Jump to content

Internet Explorer has ( Mywebsearch) ?


auntiem
 Share

Recommended Posts

Went to internet Explorer and it changed..it has :IG: mywebsearch. :rollingpin: .. how do I get rid of this? , Need help please , will be looking for someones reply. Thanks

Below is my HJT

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:27:05 PM, on 3/23/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:Program Files (x86)Lexmark Pro800-Pro900 Serieslxecmon.exe
C:Program Files (x86)Lexmark Pro800-Pro900 Seriesezprint.exe
C:Program Files (x86)CalendarPalCalendarPal.exe
C:Program Files (x86)GarminExpress TrayExpressTray.exe
C:UsersOwnerAppDataRoamingSmileboxSmileboxTray.exe
C:Program Files (x86)Common FilesPC ToolssMonitorSSDMonitor.exe
C:Program Files (x86)Common FilesSpigotSearch SettingsSearchSettings.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:WindowsSysWOW64MacromedFlashFlashUtil32_11_6_602_180_ActiveX.exe
C:Program Files (x86)Windows LiveContactswlcomm.exe
C:Program Files (x86)Windows LiveMessengermsnmsgr.exe
C:Program Files (x86)Mozilla Firefoxfirefox.exe
C:Program Files (x86)Windows LiveMailwlmail.exe
C:UsersOwnerDownloadsHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^CD^xdm147^YY^us&ptb=6BED0AC1-E5DD-41DB-84E7-62246B65FBDF&si=184459
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:Program Files (x86)YTD ToolbarIE7.0ytdToolbarIE.dll
R3 - URLSearchHook: (no name) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:Program FilesLexmark Toolbartoolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Speckie - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:UsersOwnerAppDataRoamingSpeckiebin32Speckie32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:Program FilesLexmark Printable Webbho.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll
O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:Program Files (x86)YTD ToolbarIE7.0ytdToolbarIE.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:Program FilesLexmark Toolbartoolband.dll
O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:Program Files (x86)YTD ToolbarIE7.0ytdToolbarIE.dll
O4 - HKLM..Run: [Lexmark Pro800-Pro900 Series] "C:Program Files (x86)Lexmark Pro800-Pro900 Seriesfm3032.exe" /s
O4 - HKLM..Run: [sSDMonitor] C:Program Files (x86)Common FilesPC ToolssMonitorSSDMonitor.exe
O4 - HKLM..Run: [bingDesktop] C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe /fromkey
O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [searchSettings] "C:Program Files (x86)Common FilesSpigotSearch SettingsSearchSettings.exe"
O4 - HKLM..RunOnce: [Malwarebytes Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe /install /silent
O4 - HKCU..Run: [smartAudio] C:Program FilesCONEXANTSAIISAIICpl.exe /c
O4 - HKCU..Run: [CalendarPal] C:Program Files (x86)CalendarPalCalendarPal.exe -min
O4 - HKCU..Run: [GarminExpressTrayApp] "C:Program Files (x86)GarminExpress TrayExpressTray.exe"
O4 - HKCU..Run: [smileboxTray] "C:UsersOwnerAppDataRoamingSmileboxSmileboxTray.exe"
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:Windowssystem32GPhotos.scr/200
O9 - Extra button: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra button: (no name) - {E6846530-6088-4AA3-932F-C6245CE59A4C} - C:UsersOwnerAppDataRoamingSpeckiebin32Speckie32.dll
O9 - Extra 'Tools' menuitem: Speckie Settings - {E6846530-6088-4AA3-932F-C6245CE59A4C} - C:UsersOwnerAppDataRoamingSpeckiebin32Speckie32.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSkype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:Program Files (x86)Application UpdaterApplicationUpdater.exe
O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:Program Files (x86)GarminCore Update ServiceGarmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:Windowssystem32spoolDRIVERSx643lxecserv.exe
O23 - Service: lxec_device - - C:Windowssystem32lxeccoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:Program Files (x86)Common FilesPC ToolssMonitorStartManSvc.exe
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--
End of file - 12588 bytes

Link to comment
Share on other sites

Hi auntiem,

 

:wp:

 

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

[*]I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

[*]The fixes are specific to your problem and should only be used for the issues on this machine.

