Jump to content

Slowed performance and Yahoo Chrome hijack


Recommended Posts

Hello konriar1 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Clean install Malwarebytes from version 2 to version 3...

Please download MBAM-clean and save it to your desktop.
 
  • Right-click on mbam-clean.exe icon and select user posted image Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
  • Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress....
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin

fixlist.txt

Link to post
Share on other sites

Hi Kevin,

Thanks, this seems to have caught something. Chrome is working as normal again. Performance is better than before.

Anything else I should do?

Thanks again!

C

 

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/30/17
Scan Time: 10:08 AM
Logfile: Mbytes scan.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1136
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-4DOMPKK\carly

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393269
Time Elapsed: 12 min, 55 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.MyStartShield.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\calegbidjlhjchbcefpcnpmpibcgdakc, Delete-on-Reboot, [3256], [365829],1.0.1136

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

-------------------------------------

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by carly (30-01-2017 09:51:41) Run:1
Running from C:\Users\carly\Desktop
Loaded Profiles: carly (Available Profiles: carly)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3210256461-2558055511-3620820169-1001\...\Run: [AdobeBridge] => [X]
Tcpip\..\Interfaces\{bb7aecf8-2723-4b58-bb83-5ca86cd2a7dd}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{cc9ee698-a228-4123-a759-dd9d9d10ae92}: [NameServer] 209.222.182.22,209.222.182.18
CHR DefaultSearchURL: Default -> hxxp://mystartshield.com/results.php?pr=vmn&id=mystartshield&v=1_0_chromeextension_unknown__&campaignID=__campaign__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> MyStartShield.com
CHR Extension: (MyStart Shield) - C:\Users\carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\calegbidjlhjchbcefpcnpmpibcgdakc [2017-01-28]
S3 dbx; system32\DRIVERS\dbx.sys [X]
2017-01-29 12:32 - 2017-01-29 12:32 - 00000000 ____D C:\Users\carly\AppData\Roaming\MPC-HC
2016-09-29 22:05 - 2016-09-29 22:05 - 0152576 _____ () C:\Users\carly\AppData\Local\Temp\ext4600434247340586372.dll
2016-11-11 20:22 - 2016-11-11 20:22 - 0152576 _____ () C:\Users\carly\AppData\Local\Temp\ext4665657624825334407.dll
2016-12-03 20:07 - 2016-12-03 20:07 - 0152576 _____ () C:\Users\carly\AppData\Local\Temp\ext4871984544343764567.dll
2016-10-09 16:32 - 2016-10-09 16:32 - 0152576 _____ () C:\Users\carly\AppData\Local\Temp\ext5671376053737882570.dll
2016-11-06 19:31 - 2016-11-06 19:31 - 0152576 _____ () C:\Users\carly\AppData\Local\Temp\ext6260765650393541868.dll
2016-09-27 17:48 - 2016-09-27 17:48 - 0152576 _____ () C:\Users\carly\AppData\Local\Temp\ext628566049997902205.dll
2016-10-17 20:55 - 2016-10-17 20:55 - 0152576 _____ () C:\Users\carly\AppData\Local\Temp\ext7055406446360350447.dll
2016-10-02 20:10 - 2016-10-02 20:10 - 0152576 _____ () C:\Users\carly\AppData\Local\Temp\ext8104342152346128525.dll
2016-12-11 13:10 - 2016-12-11 13:10 - 0152576 _____ () C:\Users\carly\AppData\Local\Temp\ext9152697530842355936.dll
Hosts:
CMD: ipconfig /flushDNS
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3210256461-2558055511-3620820169-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bb7aecf8-2723-4b58-bb83-5ca86cd2a7dd}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cc9ee698-a228-4123-a759-dd9d9d10ae92}\\NameServer => value removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\calegbidjlhjchbcefpcnpmpibcgdakc => moved successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
C:\Users\carly\AppData\Roaming\MPC-HC => moved successfully
C:\Users\carly\AppData\Local\Temp\ext4600434247340586372.dll => moved successfully
C:\Users\carly\AppData\Local\Temp\ext4665657624825334407.dll => moved successfully
C:\Users\carly\AppData\Local\Temp\ext4871984544343764567.dll => moved successfully
C:\Users\carly\AppData\Local\Temp\ext5671376053737882570.dll => moved successfully
C:\Users\carly\AppData\Local\Temp\ext6260765650393541868.dll => moved successfully
C:\Users\carly\AppData\Local\Temp\ext628566049997902205.dll => moved successfully
C:\Users\carly\AppData\Local\Temp\ext7055406446360350447.dll => moved successfully
C:\Users\carly\AppData\Local\Temp\ext8104342152346128525.dll => moved successfully
C:\Users\carly\AppData\Local\Temp\ext9152697530842355936.dll => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1403863039 B
Java, Flash, Steam htmlcache => 1418 B
Windows/system/drivers => 17034652 B
Edge => 1577099 B
Chrome => 847843242 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 37668 B
NetworkService => 117882940 B
carly => 779425259 B

