Jump to content

Unable to remove hijacker


Recommended Posts

Hello

Malwarebytes detects malware in the registry at every scan, but unfortunately they cannot be removed. These malware cause my edge browser to redirect to the internet explorer and the google chrome to redirect to the custom search engine, when I try to search something. I also tried malwarebytes adwcleaner, but these browser hijackers are still present. Can someone help me please? My OS is windows 10 

Link to post
Share on other sites

Hi ,

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being asked.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from the internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on another system as it may do serious damage.


  • Step #1 Scan with Malwarebytes' Anti-Malware
    • Download and install Malwarebytes' Anti-Malware from the link below --
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update. Update the program should this happen;
      • Navigate to the Settings > tab Protection and ensure that all the options under Scan Options turned on
    • From the Dashboard, navigate to Scan and click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on Reports > Choose the Scan Report > View Report > Export > Export to .txt file, and save the report to your Desktop.
    • Copy and Paste the contents of the log in your next reply.


  • Step #2 Fix with AdwCleaner
    • Download AdwCleaner to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Tools>Option and put a tick mark as shown in the image below;
      kRSoWLL.png
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
    • Copy and Paste the contents of this log in your reply.


  • Step #3 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information. 
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.

    Note: Enable your security programs afterwards.



 

Link to post
Share on other sites

Hi.

Thank you for your response and help. Please find the log files as requested for the three steps:
------------------------------------------------------------------------------------------------------------------------------------

#STEP 1:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/28/17
Scan Time: 5:01 PM
Log File: malwarebytes scan report 28082017.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2673
License: Premium

-System Information-
OS: Windows 10 (Build 15063.540)
CPU: x64
File System: NTFS
User: GEORGE_PC_SPECI\George

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413118
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 3 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.StartSear, HKU\S-1-5-21-1908256973-1184163464-2371729057-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [8157], [396966],1.0.2673

Registry Value: 1
PUP.Optional.StartSear, HKU\S-1-5-21-1908256973-1184163464-2371729057-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [8157], [396966],1.0.2673

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
------------------------------------------------------------------------------------------------------------------------

#STEP 2:

# AdwCleaner 7.0.1.0 - Logfile created on Mon Aug 28 14:14:06 2017
# Updated on 2017/05/08 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\drpsu


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://search.conduit.com/?ctid=CT3220468&SearchSource=48
Startpage deleted: http://www.omniboxes.com/?type=hp&ts=1427984674&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.omniboxes.com/?type=hppp&ts=1427984735&from=obw&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: http://www.google.com/
Startpage deleted: http://www.mysites123.com/?type=hp&ts=1450820769&z=e05457818cf5c9d5c896be3g1z3w5e2b0oae6m6o1m&from=amt&uid=OCZ-VERTEX3_OCZ-DU5241TQL6V46768
Startpage deleted: https://encrypted.google.com


*************************

::Tracing keys deleted
::Winsock settings cleared
::Image File Execution Options%s keys deleted
::Prefetch files deleted
::Proxy settings cleared
::TCP/IP settings cleared
::Firewall rules cleared
::IPSec settings cleared
::BITS queue cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [16439 B] - [2017/8/27 11:39:36]
C:/AdwCleaner/AdwCleaner[C1].txt - [19094 B] - [2017/8/27 11:57:6]
C:/AdwCleaner/AdwCleaner[S0].txt - [3605 B] - [2017/8/27 11:39:18]
C:/AdwCleaner/AdwCleaner[S1].txt - [2454 B] - [2017/8/27 11:56:46]
C:/AdwCleaner/AdwCleaner[S2].txt - [2590 B] - [2017/8/28 14:13:34]


########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########
-------------------------------------------------------------------------------------------------------------------

#STEP 3

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=08e88ddd732b1d4bbe464bf55791ca8c
# end=init
# utc_time=2017-08-28 02:21:09
# local_time=2017-08-28 05:21:09 (+0200, GTB Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 34550
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=08e88ddd732b1d4bbe464bf55791ca8c
# end=updated
# utc_time=2017-08-28 02:27:27
# local_time=2017-08-28 05:27:27 (+0200, GTB Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=08e88ddd732b1d4bbe464bf55791ca8c
# engine=34550
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2017-08-28 09:05:50
# local_time=2017-08-29 12:05:50 (+0200, GTB Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 24798 14087346 0 0
# scanned=663778
# found=4
# cleaned=3
# scan_time=23903
sh=FDF5A19743885EBCF747B975FAEFF29BD34219A2 ft=1 fh=8d914f337b9bc54f vn="Win32/CoinMiner.ALL trojan" ac=I fn="C:\Users\All Users\lanann\lanann.exe"
sh=FDF5A19743885EBCF747B975FAEFF29BD34219A2 ft=1 fh=8d914f337b9bc54f vn="Win32/CoinMiner.ALL trojan (cleaned by deleting)" ac=C fn="C:\ProgramData\lanann\lanann.exe"
sh=2049B0C311DE33AEB4CA46EE433665E1D599D56A ft=1 fh=fc04b403b8bec4b6 vn="Win32/CoinMiner.ALL trojan (deleted)" ac=C fn="C:\Users\George\AppData\Local\Temp\Game.of.Thrones.S07E02.HDTV.h264-TBS.exe"
sh=6021DA4B7A99E9A973A4F3E311F6A02166B66634 ft=1 fh=ede467b5d354e144 vn="Win32/FusionCore.L potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\George\Dropbox\Documents\ELEKTROLOGIKES MELETES\Guides\PowerISO6-x64.exe"
------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Unfortunately, the problem doesn't seem to go away, as google chrome redirects to google custom search page when trying to search for something in either in the address bar or from google.com. Nevertheless, the edge browser seems to work fine now. But, I also need to fix google chrome.

Thank you.

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.