1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Yontoo (and more?)

Discussion in 'Virus & Other Malware Removal' started by astough, Feb 4, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. astough

    astough Thread Starter

    Joined:
    Aug 19, 2013
    Messages:
    26
    I am trying to help my niece clean up this computer. I know that it has Yontoo which I understand is a virus or trojan of some sort. I tried to follow directions from another thread to remove it, but I seemed to have different options than the person that had posted the thread. There seems to also be a lot of start up programs that are being blocked (I assume because they are bad).

    Here is the System Info and a log file from Adwcleaner. Any help you can give would be great :)

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
    Processor: AMD Athlon Dual-Core QL-62, x64 Family 17 Model 3 Stepping 1
    Processor Count: 2
    RAM: 1789 Mb
    Graphics Card: NVIDIA GeForce 8200M G, 256 Mb
    Hard Drives: C: Total - 227333 MB, Free - 126124 MB; D: Total - 11137 MB, Free - 1870 MB;
    Motherboard: Wistron, 303C
    Antivirus: Microsoft Security Essentials, Updated and Enabled

    # AdwCleaner v4.109 - Report created 04/02/2015 at 15:56:27
    # Updated 24/01/2015 by Xplode
    # Database : 2015-02-04.1 [Live]
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : samantha - SAMANTHA-PC
    # Running from : C:\Users\samantha\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Found : C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Found : C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
    File Found : C:\Users\samantha\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    File Found : C:\Users\samantha\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
    Folder Found : C:\Program Files\1ClickDownload
    Folder Found : C:\Program Files\FunWebProducts
    Folder Found : C:\Program Files\Giant Savings
    Folder Found : C:\Program Files\Gophoto.it
    Folder Found : C:\Program Files\HDvidCodec.com
    Folder Found : C:\Program Files\InfoAtoms
    Folder Found : C:\Program Files\NCH Software
    Folder Found : C:\Program Files\OApps
    Folder Found : C:\Program Files\PC Speed Maximizer
    Folder Found : C:\Program Files\Perion
    Folder Found : C:\Program Files\Playbryte
    Folder Found : C:\Program Files\SaveValet
    Folder Found : C:\Program Files\SearchAmong Toolbar
    Folder Found : C:\Program Files\VideoConverter
    Folder Found : C:\ProgramData\Anti-phishing Domain Advisor
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\NCH Software
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\samantha\AppData\Local\Giant Savings
    Folder Found : C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
    Folder Found : C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
    Folder Found : C:\Users\samantha\AppData\Local\Ilivid Player
    Folder Found : C:\Users\samantha\AppData\Local\PackageAware
    Folder Found : C:\Users\samantha\AppData\LocalLow\FunWebProducts
    Folder Found : C:\Users\samantha\AppData\LocalLow\Playbryte
    Folder Found : C:\Users\samantha\AppData\LocalLow\searchquband
    Folder Found : C:\Users\samantha\AppData\Roaming\Babylon
    Folder Found : C:\Users\samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
    Folder Found : C:\Users\samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Video Converter
    Folder Found : C:\Users\samantha\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    Folder Found : C:\Users\samantha\AppData\Roaming\NCH Software
    Folder Found : C:\Users\samantha\AppData\Roaming\PC Speed Maximizer
    Folder Found : C:\Windows\system32\SearchProtect

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 192.168.*.*;*.local
    Key Found : HKCU\Software\1ClickDownload
    Key Found : HKCU\Software\5c18b8cb439be45
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
    Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
    Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
    Key Found : HKCU\Software\BABSOLUTION
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Cr_Installer
    Key Found : HKCU\Software\DataMngr
    Key Found : HKCU\Software\DataMngr_Toolbar
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9FF05104-B030-46FC-94B8-81276E4E27DF}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\MyWebSearch
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\5c18b8cb439be45
    Key Found : HKLM\SOFTWARE\Babylon
    Key Found : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
    Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
    Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
    Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\speedupmypc
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AA2E16F2-387A-415F-BA95-B89BAF3AF109}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Found : HKLM\SOFTWARE\Conduit
    Key Found : HKLM\SOFTWARE\DataMngr
    Key Found : HKLM\SOFTWARE\Fun Web Products
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\MyWebSearch
    Key Found : HKLM\SOFTWARE\Playbryte
    Key Found : HKLM\SOFTWARE\Tarma Installer
    Key Found : HKLM\SOFTWARE\Uniblue
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FBSSA]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16599

