-
Now you got it, whatever tools or programs we run all the logs will open the same way so just do what you just did to post them
You have some Adware on your system, run both this programs in the order listed.
First
Go here and download AdwCleaner to your desktop
- Double click on AdwCleaner.exe to run the tool.
- Click on Delete
- A logfile will automatically open after the scan has finished.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
Second
Please download Malwarebytes Anti-Malware to your desktop.
- Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan as shown below.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
-
Been at this for over 12 years and helped 1000s of people, never had anyone question my bedside manor. I posted what i did because you sounded like you where getting frustrated . As far as DDS, the instructions say to copy and paste the first log and attach the second, but copy and pasting them both is fine, I was trying to make this as easy and painless for you as I could.
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)
My instructions for you that I thought would be easier for you to follow
Why dont we start from the beginning, I am going to have you run just DDS, when the logs open they will open in Notepad, go up to the top and click EDIT > SELECT ALL............Then EDIT > COPY then come back to this thread and click on Reply. Put your mouse cursor in the thread and right click and select PASTE and let go from there.
Last edited by ken545; 2013-07-27 at 04:10.
-
Adware Cleaner
# AdwCleaner v2.306 - Logfile created 07/26/2013 at 22:05:27
# Updated 19/07/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Hebert - HOME
# Boot Mode : Normal
# Running from : C:\Users\Hebert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIQ46JLG\AdwCleaner.exe
# Option [Search]
***** [Services] *****
Found : IB Updater
***** [Files / Folders] *****
File Found : C:\windows\Tasks\LyricsContainer Update.job
Folder Found : C:\Program Files (x86)\LyricsContainer
Folder Found : C:\Program Files (x86)\Perion
Folder Found : C:\Program Files\IB Updater
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Hebert\AppData\Local\APN
Folder Found : C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Folder Found : C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Found : C:\Users\Hebert\AppData\Local\Temp\AirInstaller
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\LyricsContainer
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\Software\ImInstaller
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lyrics@LyricsContainer.co
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Registry is clean.
-\\ Google Chrome v28.0.1500.72
File : C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [7572 octets] - [26/07/2013 22:05:27]
########## EOF - C:\AdwCleaner[R1].txt - [7632 octets] ##########
-
Adware Cleaner [2]
# AdwCleaner v2.306 - Logfile created 07/26/2013 at 22:05:46
# Updated 19/07/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Hebert - HOME
# Boot Mode : Normal
# Running from : C:\Users\Hebert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIQ46JLG\AdwCleaner.exe
# Option [Search]
***** [Services] *****
Found : IB Updater
***** [Files / Folders] *****
File Found : C:\windows\Tasks\LyricsContainer Update.job
Folder Found : C:\Program Files (x86)\LyricsContainer
Folder Found : C:\Program Files (x86)\Perion
Folder Found : C:\Program Files\IB Updater
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Hebert\AppData\Local\APN
Folder Found : C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Folder Found : C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Found : C:\Users\Hebert\AppData\Local\Temp\AirInstaller
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\LyricsContainer
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\Software\ImInstaller
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lyrics@LyricsContainer.co
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Registry is clean.
-\\ Google Chrome v28.0.1500.72
File : C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [7677 octets] - [26/07/2013 22:05:27]
AdwCleaner[R2].txt - [7632 octets] - [26/07/2013 22:05:46]
########## EOF - C:\AdwCleaner[R2].txt - [7692 octets] ##########
-
Malwarebytes
I ran Malwarebytes and deleted the issues it found.
I then copied the report but lost it when I restarted my computer as it instructed me to do.
How can I find that report to sent to you?
-
I found the report from Malwarebytes
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.07.27.01
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
Hebert :: HOME [administrator]
7/26/2013 10:26:15 PM
mbam-log-2013-07-26 (22-26-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220949
Time elapsed: 2 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\Hebert\AppData\Local\Temp\ICReinstall_setup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Hebert\Local Settings\Temporary Internet Files\Content.IE5\ASE4J9KH\setup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
(end)
-
Success!
I think the threat may be gone.
Thanks to all of the Forum Analysts who guided me.
It was very much appreciated.
-
Good Morning,
Where on a roll, now that you understand the procedure your doing very well 
When you install software that may have been downloaded from the internet, most people don't read what there installing and just keep clicking on Next during the install, sometimes even legitimate software may have some adware bundled with it. A good example of that is when you update your Java, during the update if you dont read what your installing unless its unchecked during the installation it will install the Ask Toolbar and this will make ASK your default search engine among other things, its an inferior search engine but sometimes large corporations do this to offset there costs. So whatever you install in the future as new windows pop up, read read read before you click on Next. You had a lot of bogus junk installed.
