Jump to content
Sign in to follow this  
nadalotta

Malware for 6 Days - Nothing is Helping

Recommended Posts

Hi,

 

I'm going nuts trying to get Malware off of my computer. I think it's just on Firefox because I'm on Opera and I'm not getting those spam screens.

 

When I discovered the problem, I downloaded Housecall and thought it would take maybe an hour - well, it's six days later and it's currently at 83%.

 

This is not the first Housecall that was downloaded - once, it was at 85% and shut down. It keeps shutting down when in the 80 percentage.

 

I thought perhaps there's too much stuff on my computer so I opened Windows Task Manager to see if there's something that I could delete. I deleted itunes because I wasn't using it. I'm not sure what else to delete, though.

 

Then I went to Performance on Task Manager.

 

The CUP Usage green picture showed 2%

Memory showed 1.985GB

 

At the bottom, there were Processes: 111; CPU Usage 6; Physical Memory: 60:

 

Under Physical Memory (MB) it says:

Total" 3325

Cached 1854

Free 1 (I've seen this go up to 6)

 

Is this why it's taking so darned long to get the Housecall scan done? (BTW, I went to Housecall and they charge a min of $79 which I just don't have so I'm hoping someone here will be able to help me. And I'm so thankful that I finally remembered this site's name!)

 

 

Edited to add: Sure enough, while 83% completed with the Housecall scan, my computer rebooted. I am not using anything right now - what's the use? Is there a different product that I can use that might actually finish scanning? Is the Physical Memory Free Category (1) what's making everything so slow? Please - I really need to have my computer for medical reasons. Thank you.

 

Thanks,

nadalotta

 

Vista Serv. Pack 2

Dell XPS XPS_420

Mem. 4.00 GB

Share this post


Link to post
Share on other sites

See if you can download Malwarebytes from here > http://downloads.malwarebytes.org/file/mbam/

Run it like this:

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let

MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

 

 

 

:geezer:

Share this post


Link to post
Share on other sites

Thank you so much for replying, caintry boy,

 

I wish I had thought to include it but I already have Malwarebytes Premium. (I also have IObit Malware Fighter).

 

I just remembered, every day, I get a Malware report with a bunch of PUPs and I have the option to Quarantine, Make Exception or something else. (No deleting). I've been clicking on Quarantine - some days there are three of these reports that pop up and other days, just one. On the average, there are about 19 PUPs each time. I'm assuming you know what a PUP is (Potentially Unwanted Program or something like that).

 

I'm doing the scan right now and will post when it's finished. Again, thank you so much. I've been hit with several medical diagnosis and need the internet to understand them - it's not like docs have the time to explain things fully nowadays.

Edited by nadalotta

Share this post


Link to post
Share on other sites

I've spent the better part of this year in and out of the hospital so I comprehend medical problems. ;)

You should have the option when looking at Quarantine to "Delete All", don't do it yet, lets see what your scan finds first.

 

 

 

 

:geezer:

Share this post


Link to post
Share on other sites

OK, here's the latest scan report. (I also have well over 100 files Quarantine). There is no Delete choice - choices are IGNORE ONCE, ADD EXCLUSION and QUARANTINE. Could it be because I have the Pro version??

 

 

Here's the report after I Quarantined the 17 PUPs:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/12/2014
Scan Time: 6:31:55 PM
Logfile: Mam12nov2014.txt
Administrator: Yes

Version: 0.00.0.0000
Malware Database: v2014.11.13.02
Rootkit Database: v2014.11.12.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Dee

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 453047
Time Elapsed: 20 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


And yet on Housecall, I've had 1, 3, 1 and 1 threats with none of the reports finishing.

 

Is there a deeper scan? I'm asking because when I go to Firefox, I get those pages that pop up all about c-o-u...p---o n--s. (Didn't want to make it one word).

 

Thanks again,

dee

Share this post


Link to post
Share on other sites

I'd delete the quarantined files. Do you have Adblock Plus? It's an add-on for Firefox that will cure the pop-ups, go to the menu button in upper right and click Add-On's when the window opens search for Adblock Plus and install it, along with the Adblock Plus Patch. Your pop-up problem should be over...

I'm going to refer to one of our Trusted Malware Techs to try and help you, hang on...

 

 

 

 

:geezer:

Share this post


Link to post
Share on other sites

Hi CB, Yes, I have AdBlock Plus.