[*]Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

[*]It's often worth reading through these instructions and printing them for ease of reference.

[*]If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

[*]Please reply to this thread. Do not start a new topic.

As we work through your logs. Please remember to run any tools by Right-clicking on the icon and selecting Run As Administrator....

 

Please download Malwarebytes' Anti-Malware to your desktop.

[*]Double-click mbam-setup.exe and follow the prompts to install the program.

[*]At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

[*]If an update is found, it will download and install the latest version.

[*]Once the program has loaded, select Perform quick scan, then click Scan.

[*]When the scan is complete, click OK, then Show Results to view the results.

[*]Be sure that everything is checked, and click Remove Selected.

[*]When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

[*]Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also,

 

AdwCleaner

[*]Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.

[*]Double click on AdwCleaner.exe to run the tool.

[*]Click on Delete.

[*]Confirm each time with Ok.

[*]Your computer will be rebooted automatically. A text file will open after the restart.

[*]Please post the content of that logfile with your next answer.

[*]You can find the logfile at C:AdwCleaner[s1].txt as well.

Link to comment
Share on other sites

thanks Tomk for the fast response and help. Below is my Malwarebytes results: Malwarebytes Anti-Malware 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.03.23.11Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Owner :: OWNER-PC [administrator]3/24/2013 12:22:32 AMmbam-log-2013-03-24 (00-22-32).txtScan type: Full scan (C:|D:|Q:|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 315175Time elapsed: 34 minute(s), 38 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)

 

 

 

 