There may be more that could have been missed so let do this
Download Junkware Removal Tool to your desktop
- shut down your protection software now to avoid potential conflicts.
- run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
- the tool will open and start scanning your system
- please be patient as this can take a while to complete depending on your system's specifications
- on completion, a log (JRT.txt) is saved to your desktop and will automatically open
- post the contents of JRT.txt into your next message.
DDS is a great program for showing us both legit and malicious programs on your system but all it is is a scanner, we cant remove anything with it. So run this other program also after running Junkware Removal Tool and I can check the log and look for anything else that may have to go and if so we can use it to remove bad entries
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
-
Junkware Removal Tool report
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows 8 x64
Ran by Hebert on Sat 07/27/2013 at 11:21:52.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7
~~~ Registry Keys
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{114D1DCD-DEEB-48AE-8205-8007E577A948}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F91A159C-90EA-41C8-A5EB-AC4EF23EA7B4}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F91A159C-90EA-41C8-A5EB-AC4EF23EA7B4}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3178A392-8963-471E-B7A2-969CB58D6496}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA3D98A6-868D-4E1B-BB78-0887230DA405}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{F91A159C-90EA-41C8-A5EB-AC4EF23EA7B4}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3178A392-8963-471E-B7A2-969CB58D6496}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA3D98A6-868D-4E1B-BB78-0887230DA405}
~~~ Files
Failed to delete: [File] C:\eula.1028.txt
Failed to delete: [File] C:\eula.1031.txt
Failed to delete: [File] C:\eula.1033.txt
Failed to delete: [File] C:\eula.1036.txt
Failed to delete: [File] C:\eula.1040.txt
Failed to delete: [File] C:\eula.1041.txt
Failed to delete: [File] C:\eula.1042.txt
Failed to delete: [File] C:\eula.2052.txt
Failed to delete: [File] C:\install.res.1028.dll
Failed to delete: [File] C:\install.res.1031.dll
Failed to delete: [File] C:\install.res.1033.dll
Failed to delete: [File] C:\install.res.1036.dll
Failed to delete: [File] C:\install.res.1040.dll
Failed to delete: [File] C:\install.res.1041.dll
Failed to delete: [File] C:\install.res.1042.dll
Failed to delete: [File] C:\install.res.2052.dll
Failed to delete: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Hebert\AppData\Roaming\goforfiles"
Failed to delete: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Hebert\appdata\local\{033D6407-DC00-4D38-898F-6314B99FCB00}
Successfully deleted: [Empty Folder] C:\Users\Hebert\appdata\local\{0CDDDDDD-6E71-4674-B3F6-F2A89A6F2EFA}
Successfully deleted: [Empty Folder] C:\Users\Hebert\appdata\local\{2059721B-414D-4EB9-BAC3-559FA205A0C4}
Successfully deleted: [Empty Folder] C:\Users\Hebert\appdata\local\{45895DFA-C8D1-409A-8B8A-6C9A18271BFD}
Successfully deleted: [Empty Folder] C:\Users\Hebert\appdata\local\{57127D91-9641-4575-A26F-EFE7A00E0FE1}
Successfully deleted: [Empty Folder] C:\Users\Hebert\appdata\local\{5873614C-B36C-4014-B18B-7B4A993A32E3}
Successfully deleted: [Empty Folder] C:\Users\Hebert\appdata\local\{8EEC2D8B-28B2-4AFA-A9D9-9B7D46908E72}
Successfully deleted: [Empty Folder] C:\Users\Hebert\appdata\local\{93323CD0-C84D-46D6-B383-AE4A2993F8FE}
Successfully deleted: [Empty Folder] C:\Users\Hebert\appdata\local\{CD0EEA8D-49A5-4A31-8DA0-B21F1DFE53CD}
Successfully deleted: [Empty Folder] C:\Users\Hebert\appdata\local\{D5CEEC73-1EA8-4DD1-97F2-B6BE963265C4}
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Hebert\appdata\local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/27/2013 at 11:24:32.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
See my notes before reading the next post...
The following post ran with 'Standard Output' checked and 'Include 64 bit scans' checked.
I will now run the process again with the changes you diredcted and send those reports next... sorry
You instruction to run it came before your instruction to recheck certain boxes...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
