faded_levis49 Posted January 28, 2014 Report Share Posted January 28, 2014 i accicently downloaded ASK.com now i have a virus . having lots of pop ups. ADNXS keeps coming up as well. Link to post Share on other sites
flashh4 Posted January 28, 2014 Report Share Posted January 28, 2014 Howdy Faded levis and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!Do Not Remove anything or run any tools/programs until advised to do so !Perform all actions in the order given.Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. ===================================AdwCleaner Please download adwcleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished ....... This time, click on the Clean button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder.NEXT Please download Junkware Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply ! Re-Boot your computer now !!NEXTMALWAREBYTES with Pics:Please download Malwarebytes' Anti-Malware to your desktop. Or from Here >> http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results. * Then click Remove Selected . * When completed, a log will open in Notepad. Please save it to a convenient location and post the results. * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Or via the Logs tab when the application is started.Please don't attach the scans / logs, use "copy/paste".Post next:1. AdwCleaner Log2. Junkware Removal Log3. Malwarebytes logThanksChuck Link to post Share on other sites
faded_levis49 Posted January 28, 2014 Author Report Share Posted January 28, 2014 i followed instructions. pasteing what was found.. thank you so much..JRT.txtAdwCleanerS0.txtsecond run of adwcleaner showed.. AdwCleanerS1.txt rab malwarebytes and nothing showed after. Link to post Share on other sites
flashh4 Posted January 28, 2014 Report Share Posted January 28, 2014 Posted for faded: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.0 (01.07.2014:1)OS: Windows Vista Home Basic x86Ran by kellijo on Tue 01/28/2014 at 10:22:13.17~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ServicesSuccessfully stopped: [service] APNMCPSuccessfully deleted: [service] APNMCP~~~ Registry ValuesSuccessfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbhoSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\yontooieclient.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlprSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.capSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.apiSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layersSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1ae46c09-2ab8-4ee5-88fb-08cd0ff7f2df}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{44cbc005-6243-4502-8a02-3a096a282664}"Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{80703783-e415-4ee3-ab60-d36981c5a6f1}"Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}"Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{f297534d-7b06-459d-bc19-2dd8ef69297b}"Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{9945959c-aad8-4312-8b57-2de11927e770}"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{6978f29a-3493-40b2-8cdc-9c13a02f85a4}"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d7949a66-d936-4028-9552-14f7dc50f38d}"~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\apn"Successfully deleted: [Folder] "C:\ProgramData\tarma installer"Successfully deleted: [Folder] "C:\Program Files\babylon"Successfully deleted: [Empty Folder] C:\Users\kellijo\appdata\local\{E9738079-1CB8-4A94-B708-873A08688E68}Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"Successfully deleted: [Folder] "C:\Program Files\askpartnernetwork"~~~ ChromeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcbSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 01/28/2014 at 10:26:44.60End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites
flashh4 Posted January 28, 2014 Report Share Posted January 28, 2014 For faded: # AdwCleaner v3.018 - Report created 28/01/2014 at 11:15:34# Updated 28/01/2014 by Xplode# Operating System : Windows Vista Home Basic Service Pack 2 (32 bits)# Username : kellijo - DANIELSNELL-PC# Running from : C:\Users\kellijo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1HDIWHU\adwcleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v9.0.8112.16526-\\ Google Chrome v32.0.1700.76[ File : C:\Users\Daniel Snell\AppData\Local\Google\Chrome\User Data\Default\preferences ][ File : C:\Users\DAN SNELL\AppData\Local\Google\Chrome\User Data\Default\preferences ][ File : C:\Users\kellijo\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [724 octets] - [28/01/2014 09:58:27]AdwCleaner[R1].txt - [3240 octets] - [28/01/2014 10:44:03]AdwCleaner[R2].txt - [1218 octets] - [28/01/2014 11:09:50]AdwCleaner[s0].txt - [3313 octets] - [28/01/2014 10:47:45]AdwCleaner[s1].txt - [1139 octets] - [28/01/2014 11:15:34]########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1199 octets] ########## Link to post Share on other sites
flashh4 Posted January 28, 2014 Report Share Posted January 28, 2014 It makes it easier for me to read this way insted of txt !! Chuck Link to post Share on other sites
flashh4 Posted January 28, 2014 Report Share Posted January 28, 2014 Part 1 of Adwcleaner ! # AdwCleaner v3.018 - Report created 28/01/2014 at 10:47:45# Updated 28/01/2014 by Xplode# Operating System : Windows Vista Home Basic Service Pack 2 (32 bits)# Username : kellijo - DANIELSNELL-PC# Running from : C:\Users\kellijo\Downloads\adwcleaner (3).exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Users\kellijo\AppData\Local\Temp\apnFile Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFDKey Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFDKey Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD***** [ Browsers ] *****-\\ Internet Explorer v9.0.8112.16526-\\ Google Chrome v32.0.1700.76[ File : C:\Users\Daniel Snell\AppData\Local\Google\Chrome\User Data\Default\preferences ]Deleted : icon_urlDeleted : search_urlDeleted : suggest_url[ File : C:\Users\DAN SNELL\AppData\Local\Google\Chrome\User Data\Default\preferences ][ File : C:\Users\kellijo\AppData\Local\Google\Chrome\User Data\Default\preferences ]Deleted : icon_urlDeleted : search_urlDeleted : suggest_url*************************AdwCleaner[R0].txt - [724 octets] - [28/01/2014 09:58:27]AdwCleaner[R1].txt - [3240 octets] - [28/01/2014 10:44:03]AdwCleaner[s0].txt - [3173 octets] - [28/01/2014 10:47:45]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3233 octets] ########## Link to post Share on other sites
flashh4 Posted January 28, 2014 Report Share Posted January 28, 2014 Faded levi, do you have the Malwarebytes log ? If it's not under the logs tab when you open Malwarebytes then run it again per my instructions !! ThanksChuck I will be back around 6 tonight !! Link to post Share on other sites
flashh4 Posted February 1, 2014 Report Share Posted February 1, 2014 Faded Levi are you still in need of help ??? If no response i will close this topic in 24 hrs. Chuck Link to post Share on other sites
flashh4 Posted February 2, 2014 Report Share Posted February 2, 2014 Due to lack of interest this topic is closed ! If you need it re-opened please contact me or another Mod !! Chuck Link to post Share on other sites
Recommended Posts