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page] - hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3317187%26octid%3DEB%5FORIGINAL%5FCTID%26SearchSource%3D55%26CUI%3D%26UM%3D2%26UP%3DSP315150A8%2DB4AA%2D492D%2DBC08%2DC9F1A3623F7B%26SSPV%3D&OSP=hxxp%3A%2F%2Fsearch.conduit.com%2FResults.aspx%3Fctid%3DCT3317187%26octid%3DEB%5FORIGINAL%5FCTID%26SearchSource%3D58%26CUI%3D%26UM%3D2%26UP%3DSP315150A8%2DB4AA%2D492D%2DBC08%2DC9F1A3623F7B%26q%3D%7BsearchTerms%7D%26SSPV%3D

    -\\ Mozilla Firefox v


    -\\ Google Chrome v40.0.2214.94


    *************************

    AdwCleaner[R0].txt - [13408 octets] - [04/02/2015 15:43:39]
    AdwCleaner[R1].txt - [13206 octets] - [04/02/2015 15:56:27]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [13267 octets] ##########
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please run AdwCleaner again but this time select the "Clean" option and post the new log.
     
  3. astough

    astough Thread Starter

    Joined:
    Aug 19, 2013
    Messages:
    26
    I ran the clean. Yontoo is gone from the programs and features list, I am still getting the message when I start the computer that there are startup programs that are being blocked. Is there anything I can do about that? New log file below:

    # AdwCleaner v4.110 - Logfile created 07/02/2015 at 18:15:00
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-05.2 [Local]
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
    # Username : samantha - SAMANTHA-PC
    # Running from : C:\Users\samantha\Downloads\adwcleaner_4.110.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Program Files\1ClickDownload
    Folder Deleted : C:\Program Files\FunWebProducts
    Folder Deleted : C:\Program Files\Giant Savings
    Folder Deleted : C:\Program Files\Gophoto.it
    Folder Deleted : C:\Program Files\HDvidCodec.com
    Folder Deleted : C:\Program Files\InfoAtoms
    Folder Deleted : C:\Program Files\OApps
    Folder Deleted : C:\Program Files\PC Speed Maximizer
    Folder Deleted : C:\Program Files\Perion
    Folder Deleted : C:\Program Files\Playbryte
    Folder Deleted : C:\Program Files\SaveValet
    Folder Deleted : C:\Program Files\SearchAmong Toolbar
    Folder Deleted : C:\Program Files\VideoConverter
    Folder Deleted : C:\Windows\system32\SearchProtect
    Folder Deleted : C:\Users\samantha\AppData\Local\Giant Savings
    Folder Deleted : C:\Users\samantha\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\samantha\AppData\Local\PackageAware
    Folder Deleted : C:\Users\samantha\AppData\LocalLow\FunWebProducts
    Folder Deleted : C:\Users\samantha\AppData\LocalLow\Playbryte
    Folder Deleted : C:\Users\samantha\AppData\LocalLow\searchquband
    Folder Deleted : C:\Users\samantha\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\samantha\AppData\Roaming\PC Speed Maximizer
    Folder Deleted : C:\Users\samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Video Converter
    Folder Deleted : C:\Users\samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
    [!] Folder Deleted : C:\Users\samantha\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    Folder Deleted : C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
    Folder Deleted : C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
    File Deleted : C:\Users\samantha\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Users\samantha\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
    File Deleted : C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Deleted : C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FBSSA]
    Key Deleted : HKCU\Software\5c18b8cb439be45
    Key Deleted : HKLM\SOFTWARE\5c18b8cb439be45
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA2E16F2-387A-415F-BA95-B89BAF3AF109}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9FF05104-B030-46FC-94B8-81276E4E27DF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\BABSOLUTION
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\DataMngr
    [#] Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\MyWebSearch
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
    Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
    Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
    Key Deleted : HKLM\SOFTWARE\Babylon
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\DataMngr
    Key Deleted : HKLM\SOFTWARE\Fun Web Products
    Key Deleted : HKLM\SOFTWARE\MyWebSearch
    Key Deleted : HKLM\SOFTWARE\Playbryte
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Key Deleted : HKLM\SOFTWARE\Uniblue
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 192.168.*.*;*.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v9.0.8112.16599