 

In my original posting, I wrote about going to Task manager after days of trying to get HouseCalls to finish scanning. When I went to Performance on Task Manager:

 

The CUP Usage green picture showed 2%

Memory showed 1.985GB

At the bottom, there were Processes: 111; CPU Usage 6; Physical Memory: 60:

Under Physical Memory (MB) it says:

Total: 3325

Cached 1854
Free 1 (I've seen this go up to 6)

 

Shouldn't the 1 be much higher? Why has it taken days to let a program to complete?

 

Thanks again,

dee

Share this post


Link to post
Share on other sites

You may have 'adware' ... please follow both steps:

 

Download AdwCleaner by Xplode and save to your Desktop.

 

Step 1.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Step 2.

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[s#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder

 

******Post both .txt logs

Share this post


Link to post
Share on other sites

EDITED TO ADD: WHEN I CLICKED TO RUN THE FILE, THERE SEEMED TO BE AT LEAST 5 WHAT I THOUGHT WERE OFFERS. BELOW EACH ONE WAS THE WORDING TO ACCEPT OR DENY THE (CAN'T THINK OF THE WORD) RULES. I KEPT CLICKING DENY. SHOULD I HAVE CLICKED ACCEPT? I DID CLICK ON FILE OPENER - UGH. SO I DELETED IT, DELETED ADWCLEANER AND AM STARTING FROM THE BEGINNING. I amaze myself sometimes at doing something so dumb! :facepalm:

 

p.s. OK, I tried to download it again and waited for 25 mins; when I clicked to retry, I got a page that said it had expired after 10 mins. (well, thank you!) So I tried again and, this time, the box came up within 10 seconds. Also, the next boxes didn't look like the first time I ran the program - no offers for other products. Anyway, YAY - thanks again!

*******************************************************

 

 

Madame Maude,

 

Thank you very much. I'm going to follow your instructions after writing this. I just wanted to say that I tried to write to you earlier today and my computer rebooted again. When it came back up to the black screen with white writing giving options, such as hit enter to continue - which I did because I don't know what to do if I hit the other two options. Then a bunch of stuff came up on another black screen with white writing, including:

 

12613/12613

C:\Registry\Machine\system\Current Control set\Control\Cmf\Co....)

I tried "Escape" but nothing happened so.... I did another hard shutdown.

 

Then the screen came up with a bunch of IObot Registry Defrags. I wasn't sure what was going on so.... I did a hard shutdown. Nothing else worked. (I rarely do hard shutdowns - really!)

 

BTW, last night, I downloaded the update to IObot 8 Pro (which I've owned for several years) and ran a scan. It had a bunch of errors so I hit "Fix". Then I ran the scan immediately afterwards and there were a bunch of errors again. This happened three times before I gave up. Later, it rebooted.

 

I do have a question that I hope you can answer. I have this computer plus a Dell laptop with 8.1. Since I needed several programs on both computers, they were syncronized. (sp?) I really need to use my computer to pay some bills. Is it possible to use the laptop? If so, should I unplug the desktop so it won't syncronize?

 

Thank you again... I'm off to AdwCleaner!

 

dee aka nadalotta

Edited by nadalotta

Share this post


Link to post
Share on other sites

OK, here is the report - I didn't go through it to delete anything because it might be important. (Not sure if you can tell but I'm not exactly computer-literate). Just FYI, 98% of the time, I use Firefox and Chrome/Opera is about 1% each.... until lately. BTW, last week until a day or so ago when I opened Firefox on accident, the screen persona is one I've never chosen. I've never downloaded it but it's there - that's one thing that made me suspicious I had a problem. Anyway, here it is - if there's anything private that shouldn't be here, please let me know asap. Thanks SO much. OH - not sure if this means anything but I have an external hard drive that has used space of 295 GB and 1.53 TB available. I hope this AdwCleaner can work on that.

 

 

# AdwCleaner v4.101 - Report created 13/11/2014 at 15:41:16
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Donna - 2N03JH1
# Running from : C:\Users\Donna\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Application Updater
Service Found : ca82e1a5

