Hey, guys!
My GF has bought a new laptop and wants to get it setup at my place (i.e. all updates and what not) but I'm a little worried about the state of my network as I'm not very well protected and happily torrent and frequently visit nefarious sites...
I've gone through the "Read this before requesting malware removal help" thread and finished all the scans. I was just wondering if I should be worried about my modem-router and mobile devices - whether they can re-infect my laptop after it has been cleaned, creating a big dirty circle?
I think I've made the final decision to become a fully fledged adult and begin paying for AV protection and MS Office...If anyone could help me out I would really appreciate it. I understand this is all volunteer work and I really respect you guys for handing out your time to noobs like me!
P.S. Sorry for the horrendously long post.
P.P.S I just realised there were still items in the quantine menu when I retrieved the log from Malwearbytes? I only hit the "quarantine" button after the scan, was that a mistake?
Thanks,
Josh
----------------------------------------------------------------------------------------------------------------------------------
AdwCleaner log:
# AdwCleaner v4.207 - Logfile created 30/06/2015 at 09:05:48
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Joshypoo - JOSHYPOO-HP
# Running from : C:\Users\Joshypoo\Downloads\adwcleaner_4.207.exe
# Option : Cleaning
***** [ Services ] *****
- Service Deleted : 9617fb41
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\AdPunisher
Folder Deleted : C:\ProgramData\{c84511f2-714f-e62d-c845-511f271447c9}
Folder Deleted : C:\Program Files (x86)\DigiSaver
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\BBesTSAeveForrYou
Folder Deleted : C:\Program Files (x86)\BEsatSaiveForYoou
Folder Deleted : C:\Program Files (x86)\BeSStSAvveFForYaou
Folder Deleted : C:\Program Files (x86)\BestSaveForYoou
Folder Deleted : C:\Program Files (x86)\BEstSavveForYou
Folder Deleted : C:\Program Files (x86)\BestSSaveForYoou
Folder Deleted : C:\Program Files (x86)\DDigiSaver
Folder Deleted : C:\Program Files (x86)\DDOwwnSavE
Folder Deleted : C:\Program Files (x86)\DigiSAverr
Folder Deleted : C:\Program Files (x86)\ExstraaSSavIngse
Folder Deleted : C:\Program Files (x86)\ExstraCouupon
Folder Deleted : C:\Program Files (x86)\FeuneDeaLs
Folder Deleted : C:\Program Files (x86)\JeoniCouapOOn
Folder Deleted : C:\Program Files (x86)\JoniiCooupOON
Folder Deleted : C:\Program Files (x86)\MinimumPriice
Folder Deleted : C:\Program Files (x86)\SaveLiots
Folder Deleted : C:\Program Files (x86)\SShopDrop
Folder Deleted : C:\Program Files (x86)\youtubeadblocker
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Joshypoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Users\Joshypoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\ProgramData\mmamlfaiaoenghpppagafaeiageegfcn
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
File Deleted : C:\Program Files (x86)\prefs.js
***** [ Scheduled tasks ] *****
Task Deleted : LaunchSignup
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca
Key Deleted : HKLM\SOFTWARE\bafd1f8f-95ff-775c-edfe-752dd823cf0b
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{9617fb41}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{532ECD0F-E6C9-4ACE-860A-3730B1F6F1DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7A6DCEC2-55AB-418F-A903-93D0DF482809}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A7D09AF0-F5F8-49E0-8C08-6CA6F59A51CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKCU\Software\Conduit_Search_Protect
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51417852-174C-88D4-34A0-D0FE7858BE47}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98449C67-C7AF-BB53-112D-26C916814611}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF992111-52BE-832B-5882-8477E4A3C99A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17840
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v38.0.5 (x86 en-US)
[a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.4djSgB3QFMs0zo8q.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.FoLDEZH8f5wOLdu4.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"backin.net\",\"trianglecash.com\",\[...]
[a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.TTRhf0Whby8kPKTL.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"backin.net\",\"trianglecash.com\",\[...]
[a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.fM2GmkCHTXnIF9bo.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"backin.net\",\"trianglecash.com\",\[...]
[a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.mxjJ9FvX4GovWEdL.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.pUXKPngAbusScOA2.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
-\\ Google Chrome v43.0.2357.130
[C:\Users\Joshypoo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":8192,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["homepage","management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13074689414332487","lastpingday":"13074937199523606","location":6,"manifest":{"background":{"scripts":["apnAPI.js","settings/assets.js","settings/redirect.js"]},"chrome_settings_overrides":{"homepage":"hxxp://www.search.ask.com/?gct=hp
[C:\Users\Joshypoo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 936A8574F91FC92FF84B8AA4F8DCF35B401683B
F7422EFA27E3A8877B713BB37"},"software_reporter":{"prompt_reason":"131DEEFEED362DD94113D8AFC1B00C6DD0856B5
0158EBC0E81DFBA57DFFB370E","prompt_seed":"6D14EC71062DA553F5A9A3300D85B9B78BEC1BE
398C10E48BCF8E7E63613C5D1","prompt_version":"12311E9074EDCB249BB94BD2C5F834534AD60EA
BECDC029048CB1D63EE351098"},"sync":{"remaining_rollback_tries":"851DBECCE59F0195D9191BDBA96F26B326613AF
EF263C5676567F8F3B89E88D2"}},"super_mac":"DCFEF13873BC33E6933D5B4566A7FBBD431CCC5
0671697100337F9DA4969DE3F"},"session":{"startup_urls":["hxxp://search.gboxapp.com/
*************************
AdwCleaner[R0].txt - [9544 bytes] - [30/06/2015 09:04:06]
AdwCleaner[S0].txt - [8975 bytes] - [30/06/2015 09:05:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9034 bytes] ##########
----------------------------------------------------------------------------------------------------------------------------------
Malwarebytes log:
Malwarebytes Anti-Malware
www.malwarebytes.orgError, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Update, Bad md5 or size: akadomains, 11,
Error, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Update, Bad md5 or size: akaips, 11,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, Remediation Database, 2015.5.13.1, 2015.6.26.1,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, Rootkit Database, 2015.6.2.1, 2015.6.26.1,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, AKA IP Database, 0.0.0.0, 2015.6.12.1,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, AKA Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, Malware Database, 2015.6.3.3, 2015.6.29.6,
Scan, 30/06/2015 10:56 AM, SYSTEM, JOSHYPOO-HP, Manual, Start:30/06/2015 9:38 AM, Duration:1 hr 14 min 58 sec, Threat Scan, Completed, 1 Malware Detection, 24 Non-Malware Detections,
Error, 30/06/2015 10:58 AM, SYSTEM, JOSHYPOO-HP, Protection, IsLicensed, 13,
Protection, 30/06/2015 10:58 AM, SYSTEM, JOSHYPOO-HP, Protection, Malware Protection, Stopping,
Protection, 30/06/2015 10:58 AM, SYSTEM, JOSHYPOO-HP, Protection, Malware Protection, Stopped,
(end)
----------------------------------------------------------------------------------------------------------------------------------
Security Check log:
Results of screen317's Security Check version 1.004
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 8 Update 31
Java version 32-bit out of Date! Adobe Flash Player 18.0.0.194
Adobe Reader 10.1.14
Adobe Reader out of Date! Mozilla Firefox (38.0.5)
Google Chrome (43.0.2357.124)
Google Chrome (43.0.2357.130)
Google Chrome (GoogleUpdateHelper.dll..)
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]