RecycleBin => 81477435 B
EmptyTemp: => 3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:57:51 ====

 

-------------------------------------------------------

2017-01-31 02:20:04.319    Sophos Virus Removal Tool version 2.5.6
2017-01-31 02:20:04.319    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-01-31 02:20:04.319    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-01-31 02:20:04.319    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2017-01-31 02:20:04.335    Checking for updates...
2017-01-31 02:20:04.435    Update progress: proxy server not available
2017-01-31 02:20:11.322    Option all = no
2017-01-31 02:20:11.322    Option recurse = yes
2017-01-31 02:20:11.322    Option archive = no
2017-01-31 02:20:11.322    Option service = yes
2017-01-31 02:20:11.322    Option confirm = yes
2017-01-31 02:20:11.322    Option sxl = yes
2017-01-31 02:20:11.323    Option max-data-age = 35
2017-01-31 02:20:11.323    Option vdl-logging = yes
2017-01-31 02:20:11.332    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-01-31 02:20:11.332    Machine ID:    2cac89b6c98140c1a128fb76874dd687
2017-01-31 02:20:11.334    Component SVRTcli.exe version 2.5.6
2017-01-31 02:20:11.334    Component control.dll version 2.5.6
2017-01-31 02:20:11.334    Component SVRTservice.exe version 2.5.6
2017-01-31 02:20:11.334    Component engine\osdp.dll version 1.44.1.2270
2017-01-31 02:20:11.335    Component engine\veex.dll version 3.67.0.2270
2017-01-31 02:20:11.335    Component engine\savi.dll version 9.0.5.2270
2017-01-31 02:20:11.335    Component rkdisk.dll version 1.5.31.1
2017-01-31 02:20:11.335    Version info:    Product version    2.5.6
2017-01-31 02:20:11.336    Version info:    Detection engine    3.67.0
2017-01-31 02:20:11.336    Version info:    Detection data    5.32
2017-01-31 02:20:11.336    Version info:    Build date    10/4/2016
2017-01-31 02:20:11.336    Version info:    Data files added    733
2017-01-31 02:20:11.336    Version info:    Last successful update    (not yet updated)
2017-01-31 02:20:17.839    Downloading updates...
2017-01-31 02:20:17.840    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-01-31 02:20:17.840    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-01-31 02:20:17.840    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-01-31 02:20:17.840    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-01-31 02:20:17.840    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-01-31 02:20:17.840    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-01-31 02:20:17.841    Update progress: [I49502] sdds.data0910.xml: found supplement IDE536 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-01-31 02:20:17.841    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE536 LATEST path=
2017-01-31 02:20:17.841    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE536 LATEST path=
2017-01-31 02:20:17.841    Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product IDE536 LATEST path=]
2017-01-31 02:20:17.841    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
2017-01-31 02:20:17.841    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
2017-01-31 02:20:17.841    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-01-31 02:20:17.980    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-01-31 02:20:17.980    Update progress: [I19463] Product download size 156130248 bytes
2017-01-31 02:20:40.922    Update progress: [I19463] Syncing product IDE536 LATEST path=
2017-01-31 02:20:40.922    Update progress: [I19463] Product download size 3527452 bytes
2017-01-31 02:20:42.997    Update progress: [I19463] Syncing product IDE537 LATEST path=
2017-01-31 02:20:42.997    Update progress: [I19463] Product download size 1608794 bytes
2017-01-31 02:20:43.652    Installing updates...
2017-01-31 02:20:44.270    Error level 1
2017-01-31 02:20:56.110    Update successful
2017-01-31 02:21:02.626    Option all = no
2017-01-31 02:21:02.626    Option recurse = yes
2017-01-31 02:21:02.626    Option archive = no
2017-01-31 02:21:02.626    Option service = yes
2017-01-31 02:21:02.626    Option confirm = yes
2017-01-31 02:21:02.626    Option sxl = yes
2017-01-31 02:21:02.627    Option max-data-age = 35
2017-01-31 02:21:02.627    Option vdl-logging = yes
2017-01-31 02:21:02.632    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-01-31 02:21:02.632    Machine ID:    2cac89b6c98140c1a128fb76874dd687
2017-01-31 02:21:02.633    Component SVRTcli.exe version 2.5.6
2017-01-31 02:21:02.633    Component control.dll version 2.5.6
2017-01-31 02:21:02.633    Component SVRTservice.exe version 2.5.6
2017-01-31 02:21:02.634    Component engine\osdp.dll version 1.44.1.2280
2017-01-31 02:21:02.634    Component engine\veex.dll version 3.68.0.2280
2017-01-31 02:21:02.634    Component engine\savi.dll version 9.0.7.2280
2017-01-31 02:21:02.634    Component rkdisk.dll version 1.5.31.1
2017-01-31 02:21:02.634    Version info:    Product version    2.5.6
2017-01-31 02:21:02.635    Version info:    Detection engine    3.68.0
2017-01-31 02:21:02.635    Version info:    Detection data    5.35
2017-01-31 02:21:02.635    Version info:    Build date    1/10/2017
2017-01-31 02:21:02.635    Version info:    Data files added    312
2017-01-31 02:21:02.635    Version info:    Last successful update    1/30/2017 9:20:56 PM

