Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Clearing my laptop and home network.  (Read 7621 times)

0 Members and 1 Guest are viewing this topic.

Joshyp00

    Topic Starter


    Newbie

    • Experience: Familiar
    • OS: Windows 7
    Clearing my laptop and home network.
    « on: June 29, 2015, 08:05:31 PM »
    Hey, guys!

    My GF has bought a new laptop and wants to get it setup at my place (i.e. all updates and what not) but I'm a little worried about the state of my network as I'm not very well protected and happily torrent and frequently visit nefarious sites...

    I've gone through the "Read this before requesting malware removal help" thread and finished all the scans. I was just wondering if I should be worried about my modem-router and mobile devices - whether they can re-infect my laptop after it has been cleaned, creating a big dirty circle?

    I think I've made the final decision to become a fully fledged adult and begin paying for AV protection and MS Office...If anyone could help me out I would really appreciate it. I understand this is all volunteer work and I really respect you guys for handing out your time to noobs like me!

    P.S. Sorry for the horrendously long post.
    P.P.S I just realised there were still items in the quantine menu when I retrieved the log from Malwearbytes? I only hit the "quarantine" button after the scan, was that a mistake?

    Thanks,
    Josh

    ----------------------------------------------------------------------------------------------------------------------------------
    AdwCleaner log:

    # AdwCleaner v4.207 - Logfile created 30/06/2015 at 09:05:48
    # Updated 21/06/2015 by Xplode
    # Database : 2015-06-29.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Joshypoo - JOSHYPOO-HP
    # Running from : C:\Users\Joshypoo\Downloads\adwcleaner_4.207.exe
    # Option : Cleaning

    ***** [ Services ] *****

    • Service Deleted : 9617fb41


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\ParetoLogic
    Folder Deleted : C:\ProgramData\AdPunisher
    Folder Deleted : C:\ProgramData\{c84511f2-714f-e62d-c845-511f271447c9}
    Folder Deleted : C:\Program Files (x86)\DigiSaver
    Folder Deleted : C:\Program Files (x86)\ParetoLogic
    Folder Deleted : C:\Program Files (x86)\BBesTSAeveForrYou
    Folder Deleted : C:\Program Files (x86)\BEsatSaiveForYoou
    Folder Deleted : C:\Program Files (x86)\BeSStSAvveFForYaou
    Folder Deleted : C:\Program Files (x86)\BestSaveForYoou
    Folder Deleted : C:\Program Files (x86)\BEstSavveForYou
    Folder Deleted : C:\Program Files (x86)\BestSSaveForYoou
    Folder Deleted : C:\Program Files (x86)\DDigiSaver
    Folder Deleted : C:\Program Files (x86)\DDOwwnSavE
    Folder Deleted : C:\Program Files (x86)\DigiSAverr
    Folder Deleted : C:\Program Files (x86)\ExstraaSSavIngse
    Folder Deleted : C:\Program Files (x86)\ExstraCouupon
    Folder Deleted : C:\Program Files (x86)\FeuneDeaLs
    Folder Deleted : C:\Program Files (x86)\JeoniCouapOOn
    Folder Deleted : C:\Program Files (x86)\JoniiCooupOON
    Folder Deleted : C:\Program Files (x86)\MinimumPriice
    Folder Deleted : C:\Program Files (x86)\SaveLiots
    Folder Deleted : C:\Program Files (x86)\SShopDrop
    Folder Deleted : C:\Program Files (x86)\youtubeadblocker
    Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
    Folder Deleted : C:\Users\Joshypoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
    Folder Deleted : C:\Users\Joshypoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
    Folder Deleted : C:\ProgramData\mmamlfaiaoenghpppagafaeiageegfcn
    File Deleted : C:\END
    File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
    File Deleted : C:\Program Files (x86)\prefs.js

    ***** [ Scheduled tasks ] *****

    Task Deleted : LaunchSignup

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca
    Key Deleted : HKLM\SOFTWARE\bafd1f8f-95ff-775c-edfe-752dd823cf0b
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{9617fb41}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{532ECD0F-E6C9-4ACE-860A-3730B1F6F1DD}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7A6DCEC2-55AB-418F-A903-93D0DF482809}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A7D09AF0-F5F8-49E0-8C08-6CA6F59A51CF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    Key Deleted : HKCU\Software\Conduit_Search_Protect
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\ParetoLogic
    Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51417852-174C-88D4-34A0-D0FE7858BE47}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98449C67-C7AF-BB53-112D-26C916814611}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF992111-52BE-832B-5882-8477E4A3C99A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17840

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v38.0.5 (x86 en-US)

    [a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.4djSgB3QFMs0zo8q.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
    [a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.FoLDEZH8f5wOLdu4.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"backin.net\",\"trianglecash.com\",\[...]
    [a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.TTRhf0Whby8kPKTL.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"backin.net\",\"trianglecash.com\",\[...]
    [a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.fM2GmkCHTXnIF9bo.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"backin.net\",\"trianglecash.com\",\[...]
    [a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.mxjJ9FvX4GovWEdL.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
    [a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.pUXKPngAbusScOA2.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]

