1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Lavasoft securesearch

Discussion in 'Virus & Other Malware Removal' started by red43560, Mar 6, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    As I upgraded versions of Lavasoft adware I unchecked the box to add the SecureSearch toolbar....but now I have it. Unfortunately, I already attempted to uninstall and delete files and run anti malware and antivirus software. So what would you suggest now? Thank you.
     
  2. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
  3. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
  4. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  6. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    # AdwCleaner v2.114 - Logfile created 03/13/2013 at 20:51:36
    # Updated 05/03/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Chris - CHRISNOTEBOOK
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Chris\Desktop\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Documents and Settings\All Users\Application Data\search protection
    Folder Found : C:\Documents and Settings\Chris\Application Data\PriceGong
    Folder Found : C:\Documents and Settings\Chris\Local Settings\Application Data\Conduit
    Folder Found : C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Folder Found : C:\Program Files\Conduit

    ***** [Registry] *****

    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\PriceGong
    Key Found : HKCU\Software\SmartBar
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKU\S-1-5-21-3919648721-3038869406-929393948-1006\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKU\S-1-5-21-3919648721-3038869406-929393948-1006\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Google Chrome v25.0.1364.152

    File : C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Found [l.65] : search_url = "hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=472D5C3109B5DBDCE2CBED5135D96D9F&q={searchTerms}",

    *************************

    AdwCleaner[R1].txt - [2724 octets] - [13/03/2013 20:51:36]

    ########## EOF - C:\AdwCleaner[R1].txt - [2784 octets] ##########
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt
    and tell us if that cured it
     
  8. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    # AdwCleaner v2.114 - Logfile created 03/14/2013 at 06:42:28
    # Updated 05/03/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Chris - CHRISNOTEBOOK
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Chris\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\search protection
    Folder Deleted : C:\Documents and Settings\Chris\Application Data\PriceGong
    Folder Deleted : C:\Documents and Settings\Chris\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Folder Deleted : C:\Program Files\Conduit

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\PriceGong
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Google Chrome v25.0.1364.152

    File : C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Deleted [l.65] : search_url = "hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=4[...]

    *************************

    AdwCleaner[R1].txt - [2853 octets] - [14/03/2013 06:42:09]
    AdwCleaner[S1].txt - [2478 octets] - [14/03/2013 06:42:28]

    ########## EOF - C:\AdwCleaner[S1].txt - [2538 octets] ##########
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    Has that solved your problem
     
  10. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    Yes, thank you...all appears to be back to normal!
     
  11. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    Just did another search and it's back! Help!!
     
  12. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    I ran the cleaner again and this was the result:

    # AdwCleaner v2.114 - Logfile created 03/14/2013 at 19:26:54
    # Updated 05/03/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Chris - CHRISNOTEBOOK
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Chris\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Google Chrome v25.0.1364.172

    File : C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Deleted [l.65] : search_url = "hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=4[...]

    *************************

    AdwCleaner[R1].txt - [2853 octets] - [14/03/2013 06:42:09]
    AdwCleaner[R2].txt - [1098 octets] - [14/03/2013 19:26:21]
    AdwCleaner[S1].txt - [2607 octets] - [14/03/2013 06:42:28]
    AdwCleaner[S2].txt - [988 octets] - [14/03/2013 19:26:54]

    ########## EOF - C:\AdwCleaner[S2].txt - [1047 octets] ##########
     
  13. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    It came back again....

    # AdwCleaner v2.114 - Logfile created 03/14/2013 at 19:33:15
    # Updated 05/03/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Chris - CHRISNOTEBOOK
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Chris\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Google Chrome v25.0.1364.172

    File : C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Deleted [l.65] : search_url = "hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=4[...]

    *************************

    AdwCleaner[R1].txt - [2853 octets] - [14/03/2013 06:42:09]
    AdwCleaner[R2].txt - [1098 octets] - [14/03/2013 19:26:21]
    AdwCleaner[R3].txt - [1218 octets] - [14/03/2013 19:32:30]
    AdwCleaner[S1].txt - [2607 octets] - [14/03/2013 06:42:28]
    AdwCleaner[S2].txt - [1116 octets] - [14/03/2013 19:26:54]
    AdwCleaner[S3].txt - [1108 octets] - [14/03/2013 19:33:15]

    ########## EOF - C:\AdwCleaner[S3].txt - [1168 octets] ##########
     
  14. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    is it only happening in chrome or in all browsers
    if it is just in chrome then

    The only likely cure is going to be uninstall chrome, make sure you take the option to remove all user data.
    first make sure that you are not set up to sync chrome with your google account, if you are, set it to stop sync first ( otherwise the backups on your google account will reinstall the malware).
    Then reboot & reinstall chrome
     
  15. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    Is happening in both Chrome and Explorer, the only two browsers that I have installed. Suggestions?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1092128