toolbar

[!] Folder Deleted : C:\Users\Luke\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Luke\AppData\Local\Conduit

Folder Deleted : C:\Users\Luke\AppData\Local\NativeMessaging

Folder Deleted : C:\Users\Luke\AppData\Local\PerformerSoft

Folder Deleted : C:\Users\Luke\AppData\LocalLow\adawaretb

Folder Deleted : C:\Users\Luke\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Luke\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Luke\AppData\Roaming\Betcat

Folder Deleted : C:\Users\Luke\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

Folder Deleted : C:\Users\Luke\AppData\Roaming\PerformerSoft

Folder Deleted : C:\Users\Luke\AppData\Roaming\SecureSearch

Folder Deleted : C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OnlineHD.TV

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk

File Deleted : C:\Program Files (x86)\WebCakeLayers.crx

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\ggvbqpzg.default\user.js

File Deleted : C:\WINDOWS\System32\Tasks\BrowserProtect

File Deleted : C:\WINDOWS\System32\Tasks\SomotoUpdateCheckerAutoStart

 

***** [ Shortcuts ] *****

 

Shortcut Disinfected : C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager

Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

Key Deleted : HKCU\Software\5957d98ab06fe415

Key Deleted : HKLM\SOFTWARE\5957d98ab06fe415

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\filescout

Key Deleted : HKCU\Software\installedbrowserextensions

Key Deleted : HKCU\Software\Myfree Codec

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Somoto

Key Deleted : HKCU\Software\Webplayer

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\Software\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BetterSurf

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Myfree Codec

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17126

 

 

-\\ Mozilla Firefox v29.0.1 (en-US)

 

[ File : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\ggvbqpzg.default\prefs.js ]

 

Line Deleted : user_pref("CT3306061.FF19Solved", "true");

Line Deleted : user_pref("CT3306061.UserID", "UN28859122451462246");

Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3306061.fullUserID", "UN28859122451462246.IN.20131128112929");

Line Deleted : user_pref("CT3306061.installDate", "28/11/2013 11:29:42");

Line Deleted : user_pref("CT3306061.installSessionId", "{341CB8C3-3D09-4F36-B751-196A948D3BF4}");

Line Deleted : user_pref("CT3306061.installSp", "TRUE");

Line Deleted : user_pref("CT3306061.installUsage", "28/11/2013 13:40:15");

Line Deleted : user_pref("CT3306061.installUsageEarly", "28/11/2013 13:40:15");

Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");

Line Deleted : user_pref("CT3306061.keyword", "true");

Line Deleted : user_pref("CT3306061.originalHomepage", "about:home");

Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=");

Line Deleted : user_pref("CT3306061.originalSearchEngine", "Yahoo");

Line Deleted : user_pref("CT3306061.originalSearchEngineName", "Yahoo");

Line Deleted : user_pref("CT3306061.searchRevert", "true");

Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");

Line Deleted : user_pref("CT3306061.searchUserMode", "2");

Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");

Line Deleted : user_pref("CT3306061.toolbarInstallDate", "28-11-2013 11:29:30");

Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.22.5.10");

Line Deleted : user_pref("CT3306061.xpeMode", "0");

Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");

Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=");

Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");

Line Deleted : user_pref("extensions.aa3b3de308b0042aa97baf30e986fec77cf0a31180f894b0c855d35348a5d04eccom48260.48260.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]

Line Deleted : user_pref("extentions.webcake.installId", "D6F3738B-9F7D-B61F-1113-3F2413DECADA");

Line Deleted : user_pref("extentions.webcake.installId_backup", "D6F3738B-9F7D-B61F-1113-3F2413DECADA");

Line Deleted : user_pref("iminent.enabledAds", "false");

Line Deleted : user_pref("iminent.newtabredirect", "false");

Line Deleted : user_pref("iminent.searchindex", "1");

Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");

Line Deleted : user_pref("smartbar.conduitHomepageList", "");

Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "");

Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");

Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");