# AdwCleaner v2.115 - Logfile created 03/24/2013 at 01:18:44# Updated 17/03/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Owner - OWNER-PC# Boot Mode : Normal# Running from : C:UsersOwnerDownloadsadwcleaner.exe# Option [Delete]***** [services] *****Stopped & Deleted : Application Updater***** [Files / Folders] *****File Deleted : C:ENDFile Deleted : C:user.jsFolder Deleted : C:Program Files (x86)Application UpdaterFolder Deleted : C:Program Files (x86)Common FilesspigotFolder Deleted : C:Program Files (x86)ConduitFolder Deleted : C:Program Files (x86)CouponAlert_2pFolder Deleted : C:Program Files (x86)GreenTree ApplicationsFolder Deleted : C:ProgramDataBabylonFolder Deleted : C:ProgramDataTarma InstallerFolder Deleted : C:ProgramDataWeCareReminderFolder Deleted : C:UsersOwnerAppDataLocalConduitFolder Deleted : C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionsbdhffggcfjnkigeciffmipblemhphbjlFolder Deleted : C:UsersOwnerAppDataLocalTempboost_interprocessFolder Deleted : C:UsersOwnerAppDataLocalLowBabylonToolbarFolder Deleted : C:UsersOwnerAppDataLocalLowConduitFolder Deleted : C:UsersOwnerAppDataLocalLowPriceGongFolder Deleted : C:UsersOwnerAppDataLocalLowSearch SettingsFolder Deleted : C:UsersOwnerAppDataRoamingBabylonFolder Deleted : C:UsersOwnerAppDataRoamingOpenCandy***** [Registry] *****Key Deleted : HKCUSoftwareAppDataLowSoftwareConduitKey Deleted : HKCUSoftwareAppDataLowSoftwareConduitSearchScopesKey Deleted : HKCUSoftwareAppDataLowSoftwareCouponAlert_2pKey Deleted : HKCUSoftwareAppDataLowSoftwareCrossriderKey Deleted : HKCUSoftwareAppDataLowSoftwareiWonKey Deleted : HKCUSoftwareAppDataLowSoftwarePriceGongKey Deleted : HKCUSoftwareAppDataLowSoftwareSearch SettingsKey Deleted : HKCUSoftwareAppDataLowSoftwareSmartBarKey Deleted : HKCUSoftwareConduitKey Deleted : HKCUSoftwareCouponAlert_2pKey Deleted : HKCUSoftwareCr_InstallerKey Deleted : HKCUSoftwareGreenTree ApplicationsKey Deleted : HKCUSoftwareIMKey Deleted : HKCUSoftwareImInstallerKey Deleted : HKCUSoftwareMicrosoftBabylonKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{F3FEE66E-E034-436A-86E4-9690573BEE8A}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{23B38049-323F-443D-9732-F454E5B15B72}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F3FEE66E-E034-436A-86E4-9690573BEE8A}Key Deleted : HKCUSoftwareSearch SettingsKey Deleted : HKCUSoftwareSoftonicKey Deleted : HKCUSoftwarewecarereminderKey Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}Key Deleted : HKLMSoftwareApplication UpdaterKey Deleted : HKLMSoftwareBabylonKey Deleted : HKLMSOFTWAREClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLMSOFTWAREClassesBabylon.dskBnd.1Key Deleted : HKLMSOFTWAREClassesbbylnApp.appCore.1Key Deleted : HKLMSOFTWAREClassesescort.escortIEPane.1Key Deleted : HKLMSOFTWAREClassesProd.capKey Deleted : HKLMSOFTWAREClassesToolbar.CT3198785Key Deleted : HKLMSOFTWAREClassesTypeLib{6E8BF012-2C85-4834-B10A-1B31AF173D70}Key Deleted : HKLMSoftwareConduitKey Deleted : HKLMSoftwareCouponAlert_2pKey Deleted : HKLMSoftwareFreeze.comKey Deleted : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASAPI32Key Deleted : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASMANCSKey Deleted : HKLMSOFTWAREMicrosoftTracingincredibar_install_RASAPI32Key Deleted : HKLMSOFTWAREMicrosoftTracingincredibar_install_RASMANCSKey Deleted : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASAPI32Key Deleted : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASMANCSKey Deleted : HKLMSOFTWAREMicrosoftTracingVid-Saver_RASAPI32Key Deleted : HKLMSOFTWAREMicrosoftTracingVid-Saver_RASMANCSKey Deleted : HKLMSoftwareSearch SettingsKey Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{F3FEE66E-E034-436A-86E4-9690573BEE8A}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{1AD27395-1659-4DFF-A319-2CFA243861A5}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{706D4A4B-184A-4434-B331-296B07493D2D}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{8BE10F21-185F-4CA0-B789-9921674C3993}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{94C0B25D-3359-4B10-B227-F96A77DB773F}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{B173667F-8395-4317-8DD6-45AD1FE00047}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{B32672B3-F656-46E0-B584-FE61C0BB6037}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{C2996524-2187-441F-A398-CD6CB6B3D020}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{E047E227-5342-4D94-80F7-CFB154BF55BD}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{E77EEF95-3E83-4BB8-9C0D-4A5163774997}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F3FEE66E-E034-436A-86E4-9690573BEE8A}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstall{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}Key