Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Joshyp00 on June 29, 2015, 08:05:31 PM

Title: Clearing my laptop and home network.
Post by: Joshyp00 on June 29, 2015, 08:05:31 PM
Hey, guys!

My GF has bought a new laptop and wants to get it setup at my place (i.e. all updates and what not) but I'm a little worried about the state of my network as I'm not very well protected and happily torrent and frequently visit nefarious sites...

I've gone through the "Read this before requesting malware removal help" thread and finished all the scans. I was just wondering if I should be worried about my modem-router and mobile devices - whether they can re-infect my laptop after it has been cleaned, creating a big dirty circle?

I think I've made the final decision to become a fully fledged adult and begin paying for AV protection and MS Office...If anyone could help me out I would really appreciate it. I understand this is all volunteer work and I really respect you guys for handing out your time to noobs like me!

P.S. Sorry for the horrendously long post.
P.P.S I just realised there were still items in the quantine menu when I retrieved the log from Malwearbytes? I only hit the "quarantine" button after the scan, was that a mistake?

Thanks,
Josh

----------------------------------------------------------------------------------------------------------------------------------
AdwCleaner log:

# AdwCleaner v4.207 - Logfile created 30/06/2015 at 09:05:48
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Joshypoo - JOSHYPOO-HP
# Running from : C:\Users\Joshypoo\Downloads\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****



***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\AdPunisher
Folder Deleted : C:\ProgramData\{c84511f2-714f-e62d-c845-511f271447c9}
Folder Deleted : C:\Program Files (x86)\DigiSaver
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\BBesTSAeveForrYou
Folder Deleted : C:\Program Files (x86)\BEsatSaiveForYoou
Folder Deleted : C:\Program Files (x86)\BeSStSAvveFForYaou
Folder Deleted : C:\Program Files (x86)\BestSaveForYoou
Folder Deleted : C:\Program Files (x86)\BEstSavveForYou
Folder Deleted : C:\Program Files (x86)\BestSSaveForYoou
Folder Deleted : C:\Program Files (x86)\DDigiSaver
Folder Deleted : C:\Program Files (x86)\DDOwwnSavE
Folder Deleted : C:\Program Files (x86)\DigiSAverr
Folder Deleted : C:\Program Files (x86)\ExstraaSSavIngse
Folder Deleted : C:\Program Files (x86)\ExstraCouupon
Folder Deleted : C:\Program Files (x86)\FeuneDeaLs
Folder Deleted : C:\Program Files (x86)\JeoniCouapOOn
Folder Deleted : C:\Program Files (x86)\JoniiCooupOON
Folder Deleted : C:\Program Files (x86)\MinimumPriice
Folder Deleted : C:\Program Files (x86)\SaveLiots
Folder Deleted : C:\Program Files (x86)\SShopDrop
Folder Deleted : C:\Program Files (x86)\youtubeadblocker
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Joshypoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Users\Joshypoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\ProgramData\mmamlfaiaoenghpppagafaeiageegfcn
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
File Deleted : C:\Program Files (x86)\prefs.js

***** [ Scheduled tasks ] *****

Task Deleted : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca
Key Deleted : HKLM\SOFTWARE\bafd1f8f-95ff-775c-edfe-752dd823cf0b
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{9617fb41}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{532ECD0F-E6C9-4ACE-860A-3730B1F6F1DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7A6DCEC2-55AB-418F-A903-93D0DF482809}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A7D09AF0-F5F8-49E0-8C08-6CA6F59A51CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKCU\Software\Conduit_Search_Protect
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51417852-174C-88D4-34A0-D0FE7858BE47}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98449C67-C7AF-BB53-112D-26C916814611}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF992111-52BE-832B-5882-8477E4A3C99A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.4djSgB3QFMs0zo8q.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.FoLDEZH8f5wOLdu4.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"backin.net\",\"trianglecash.com\",\[...]
[a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.TTRhf0Whby8kPKTL.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"backin.net\",\"trianglecash.com\",\[...]
[a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.fM2GmkCHTXnIF9bo.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"backin.net\",\"trianglecash.com\",\[...]
[a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.mxjJ9FvX4GovWEdL.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[a0pjk7mc.default\prefs.js] - Line Deleted : user_pref("extensions.pUXKPngAbusScOA2.scode", "(function(){try{if(window.location.href.indexOf(\"rTr9qdnGqjU9pjCHqjw4pdk8qa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]