Line Deleted : user_pref("smartbar.machineId", "77KEHZ8J1ROIUB0APYB6M8KZHLYUL07AGADQXFCQSPNEKLV6PMTSF3X/YCGSLGJBU7ISTAI6CBWXKQVBYVGQFG");

Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN28859122451462246&UM=2&SearchSource=13");

 

-\\ Google Chrome v36.0.1985.125

 

*************************

 

AdwCleaner[R0].txt - [17966 octets] - [21/07/2014 22:18:20]

AdwCleaner[s0].txt - [16763 octets] - [21/07/2014 22:27:16]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [16824 octets] ##########

 


 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 21/07/2014 at 22:47:00.02

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

sorry i thought i'd done it already.. 

 

here is the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by Luke at 2014-07-21 22:16:44 Run:1
Running from C:\Users\Luke\Downloads\fix
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
CHR Extension: (xscBrwse) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilpkhcnnfdolacakijijboejhnaniofp [2014-05-04]
CHR Extension: (OnlineHD V6.0) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jooebibmaabdachfgeeopohjbkhlkkop [2014-06-22]
CHR HKCU\...\Chrome\Extension: [jljbhenkepchpiknajdnfglojnccebbi] - C:\Users\Luke\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx [2013-04-27]
CHR HKLM-x32\...\Chrome\Extension: [jljbhenkepchpiknajdnfglojnccebbi] - C:\Users\Luke\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx [2013-04-27]
C:\Users\Luke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq0rkt1.dll
C:\Users\Luke\AppData\Local\Temp\Tsu52F8CEC4.dll
C:\Users\Luke\AppData\Local\Temp\_is8840.exe
C:\Users\Luke\AppData\Local\Temp\_isA6D7.exe
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Luke\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Luke\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Luke\Downloads\noname.eml:OECustomProperty
C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilpkhcnnfdolacakijijboejhnaniofp [2014-05-04]
C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jooebibmaabdachfgeeopohjbkhlkkop [2014-06-22]
C:\Users\Luke\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx [2013-04-27]
C:\Users\Luke\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx [2013-04-27]
 
 
*****************
 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\12x3q@3244516.com => Value not found.
C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilpkhcnnfdolacakijijboejhnaniofp => Moved successfully.
C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jooebibmaabdachfgeeopohjbkhlkkop directory not found.
'HKCU\SOFTWARE\Google\Chrome\Extensions\jljbhenkepchpiknajdnfglojnccebbi' => Key deleted successfully.
"C:\Users\Luke\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx" => File/Directory not found.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jljbhenkepchpiknajdnfglojnccebbi' => Key deleted successfully.
"C:\Users\Luke\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx" => File/Directory not found.
"C:\Users\Luke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq0rkt1.dll" => File/Directory not found.
C:\Users\Luke\AppData\Local\Temp\Tsu52F8CEC4.dll => Moved successfully.
C:\Users\Luke\AppData\Local\Temp\_is8840.exe => Moved successfully.
C:\Users\Luke\AppData\Local\Temp\_isA6D7.exe => Moved successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
"C:\Users\Luke\SkyDrive" => ":ms-properties" ADS not found.
C:\Users\Luke\Downloads\noname (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Luke\Downloads\noname.eml => ":OECustomProperty" ADS removed successfully.
"C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilpkhcnnfdolacakijijboejhnaniofp [2014-05-04]" => File/Directory not found.
"C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jooebibmaabdachfgeeopohjbkhlkkop [2014-06-22]" => File/Directory not found.
"C:\Users\Luke\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx [2013-04-27]" => File/Directory not found.
"C:\Users\Luke\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx [2013-04-27]" => File/Directory not found.
 
==== End of Fixlog ====
 
here is the malwarebytes log
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 24/07/2014
Scan Time: 17:28:31
Logfile: Malwarebytes log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.24.04
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Luke
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318011
Time Elapsed: 23 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
thanks
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.