***** [ Files / Folders ] *****

File Found : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\bProtector_extensions.rdf
File Found : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\bprotector_extensions.sqlite
File Found : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\bprotector_prefs.js
File Found : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\invalidprefs.js
File Found : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\user.js
Folder Found : C:\Program Files\AGI
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\AskBarDis
Folder Found : C:\Program Files\IObit Apps Toolbar
Folder Found : C:\Program Files\Optimizer Pro
Folder Found : C:\ProgramData\AGI
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\e701bcf45e5e669b
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found : C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
Folder Found : C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Folder Found : C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljagpkilagnnjglodjinldilnaphmeo
Folder Found : C:\Users\Donna\AppData\Local\PackageAware
Folder Found : C:\Users\Donna\AppData\Local\Temp\AskBarDis
Folder Found : C:\Users\Donna\AppData\LocalLow\AGI
Folder Found : C:\Users\Donna\AppData\Roaming\AGI
Folder Found : C:\Users\Donna\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Donna\AppData\Roaming\DSite
Folder Found : C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Found : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
Folder Found : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
Folder Found : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\Extensions\[email protected]
Folder Found : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\Extensions\[email protected]
Folder Found : C:\Users\Donna\AppData\Roaming\Optimizer Pro
Folder Found : C:\Users\Donna\Documents\Optimizer Pro
Folder Found : C:\Users\Donna_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Folder Found : C:\Windows\system32\config\systemprofile\AppData\Roaming\AGI

***** [ Scheduled Tasks ] *****

Task Found : Digital Sites
Task Found : DSite
Task Found : EPUpdater
Task Found : Optimizer Pro Schedule

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - profiles\alluse~1\applic~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll
Key Found : HKCU\Software\5b6ded9b43cec41
Key Found : HKCU\Software\AGI
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\AskBarDis
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Digital Sites
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\File Opener Packages
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zip Opener Packages
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\File Opener Packages
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\5b6ded9b43cec41
Key Found : HKLM\SOFTWARE\AGI
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592


-\\ Mozilla Firefox v33.1 (x86 en-US)

[ilt58l3p.default] - Line Found : user_pref("extensions.delta.admin", false);
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.aflt", "babsst");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.autoRvrt", "false");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.dfltLng", "en");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.excTlbr", false);
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.id", "4203efc4000000000000001e4ce6a5f5");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.instlDay", "15837");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.instlRef", "sst");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.newTab", false);
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.prdct", "delta");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.prtnrId", "delta");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.rvrt", "false");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.smplGrp", "none");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.tlbrId", "base");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.vrsn", "1.8.16.16");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.vrsnTs", "1.8.16.1612:15:01");
[ilt58l3p.default] - Line Found : user_pref("extensions.delta.vrsni", "1.8.16.16");
[ilt58l3p.default] - Line Found : user_pref("extensions.uuXNQfa3TpmO8JFY.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]

-\\ Google Chrome v38.0.2125.111

[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dajedkncpodkggklbegccjpmnglmnflm
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : fopdddcinljmpmioaklghcalngfhbaen
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : niapdbllcanepiiimjjndipklodoedlc
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : pfndaklgolladniicklehhancnlgocpp
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nfengeggddojhakldhlpjdlddgkkjkdd
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : jljagpkilagnnjglodjinldilnaphmeo

-\\ Opera v25.0.1614.68

[C:\Users\Donna\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [startup_URLs] : opera://startpage/#speeddial

*************************

AdwCleaner[R0].txt - [14570 octets] - [13/11/2014 15:41:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14631 octets] ##########

Share this post


Link to post
Share on other sites

OK, I thought I posted the "after Clean" Results but I guess not!

 

Here they are. BTW, I have a Java update and 4 Windows updates (weird - I thought it was 13 a few days ago) - I haven't updated them. Please let me know when it'll be safe. ALso, I have Mozy and I tried to suspend it but some days it didn't work out. Yuck. Thank you again.

 

# AdwCleaner v4.101 - Report created 13/11/2014 at 16:53:05
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Donna - 2N03JH1
# Running from : C:\Users\Donna\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Application Updater
Service Deleted : ca82e1a5

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AGI
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\e701bcf45e5e669b
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\AGI
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\AskBarDis
Folder Deleted : C:\Program Files\IObit Apps Toolbar
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Roaming\AGI
Folder Deleted : C:\Users\Donna\AppData\Local\PackageAware
Folder Deleted : C:\Users\Donna\AppData\Local\Temp\AskBarDis
Folder Deleted : C:\Users\Donna\AppData\LocalLow\AGI
Folder Deleted : C:\Users\Donna\AppData\Roaming\AGI
Folder Deleted : C:\Users\Donna\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Donna\AppData\Roaming\DSite
Folder Deleted : C:\Users\Donna\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\Donna\Documents\Optimizer Pro
Folder Deleted : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[!] Folder Deleted : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
Folder Deleted : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\Extensions\[email protected]
Folder Deleted : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\Extensions\[email protected]
Folder Deleted : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
Folder Deleted : C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
Folder Deleted : C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Folder Deleted : C:\Users\Donna_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Folder Deleted : C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljagpkilagnnjglodjinldilnaphmeo
File Deleted : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\bProtector_extensions.rdf
File Deleted : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\bprotector_prefs.js
File Deleted : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\invalidprefs.js
File Deleted : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\ilt58l3p.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Digital Sites
Task Deleted : DSite
Task Deleted : Optimizer Pro Schedule

