[Resolved] Help removing virus avira fails at

  • 24 Replies
  • 6110 Views
*

Offline ou8it

  • Bronze Member
  • 178
Re: [In Progress] Help removing virus avira fails at
« Reply #15 on: April 02, 2014, 04:10:33 PM »
It seems good now Hoov. Thanks!

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 04/02/2014 15:08:51
| ARK || FAK || MBR |

Bad processes : 0

Registry Entries : 9
[DNS][PUM] HKLM\[...]\CCSet\[...]\{ABBD4931-CACF-41EB-8329-1EB7510E17A0} : NameServer (0.0.0.0 [(Private Address) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{ABBD4931-CACF-41EB-8329-1EB7510E17A0} : NameServer (0.0.0.0 [(Private Address) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{ABBD4931-CACF-41EB-8329-1EB7510E17A0} : NameServer (0.0.0.0 [(Private Address) (XX)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Scheduled tasks : 0

Startup Entries : 0

Web browsers : 0

Browser Addons : 1
[FF][PUP] k675s4qh.default : MySearchDial

Particular Files / Folders:

Driver : [NOT LOADED 0x0]

External Hives:

Infection : PUP

HOSTS File:
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


MBR Check:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000BPVT-00HXZT3 ATA Device +++++
--- User ---
[MBR] fcea938f5afcfb21b9715564597cadab
[BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_04022014_150851.txt >>





*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27183
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Help removing virus avira fails at
« Reply #16 on: April 02, 2014, 04:57:12 PM »
Just so that you know we are not done yet. I need you to run AdwCleaner again and post the new log. Use the same instructions as before.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline ou8it

  • Bronze Member
  • 178
Re: [In Progress] Help removing virus avira fails at
« Reply #17 on: April 02, 2014, 05:07:50 PM »
I have been just running this. Not choosing to clean.


# AdwCleaner v3.023 - Report created 02/04/2014 at 16:03:37
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Folder Found C:\Program Files\Level Quality Watcher
Folder Found C:\ProgramData\Ask
Folder Found C:\Users\Owner\AppData\LocalLow\AskToolbar
Folder Found C:\Users\Owner\AppData\LocalLow\IminentToolbar
Folder Found C:\Users\Owner\AppData\LocalLow\WhiteSmoke_US_New_E1
Folder Found C:\Users\Owner\AppData\Roaming\iPumper
Folder Found C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPumper
Folder Found C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New_E1
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Escolade
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Key Found : HKCU\Software\wscontb
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\Escolade
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\wscontb
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{375461F8-3CF0-4869-8C0C-20B77F51D535}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3634B4C-48A1-4E2E-B660-C47BCB39248D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New_E1 Toolbar
Key Found : HKLM\Software\WhiteSmoke_US_New_E1
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ntfdsaftsfdfdxx@mozilla.org]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16450

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_13_ff&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtByE0FyD0D0B0A0CtCtAyCtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0CtDtByBtBzz0DtGtByBtC0AtGyDzzyD0AtG0FyC0CyBtGtByBzzzytAzz0F0ByD0D0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0B0EtAtBzy0EtGtC0DzytCtGtC0EyByDtG0DyE0DtAtGtCtDtDyB0FtByB0C0C0AtB0F2Q&cr=172436284&ir=

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\k675s4qh.default\prefs.js ]

Line Found : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"94\",\"lastVrsn\":\"94\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");

*************************

AdwCleaner[R0].txt - [16333 octets] - [01/04/2014 14:29:55]
AdwCleaner[R1].txt - [16394 octets] - [01/04/2014 14:32:25]
AdwCleaner[R2].txt - [7404 octets] - [02/04/2014 14:00:42]
AdwCleaner[R3].txt - [7260 octets] - [02/04/2014 16:03:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [7320 octets] ##########

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27183
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Help removing virus avira fails at
« Reply #18 on: April 02, 2014, 08:39:24 PM »
Run AdwCleaner scan once more, then use the "Clean" option to remove all found entries, post that log.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline ou8it

  • Bronze Member
  • 178
Re: [In Progress] Help removing virus avira fails at
« Reply #19 on: April 03, 2014, 04:06:04 AM »
# AdwCleaner v3.023 - Report created 03/04/2014 at 03:02:11
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\WhiteSmoke_US_New_E1
Folder Deleted : C:\Users\Owner\AppData\Roaming\iPumper
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPumper
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ntfdsaftsfdfdxx@mozilla.org]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{375461F8-3CF0-4869-8C0C-20B77F51D535}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3634B4C-48A1-4E2E-B660-C47BCB39248D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New_E1
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\WhiteSmoke_US_New_E1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New_E1 Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16450

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\k675s4qh.default\prefs.js ]

Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"94\",\"lastVrsn\":\"94\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");

*************************

AdwCleaner[R0].txt - [16333 octets] - [01/04/2014 14:29:55]
AdwCleaner[R1].txt - [16394 octets] - [01/04/2014 14:32:25]
AdwCleaner[R2].txt - [7404 octets] - [02/04/2014 14:00:42]
AdwCleaner[R3].txt - [7464 octets] - [02/04/2014 16:03:37]
AdwCleaner[S0].txt - [6870 octets] - [03/04/2014 03:02:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6930 octets] ##########

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27183
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Help removing virus avira fails at
« Reply #20 on: April 03, 2014, 05:02:45 PM »
Can you turn your Firewall on now? Windows Update? Any other problems still left?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline ou8it

  • Bronze Member
  • 178
Re: [In Progress] Help removing virus avira fails at
« Reply #21 on: April 03, 2014, 05:41:33 PM »
I think were good Hoov. Guess I can clean up. Thanks again you guys are the best!

Frank

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27183
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Help removing virus avira fails at
« Reply #22 on: April 03, 2014, 06:23:06 PM »
Do you want me to walk you thru the cleanup or are you good?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline ou8it

  • Bronze Member
  • 178
Re: [In Progress] Help removing virus avira fails at
« Reply #23 on: April 04, 2014, 04:02:07 AM »
Were good Hoov. I have more protection in place now and have uninstalled and deleted the tools used, and also created a new restore point.

Thank you very much!

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27183
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Help removing virus avira fails at
« Reply #24 on: April 04, 2014, 08:28:48 AM »
You are welcome!

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!