Jump to content

Help me in removing the malware redirecting to ccebba.93, youradexchange, mmmindia.in and so on


Recommended Posts

Hi

 

 

https://forums.malwarebytes.org/index.php?/topic/166809-webpage-redirect-to-ccebba93se-and-youradexchange-in-chrome/?p=952059

 

I already made a request in the above URL and I was recommended to start a new topic here along with the outputs of FRST (Farbar Recovery Scan Tool). As the contents of the file First.txt and Addition.txt is too large to accommodate in the text space I am attaching the file.

 

Kindly help me in removing the malware that has been bugging me for the past few days. Also MBAM has returned there is no malware in my system.

 

Regards

A.Selva Kumar

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please ensure that all P2P applications are either removed or disabled to adhere forum protocol...

 

Next,

 

The FRST log indicates that Chrome is corrupt, and will need to be fully removed from your system, then a fresh version installed.

 

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

 

To go for a clean install do the following:

 

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...

 

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

 

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

 

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

 

Enable  Flash Block to Chrome: http://www.howtogeek.com/58058/how-to-enable-flashblock-in-chrome-and-make-it-5000-more-secure/

 

Next,

 

De-Fogger. CD Emulation

Please download DeFogger to your desktop.
Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
 
Next,
 
Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link
When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
 
 
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
 
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
 
 
In most cases, a restart will be required.
 
 
Wait for the prompt to restart the computer to appear, then click on Yes.
 
 
When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.
 
Next,
 
Download AdwCleaner by Xplode onto your Desktop.

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....

 

Let me see those logs, also give an update on any remaining issues or concerns.

 

Thanks,

 

Kevin..

Link to post
Share on other sites

Hi

MBAM Scan Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 31-03-2015
Scan Time: 19:14:21
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.29.07
Rootkit Database: v2015.03.26.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: SelvaKumar

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367858
Time Elapsed: 14 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 3
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe, 1252, Delete-on-Reboot, [a1aafd4ee5a569cdb0870132748ec838]
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe, 1404, Delete-on-Reboot, [c98287c48802ec4a79bebd768280b14f]
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe, 4332, Delete-on-Reboot, [63e8cf7cddad65d11e19cf6479890bf5]

Modules: 15
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iImportLib.dll, Delete-on-Reboot, [2f1c2229a4e6c86ea88fb083b34fb050],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\isaferpt.dll, Delete-on-Reboot, [2e1d8dbe4b3fe84ee7500a29c53d41bf],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\sqlite3.dll, Delete-on-Reboot, [b497301bacdea98dc6719b9825dd3ec2],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll, Delete-on-Reboot, [f75474d7444682b477c0c2719969e020],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iCommu.dll, Delete-on-Reboot, [2229d675ff8b3bfb2413af84c43e7d83],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\isafepxy.dll, Delete-on-Reboot, [0249f3581d6d261072c57db6d1315da3],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\isafechlp.dll, Delete-on-Reboot, [5af170db2961d85ed562330022e08b75],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iddmgr.dll, Delete-on-Reboot, [71dafe4d28624beb0c2b5dd6f40efe02],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Delete-on-Reboot, [fe4d2b20c5c5b87ecb6cbb7803ff9a66],

Registry Keys: 7
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeService, Quarantined, [a1aafd4ee5a569cdb0870132748ec838],
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeNetFilter, Quarantined, [93b83318503a0e2850e789aacd35ce32],
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlKit, Quarantined, [da710942513974c296a141f2a35f46ba],
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlR3, Quarantined, [c98279d24842a88e14230f2445bda35d],
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnl, Quarantined, [eb601e2d2367191d8cabd85bbb474eb2],
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlBoot, Quarantined, [3516a5a6bad0ff37ee494ee5cf339c64],
FraudTool.YAC, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlMon, Quarantined, [74d7a1aa305acc6aec4b49ea4cb68080],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 31
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe, Quarantined, [a1aafd4ee5a569cdb0870132748ec838],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe, Quarantined, [c98287c48802ec4a79bebd768280b14f],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe, Quarantined, [63e8cf7cddad65d11e19cf6479890bf5],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iImportLib.dll, Quarantined, [2f1c2229a4e6c86ea88fb083b34fb050],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\isaferpt.dll, Quarantined, [2e1d8dbe4b3fe84ee7500a29c53d41bf],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\sqlite3.dll, Quarantined, [b497301bacdea98dc6719b9825dd3ec2],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll, Quarantined, [f75474d7444682b477c0c2719969e020],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iCommu.dll, Quarantined, [2229d675ff8b3bfb2413af84c43e7d83],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\isafepxy.dll, Quarantined, [0249f3581d6d261072c57db6d1315da3],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\isafechlp.dll, Quarantined, [5af170db2961d85ed562330022e08b75],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iddmgr.dll, Quarantined, [71dafe4d28624beb0c2b5dd6f40efe02],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeMon.dll, Quarantined, [fe4d2b20c5c5b87ecb6cbb7803ff9a66],
FraudTool.YAC, C:\Windows\System32\drivers\iSafeNetFilter.sys, Quarantined, [93b83318503a0e2850e789aacd35ce32],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys, Quarantined, [da710942513974c296a141f2a35f46ba],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys, Quarantined, [c98279d24842a88e14230f2445bda35d],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys, Quarantined, [eb601e2d2367191d8cabd85bbb474eb2],
FraudTool.YAC, C:\Windows\System32\drivers\iSafeKrnlBoot.sys, Quarantined, [3516a5a6bad0ff37ee494ee5cf339c64],
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys, Quarantined, [74d7a1aa305acc6aec4b49ea4cb68080],
FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@1677.tmp, Quarantined, [3516113a5a30ee48fa3d36fd8280b050],
FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@1678.tmp, Quarantined, [df6c4209a7e30036122531027290837d],
FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@1679.tmp, Quarantined, [a4a75af1c4c6e25495a238fb2ad89d63],
FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@167A.tmp, Quarantined, [85c6173414765fd7ea4d74bf877b15eb],
FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@168A.tmp, Delete-on-Reboot, [62e90f3cd5b5d165ae89be75788ad42c],
FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@168B.tmp, Quarantined, [89c26eddf6949f973ef94ce71fe3b848],
FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@168C.tmp, Quarantined, [4605f556cbbfba7c5cdb32016a9850b0],
FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@1749.tmp, Quarantined, [07440447cbbfbd79e6512e056b97bb45],
FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@1759.tmp, Quarantined, [c9823912ff8b1f179c9b979c04fec838],
FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@176A.tmp, Quarantined, [46053e0ddbafc472a69191a2748e1de3],
FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@176B.tmp, Quarantined, [68e355f69eecbf77b3847bb8c939d62a],
FraudTool.YAC, C:\Users\SelvaKumar\AppData\Local\Temp\_@1782.tmp, Quarantined, [e368de6d26646dc9d16671c2ab570af6],
PUP.Optional.ELEX, C:\Users\SelvaKumar\Downloads\yet_another_cleaner_rmv.exe, Quarantined, [fa51262599f13df9a768fb38a561fa06],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