    -\\ Google Chrome v43.0.2357.130

    [C:\Users\Joshypoo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":8192,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["homepage","management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13074689414332487","lastpingday":"13074937199523606","location":6,"manifest":{"background":{"scripts":["apnAPI.js","settings/assets.js","settings/redirect.js"]},"chrome_settings_overrides":{"homepage":"hxxp://www.search.ask.com/?gct=hp
    [C:\Users\Joshypoo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 936A8574F91FC92FF84B8AA4F8DCF35B401683B F7422EFA27E3A8877B713BB37"},"software_reporter":{"prompt_reason":"131DEEFEED362DD94113D8AFC1B00C6DD0856B5 0158EBC0E81DFBA57DFFB370E","prompt_seed":"6D14EC71062DA553F5A9A3300D85B9B78BEC1BE 398C10E48BCF8E7E63613C5D1","prompt_version":"12311E9074EDCB249BB94BD2C5F834534AD60EA BECDC029048CB1D63EE351098"},"sync":{"remaining_rollback_tries":"851DBECCE59F0195D9191BDBA96F26B326613AF EF263C5676567F8F3B89E88D2"}},"super_mac":"DCFEF13873BC33E6933D5B4566A7FBBD431CCC5 0671697100337F9DA4969DE3F"},"session":{"startup_urls":["hxxp://search.gboxapp.com/

    *************************

    AdwCleaner[R0].txt - [9544 bytes] - [30/06/2015 09:04:06]
    AdwCleaner[S0].txt - [8975 bytes] - [30/06/2015 09:05:48]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9034  bytes] ##########


    ----------------------------------------------------------------------------------------------------------------------------------
    Malwarebytes log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Error, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Update, Bad md5 or size: akadomains, 11,
    Error, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Update, Bad md5 or size: akaips, 11,
    Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
    Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
    Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, Remediation Database, 2015.5.13.1, 2015.6.26.1,
    Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, Rootkit Database, 2015.6.2.1, 2015.6.26.1,
    Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, AKA IP Database, 0.0.0.0, 2015.6.12.1,
    Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, AKA Domain Database, 0.0.0.0, 2015.6.12.1,
    Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, Malware Database, 2015.6.3.3, 2015.6.29.6,
    Scan, 30/06/2015 10:56 AM, SYSTEM, JOSHYPOO-HP, Manual, Start:30/06/2015 9:38 AM, Duration:1 hr 14 min 58 sec, Threat Scan, Completed, 1 Malware Detection, 24 Non-Malware Detections,
    Error, 30/06/2015 10:58 AM, SYSTEM, JOSHYPOO-HP, Protection, IsLicensed, 13,
    Protection, 30/06/2015 10:58 AM, SYSTEM, JOSHYPOO-HP, Protection, Malware Protection, Stopping,
    Protection, 30/06/2015 10:58 AM, SYSTEM, JOSHYPOO-HP, Protection, Malware Protection, Stopped,

    (end)


    ----------------------------------------------------------------------------------------------------------------------------------
    Security Check log:

     Results of screen317's Security Check version 1.004 
     Windows 7 Service Pack 1 x64 (UAC is enabled) 
     Internet Explorer 11 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     Windows Firewall Enabled! 
    Microsoft Security Essentials   
     Antivirus up to date! 
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     Java 8 Update 31 
     Java version 32-bit out of Date!
     Adobe Flash Player 18.0.0.194 
     Adobe Reader 10.1.14 Adobe Reader out of Date! 
     Mozilla Firefox (38.0.5)
     Google Chrome (43.0.2357.124)
     Google Chrome (43.0.2357.130)
     Google Chrome (GoogleUpdateHelper.dll..)
    ````````Process Check: objlist.exe by Laurent````````[/u] 
     Microsoft Security Essentials MSMpEng.exe
     Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````[/u]

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Clearing my laptop and home network.
    « Reply #1 on: June 30, 2015, 01:14:32 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Quote
    I think I've made the final decision to become a fully fledged adult and begin paying for AV protection and MS Office...
    MicroSoft Security Essentials is just as good as most paid for AV's.  As for MS Office, you can download OpenOffice which is the same as MS Office

    Open Office is here.
    ****************************************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message.
    ***************************************************
    Update Your Java (JRE)

    Old versions of Java have vulnerabilities that malware can use to infect your system.


    First Verify your Java Version

    If there are any other version(s) installed then update now.

    Get the new version (if needed)

    If your version is out of date install the newest version of the Sun Java Runtime Environment.

    Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Be sure to close ALL open web browsers before starting the installation.

    Remove any old versions

    1. Download JavaRa and unzip the file to your Desktop.
    2. Open JavaRA.exe and choose Remove Older Versions
    3. Once complete exit JavaRA.

    Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
    Windows 8 and Windows 10 dual boot with two SSD's