Author Topic: [Inactive] spyware removal  (Read 5913 times)

Offline Chendorpg

  • Bronze Member
  • Posts: 12
[Inactive] spyware removal
« on: October 05, 2014, 08:38:01 PM »
hi , please check my virus on my computer
Thanks
« Last Edit: October 05, 2014, 08:53:53 PM by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] spyware removal
« Reply #1 on: October 05, 2014, 08:56:22 PM »
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

Please copy and paste your logs into a reply instead of attaching them. This is for our protection as well as the protection of anyone that uses your thread for research into their own problem. It also makes researching your log much easier.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Chendorpg

  • Bronze Member
  • Posts: 12
Re: [In Progress] spyware removal
« Reply #2 on: October 05, 2014, 09:08:51 PM »
hi, I tried to uninstall security files like mcafee, firewall, I installed ccleaner, fix disk, and also I try to go to edit root but nothing happens. everytime I open something in the internet a pop up comes up and all is related to where im at like if i open ebay or any website where im buying something it will poo up something related to it.
Thanks for your help

Offline Chendorpg

  • Bronze Member
  • Posts: 12
Re: [In Progress] spyware removal
« Reply #3 on: October 07, 2014, 07:01:23 PM »
Im still waiting for a response. I sent all texts you ask me plus all the texts from the different jtl, and the spy ware killer

Offline bamajim

  • Administrator
  • Platinum Member
  • Posts: 3095
Re: [In Progress] spyware removal
« Reply #4 on: October 07, 2014, 07:17:40 PM »
Im still waiting for a response. I sent all texts you ask me plus all the texts from the different jtl, and the spy ware killer

Hoov will be back with you shortly - we had some forum problems this morning, which were repaired this evening - thank you for your patience.

2008-2010
Rights cannot exist without morals

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] spyware removal
« Reply #5 on: October 07, 2014, 07:36:32 PM »
Yep, there are posts missing. I did respond this morning. Could you please repost the logs from  ADWCleaner, JRT and RogueKiller? I am reposting the instructions below if you need them.




Please follow these steps:

1.- Download AdwCleaner by Xplode onto your Desktop.
  •   Please close all open programs and internet browsers.
  •   Double click on Adwcleaner.exe to run the tool.
  •   Click on the Scan button..
  •   Please be patient as this can take a while to complete.
  •   You will get a prompt asking to close all programs. Click OK.
  •   Click OK again to reboot your computer. A text file will open after the restart.
  •   Please post the content of that logfile in your reply.
  •   You can find the logfile at C:\AdwCleaner[Sn].txt.
2.- Download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.
3.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKiller.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Chendorpg

  • Bronze Member
  • Posts: 12
Re: [In Progress] spyware removal
« Reply #6 on: October 07, 2014, 09:22:56 PM »
 AdwCleaner v3.311 - Report created 06/10/2014 at 20:22:03
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rosendo - ROSENDO-PC
# Running from : C:\Users\Rosendo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7Z75GXY\adwcleaner_3.311.exe
# Option : Scan

***** [ Services ] *****

Service Found : 70e6ca8c
Service Found : CltMngSvc
Service Found : Mext Guard
Service Found : SPPD
Service Found : Wajam Internet Enhancer Service
Service Found : {6f09b74e-8891-4e0d-bd26-518526a5967f}w64

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Rosendo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
File Found : C:\Users\Rosendo\AppData\Roaming\Mozilla\Firefox\Profiles\3fyk55np.default\searchplugins\trovi-search.xml
File Found : C:\Users\Rosendo\AppData\Roaming\Mozilla\Firefox\Profiles\3fyk55np.default\user.js
File Found : C:\Users\Rosendo\daemonprocess.txt
File Found : C:\Windows\System32\drivers\{6f09b74e-8891-4e0d-bd26-518526a5967f}w64.sys
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\RoyalCoupOn
Folder Found : C:\Program Files (x86)\SaleisCheecokera
Folder Found : C:\Program Files (x86)\SalessChEcokeur
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Wajam
Folder Found : C:\Program Files\V-bates
Folder Found : C:\ProgramData\CouponFactory
Folder Found : C:\ProgramData\COupScanneEr
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found : C:\ProgramData\RoyalCoupOn
Folder Found : C:\ProgramData\SaaveRAdedon
Folder Found : C:\ProgramData\SaleisCheecokera
Folder Found : C:\ProgramData\SalessChEcokeur
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\Users\Rosendo\AppData\Local\genienext
Folder Found : C:\Users\Rosendo\AppData\Local\Google\Chrome\User Data\Default\Extensions\klaecimjlbpfompicealiiifcdjnkbpn
Folder Found : C:\Users\Rosendo\AppData\Local\Local_Weather_LLC
Folder Found : C:\Users\Rosendo\AppData\Local\Mobogenie
Folder Found : C:\Users\Rosendo\AppData\Local\SearchProtect
Folder Found : C:\Users\Rosendo\AppData\Local\WeatherAlerts
Folder Found : C:\Users\Rosendo\AppData\Roaming\Activeris
Folder Found : C:\Users\Rosendo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
Folder Found : C:\Users\Rosendo\AppData\Roaming\Mozilla\Firefox\Profiles\3fyk55np.default\Extensions\ahueiay3ay@ds-radk.org
Folder Found : C:\Users\Rosendo\AppData\Roaming\Mozilla\Firefox\Profiles\3fyk55np.default\Extensions\fjuyi@gtyqyy.com
Folder Found : C:\Users\Rosendo\AppData\Roaming\Mozilla\Firefox\Profiles\3fyk55np.default\Extensions\mfjltv@mrpoeae.net
Folder Found : C:\Users\Rosendo\AppData\Roaming\Mozilla\Firefox\Profiles\3fyk55np.default\Extensions\mgiaia@ak-.net
Folder Found : C:\Users\Rosendo\AppData\Roaming\Mozilla\Firefox\Profiles\3fyk55np.default\Extensions\pc6.iy@vhaooee-.co.uk
Folder Found : C:\Users\Rosendo\AppData\Roaming\Mozilla\Firefox\Profiles\3fyk55np.default\Extensions\xpaoe@eiarhu-.com
Folder Found : C:\Users\Rosendo\AppData\Roaming\Mozilla\Firefox\Profiles\3fyk55np.default\Extensions\y_p@md-ggam.edu
Folder Found : C:\Users\Rosendo\AppData\Roaming\Mozilla\Firefox\Profiles\3fyk55np.default\Extensions\yy.b6u1@oaaytocs.edu
Folder Found : C:\Users\Rosendo\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Rosendo\AppData\Roaming\Systweak
Folder Found : C:\Users\Rosendo\Documents\Mobogenie
Folder Found : C:\Users\Rosendo\Documents\Optimizer Pro
Folder Found : C:\Windows\SysWOW64\SearchProtect

***** [ Scheduled Tasks ] *****

Task Found : AmiUpdXp
Task Found : Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Compete
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C3DCA53C-B523-172D-1C55-678467640175}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3DCA53C-B523-172D-1C55-678467640175}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\Wajam
Key Found : [x64] HKCU\Software\Compete
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\Wajam
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3DCA53C-B523-172D-1C55-678467640175}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\SavErAddon.SavErAddon
Key Found : HKLM\SOFTWARE\Classes\SavErAddon.SavErAddon.4.7
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\FreeSoftToday
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3DCA53C-B523-172D-1C55-678467640175}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3DCA53C-B523-172D-1C55-678467640175}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\TBID
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\V-bates
Key Found : HKLM\SOFTWARE\Wajam
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{C3DCA53C-B523-172D-1C55-678467640175}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3DCA53C-B523-172D-1C55-678467640175}
Key Found : [x64] HKLM\SOFTWARE\TBID
Key Found : [x64] HKLM\SOFTWARE\V-bates
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3332182&octid=EB_ORIGINAL_CTID&ISID=M91C22087-3707-42CC-B7C6-6AC768D097A8&SearchSource=55&CUI=&UM=6&UP=SPE7A39FC9-6D5D-4884-B518-D373865535ED&SSPV=

-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Rosendo\AppData\Roaming\Mozilla\Firefox\Profiles\3fyk55np.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3332182&octid=EB_ORIGINAL_CTID&ISID=M91C22087-3707-42CC-B7C6-6AC768D097A8&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SPE7A39FC9-6D5D-488[...]
Line Found : user_pref("browser.search.defaultenginename", "Trovi search");
Line Found : user_pref("browser.search.selectedEngine", "Trovi search");
Line Found : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3332182&octid=EB_ORIGINAL_CTID&ISID=M91C22087-3707-42CC-B7C6-6AC768D097A8&SearchSource=55&CUI=&UM=6&UP=SPE7A39FC9-6D5D-4884-B518[...]
Line Found : user_pref("extensions.6JmgLyl.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
Line Found : user_pref("extensions.rZjZFii.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
Line Found : user_pref("extensions.yhHUx.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Line Found : user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_VBATES_partn_time_sweet-pcfix.com", "not set");
Line Found : user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_VBATES_partn_time_www.ask.com", "not set");
Line Found : user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_whiteListSearch", "{\"isearch.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"http://www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"se[...]

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Rosendo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332182&octid=EB_ORIGINAL_CTID&ISID=M91C22087-3707-42CC-B7C6-6AC768D097A8&SearchSource=58&CUI=&UM=6&UP=SPE7A39FC9-6D5D-4884-B518-D373865535ED&q={searchTerms}&SSPV=
Found [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3332182&octid=EB_ORIGINAL_CTID&ISID=M91C22087-3707-42CC-B7C6-6AC768D097A8&SearchSource=55&CUI=&UM=6&UP=SPE7A39FC9-6D5D-4884-B518-D373865535ED&SSPV=
Found [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3332182&octid=EB_ORIGINAL_CTID&ISID=M91C22087-3707-42CC-B7C6-6AC768D097A8&SearchSource=55&CUI=&UM=6&UP=SPE7A39FC9-6D5D-4884-B518-D373865535ED&SSPV=
Found [Extension] : klaecimjlbpfompicealiiifcdjnkbpn

*************************

AdwCleaner[R0].txt - [15047 octets] - [06/10/2014 20:22:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15108 octets] ##########

Offline Chendorpg

  • Bronze Member
  • Posts: 12
Re: [In Progress] spyware removal
« Reply #7 on: October 07, 2014, 09:30:26 PM »
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Rosendo on Tue 10/07/2014 at 20:25:48.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Users\Rosendo\AppData\Roaming\fixcleaner"
Failed to delete: [Folder] "C:\Program Files (x86)\fixcleaner"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/07/2014 at 20:28:33.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline Chendorpg

  • Bronze Member
  • Posts: 12
Re: [In Progress] spyware removal
« Reply #8 on: October 07, 2014, 09:39:04 PM »
RogueKiller V9.0.3.0 [Jun 17 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rosendo [Admin rights]
Mode : Scan -- Date : 10/07/2014  20:36:43

Bad processes : 0

Registry Entries : 32
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56607;https=127.0.0.1:56607  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56607;https=127.0.0.1:56607  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56607;https=127.0.0.1:56607  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56607;https=127.0.0.1:56607  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{01E0A3C8-DC9D-4918-8868-FE208257437B} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2172D42B-0D18-417A-AF10-F38781B1532E} | DhcpNameServer : 192.168.1.1 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F52342E0-BF14-4C03-B5B1-2B14651C3D05} | DhcpNameServer : 10.119.4.11 10.119.4.12 163.244.235.81  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{01E0A3C8-DC9D-4918-8868-FE208257437B} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2172D42B-0D18-417A-AF10-F38781B1532E} | DhcpNameServer : 192.168.1.1 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F52342E0-BF14-4C03-B5B1-2B14651C3D05} | DhcpNameServer : 10.119.4.11 10.119.4.12 163.244.235.81  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{01E0A3C8-DC9D-4918-8868-FE208257437B} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2172D42B-0D18-417A-AF10-F38781B1532E} | DhcpNameServer : 192.168.1.1 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F52342E0-BF14-4C03-B5B1-2B14651C3D05} | DhcpNameServer : 10.119.4.11 10.119.4.12 163.244.235.81  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-503218662-686305285-1257243151-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-503218662-686305285-1257243151-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-503218662-686305285-1257243151-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-503218662-686305285-1257243151-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