Deleted : HKLMSOFTWAREClassesInterface{004EB151-885B-4A9E-A22D-CA98DD998D75}Key Deleted : HKLMSOFTWAREClassesInterface{041278C7-DF92-486D-AE85-921BDFC75A43}Key Deleted : HKLMSOFTWAREClassesInterface{0F1794F2-900B-4C81-8146-9234E5CC5BE2}Key Deleted : HKLMSOFTWAREClassesInterface{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}Key Deleted : HKLMSOFTWAREClassesInterface{21D9997E-5D2A-4737-BCBA-C958C0590295}Key Deleted : HKLMSOFTWAREClassesInterface{23119123-0854-469D-807A-171568457991}Key Deleted : HKLMSOFTWAREClassesInterface{36A7148B-639E-423C-90BB-30B6E1A40BD7}Key Deleted : HKLMSOFTWAREClassesInterface{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}Key Deleted : HKLMSOFTWAREClassesInterface{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}Key Deleted : HKLMSOFTWAREClassesInterface{56965DCF-718F-4148-BECF-5A2B466F4556}Key Deleted : HKLMSOFTWAREClassesInterface{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}Key Deleted : HKLMSOFTWAREClassesInterface{5F701D7D-C869-41F0-B0E2-8136F02B539C}Key Deleted : HKLMSOFTWAREClassesInterface{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}Key Deleted : HKLMSOFTWAREClassesInterface{65D8E17B-312E-4E12-913B-A841A8631143}Key Deleted : HKLMSOFTWAREClassesInterface{6BDA50D2-5597-4C68-A842-9B857FCCDA49}Key Deleted : HKLMSOFTWAREClassesInterface{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}Key Deleted : HKLMSOFTWAREClassesInterface{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}Key Deleted : HKLMSOFTWAREClassesInterface{706D4A4B-184A-4434-B331-296B07493D2D}Key Deleted : HKLMSOFTWAREClassesInterface{860AF5D1-0735-409D-8E5F-E3E99356D7E9}Key Deleted : HKLMSOFTWAREClassesInterface{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}Key Deleted : HKLMSOFTWAREClassesInterface{8BE10F21-185F-4CA0-B789-9921674C3993}Key Deleted : HKLMSOFTWAREClassesInterface{92580E8C-88F5-4551-9D9E-8147E7EE2C32}Key Deleted : HKLMSOFTWAREClassesInterface{94C0B25D-3359-4B10-B227-F96A77DB773F}Key Deleted : HKLMSOFTWAREClassesInterface{A0636D37-97D0-4DC4-95A6-93AABA07437F}Key Deleted : HKLMSOFTWAREClassesInterface{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}Key Deleted : HKLMSOFTWAREClassesInterface{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}Key Deleted : HKLMSOFTWAREClassesInterface{B173667F-8395-4317-8DD6-45AD1FE00047}Key Deleted : HKLMSOFTWAREClassesInterface{B32672B3-F656-46E0-B584-FE61C0BB6037}Key Deleted : HKLMSOFTWAREClassesInterface{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}Key Deleted : HKLMSOFTWAREClassesInterface{C2996524-2187-441F-A398-CD6CB6B3D020}Key Deleted : HKLMSOFTWAREClassesInterface{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}Key Deleted : HKLMSOFTWAREClassesInterface{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}Key Deleted : HKLMSOFTWAREClassesInterface{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}Key Deleted : HKLMSOFTWAREClassesInterface{E047E227-5342-4D94-80F7-CFB154BF55BD}Key Deleted : HKLMSOFTWAREClassesInterface{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}Key Deleted : HKLMSOFTWAREClassesInterface{E77EEF95-3E83-4BB8-9C0D-4A5163774997}Key Deleted : HKLMSOFTWAREClassesInterface{EAB77009-B974-48DF-8229-E70CFAA11C69}Key Deleted : HKLMSOFTWAREClassesInterface{EBAA6283-B61F-4DDD-9659-56635433A307}Key Deleted : HKLMSOFTWAREClassesInterface{EFB0C189-5077-4340-9838-AF7B8E792A54}Key Deleted : HKLMSOFTWAREClassesInterface{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}Key Deleted : HKLMSOFTWAREClassesInterface{F9D45087-1CF1-452E-9649-FDFDAC578E03}Key Deleted : HKLMSOFTWAREClassesInterface{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}Key Deleted : HKLMSOFTWARETarma InstallerValue Deleted : HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]Value Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun [searchSettings]Value Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]***** [internet Browsers] *****- Internet Explorer v9.0.8112.16470Replaced : [HKCUSoftwareMicrosoftInternet ExplorerMain - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^CD^xdm147^YY^us&ptb=6BED0AC1-E5DD-41DB-84E7-62246B65FBDF&si=184459 --> hxxp://www.google.com- Mozilla Firefox v19.0.2 (en-US)File : C:UsersOwnerAppDataRoamingMozillaFirefoxProfiles9cht6u4l.defaultprefs.js[OK] File is clean.- Google Chrome v [unable to get version]File : C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultPreferences[OK] File is clean.*************************AdwCleaner[R1].txt - [11167 octets] - [24/03/2013 01:16:11]AdwCleaner[R2].txt - [11228 octets] - [24/03/2013 01:18:26]AdwCleaner[s1].txt - [11406 octets] - [24/03/2013 01:18:44]########## EOF - C:AdwCleaner[s1].txt - [11467 octets] ##########

