Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Continuation of Older Thread

This is a discussion on Continuation of Older Thread within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I posted earlier but was unable to respond in time and so am starting a new thread here. Here


 
 
Thread Tools Search this Thread
Old 01-13-2016, 08:10 PM   #1
Registered Member
 
Join Date: Dec 2015
Posts: 14
OS: Win7



Hi, I posted earlier but was unable to respond in time and so am starting a new thread here. Here is the link to the previous thread:

https://www.techsupportforum.com/foru...ml#post6806786

I read the reply and here is the adw text:

# AdwCleaner v5.027 - Logfile created 30/12/2015 at 20:13:08
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Larry - LARRY-HP
# Running from : C:\Users\Larry\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\ProgramData\28341ff220e0446c9fff27c4493d622e
[-] Folder Deleted : C:\Users\Larry\AppData\Local\Installer\Install_12112
[-] Folder Deleted : C:\Users\Larry\AppData\Local\Installer\Install_29778
[-] Folder Deleted : C:\Users\Larry\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sxyg9r2e.default\invalidprefs.js
[-] File Deleted : C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\sxyg9r2e.default\user.js
[-] File Deleted : C:\Users\Larry\Desktop\Continue Live Installation.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : HHMKRLNAIC1
[-] Task Deleted : NCWNPLPMGXMOLKBI
[-] Task Deleted : HHMKRLNAIC1
[-] Task Deleted : NCWNPLPMGXMOLKBI

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2BD2339-91B8-4F42-967A-016F4FC52D01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3ECE458-8980-4B38-8001-BFFFB9F46BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F615669E-5FEF-4EA4-9621-9563E39A7B5D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2BD2339-91B8-4F42-967A-016F4FC52D01}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3ECE458-8980-4B38-8001-BFFFB9F46BD7}
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserAir
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4746 bytes] ##########

I've attached the frst.txt and addition.txt
Attached Files
File Type: txt FRST.txt (22.7 KB, 11 views)
File Type: txt Addition.txt (40.4 KB, 12 views)
Draymond Green is offline  
Sponsored Links
Advertisement
 
Old 01-17-2016, 12:29 PM   #2
Registered Member
 
Join Date: Dec 2015
Posts: 14
OS: Win7



Bumping after 72 hours.
Draymond Green is offline  
Old 01-18-2016, 01:38 PM   #3
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello. I wrote reply to the threads you opened before. But you did not answer. Therefore, threads closed.

Ok. Let's move on. AdwCleaner log and FRST logs are out of date.

Quote from the AdwCleaner report:
Quote:
# AdwCleaner v5.027 - Logfile created 30/12/2015 at 20:13:08
Quote from the FRST.txt
Quote:
Ran by Larry (administrator) on LARRY-HP (13-01-2016 19:57:15)
Quote from the Addition.txt
Quote:
Ran by Larry (2016-01-13 20:00:58)
Please re-run all the tools (AdwCleaner and FRST) according to instructions. Send fresh logs.
__________________
tekir06 is offline  
Sponsored Links
Advertisement
 
Old 01-18-2016, 02:05 PM   #4
Registered Member
 
Join Date: Dec 2015
Posts: 14
OS: Win7



Hello tekir! Thank you for the reply. I will rerun those programs as soon as I can, however, you should know that the computer has not been uses at all except to run the scans. I'm not sure if that means the adw and frst scans are still useless, but just FYI.
Draymond Green is offline  
Old 01-18-2016, 11:54 PM   #5
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

Ok. I'm waiting for scan results.
__________________
tekir06 is offline  
Old 01-22-2016, 01:47 PM   #6
Registered Member
 
Join Date: Dec 2015
Posts: 14
OS: Win7



Hi, just letting you know I'll post the scan results as soon as I can. I'm away from home and I'd rather avoid closing the tread again.
Draymond Green is offline  
Old 01-23-2016, 08:04 PM   #7
Registered Member
 
Join Date: Dec 2015
Posts: 14
OS: Win7



OK, here we go. Thank you for your patience.

# AdwCleaner v5.030 - Logfile created 23/01/2016 at 19:51:29
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Larry - LARRY-HP
# Running from : C:\Users\Larry\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bubbledock.us

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [875 bytes] ##########
Attached Files
File Type: txt FRST.txt (22.2 KB, 11 views)
File Type: txt Addition.txt (38.7 KB, 11 views)
Draymond Green is offline  
Old 01-25-2016, 04:39 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Draymond Green,

Thanks for the logs. Please do the following.