2017-01-31 04:13:35.236    Could not open C:\hiberfil.sys
2017-01-31 04:13:45.703    Could not open C:\pagefile.sys
2017-01-31 04:19:35.160    Could not open C:\swapfile.sys
2017-01-31 04:19:35.260    Could not open C:\System Volume Information\{1c2b4322-e6fb-11e6-9da7-7054d2bef601}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-01-31 04:19:35.260    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-01-31 04:19:35.260    Could not open C:\System Volume Information\{5f5d9abc-e3f2-11e6-9da2-7054d2bef601}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-01-31 04:19:35.260    Could not open C:\System Volume Information\{9f7a7e97-e757-11e6-9dab-7054d2bef601}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-01-31 04:19:35.260    Could not open C:\System Volume Information\{e555174f-dfc0-11e6-9da2-7054d2bef601}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-01-31 04:48:37.769    Password protected file C:\Users\carly\Dropbox\BIG COMPUTER BACKUP\Documents\School work\! AMBA Summer\Quizzes and Exams\finalhj-a-pwd (1).docx
2017-01-31 04:48:37.781    Password protected file C:\Users\carly\Dropbox\BIG COMPUTER BACKUP\Documents\School work\! AMBA Summer\Quizzes and Exams\finalhj-a-pwd.docx
2017-01-31 04:48:37.793    Password protected file C:\Users\carly\Dropbox\BIG COMPUTER BACKUP\Documents\School work\! AMBA Summer\Quizzes and Exams\finalhj-a-pwd_Carly DONE.docx
2017-01-31 04:48:37.806    Password protected file C:\Users\carly\Dropbox\BIG COMPUTER BACKUP\Documents\School work\! AMBA Summer\Quizzes and Exams\finalhj-a-pwd_Carly.docx
2017-01-31 04:57:38.856    >>> Virus 'Mal/Generic-S' found in file C:\Users\carly\Dropbox\Games\Final.Fantasy.VII.Remake-RELOADED\crack\ff7_fr.exe
2017-01-31 04:57:38.856    >>> Virus 'Mal/Generic-S' found in file C:\Users\carly\Dropbox\Games\Final.Fantasy.VII.Remake-RELOADED\crack\ff7_fr.exe
2017-01-31 04:57:38.857    >>> Virus 'Mal/Generic-S' found in file C:\Users\carly\Dropbox\Games\Final.Fantasy.VII.Remake-RELOADED\crack\ff7_fr.exe
2017-01-31 04:58:30.478    Password protected file C:\Users\carly\Dropbox\TERRA DRIVE BACKUP\! My Documents\My Documents\My Writing\Journal\2006\Winter Term 2006\Maradrama.docx
2017-01-31 04:58:30.905    Password protected file C:\Users\carly\Dropbox\TERRA DRIVE BACKUP\! My Documents\My Documents\My Writing\Journal\2008\He grips you softly with his smile.docx
2017-01-31 05:13:13.903    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-01-31 05:13:17.934    Could not open C:\Windows\System32\config\BBI
2017-01-31 05:13:18.316    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-01-31 05:13:18.329    Could not open C:\Windows\System32\config\RegBack\SAM