Edited by auntiem
Link to comment
Share on other sites

Let's get an online scan. This takes quite awhile to run.

 

Go here to run an online scanner from ESET.

[*]Turn off the real time scanner of any existing antivirus program while performing the online scan

[*]Tick the box next to YES, I accept the Terms of Use.

[*]Click Start

[*]When asked, allow the activeX control to install

[*]Click Start

[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.

[*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

[*]Click Scan

[*]Wait for the scan to finish

[*]When the scan completes, press the LIST OF THREATS FOUND button

[*]Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop

[*]Include the contents of this report in your next reply.

[*]Press the BACK button.

[*]Press Finish

[*]Also, please let me know how things seem to be running.

Link to comment
Share on other sites

Tomk, After running Adwcleaner, when opeining internet Explorer the ( Mywebsearch) search bar was gone. But when doing the ESET I see it's still around along with alot of other nasty's.

 

Question...Does it matter which browser you use to run these things.? I used Internet Explorer.

 

Just to let you know, my firefox had the same thing in it ( mywebsearch) I uninstalled it, and reinstalled and it was gone. ( T think...thought it was gone in internet Explorer until doing the ESET SCAN.

 

Below is the results of the ESET SCAN... and again thanks for helping

 

C:Program Files (x86)CouponAlert_2pEIInstallr1.bin2pEIPlug.dll Win32/Toolbar.MyWebSearch applicationC:Program Files (x86)CouponAlert_2pEIInstallr1.bin2pEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q applicationC:Program Files (x86)CouponAlert_2pEIInstallr1.binNP2pEISb.dll Win32/Toolbar.MyWebSearch applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.10 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.11 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.12 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.13 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.14 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.15 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.16 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.17 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.18 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.19 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.20 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.21 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.5 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.6 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.7 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.8 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarFFcomponentsytdFF.dll.9 a variant of Win32/Toolbar.Widgi applicationC:Program Files (x86)YTD ToolbarIE7.0ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi applicationC:UsersOwnerAppDataLocalLowCouponAlert_2pEIInstallrCache0005F565.exe a variant of Win32/Toolbar.MyWebSearch.O applicationC:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.017f4d6291-63a9f5d6 a variant of Java/Exploit.CVE-2013-0422.AJ trojanC:UsersOwnerDownloads2012_Dairy_Princess_Handbook_pdf_downloader.exe probably a variant of Win32/YourFileDownloader.A applicationC:UsersOwnerDownloadsPageRageGCSetup (1).exe multiple threatsC:UsersOwnerDownloadsPageRageGCSetup (2).exe multiple threatsC:UsersOwnerDownloadsPageRageGCSetup.exe multiple threatsC:WindowsInstaller1437a63.msi a variant of Win32/Toolbar.Widgi application

Link to comment
Share on other sites

Internet explorer is/was fine for the scan.

 

With the other tools we took care of the "active" running of the garbage. What you see in this scan is the installer(s) that will reinstall it if ran.

 

Let's get rid of what was found.