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]

    -\\ Mozilla Firefox v


    -\\ Google Chrome v40.0.2214.111


    *************************

    AdwCleaner[R0].txt - [13408 bytes] - [04/02/2015 15:43:39]
    AdwCleaner[R1].txt - [13348 bytes] - [04/02/2015 15:56:27]
    AdwCleaner[R2].txt - [13258 bytes] - [07/02/2015 16:47:23]
    AdwCleaner[S0].txt - [12911 bytes] - [07/02/2015 18:15:00]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12971 bytes] ##########
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Let's see what's still lingering in the system

    Click here to download HijackThis.exe
    • Save it to your desktop.
    • Doubleclick on the HijackThis.exe icon on your desktop.
    • Click on Install.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  5. astough

    astough Thread Starter

    Joined:
    Aug 19, 2013
    Messages:
    26
    Here is the HJT log. I received an error when it was running but somehow when I tried to capture the error message I did something wrong.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:52:32 PM, on 2/7/2015
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16599)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\samantha\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;192.168.*.*
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Privacy SafeGuard - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\RunOnce: [*RunSmartLeapServiceCenter] C:\SmartLeap_ServiceCenter\ApplicationStarter.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/mindspark/ei/1.2.5.17/CursorMania.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7779 bytes
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with HijackThis.
    Close all browser windows except HijackThis.
    Put a check mark beside these entries and click "Fix Checked".

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    \O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)

    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...ursorMania.cab


    Close out HijackThis and restart the computer.

    SCAN 2
    Download Malwarebytes from here: Malwarebytes if you do not already have it and save the download to your desktop and install it. Once installed, open the program by double clicking on the icon and click on Update Now in the line where Database Version: is shown.


    • Before you run the scan click on Settings and then Detection and Protection in the left pane.
    • At the next window make sure there are check marks next to all three of the items below Detection Options.
    • Also, under Non-Malware detections: set it to Treat detections as Malware
    • When done click on the Scan button and then make sure Threat Scan is selected, then click on the Scan Now button.
    • Shut down all browsers and any running programs and leave the system undisturbed while the scan is running, the time it takes to complete will depend on the amount of data that is on your system, on most systems it will be about 10 to 20 minutes.
    • When the scan completes it will tell you and show a window with a list of the detected items. They should all show Quarantine under the Action column, check to make sure. Then click on the Apply Actions button, accept any prompts that appear and allow it to reboot if requested.
    • Then click on the History button at the top of the window. (If the system rebooted you will first need to double click on the Malwarebytes icon to re-open it).
    • Click on Application Logs in the left pane. It will show a list of logs, you must find the Scan log, not the Protection Log, with today's date on it, it should be the one at the top of the list, click on the box at the beginning of the line so a check mark appears then click on View just above the list. When the next window opens click on Copy to Clipboard. If the View button is greyed out click on the word 'Scan Log' so the line gets highlighted, the View button should then be available.
    • Immediately come back here, right click inside the message box and select Paste, the log should appear. Add any other information asked for and submit the post.
     
  7. astough

    astough Thread Starter

    Joined:
    Aug 19, 2013
    Messages:
    26
    After all this my niece decided to just restore to factory settings. Hopefully that will end the issues with viruses (even though I am having another issue that I will post in the correct forum). Thank you for all your assistance.
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You're welcome!
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1142487

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice