Skip to main content

superfish, adchoices and others... stubborn

Comments

6 comments

  • Support

    Hi Barbara,

     

    1. Note that the following script will empty the recycle bins and all folders for temporary files.

     

    Please, start Notepad.

    Copy all text that is in the box:


    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [mbot_gb_254] => [X]
    HKLM-x32\...\Run: [] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-836906749-1893374104-4223838171-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    C:\Program Files\CloudGuard
    C:\Windows\System32\Tasks\CloudScout
    Tcpip\..\Interfaces\{8BCDFA2D-92E3-4B5E-9D66-FB43C497F31C}: [NameServer] 31.168.224.106,5.135.12.52
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset catalog
    CMD: netsh int ip reset c:\resetlog.txt
    CMD: ipconfig /release
    CMD: ipconfig /renew
    EmptyTemp:
    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.

     

    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.

     

    It creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your answer.

     

     

    2. To get a second opinion, please run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/

    To shorten the scanning time disable your antivirus program while scanning.

     

    Select Enable detection of potentially unwanted applications.

    Click Advanced Settings.

     

    Deselect Remove found threats.

     

    Select:

    Scan Archives

    Scan for potentially unsafe applications

    Enable Anti-Stealth Technology

     

    Click Start.

     

    When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your answer.

    0
  • Customer

    Thanks Cecilia

     

    FIXLOG TEXT

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015

    Ran by Supreme Steggles at 2015-01-22 13:22:56 Run:1

    Running from C:\Users\Supreme Steggles\Desktop

    Loaded Profiles: Supreme Steggles (Available profiles: Supreme Steggles)

    Boot Mode: Normal

    ==============================================


    Content of fixlist:

    *****************

    CreateRestorePoint:

    CloseProcesses:

    HKLM\...\Run: [] => [X]

    HKLM-x32\...\Run: [mbot_gb_254] => [X]

    HKLM-x32\...\Run: [] => [X]

    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    Toolbar: HKU\S-1-5-21-836906749-1893374104-4223838171-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

    C:\Program Files\CloudGuard

    C:\Windows\System32\Tasks\CloudScout

    Tcpip\..\Interfaces\{8BCDFA2D-92E3-4B5E-9D66-FB43C497F31C}: [NameServer] 31.168.224.106,5.135.12.52

    FF Plugin: @microsoft.com/GENUINE -> disabled No File

    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

    CMD: ipconfig /flushdns

    CMD: netsh winsock reset catalog

    CMD: netsh int ip reset c:\resetlog.txt

    CMD: ipconfig /release

    CMD: ipconfig /renew

    EmptyTemp:

    *****************


    Restore point was successfully created.

    Processes closed successfully.

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_gb_254 => value deleted successfully.

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

    HKU\S-1-5-21-836906749-1893374104-4223838171-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.

    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.

    "C:\Program Files\CloudGuard" => File/Directory not found.

    "C:\Windows\System32\Tasks\CloudScout" => File/Directory not found.

    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BCDFA2D-92E3-4B5E-9D66-FB43C497F31C}\\NameServer => value deleted successfully.

    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.

    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.


    ========= ipconfig /flushdns =========



    Windows IP Configuration


    Successfully flushed the DNS Resolver Cache.


    ========= End of CMD: =========



    ========= netsh winsock reset catalog =========



    Sucessfully reset the Winsock Catalog.

    You must restart the computer in order to complete the reset.



    ========= End of CMD: =========



    ========= netsh int ip reset c:\resetlog.txt =========


    Reseting Global, OK!

    Reseting Interface, OK!

    Restart the computer to complete this action.



    ========= End of CMD: =========



    ========= ipconfig /release =========



    Windows IP Configuration



    Ethernet adapter Local Area Connection:


    Connection-specific DNS Suffix . :

    Link-local IPv6 Address . . . . . : fe80::7015:aa72:a766:5729%11

    Default Gateway . . . . . . . . . :


    ========= End of CMD: =========



    ========= ipconfig /renew =========



    Windows IP Configuration



    Ethernet adapter Local Area Connection:


    Connection-specific DNS Suffix . : home

    Link-local IPv6 Address . . . . . : fe80::7015:aa72:a766:5729%11

    IPv4 Address. . . . . . . . . . . : 192.168.1.72

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.254


    ========= End of CMD: =========


    EmptyTemp: => Removed 634.9 MB temporary data.



    The system needed a reboot.


    ==== End of Fixlog 13:23:35 ====


    ESET THREATS FOUND


    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir Win32/Thinknice.E potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir Win64/Thinknice.F potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir Win32/Thinknice.E potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir Win32/Thinknice.E potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir Win64/Thinknice.E potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir Win64/Thinknice.F potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir Win32/Thinknice.E potentially unwanted application

    C:\Program Files (x86)\Adobe\keygen.exe a variant of Win32/Keygen.BR potentially unsafe application

    C:\Users\Supreme Steggles\Documents\mysdbackup\Draw_Something_v1.5.18_FULL_ANDROID-P2P.apk a variant of Android/Inmobi.A potentially unsafe application

    C:\Users\Supreme Steggles\Downloads\FileZilla_3.9.0.6_win32-setup (1).exe a variant of Win32/InstallCore.UE potentially unwanted application

    C:\Users\Supreme Steggles\Downloads\FileZilla_3.9.0.6_win32-setup.exe a variant of Win32/InstallCore.UE potentially unwanted application

    C:\Users\Supreme Steggles\Downloads\setup (4).exe a variant of Win32/AdGazelle.B potentially unwanted application


    Many thanks

    0
  • Support

    1. C:\Program Files (x86)\Adobe\keygen.exe a variant of Win32/Keygen.BR potentially unsafe application


    Using cracked programs can infect the program.

     


    C:\Users\Supreme Steggles\Documents\mysdbackup\Draw_Something_v1.5.18_FULL_ANDROID-P2P.apk a variant of Android/Inmobi.A potentially unsafe application


    C:\Users\Supreme Steggles\Downloads\FileZilla_3.9.0.6_win32-setup (1).exe a variant of Win32/InstallCore.UE potentially unwanted application


    C:\Users\Supreme Steggles\Downloads\FileZilla_3.9.0.6_win32-setup.exe a variant of Win32/InstallCore.UE potentially unwanted application


    C:\Users\Supreme Steggles\Downloads\setup (4).exe a variant of Win32/AdGazelle.B potentially unwanted application


    Be aware of that those installations file might be malicious, contain adware and/or install unwanted applications and not only what you want it to install.

     


    2. Do you still have issues with all those ads or is it time to uninstall FRST and AdwCleaner?

    0
  • Customer

    Thank you so much, the ads have all gone.

    0
  • Support

    You're welcome

     


    Time to uninstall AdwCleaner and FRST:

     


    Please, turn off all programs, including browsers.


    Double-click on AdwCleaner to start the program.


    Click on the Uninstall button.

     


    Download OTC http://oldtimer.geekstogo.com/OTC.exe


    Close all programs.


    Start OTC program.


    Click the CleanUp! button.


    Select Yes when asked "Begin cleanup process".


    If you are asked to reboot, select Yes.


    If any logs remain on the computer you can remove them.

     

     


    It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

    0
  • Support

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

     


    If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

     


    Everyone else please begin a New Topic.

     


    Thank you !

    0

Please sign in to leave a comment.