Jump to content
Sign in to follow this  
mattyang

UNIDEAL POP UPS

Recommended Posts

Think my kid notebook pick up something nasty as he keeps getting redirected to ads website. And lots of UNIDEAL Popups appearing. Some information on his notebook:

 

HP ENVY 14 NOTEBOOK

WINDOWS 7 HOME PREMIUM

Intel ® Core i7 CPU Q720 @1.60Ghz

4 GB Ram

64 Bit operating System.

 

AVG Free EDITION 2015

 

Appreciate some guidance to clear this mess up. Thanks.

Edited by mattboy

Share this post


Link to post
Share on other sites

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
  • The THREAT SCAN will automatically begin.
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
  • After rebooting the computer, copy and paste the mbam.log in your next reply.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:

-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

~~~~~~~~~~~~~~~~`

 

BY4dvz9.pngAdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Post these 2 logs when finished.

Share this post


Link to post
Share on other sites

Hi Juliet, did the scan as advised and posting the following log result:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/4/2015
Scan Time: 10:11:07 AM
Logfile: Malwarebytes Scan Log.txt
Administrator: Yes
Version: 2.01.4.1018
Malware Database: v2015.04.10.08
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7
CPU: x64
File System: NTFS
User: Mattheus
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354534
Time Elapsed: 44 min, 53 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 24
PUP.Optional.Multiplug, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [f000482266244ee82752c474c73c33cd],
PUP.Optional.Multiplug, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [f000482266244ee82752c474c73c33cd],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, Quarantined, [e907fb6f4347cf67895229b5c0436b95],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [ee0282e890fa350146c0ac632bd9ea16],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Quarantined, [31bf7af0395189ad3a5e26ae0003649c],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, Quarantined, [ef0187e38109b97dac6a30993fc4ca36],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, Quarantined, [34bc5911ff8b84b29c3f6f6f15ee33cd],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [e010dd8d99f11c1acc29bf065aa9857b],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [18d80466f595c07615df5570b94a6b95],
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [d7195e0c1674013535d329aced1653ad],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [43ad6406dbafa492569cf7ce6c97c23e],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\HomeTab, Quarantined, [ce220664e5a584b2871826cd7e85c937],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\SearchProtectWS, Quarantined, [cd234a20692113239d5ac30231d21ce4],
PUP.Optional.TNT.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\TNT2, Quarantined, [b8380d5de0aa79bdd9f3685f7a897789],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\WajIntEnhance, Quarantined, [ef017feb3e4c5cda37e07851a360ca36],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [9c540c5e7c0e5cdaf22725e908fc01ff],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\INSTALLCORE, Quarantined, [727e2743b3d71b1b3fac47dc5da8cd33],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [43ad4d1dd6b4b87e6ebc15ad2dd6c040],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [e010f67490fac670250641818d7602fe],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, Quarantined, [90601e4c3f4b37ffe3493a8839cad828],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [648c84e64347d6609d9000c2ac5712ee],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [6888d9918604989efc3271516a99b44c],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, Quarantined, [5d9326444a4071c506ed5273f211b44c],
PUP.Optional.EZDownloader.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1, Quarantined, [4ea225450288b87e06388dfaeb18dd23],
Registry Values: 10
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartsearch.com/web/?type=ds&ts=1426580144&from=wpc&uid=WDCXWD6400BEVT-60A0RT0_WD-WXC1A709056590565&q={searchTerms}, Quarantined, [32be6901bad04ee878a9e1712cd9f50b]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartsearch.com/web/?type=ds&ts=1426580144&from=wpc&uid=WDCXWD6400BEVT-60A0RT0_WD-WXC1A709056590565&q={searchTerms}, Quarantined, [fef2e38739512c0adb46db77897cb14f]
PUP.Optional.CoolSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURL, http://websearch.coolsearches.info/favicon.ico, Quarantined, [45abf6747218c1755da8ba987d888a76]
PUP.Optional.CoolSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURLFallback, http://websearch.coolsearches.info/favicon.ico, Quarantined, [36baf3770288043240c58dc5cb3a22de]
