Reoccurring malware after VS, reboot, and help: Cassiopesa and Arcade Twist

[sweller777]

I have previously worked on getting this resolved, and thought that it had been, thanks to the help of TwinHeadedEagle over on MWT.  He definitely helped speed up the machine and its boot up, and removed all of the overt issue with these two obnoxious malwares.  He has since stopped responding over there and the thread is labelled solved, and since I use MWB VS most of the time, I figured I should come here.  For context and previous efforts, the MWT thread is here:  http://malwaretips.com/threads/mal-adware-returns-after-reboot-and-trying-all-removal-steps.48805/

 

At this point, the only VS software that finds anything is SpyHunter 4, but I figured since the other thread has gone dormant and since I use MWB VS most of the time, I should move over to here.  This machine isnt going places it shouldnt or dling all sorts of things.  Its pretty vanilla in terms of responsibility.  Just want to get these #@$)(ing malwares out so they aren't sending my information all over the place.  

 

I really dont want to have to reformat, and I dont even know whether that would solve it.

 

Any help is appreciated.

Thanks

[sweller777]

Just ran ADWC and this is the result

 

# AdwCleaner v5.007 - Logfile created 12/09/2015 at 07:52:45

# Updated 08/09/2015 by Xplode

# Database : 2015-09-10.1 [server]

# Operating system : Windows 7 Professional Service Pack 1 (x64)

# Username : Stephen - HP_LAPTOP

# Running from : C:\Users\Stephen\Downloads\AdwCleaner.exe

# Option : Cleaning

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}

 

***** [ Files ] *****

 

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://www.cassiopessa.com/?f=1&a=csp_tight2_15_30&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyD0B0C0DtBzzyDtB0AtDtN0D0Tzu0StCtAtDtCtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAyEzyyEyCyB0C0FtGtBtBzz0AtGyByCtA0BtGtCtA0C0BtG0EtA0D0FtC0FyByC0BtCyD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0DyByDyBtByBtGtA0EtBtCtGyEtB0D0AtG0AyC0ByEtGtDtAyCyCyCzytCyB0A0AyByB2QtN0A0LzuyE&cr=1063335494&ir=&uref=chmm

[-] [C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com

[-] [C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com

 

*************************

 

:: Winsock settings cleared

 

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [1518 bytes] ##########

[sweller777]

Just ran Farbar and the two files are attached.

Addition.txt

FRST.txt

[Maniac]

Hello and

Do you still need help?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!