 

Please download the OTM by OldTimer.

[*]Save it to your desktop.

[*]Please double-click OTM.exe to run it.

(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

[*]Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes:FilesC:Program Files (x86)CouponAlert_2pEIInstallrC:Program Files (x86)YTD ToolbarC:UsersOwnerAppDataLocalLowCouponAlert_2pEIC:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.0C:UsersOwnerDownloadsPageRageGCSetup (1).exeC:UsersOwnerDownloadsPageRageGCSetup (2).exeC:UsersOwnerDownloadsPageRageGCSetup.exeC:WindowsInstaller1437a63.msiC:UsersOwnerDownloads2012_Dairy_Princess_Handbook_pdf_downloader.exe:Commands[purity][emptytemp][start explorer][Reboot]
[*]Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

[*]Click the red Moveit! button.

[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

[*]Close OTM

[*]Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:_OTMMovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Link to comment
Share on other sites

All processes killed========== PROCESSES ==================== FILES ==========C:Program Files (x86)CouponAlert_2pEIInstallr1.bin folder moved successfully.C:Program Files (x86)CouponAlert_2pEIInstallr folder moved successfully.C:Program Files (x86)YTD ToolbarResLang folder moved successfully.C:Program Files (x86)YTD ToolbarRes folder moved successfully.C:Program Files (x86)YTD ToolbarIE7.0 folder moved successfully.C:Program Files (x86)YTD ToolbarIE folder moved successfully.C:Program Files (x86)YTD ToolbarFFcomponents folder moved successfully.C:Program Files (x86)YTD ToolbarFFchrome folder moved successfully.C:Program Files (x86)YTD ToolbarFF folder moved successfully.C:Program Files (x86)YTD Toolbar folder moved successfully.C:UsersOwnerAppDataLocalLowCouponAlert_2pEIInstallrCache folder moved successfully.C:UsersOwnerAppDataLocalLowCouponAlert_2pEIInstallr folder moved successfully.C:UsersOwnerAppDataLocalLowCouponAlert_2pEI folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.0tmp folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.0muffin folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.0host folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.09 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.08 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.07 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.063 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.062 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.061 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.060 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.06 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.059 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.058 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.057 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.056 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.055 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.054 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.053 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.052 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.051 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.050 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.05 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.049 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.048 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.047 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.046 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.045 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.044 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.043 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.042 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.041 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.040 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.04 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.039 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.038 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.037 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.036 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.035 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.034 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.033 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.032 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.031 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.030 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.03 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.029 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.028 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.027 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.026 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.025 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.024 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.023 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.022 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.021 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.020 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.02 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.019 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.018 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.017 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.016 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.015 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.014 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.013 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.012 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.011 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.010 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.01 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.00 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.0 folder moved successfully.C:UsersOwnerDownloadsPageRageGCSetup (1).exe moved successfully.C:UsersOwnerDownloadsPageRageGCSetup (2).exe moved successfully.C:UsersOwnerDownloadsPageRageGCSetup.exe moved successfully.C:WindowsInstaller1437a63.msi moved successfully.C:UsersOwnerDownloads2012_Dairy_Princess_Handbook_pdf_downloader.exe moved successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 58264 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Owner->Temp folder emptied: 382492 bytes->Temporary Internet Files folder emptied: 23250632 bytes->Java cache emptied: 0 bytes

Link to comment
Share on other sites

With that... you should be good to go.

a little housekeeping:

Cleanup

  • [*]Double click on
OTM to run it. [*]Click on CleanUp! [*]When done, you will be prompted to restart your computer. Please restart your computer. [*]The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

Link to comment
Share on other sites

I seen I had to reboot to finish the possess as you described above

Here are the results of that

Everything ok now, as far as you can see?