2017-01-31 05:13:18.333    Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-01-31 05:13:18.337    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-01-31 05:13:18.338    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-01-31 05:27:14.728    Password protected file E:\Backup\! My Documents\My Documents\My Writing\Journal\2006\Winter Term 2006\Maradrama.docx
2017-01-31 05:27:14.828    Password protected file E:\Backup\! My Documents\My Documents\My Writing\Journal\2008\He grips you softly with his smile.docx
2017-01-31 05:36:54.002    Password protected file E:\Backup\Backup\Documents\My Documents\My Writing\Journal\2006\Winter Term 2006\Maradrama.docx
2017-01-31 05:36:54.124    Password protected file E:\Backup\Backup\Documents\My Documents\My Writing\Journal\2008\He grips you softly with his smile.docx
2017-01-31 05:40:41.737    Could not open LOGICAL:0005:00000000
2017-01-31 05:40:41.753    Could not open F:\
2017-01-31 05:40:41.753    Could not open LOGICAL:0006:00000000
2017-01-31 05:40:41.753    Could not open G:\
2017-01-31 05:40:41.769    Could not open LOGICAL:0007:00000000
2017-01-31 05:40:41.769    Could not open H:\
2017-01-31 05:40:41.769    Could not open LOGICAL:0008:00000000
2017-01-31 05:40:41.784    Could not open I:\
2017-01-31 05:41:23.215    Could not open PHYSICAL:0083:0000:0000:0001
2017-01-31 05:41:23.215    Could not open PHYSICAL:0084:0000:0000:0001
2017-01-31 05:41:23.231    Could not open PHYSICAL:0085:0000:0000:0001
2017-01-31 05:41:23.231    Could not open PHYSICAL:0086:0000:0000:0001
2017-01-31 05:41:23.374    The following items will be cleaned up:
2017-01-31 05:41:23.374    Mal/Generic-S
2017-01-31 13:52:25.419    Threat 'Mal/Generic-S' has been cleaned up.
2017-01-31 13:52:25.419    File "C:\Users\carly\Dropbox\Games\Final.Fantasy.VII.Remake-RELOADED\crack\ff7_fr.exe" belongs to malware 'Mal/Generic-S'.
2017-01-31 13:52:25.419    File "C:\Users\carly\Dropbox\Games\Final.Fantasy.VII.Remake-RELOADED\crack\ff7_fr.exe" has been cleaned up.
2017-01-31 13:52:25.435    Removal successful
2017-01-31 13:52:27.274    Error level 0
 

Link to post
Share on other sites

Yes, here it is:

 

# AdwCleaner v6.043 - Logfile created 30/01/2017 at 20:47:18
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-01-30.3 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : carly - DESKTOP-4DOMPKK
# Running from : C:\Users\carly\Desktop\adwcleaner_6.043.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKCU\Software\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe
Key Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1216 Bytes] - [30/01/2017 20:47:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1289 Bytes] ##########
 

Link to post
Share on other sites

Thanks for the update, if no remaining issues or concerns I guess we can clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.