HI Adwcleaner Scan Log

 

# AdwCleaner v4.200 - Logfile created 31/03/2015 at 19:47:14
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : SelvaKumar - ASK-PC
# Running from : C:\Users\SelvaKumar\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : sp_rsdrv2

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\8f7d9a8b000032b7
Folder Deleted : C:\ProgramData\96c3d24902f17d14
Folder Deleted : C:\Users\SELVAK~1\AppData\Local\Temp\GetNowUpdater
Folder Deleted : C:\Users\SelvaKumar\AppData\Local\FreeFixer
Folder Deleted : C:\Users\SelvaKumar\AppData\Local\SmartWeb
Folder Deleted : C:\Users\SelvaKumar\AppData\Local\GetNowUpdater
Folder Deleted : C:\Users\SelvaKumar\AppData\Roaming\FreeFixer
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Users\SelvaKumar\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
File Deleted : C:\Users\SelvaKumar\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : SmartWeb Upgrade Trigger Task

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Inquisition.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Opera.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Start The Witcher 2.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2\Start The Witcher 2.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Games\Dragon Age Inquisition\Run Inquisition.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\67375ec3-2e9f-473b-808c-244f44e97ae8
Key Deleted : HKLM\SOFTWARE\73a8179a-5d77-48e0-866c-8c6b6ff458b0
Key Deleted : HKLM\SOFTWARE\f68fb63d-16e7-484c-aa59-88905fe94d07
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
Key Deleted : HKCU\Software\Appscion
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0 (x86 en-US)

[c6z4chel.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[c6z4chel.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v41.0.2272.101


-\\ Opera v28.0.1750.48


*************************

AdwCleaner[R0].txt - [6299 bytes] - [31/03/2015 19:45:08]
AdwCleaner[s0].txt - [6350 bytes] - [31/03/2015 19:47:14]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6409  bytes] ##########
 

Link to post
Share on other sites

Hi
 JRT Scan log contents

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.9 (03.31.2015:1)
OS: Windows 8.1 Pro x64
Ran by SelvaKumar on 31-03-2015 at 20:16:31.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\SelvaKumar\AppData\Roaming\mozilla\firefox\profiles\c6z4chel.default\prefs.js

user_pref("browser.search.searchengine.alias", "");
user_pref("browser.search.searchengine.iconURL", "hxxp://www.google.com/favicon.ico");
user_pref("browser.search.searchengine.name", "Google ");
user_pref("browser.search.searchengine.ref", "");
user_pref("browser.search.searchengine.ts", "");
user_pref("browser.search.searchengine.type", "");
user_pref("browser.search.searchengine.uid", "st31000524as_5vp8njr9xxxx5vp8njr9");
user_pref("browser.search.searchengine.url", "hxxp://www.google.com/search?q={searchTerms}");
user_pref("extensions.93Yh00URSbrNIVLY.scode", "(function(){try{if(window.self.location.href.indexOf(\"qHCHpjUEqTY7qTr5pdC8qdC9rE\")>-1){return;}}catch(e){}try{var d=[[\"trian
user_pref("extensions.ahlS9q82XYSD8cHN.scode", "(function(){try{if(window.self.location.href.indexOf(\"qHCHpjUEqTY7qTr5pdC8qdC9rE\")>-1){return;}}catch(e){}try{var d=[[\"trian
user_pref("extensions.rjePO3fCbomu9GOW.scode", "(function(){try{if(window.self.location.href.indexOf(\"qHCHpjUEqTY7qTr5pdC8qdC9rE\")>-1){return;}}catch(e){}try{var d=[[\"trian



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31-03-2015 at 20:18:58.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.