PUP.Optional.CoolSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|URL, http://websearch.coolsearches.info/?l=1&q={searchTerms}&pid=20494&r=2015/03/17&hid=10414075307976941094&lg=EN&cc=SG&unqvl=85, Quarantined, [ca26abbf1f6b89adc63f143ed33218e8]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\INSTALLCORE|tb, 0N2X1N, Quarantined, [727e2743b3d71b1b3fac47dc5da8cd33]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartsearch.com/web/?type=ds&ts=1426580144&from=wpc&uid=WDCXWD6400BEVT-60A0RT0_WD-WXC1A709056590565&q={searchTerms}, Quarantined, [628ec9a1206a280e72ae66ec19ec56aa]
PUP.Optional.CoolSearches.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURL, http://websearch.coolsearches.info/favicon.ico, Quarantined, [fdf30d5d434739fdf3115ef475906a96]
PUP.Optional.CoolSearches.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURLFallback, http://websearch.coolsearches.info/favicon.ico, Quarantined, [826efc6e8cfe61d5a163bb9772938977]
PUP.Optional.CoolSearches.A, HKU\S-1-5-21-2709936447-2891915958-3838061216-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|URL, http://websearch.coolsearches.info/?l=1&q={searchTerms}&pid=20494&r=2015/03/17&hid=10414075307976941094&lg=EN&cc=SG&unqvl=85, Quarantined, [d51bc2a8cebc979fe420f260da2bdf21]
Registry Data: 11
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=hp&ts=1426580144&from=wpc&uid=WDCXWD6400BEVT-60A0RT0_WD-WXC1A709056590565, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&ts=1426580144&from=wpc&uid=WDCXWD6400BEVT-60A0RT0_WD-WXC1A709056590565),Replaced,[3fb14525f8925adccd274aa9ce37639d]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type=ds&ts=1426580144&from=wpc&uid=WDCXWD6400BEVT-60A0RT0_WD-WXC1A709056590565&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1426580144&from=wpc&uid=WDCXWD6400BEVT-60A0RT0_WD-WXC1A709056590565&q={searchTerms}),Replaced,[13dd72f88ffbf83eaf456d86e0257c84]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[5f912545f3975fd7618bdc235aab35cb]
PUP.Optional.CoolSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.coolsearches.info/?pid=20494&r=2015/03/17&hid=10414075307976941094&lg=EN&cc=SG&unqvl=85, Good: (www.google.com), Bad: (http://websearch.coolsearches.info/?pid=20494&r=2015/03/17&hid=10414075307976941094&lg=EN&cc=SG&unqvl=85),Replaced,[737d1a50b4d679bdf4b96f84778ee21e]
Folders: 5
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader, Quarantined, [4ea225450288b87e06388dfaeb18dd23],
PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader, Quarantined, [8f6179f1375349ed1c55edb6ca39d729],
PUP.Optional.UniDeals.A, C:\Program Files (x86)\UniDeals, Quarantined, [05ebdd8d24660234c2b6cedbef145ca4],
PUP.Optional.EzDownloader.A, C:\Users\Mattheus\AppData\Roaming\EZDownloader, Quarantined, [6c848ddd31593105aa7ed9d96f94a15f],
PUP.Optional.EzDownloader.A, C:\Users\Mattheus\AppData\Roaming\EZDownloader\Errors, Quarantined, [6c848ddd31593105aa7ed9d96f94a15f],
Files: 21
PUP.Optional.EZDownloader.A, C:\Users\Mattheus\AppData\Local\Temp\E380\temp\EzDownloader_setup.exe, Quarantined, [ab45b7b31773dc5a685a0d148f71b749],
PUP.Optional.MultiPlug.A, C:\Users\Mattheus\AppData\Local\Temp\E380\temp\hpds_setup.exe, Quarantined, [d71978f2b8d2be78b88b50105ea4d52b],
PUP.Optional.EZDownloader.A, C:\Users\Mattheus\AppData\Local\Temp\11E0\temp\EzDownloader_setup.exe, Quarantined, [ee0289e1503a8caa269c32ef9d63db25],
PUP.Optional.EZDownloader.A, C:\Users\Mattheus\AppData\Local\Temp\5AB0\temp\EzDownloader_setup.exe, Quarantined, [ca260466f89260d6695930f1ff0145bb],
PUP.Optional.MultiPlug.A, C:\Users\Mattheus\AppData\Local\Temp\5AB0\temp\hpds_setup.exe, Quarantined, [98586406e5a548ee93b0253bde24b54b],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Core.dll, Quarantined, [4ea225450288b87e06388dfaeb18dd23],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.exe, Quarantined, [4ea225450288b87e06388dfaeb18dd23],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.exe.config, Quarantined, [4ea225450288b87e06388dfaeb18dd23],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Extension.dll, Quarantined, [4ea225450288b87e06388dfaeb18dd23],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Spider.dll, Quarantined, [4ea225450288b87e06388dfaeb18dd23],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\ICSharpCode.SharpZipLib.dll, Quarantined, [4ea225450288b87e06388dfaeb18dd23],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\Interop.SHDocVw.dll, Quarantined, [4ea225450288b87e06388dfaeb18dd23],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\TabStrip.dll, Quarantined, [4ea225450288b87e06388dfaeb18dd23],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\unins000.dat, Quarantined, [4ea225450288b87e06388dfaeb18dd23],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\unins000.exe, Quarantined, [4ea225450288b87e06388dfaeb18dd23],
PUP.Optional.UniDeals.A, C:\Program Files (x86)\UniDeals\0MGIXeqRosp4Ko.dat, Quarantined, [05ebdd8d24660234c2b6cedbef145ca4],
PUP.Optional.UniDeals.A, C:\Program Files (x86)\UniDeals\cGIfub2Jq384Kt.dat, Quarantined, [05ebdd8d24660234c2b6cedbef145ca4],
PUP.Optional.UniDeals.A, C:\Program Files (x86)\UniDeals\JLSdekSd7ttPwm.dat, Quarantined, [05ebdd8d24660234c2b6cedbef145ca4],
PUP.Optional.UniDeals.A, C:\Program Files (x86)\UniDeals\JLSdekSd7ttPwm.tlb, Quarantined, [05ebdd8d24660234c2b6cedbef145ca4],
PUP.Optional.MyStartSearch.A, C:\Users\Mattheus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ( "homepage": "http://www.mystartsearch.com/?type=hp&ts=1426580144&from=wpc&uid=WDCXWD6400BEVT-60A0RT0_WD-WXC1A709056590565",), Replaced,[915f4e1c4c3e7fb733bbd5668a7c2ad6]
PUP.Optional.ASK.A, C:\Users\Mattheus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ( "homepage": "http://www.search.ask.com/?gct=hp",), Replaced,[50a0501a7218d066b8ccb08ffd097e82]
# AdwCleaner v4.201 - Logfile created 11/04/2015 at 11:05:32
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [server]
# Operating system : Windows 7 Home Premium (x64)
# Username : Mattheus - MATTHEUS-HP
# Running from : C:\Users\Mattheus\Downloads\adwcleaner_4.201.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : vToolbarUpdater18.1.10
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\AVG Secure Search
[!] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[!] Folder Deleted : C:\Program Files (x86)\Check Point Software Technologies LTD
[!] Folder Deleted : C:\Program Files (x86)\UaniDeAlse
[!] Folder Deleted : C:\Program Files (x86)\UniDeailse
[!] Folder Deleted : C:\Program Files (x86)\UniDealSa
[!] Folder Deleted : C:\Program Files (x86)\UnIDeeAALLSSi
[!] Folder Deleted : C:\Program Files (x86)\UniDeeals
[!] Folder Deleted : C:\Program Files (x86)\youtubeadblocker
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\Mattheus\AppData\LocalLow\Check Point Software Technologies LTD
[!] Folder Deleted : C:\Users\Mattheus\AppData\Roaming\Check Point Software Technologies LTD
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0B55F99-F893-4F84-AE82-CAE0E70DFDFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Google Chrome v41.0.2272.118
[C:\Users\Mattheus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1426580144&from=wpc&uid=WDCXWD6400BEVT-60A0RT0_WD-WXC1A709056590565&q={searchTerms}
[C:\Users\Mattheus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://websearch.coolsearches.info/?l=1&q={searchTerms}&pid=20494&r=2015/03/17&hid=10414075307976941094&lg=EN&cc=SG&unqvl=85
[C:\Users\Mattheus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\Mattheus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [startup_URLs] : hxxp://www.mystartsearch.com/?type=hp&ts=1426580144&from=wpc&uid=WDCXWD6400BEVT-60A0RT0_WD-WXC1A709056590565
[C:\Users\Mattheus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}",
"usage_count": 0
}
},
"extensions": {
"settings": {
"aaaaaiabcopkplhgaedhbloeejhhankf": {
"ack_external": true,
"active_permissions": {
"api": [ "homepage", "management", "nativeMessaging", "searchProvider", "startupPages", "storage", "tabs", "webRequest", "webRequestBlocking" ],
"explicit_host": [ "hxxp://*/*", "hxxps://*/*" ],
"manifest_permissions": [ ],
"scriptable_host": [ "*://*.ask.com/
-\\ Chromium v
-\\ Opera v28.0.1750.51
[C:\Users\Mattheus\AppData\Roaming\Opera Software\Opera Stable\Preferences] - Deleted [startup_URLs] : hxxp://www.mystartsearch.com/?type=hp&ts=1426580144&from=wpc&uid=WDCXWD6400BEVT-60A0RT0_WD-WXC1A709056590565
*************************
AdwCleaner[R0].txt - [10302 bytes] - [11/04/2015 11:01:52]
AdwCleaner[s0].txt - [10369 bytes] - [11/04/2015 11:05:32]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10429 bytes] ##########
Physical Sectors: 0
(No malicious items detected)
(end)

Share this post


Link to post
Share on other sites

Download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser! This will also eliminate all desktop shortcuts, so just be aware!

Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! Manually reboot the machine to ensure a complete clean.

 

Tell us if this problem still persists.

Share this post


Link to post
Share on other sites

Hi Julie, did as requested and ran another scan by Malwarebytes. So far results returned looks good as nothing malicious detected.

Share this post


Link to post
Share on other sites

Don't forget to download and run TFC by Old Timer that Jacee suggested too.

Share this post


Link to post
Share on other sites

No worries Juliet, did run TFC prior to running Malwarebyte. Everything looks good again. Once thanks ladies for the tireless effort in assisting in this matter.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...