-\\ Google Chrome v43.0.2357.130

[C:\Users\Joshypoo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":8192,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["homepage","management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13074689414332487","lastpingday":"13074937199523606","location":6,"manifest":{"background":{"scripts":["apnAPI.js","settings/assets.js","settings/redirect.js"]},"chrome_settings_overrides":{"homepage":"hxxp://www.search.ask.com/?gct=hp
[C:\Users\Joshypoo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 936A8574F91FC92FF84B8AA4F8DCF35B401683B F7422EFA27E3A8877B713BB37"},"software_reporter":{"prompt_reason":"131DEEFEED362DD94113D8AFC1B00C6DD0856B5 0158EBC0E81DFBA57DFFB370E","prompt_seed":"6D14EC71062DA553F5A9A3300D85B9B78BEC1BE 398C10E48BCF8E7E63613C5D1","prompt_version":"12311E9074EDCB249BB94BD2C5F834534AD60EA BECDC029048CB1D63EE351098"},"sync":{"remaining_rollback_tries":"851DBECCE59F0195D9191BDBA96F26B326613AF EF263C5676567F8F3B89E88D2"}},"super_mac":"DCFEF13873BC33E6933D5B4566A7FBBD431CCC5 0671697100337F9DA4969DE3F"},"session":{"startup_urls":["hxxp://search.gboxapp.com/

*************************

AdwCleaner[R0].txt - [9544 bytes] - [30/06/2015 09:04:06]
AdwCleaner[S0].txt - [8975 bytes] - [30/06/2015 09:05:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9034  bytes] ##########


----------------------------------------------------------------------------------------------------------------------------------
Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Update, Bad md5 or size: akadomains, 11,
Error, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Update, Bad md5 or size: akaips, 11,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, Remediation Database, 2015.5.13.1, 2015.6.26.1,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, Rootkit Database, 2015.6.2.1, 2015.6.26.1,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, AKA IP Database, 0.0.0.0, 2015.6.12.1,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, AKA Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 30/06/2015 9:37 AM, SYSTEM, JOSHYPOO-HP, Manual, Malware Database, 2015.6.3.3, 2015.6.29.6,
Scan, 30/06/2015 10:56 AM, SYSTEM, JOSHYPOO-HP, Manual, Start:30/06/2015 9:38 AM, Duration:1 hr 14 min 58 sec, Threat Scan, Completed, 1 Malware Detection, 24 Non-Malware Detections,
Error, 30/06/2015 10:58 AM, SYSTEM, JOSHYPOO-HP, Protection, IsLicensed, 13,
Protection, 30/06/2015 10:58 AM, SYSTEM, JOSHYPOO-HP, Protection, Malware Protection, Stopping,
Protection, 30/06/2015 10:58 AM, SYSTEM, JOSHYPOO-HP, Protection, Malware Protection, Stopped,

(end)


----------------------------------------------------------------------------------------------------------------------------------
Security Check log:

 Results of screen317's Security Check version 1.004 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Microsoft Security Essentials   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Java 8 Update 31 
 Java version 32-bit out of Date!
 Adobe Flash Player 18.0.0.194 
 Adobe Reader 10.1.14 Adobe Reader out of Date! 
 Mozilla Firefox (38.0.5)
 Google Chrome (43.0.2357.124)
 Google Chrome (43.0.2357.130)
 Google Chrome (GoogleUpdateHelper.dll..)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]
Title: Re: Clearing my laptop and home network.
Post by: SuperDave on June 30, 2015, 01:14:32 PM
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Quote
I think I've made the final decision to become a fully fledged adult and begin paying for AV protection and MS Office...
MicroSoft Security Essentials is just as good as most paid for AV's.  As for MS Office, you can download OpenOffice which is the same as MS Office

Open Office is here. (http://www.majorgeeks.com/content/page/mg_search.html?cx=partner-pub-6960825562757852%3A6029691205&cof=FORID%3A10&ie=UTF-8&q=OpenOffice)
****************************************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this  (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
***************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version (http://www.java.com/en/download/installed.jsp)

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.