Scheduled tasks : 0

Files : 0

HOSTS File : 0

Antirootkit : 0

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: WDC WD5000AAKX-75U6AA0 +++++
--- User ---
[MBR] b7d9ff77e3cfb2f812beceb4243f7361
[BSP] a62da46d1a7e21db36617c1e52414e29 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 22186 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 45518848 | Size: 454713 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate FreeAgent Go USB Device +++++
--- User ---
[MBR] a33dc71bd1d726b015a3b4a64258d5fd
[BSP] 5cab7fac78b6fe5301595cea6da44b25 : Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_10062014_205658.log

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] spyware removal
« Reply #9 on: October 07, 2014, 10:53:20 PM »
Couple of questions. Do you use a proxy of anykind? You may have something called an anonymizer.

Do you know of a program named fixcleaner?

Do you use Optimizer Pro, systweak, TutoTag, Wajam, Compete?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Chendorpg

  • Bronze Member
  • Posts: 12
Re: [In Progress] spyware removal
« Reply #10 on: October 08, 2014, 12:54:53 AM »
I think that I download fix cleaner and on programs I think I have bonjour

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] spyware removal
« Reply #11 on: October 08, 2014, 09:25:57 AM »
Bonjour is part of Itunes. None of the rest sounds familiar to you?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Chendorpg

  • Bronze Member
  • Posts: 12
Re: [In Progress] spyware removal
« Reply #12 on: October 08, 2014, 09:40:56 AM »
hi, I removed fix cleaner from programs

Offline Chendorpg

  • Bronze Member
  • Posts: 12
Re: [In Progress] spyware removal
« Reply #13 on: October 08, 2014, 09:44:10 PM »
Optimizer Pro, systweak, TutoTag, Wajam, Compete? none of these programs look familiar to me.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] spyware removal
« Reply #14 on: October 08, 2014, 10:36:44 PM »
Run ADWCleaner again and this time after the scan click the clean button. Post the resulting log.
Next run Roguekiller again then click the Fix proxies button, then the fix DNS button and then click the delete button.

Close both of those programs.

Please run ccleaner to remove temporary files from your system, and to improve the scanning time of the other scans we may be running. Then please run Malwarebytes'' Anti-Malware to check for malware. Both sets of instructions are below

1.Download and scan with CCleaner
When you get to the website, there is a dark grey box on the left side with two tabs along the top. Inside this Dark Grey box is a light grey box. Below that light grey box is where the download links are at. The pay amount is for paid support.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

    • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
    • Clean all the entries in the "Windows Explorer" section.
    • Clean all entries in the "System" section.
    • Clean all entries in the "Advanced" section.
    • Clean any others that you choose.


    In the Applications Tab
      • Clean all except cookies in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Clean any others that you choose.


      4. Click the "Run Cleaner" button.
      5. A pop up box will appear advising this process will permanently delete files from your system.
      6. Click "OK" and it will scan and clean your system.
      7. Click "exit" when done.

       
      MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
      • Make sure you are connected to the Internet.
      • Double-click to execute the installation. Accept the terms, and allow MBAM to install to the default location in your Program Files.
      • Please update the database by clicking on the Update Now button as shown below.


      • Following the update, click on the large green Scan Now button to begin the Threat Scan.

      Note: Optionally, you could have simply clicked Fix Now if it is displayed. That will automatically download updates and run a Threat Scan.
      If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
      • A window with an option to view the detailed log will appear. Click on View Detailed Log.

        • After viewing the results, please click on the Copy to Clipboard button > OK.

      • Return to our forum. Paste your log into your next reply.
      • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

      Former Consumer Security MVP
      2011-2014

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!