help :)

sunnyjones3 · August 17, 2013

can u please wipe it clean take off all the crap that is slowing it down u can every thing off if you need too thanks sunny

flashh4 · August 17, 2013

Hi sunny, yes we will clean it up ! Let me get some tools for you to run along with instructions !

Chuck

flashh4 · August 17, 2013

Hi, ok lets get started !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Please download adwcleaner by Xplode onto your desktop..
   * Close all open programs and internet browsers.
   * Double click on AdwCleaner.exe to run the tool.
   * Click on Delete button.
   * A logfile will automatically open after the scan has finished.
   * Please post the contents of that logfile with your next reply.
   * You can find the logfile at C:\AdwCleaner[s1].txt. as well.

NEXT


Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

Just copy & paste me the logs !!

Thanks

Chuck

sunnyjones3 · August 17, 2013

ok this is what it said i think i am doing it right

# AdwCleaner v2.306 - Logfile created 08/16/2013 at 21:05:59

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : sunnyjones - SUNNYJONES-HP

# Boot Mode : Normal

# Running from : C:\Users\sunnyjones\Downloads\adwcleaner (1).exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : CltMngSvc

Stopped & Deleted : vToolbarUpdater14.2.0

***** [Files / Folders] *****

Deleted on reboot : C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko

Deleted on reboot : C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdipjefcbnbcjgpgbgmpmcmgbmpjpjae

File Deleted : C:\END

File Deleted : C:\Users\sunnyjones\AppData\Roaming\Mozilla\Firefox\Profiles\74v95my7.default\searchplugins\Conduit.xml

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\SearchProtect

Folder Deleted : C:\Users\SUNNYJ~1\AppData\Local\Temp\CT3294791

Folder Deleted : C:\Users\sunnyjones\AppData\Local\Conduit

Folder Deleted : C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko

Folder Deleted : C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdipjefcbnbcjgpgbgmpmcmgbmpjpjae

Folder Deleted : C:\Users\sunnyjones\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\sunnyjones\AppData\Roaming\Mozilla\Firefox\Profiles\74v95my7.default\CT3294791

Folder Deleted : C:\Users\sunnyjones\AppData\Roaming\Mozilla\Firefox\Profiles\74v95my7.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}

Folder Deleted : C:\Users\sunnyjones\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cdipjefcbnbcjgpgbgmpmcmgbmpjpjae

Key Deleted : HKCU\Software\SearchProtect

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cdipjefcbnbcjgpgbgmpmcmgbmpjpjae

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\sunnyjones\AppData\Roaming\Mozilla\Firefox\Profiles\74v95my7.default\prefs.js

Deleted : user_pref("CT3294791.FF19Solved", "true");

Deleted : user_pref("CT3294791.UserID", "UN55590510949463059");

Deleted : user_pref("CT3294791.addressUrlXPETakeover", "true");

Deleted : user_pref("CT3294791.autoDisableScopes", -1);

Deleted : user_pref("CT3294791.browser.search.defaultthis.engineName", "true");

Deleted : user_pref("CT3294791.defaultSearchXPETakeover", "true");

Deleted : user_pref("CT3294791.fullUserID", "UN55590510949463059.IN.20130816143152");

Deleted : user_pref("CT3294791.installDate", "16/08/2013 14:31:51");

Deleted : user_pref("CT3294791.installSessionId", "{E6FD7B31-D126-4CC5-8D51-A3B30E0C3E32}");

Deleted : user_pref("CT3294791.installSp", "TRUE");

Deleted : user_pref("CT3294791.installerVersion", "1.6.0.22");

Deleted : user_pref("CT3294791.keyword", "true");

Deleted : user_pref("CT3294791.originalHomepage", "about:home");

Deleted : user_pref("CT3294791.originalSearchAddressUrl", "");

Deleted : user_pref("CT3294791.originalSearchEngine", "");

Deleted : user_pref("CT3294791.originalSearchEngineName", "");

Deleted : user_pref("CT3294791.searchRevert", "false");

Deleted : user_pref("CT3294791.searchUserMode", "2");

Deleted : user_pref("CT3294791.smartbar.homepage", "true");

Deleted : user_pref("CT3294791.startPageXPETakeover", "true");

Deleted : user_pref("CT3294791.versionFromInstaller", "10.16.9.6");

Deleted : user_pref("CT3294791.xpeMode", "3");

Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");

Deleted : user_pref("browser.search.defaultenginename", "Vafmusic2 Customized Web Search");

Deleted : user_pref("browser.search.defaultthis.engineName", "Vafmusic2 Customized Web Search");

Deleted : user_pref("browser.search.selectedEngine", "Vafmusic2 Customized Web Search");

Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3294791");

Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3294791");

Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3294791");

Deleted : user_pref("smartbar.machineId", "Z/2SAIAJSYBZERS4XYAXOBE3L3GSR4GIH3YAK7HZV9ZMVWXXDIWQQKZZFJF/6DGRZJT[...]

-\\ Google Chrome v28.0.1500.95

File : C:\Users\sunnyjones\AppData\Local\Google\Chrome\User Data\Default\Preferences

*************************

AdwCleaner[R1].txt - [14820 octets] - [22/04/2013 20:09:01]

AdwCleaner[s1].txt - [14745 octets] - [22/04/2013 20:15:10]

AdwCleaner[s2].txt - [7370 octets] - [16/08/2013 21:05:59]

########## EOF - C:\AdwCleaner[s2].txt - [7430 octets] ##########

flashh4 · August 17, 2013

Sunny, good job ! Now the other tool/program log please !!

Thanks

Chuck

flashh4 · August 17, 2013

Sunny, these are the programs/tools i need you to run when you get the time, it's ok if you don't get it all done tonight !!! I will continue with your cleaning in the morning ! Post any logs you get for me !
You can use the computer if you need to !!

MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

    * Then click Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Please don't attach the scans / logs, use "copy/paste".

NEXT

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr

If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !

The OTL (oldtimer) log will take a while to run & then about a 1/2 to an hour for me to read & find the bad stuff !

Then i will make a fix for you in the morning !

Also tell me about your "shockwave" not/stopped working ?

Thanks

Chuck

sunnyjones3 · August 17, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.4.6 (08.15.2013:1)

OS: Windows 7 Home Premium x64

Ran by sunnyjones on Fri 08/16/2013 at 21:25:26.17

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_cbjibcbpmbcabnfnohhgjjmkgkimajko

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{55282493-952C-4CD9-91B1-14053F3CB04B}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\sunnyjones\AppData\Roaming\strongvault online backup"

Successfully deleted: [Folder] "C:\Users\sunnyjones\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\sunnyjones\appdata\local\strongvault online backup"

Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"

Successfully deleted: [Folder] "C:\ai_recyclebin"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox

Emptied folder: C:\Users\sunnyjones\AppData\Roaming\mozilla\firefox\profiles\74v95my7.default\minidumps [2 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 08/16/2013 at 21:55:00.52

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

sunnyjones3 · August 17, 2013

ok this is the one before i clicked removed selected

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.16.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

sunnyjones :: SUNNYJONES-HP [administrator]

8/16/2013 10:08:50 PM

MBAM-log-2013-08-16 (22-21-40).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 218266

Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 16

C:\Users\sunnyjones\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\sunnyjones\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\sunnyjones\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\installer.exe (PUP.Optional.MSILLauncher) -> No action taken.

C:\Users\sunnyjones\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\setup__120.exe (PUP.Optional.Amonetize.A) -> No action taken.

C:\Users\sunnyjones\Downloads\FlashPlayer_V.39166259c.exe (Adware.DomaIQ) -> No action taken.

C:\Users\sunnyjones\Downloads\Player_Setup.exe (PUP.Optional.MSILLauncher) -> No action taken.

C:\Users\sunnyjones\Downloads\Produtools_Forms_B2 (1).exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\sunnyjones\Downloads\Produtools_Forms_B2.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\sunnyjones\Downloads\rcpsetup_ad_gen_ad_lp2_us (1).exe (PUP.Optional.RegCleanerPro) -> No action taken.

C:\Users\sunnyjones\Downloads\rcpsetup_ad_gen_ad_lp2_us.exe (PUP.Optional.RegCleanerPro) -> No action taken.

C:\Users\sunnyjones\Downloads\rcpsetup_latest.exe (PUP.Optional.RegCleanerPro) -> No action taken.

C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\36HFG34Y\stublogic[1].exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\N5KMD5Z0\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\N5KMD5Z0\Vafmusic2[1].exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\N5KMD5Z0\Vafmusic2_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\sunnyjones\Local Settings\Temporary Internet Files\Content.IE5\TZCZKYVI\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.

(end)

sunnyjones3 · August 17, 2013

and this is the one after i clicked remove selected

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.16.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

sunnyjones :: SUNNYJONES-HP [administrator]

8/16/2013 10:08:50 PM

mbam-log-2013-08-16 (22-08-50).txt