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Deleted : HKCU\Software\5b6ded9b43cec41
Key Deleted : HKLM\SOFTWARE\5b6ded9b43cec41
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AGI
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\File Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Digital Sites
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zip Opener Packages
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\File Opener Packages
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - profiles\alluse~1\applic~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592


-\\ Mozilla Firefox v33.1 (x86 en-US)

[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.admin", false);
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.aflt", "babsst");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.dfltLng", "en");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.excTlbr", false);
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.id", "4203efc4000000000000001e4ce6a5f5");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.instlDay", "15837");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.instlRef", "sst");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.newTab", false);
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.prdct", "delta");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.rvrt", "false");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.smplGrp", "none");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrId", "base");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1612:15:01");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
[ilt58l3p.default\prefs.js] - Line Deleted : user_pref("extensions.uuXNQfa3TpmO8JFY.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]

-\\ Google Chrome v38.0.2125.111

[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dajedkncpodkggklbegccjpmnglmnflm
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fopdddcinljmpmioaklghcalngfhbaen
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : nfengeggddojhakldhlpjdlddgkkjkdd
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jljagpkilagnnjglodjinldilnaphmeo

-\\ Opera v25.0.1614.68

[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Donna\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [startup_URLs] : opera://startpage/#speeddial

*************************

AdwCleaner[R0].txt - [14712 octets] - [13/11/2014 15:41:16]
AdwCleaner[s0].txt - [15317 octets] - [13/11/2014 16:53:05]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [15378 octets] ##########

Share this post


Link to post
Share on other sites

You did good .... Do not install IObit again!!

 

Please download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

 

Save any unsaved work. TFC will close ALL open programs including your browser! Your Desktop will only show the background and nothing else... that's the way it should be. Let it run.

Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! Manually reboot the machine to ensure a complete clean.

 

After rebooting (restarting) your computer, please tell us if you're still having problems.

Share this post


Link to post
Share on other sites

Love it, Kurt!

 

Madame Maude,

 

Thank you so much for the additional advice. I just checked my Programs and I have IObit and IObit Uninstaller. Do you want me to use the IObit Uninstaller before doing anything else? (It was IObit that screwed up my system/allowed the malware in?)

 

While awaiting your reply, I'll go ahead and download TFC to my desktop. (I just don't want to blow it at this stage!)

 

Thank you again!

 

-d

 

ETA: OK this is weird! Before doing what you said to do above, I decided to check the Recycle Bin. I thought I'd deleted a handful of files there about a day ago (perhaps I'd also emptied the RB) and had later moved a file from my External Hard Drive to the Recycle Bin. The reason for moving the latter is because this one file was 1.23 GB. (Yes, GB)

When I opened the Recycle Bin just now to see if it was gone (it wasn't), a window popped up with "Roxio Creator Premium 10" - not sure if it said it was updating or not - it was so fast! So I went to my Start, All Programs, etc., and I do have Roxio Creator Prem 10 and have had it since I had this computer, over 4 years ago. I also found out it's in my Startup Folder. I didn't know that because I've never seen it pop up; also I know I have a lot of programs but many are turned off when starting up. (I know that because when I have my mouse on a certain icon on the right side of my Task Bar I get a window popping up which says there are many programs which are blocked at StartUp.) {The exact location for Roxio Creator Prem 10 is C:/ProgramData\Microsoft\Windows\Start Menu\Programs}

Does this change anything?

Edited by nadalotta

Share this post


Link to post
Share on other sites

ETA: Well, not so easy. I got rid of IObit Malware Fighter but am not able to delete IObit Apps Toolbar. A window pops up with:

The feature you are trying to use is on a network resource that is unavailable.

Click OK to try again, or enter an alternative path to a folder containing the installation package 'iobitapps Toolbar.msi' in the box below.

 

Use source:
C:\Users\Donna\AppData\Local\Temp\{ED170A52-B8CC-4CBE-AAB8-DA99CE2AB04F}\

 

To the right of the above Use Source (and all of those numbers), there is a browser box that I can click on.