We need to uninstall a program.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of program to uninstall:

Free YouTube Downloader 3.5.179 >>>>> READ

==============================================

I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program. If you don't want to uninstall the program then please at least disable Tea Timer while performing any of my instructions. You can re-enable it when we are all done. Instructions for that are here. If you do decide to uninstall the program, first Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D and then remove from Add/Remove programs.

==============================================

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start
CreateRestorePoint:
HKU\S-1-5-21-1014703716-426910568-2868153028-1002\...\Run: [Windanexe] => C:\Users\Larry\AppData\Local\WinDan\WinDanApp.exe [98816 2015-09-22] ()
HKU\S-1-5-21-1014703716-426910568-2868153028-1002\...\MountPoints2: {6bae3f4a-5a50-11e2-bc76-80c16e411526} - G:\autorun.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1014703716-426910568-2868153028-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-1014703716-426910568-2868153028-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
Task: {13F7113D-17C7-4C9B-9720-8AC8CE3AD3E7} - \WordWizard Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
Task: {8476660B-7E3F-4B52-A998-2E3BDD934D80} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe
Task: {903F7E8C-B8DA-419D-94B0-74A21D2B538E} - System32\Tasks\impo => C:\Windows\system32\bs1.exe
Task: {98D8F255-2AB3-490A-A8DA-2830A3F7A13C} - System32\Tasks\{483F64F6-F60F-4AA3-BE8A-F9DA97639C5B} => pcalua.exe -a F:\Setup.exe -d F:\
Task: {9B63005A-5FBF-498A-99E9-99387071932F} - System32\Tasks\MyDailyBackup => C:\Windows\system32\winupd.exe <==== ATTENTION
Task: {A28E5B3B-E88A-4966-9C2A-C2DF08B6CEEB} - System32\Tasks\win => C:\Windows\system32\win.exe
Task: {B66E0DC7-B6E5-4F0D-A1D0-1DD38E19D4BD} - System32\Tasks\import => C:\Windows\system32\Mint.exe
Task: {B78C97D7-C52D-47CB-9F11-7ED07B6CCDA4} - \WordWizard Auto Updater 1.10.0.24 Core -> No File <==== ATTENTION
Task: {BC9C71AB-948C-4FD5-A3C1-1F7A163FFF66} - \Inst_Rep -> No File <==== ATTENTION
Task: {C8098518-28E8-4CCC-85ED-28CCA40F9475} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {F004ACCB-CD79-4D28-8D6E-3F11DEB04D1C} - System32\Tasks\Googleuptodate => C:\Windows\system32\Wimboldon.exe
FirewallRules: [{896B34C8-1CB7-4251-A425-870E6629AE09}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敮浴杮睜湩敮浴杮攮數
FirewallRules: [{DA54DF9C-597C-4BB9-8B7F-B0F23C452A75}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敮浴杮牜獥睴湩敮浴杮攮數
FirewallRules: [{DDE36089-0B2E-4D3F-8F33-75DF8605CAB0}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敮浴杮睜湩敮浴杮⹟硥e
FirewallRules: [{A8E85E91-5AB3-4B1F-8916-20AF5159B199}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敮浴杮牜獥睴湩敮浴杮⹟硥e
() C:\Users\Larry\AppData\Local\WinDan\WinDanApp.exe
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Itibiti.exe" /f 
EmptyTemp:
end
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 01-26-2016, 11:45 PM   #9
Registered Member
 
Join Date: Dec 2015
Posts: 14
OS: Win7



Hi

Managed to get through it, but after I ran appwiz.cpl the first time, I started getting physical memory dumps that caused be to continually have to re start. Also I forgot to undue the immunizations before I unistalled spybot. Anyway here is the log.