All processes killed========== PROCESSES ==================== FILES ==========C:Program Files (x86)CouponAlert_2pEIInstallr1.bin folder moved successfully.C:Program Files (x86)CouponAlert_2pEIInstallr folder moved successfully.C:Program Files (x86)YTD ToolbarResLang folder moved successfully.C:Program Files (x86)YTD ToolbarRes folder moved successfully.C:Program Files (x86)YTD ToolbarIE7.0 folder moved successfully.C:Program Files (x86)YTD ToolbarIE folder moved successfully.C:Program Files (x86)YTD ToolbarFFcomponents folder moved successfully.C:Program Files (x86)YTD ToolbarFFchrome folder moved successfully.C:Program Files (x86)YTD ToolbarFF folder moved successfully.C:Program Files (x86)YTD Toolbar folder moved successfully.C:UsersOwnerAppDataLocalLowCouponAlert_2pEIInstallrCache folder moved successfully.C:UsersOwnerAppDataLocalLowCouponAlert_2pEIInstallr folder moved successfully.C:UsersOwnerAppDataLocalLowCouponAlert_2pEI folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.0tmp folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.0muffin folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.0host folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.09 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.08 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.07 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.063 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.062 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.061 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.060 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.06 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.059 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.058 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.057 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.056 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.055 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.054 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.053 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.052 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.051 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.050 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.05 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.049 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.048 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.047 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.046 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.045 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.044 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.043 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.042 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.041 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.040 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.04 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.039 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.038 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.037 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.036 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.035 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.034 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.033 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.032 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.031 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.030 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.03 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.029 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.028 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.027 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.026 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.025 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.024 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.023 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.022 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.021 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.020 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.02 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.019 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.018 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.017 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.016 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.015 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.014 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.013 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.012 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.011 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.010 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.01 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.00 folder moved successfully.C:UsersOwnerAppDataLocalLowSunJavaDeploymentcache6.0 folder moved successfully.C:UsersOwnerDownloadsPageRageGCSetup (1).exe moved successfully.C:UsersOwnerDownloadsPageRageGCSetup (2).exe moved successfully.C:UsersOwnerDownloadsPageRageGCSetup.exe moved successfully.C:WindowsInstaller1437a63.msi moved successfully.C:UsersOwnerDownloads2012_Dairy_Princess_Handbook_pdf_downloader.exe moved successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 58264 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Owner->Temp folder emptied: 382492 bytes->Temporary Internet Files folder emptied: 23250632 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 44274175 bytes->Google Chrome cache emptied: 0 bytes->Flash cache emptied: 59000 bytes User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%System32 .tmp files removed: 0 bytes%systemroot%System32 (64bit) .tmp files removed: 0 bytes%systemroot%System32drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 188591421 bytes%systemroot%system32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 33170 bytes%systemroot%system32configsystemprofileAppDataLocalLowSunJavaDeployment folder emptied: 560 bytes%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 67630 bytes%systemroot%sysnativeconfigsystemprofileAppDataLocalLowSunJavaDeployment folder emptied: 556 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 245.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 03242013_171643Files moved on Reboot...C:UsersOwnerAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.C:UsersOwnerAppDataLocalMozillaFirefoxProfiles9cht6u4l.defaultstartupCachestartupCache.4.little moved successfully.C:UsersOwnerAppDataLocalMozillaFirefoxProfiles9cht6u4l.defaultCache_CACHE_001_ moved successfully.C:UsersOwnerAppDataLocalMozillaFirefoxProfiles9cht6u4l.defaultCache_CACHE_002_ moved successfully.C:UsersOwnerAppDataLocalMozillaFirefoxProfiles9cht6u4l.defaultCache_CACHE_003_ moved successfully.C:UsersOwnerAppDataLocalMozillaFirefoxProfiles9cht6u4l.defaultCache_CACHE_MAP_ moved successfully.C:UsersOwnerAppDataLocalMozillaFirefoxProfiles9cht6u4l.default_CACHE_CLEAN_ moved successfully.Registry entries deleted on Reboot...

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...