 

HUH??? Should I do something with this or just go ahead with the TFC. I'm sorry for so many questions but I feel as though I'm close to the end and just don't want to ruin it! Thanks.

 

BTW, I clicked CANCEL to get that box off of my desktop and then I saw another box titled WINDOWS INSTALLER which had this wording: The installation source for this product is not available. Verify that the source exists and that you can access it.

 

I hope you have the patience to bear with all of my posts. While in the ControlPanel, I saw that I have Advanced System Care 8 Pro, Smart Defrag 3 and Surfing Protection all by Obit. Should they be deleted as well?

 

**************

 

Hello again Madam,

 

Well, I uninstalled the Iobit uninstaller but the IObit Malware Fighter program was still there and IObit Apps toolbar so I'm going to get rid of both. (I'm doing this via the Start, Control Panel, Programs, Uninstall a Program).

Edited by nadalotta

Share this post


Link to post
Share on other sites

Run TFC .... the 'source' is in a temporary file folder, which is what we want to get rid of.

 

Don't panic when all the icons are off your desktop and the toolbar (with start orb on it) aren't there any more. This is normal. Let the program run until it's finished! Then restart your computer.

Share this post


Link to post
Share on other sites

Hello again,

 

I was going to write something like, "You're not going to believe what I did" but, get real here, you would believe what I've done!

 

I clicked on the TFC.exe and a little box appeared with a bunch of numbers. Big numbers! I watched it because you said to manually restart. Well....... I answered the phone, said I would call back later, then came back to the computer to find that box gone. Nothing was going on at all. I was worried it would automatically restart so I did a Ctrl Alt Delete and chose to Log Off. After about a minute, the Start button appeared on the Task Bar so I clicked on that and restarted. Now it's up and running..

 

I'm worried that I interrupted the TFC process. Should I re-do the TFC.exe again? Thank you!

 

Also - just FYI, I've got Advanced System Care 8 by IObit on my task bar.

 

Thanks!

Edited by nadalotta

Share this post


Link to post
Share on other sites

Hello Madam,

 

I have to unplug my computer for about an hour but I don't know if it will screw up what you're helping me with.

 

I'll hold off for another 30 mins - if I don't hear anything, I'll go along and unplug. I realize you have a life so I may not hear from you within 30 mins - I figure whatever happens, it's meant to be.

 

Thank you very much again. I really do appreciate your help.

Share this post


Link to post
Share on other sites

Hello Madame,

 

I had a medical issue and had to medicate so was unable to be on the computer - but I'm back now!

 

I uninstalled Iobit 8 but still have Smart Defrag 3 & Surfing Protection by iObit - should they be deleted as well?

BTW, I do have Malware Bytes and MS Windows Essentials which I've updated and am scanning.

 

Am I finished with TFC.exe or will I be running it again after the questions above are answered?

 

Thanks!

Share this post


Link to post
Share on other sites

I'm sorry about your medical condition. I'll try to take care of your computer as you can reply ... I'm not going anywhere to leave you alone with this :)

 

Leave TFC on your computer.

 

You will need to remove/uninstall (not delete) both Smart Defrag 3 & Surfing Protection by iObit. Do you see them in Programs and Features?

If not, download DDS from one of these links:
DDS.com
DDS.pif

  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray

    [*]Save both reports to your desktop.


Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.
No need for that though ..... just post it's contents as you would any other log.

Share this post


Link to post
Share on other sites

ETA: When the bottom item is cleared up, you said to disable any script blocking protection. I checked Control > programs then did a search for "Script" - nothing. Then I came to Firefox and opened my add-ons (Ctrl then B ) and searched for script, finding NoScript which was disabled. Was there anywhere else to search? Thanks!

 

Hello again, Madam, and thank you for hanging in there with me!

 

The remaining two iObit programs are in the Control Panel > Programs area so I'll try to uninstall one at a time. Here we go!

(Guess I should have pressed "POST" after writing the above)...

 

OK, I uninstalled the Smart Defrag 3 with no probs. When I tried with the iObit Surf program, it began then a box came up with the following:

 

IObit Surfing Protection Uninstall

Some elements could not be removed. They can be removed manually. {Rut roh!} However, when I checked Control Panel > Programs, neither were there. (YAY)

 

 

So, should I still run the report or do I need to remove the manually pieces of the iObit program floating around inside of my computer?

 

Thanks again!

Edited by nadalotta

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...