Fix result of Farbar Recovery Scan Tool (x64) Version:30-12-2015
Ran by Larry (2016-01-26 23:18:35) Run:1
Running from C:\Users\Larry\Desktop
Loaded Profiles: Larry (Available Profiles: Larry)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKU\S-1-5-21-1014703716-426910568-2868153028-1002\...\Run: [Windanexe] => C:\Users\Larry\AppData\Local\WinDan\WinDanApp.exe [98816 2015-09-22] ()
HKU\S-1-5-21-1014703716-426910568-2868153028-1002\...\MountPoints2: {6bae3f4a-5a50-11e2-bc76-80c16e411526} - G:\autorun.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1014703716-426910568-2868153028-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1014703716-426910568-2868153028-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
Task: {13F7113D-17C7-4C9B-9720-8AC8CE3AD3E7} - \WordWizard Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
Task: {8476660B-7E3F-4B52-A998-2E3BDD934D80} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe
Task: {903F7E8C-B8DA-419D-94B0-74A21D2B538E} - System32\Tasks\impo => C:\Windows\system32\bs1.exe
Task: {98D8F255-2AB3-490A-A8DA-2830A3F7A13C} - System32\Tasks\{483F64F6-F60F-4AA3-BE8A-F9DA97639C5B} => pcalua.exe -a F:\Setup.exe -d F:\
Task: {9B63005A-5FBF-498A-99E9-99387071932F} - System32\Tasks\MyDailyBackup => C:\Windows\system32\winupd.exe <==== ATTENTION
Task: {A28E5B3B-E88A-4966-9C2A-C2DF08B6CEEB} - System32\Tasks\win => C:\Windows\system32\win.exe
Task: {B66E0DC7-B6E5-4F0D-A1D0-1DD38E19D4BD} - System32\Tasks\import => C:\Windows\system32\Mint.exe
Task: {B78C97D7-C52D-47CB-9F11-7ED07B6CCDA4} - \WordWizard Auto Updater 1.10.0.24 Core -> No File <==== ATTENTION
Task: {BC9C71AB-948C-4FD5-A3C1-1F7A163FFF66} - \Inst_Rep -> No File <==== ATTENTION
Task: {C8098518-28E8-4CCC-85ED-28CCA40F9475} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {F004ACCB-CD79-4D28-8D6E-3F11DEB04D1C} - System32\Tasks\Googleuptodate => C:\Windows\system32\Wimboldon.exe
FirewallRules: [{896B34C8-1CB7-4251-A425-870E6629AE09}] => (Allow) ???????????????????????
FirewallRules: [{DA54DF9C-597C-4BB9-8B7F-B0F23C452A75}] => (Allow) ?????????????????????????
FirewallRules: [{DDE36089-0B2E-4D3F-8F33-75DF8605CAB0}] => (Allow) ???????????????????????e
FirewallRules: [{A8E85E91-5AB3-4B1F-8916-20AF5159B199}] => (Allow) ?????????????????????????e
() C:\Users\Larry\AppData\Local\WinDan\WinDanApp.exe
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Itibiti.exe" /f
EmptyTemp:
end
*****************

Restore point was successfully created.
HKU\S-1-5-21-1014703716-426910568-2868153028-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Windanexe => value removed successfully
"HKU\S-1-5-21-1014703716-426910568-2868153028-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bae3f4a-5a50-11e2-bc76-80c16e411526}" => key removed successfully
HKCR\CLSID\{6bae3f4a-5a50-11e2-bc76-80c16e411526} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1014703716-426910568-2868153028-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1014703716-426910568-2868153028-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13F7113D-17C7-4C9B-9720-8AC8CE3AD3E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13F7113D-17C7-4C9B-9720-8AC8CE3AD3E7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordWizard Auto Updater 1.10.0.24 Pending Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8476660B-7E3F-4B52-A998-2E3BDD934D80}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8476660B-7E3F-4B52-A998-2E3BDD934D80}" => key removed successfully
C:\Windows\System32\Tasks\Norton WSC Integration => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{903F7E8C-B8DA-419D-94B0-74A21D2B538E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{903F7E8C-B8DA-419D-94B0-74A21D2B538E}" => key removed successfully
C:\Windows\System32\Tasks\impo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\impo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98D8F255-2AB3-490A-A8DA-2830A3F7A13C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98D8F255-2AB3-490A-A8DA-2830A3F7A13C}" => key removed successfully
C:\Windows\System32\Tasks\{483F64F6-F60F-4AA3-BE8A-F9DA97639C5B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{483F64F6-F60F-4AA3-BE8A-F9DA97639C5B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B63005A-5FBF-498A-99E9-99387071932F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B63005A-5FBF-498A-99E9-99387071932F}" => key removed successfully
C:\Windows\System32\Tasks\MyDailyBackup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyDailyBackup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A28E5B3B-E88A-4966-9C2A-C2DF08B6CEEB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A28E5B3B-E88A-4966-9C2A-C2DF08B6CEEB}" => key removed successfully
C:\Windows\System32\Tasks\win => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\win" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B66E0DC7-B6E5-4F0D-A1D0-1DD38E19D4BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B66E0DC7-B6E5-4F0D-A1D0-1DD38E19D4BD}" => key removed successfully
C:\Windows\System32\Tasks\import => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\import" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B78C97D7-C52D-47CB-9F11-7ED07B6CCDA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B78C97D7-C52D-47CB-9F11-7ED07B6CCDA4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordWizard Auto Updater 1.10.0.24 Core => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC9C71AB-948C-4FD5-A3C1-1F7A163FFF66}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC9C71AB-948C-4FD5-A3C1-1F7A163FFF66}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8098518-28E8-4CCC-85ED-28CCA40F9475}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8098518-28E8-4CCC-85ED-28CCA40F9475}" => key removed successfully
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F004ACCB-CD79-4D28-8D6E-3F11DEB04D1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F004ACCB-CD79-4D28-8D6E-3F11DEB04D1C}" => key removed successfully
C:\Windows\System32\Tasks\Googleuptodate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Googleuptodate" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{896B34C8-1CB7-4251-A425-870E6629AE09} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA54DF9C-597C-4BB9-8B7F-B0F23C452A75} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDE36089-0B2E-4D3F-8F33-75DF8605CAB0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8E85E91-5AB3-4B1F-8916-20AF5159B199} => value removed successfully
[3304] C:\Users\Larry\AppData\Local\WinDan\WinDanApp.exe => process closed successfully.

========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Itibiti.exe" /f =========

The operation completed successfully.



========= End of Reg: =========

EmptyTemp: => 8.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:28:13 ====
Draymond Green is offline  
Old 01-27-2016, 12:33 AM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Draymond Green,

Did you uninstall Free Youtube Downloader?

Please do the following.

Launch Malwarebytes Anti-Malware

On the Dashboard, click the Scan Now button.
A check for database updates will be performed.
After the update check completes, a Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 01-29-2016, 07:54 PM   #11
Registered Member
 
Join Date: Dec 2015
Posts: 14
OS: Win7



Ran the Malware bytes scan. Didn't ask me to update until after I ran the scan. I have not run a second scan, but here is the log for the first scan.
Attached Files
File Type: txt mwlog.txt (1,012 Bytes, 10 views)
Draymond Green is offline  
Old 01-29-2016, 09:47 PM   #12
Registered Member
 
Join Date: Dec 2015
Posts: 14
OS: Win7



Decided to run Malwarebytes scan again after installing the update. Please see attached.
Attached Files
File Type: txt mw2log.txt (1.0 KB, 10 views)
Draymond Green is offline  
Old 01-31-2016, 11:21 PM   #13
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Please do the following.

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.
__________________
tekir06 is offline  
Old 02-03-2016, 06:39 PM   #14
Registered Member
 
Join Date: Dec 2015
Posts: 14
OS: Win7



Please see eset text file below. Took about 3.5 hours to run. Not sure if that's normal or not. PC no longer having crash issues or strange programs that pop up and take over the machine. I am also now receiving normal Microsoft updates when I turn on the PC.

Thanks


C:\Program Files\Quick PC Booster\StartApps.exe a variant of Win64/XportOptimizer.B potentially unwanted application
Draymond Green is offline  
Old 02-03-2016, 11:57 PM   #15
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Draymond Green,

We need to uninstall a program.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of program to uninstall:

Quick PC Booster >>>>>>> Please read

==============================================

Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.

  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 7

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 02-08-2016, 06:48 AM   #16
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Since this issue appears resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Surf Safely and Think Prevention!
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Weird Connection Problem
Current Situation: I have 3 Computers on 1 Network. 2/3 of the computer work flawlessly. This is about the third computer. I've reformed, and installed windows vista home, and now I have the weirdest connection problem. Currently using a Lynksys Wireless G Wi-Fi adapter WUSB54GC. (I have tested...
medalmonkey Windows 7 , Windows Vista Support 14 04-21-2012 01:23 AM
PC Performance Lapse - advice please?
Good evening chaps, I've tried a couple of things myself but my PC performance just won't return to its normal self. When I first bought my PC a couple of years ago, it was able to run games like WoW on consistent 60+ (sometimes way higher) FPS and even capable of running Crysis on fairly decent...
FlyingWolves PC Gaming Support 5 05-30-2011 06:32 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:05 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts