Sign in to follow this  
Filmgalning

Yes, another cloudscout issue

Recommended Posts

My son had his new computer for one single day and got this super annoying adware (cloudscout) and I can't get rid of it. I tried to scan with mcaffee and ad-aware and nothing turns up. I looked at an earlier post about this topic but I'm not sure I could I could use that notepad data you posted there. So I started my own topic to be sure. Grateful for all the help I can get!

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

Hej Filmgalning!

 

Posts in the forum should be in English but if you want a translation to Swedish of something that I have written, please ask.

 

Good that you started your own topic since infections will vary, even if they have the same name.

 

1. Cloudscout itself seems to be gone, but the configuration of the malicious DNS servers are still there, but will be fixed by the following script.

 

Please, start Notepad.

Copy all text that is in the box:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_se_8] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418132790&from=tugs&uid=KINGSTONXSV300S37A120G_50026B77490369BD&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418132790&from=tugs&uid=KINGSTONXSV300S37A120G_50026B77490369BD&q={searchTerms}
Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{EF885E64-14B2-4652-99B0-A93E03F8AD46}: [NameServer] 31.168.224.106,5.135.12.52
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HKU\S-1-5-21-885031716-1343160219-1764188400-1000\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
S2 BackupStack;  [X] <==== ATTENTION
S2 Update Lampy Lighty; "C:\Program Files (x86)\Lampy Lighty\updateLampyLighty.exe" [X]
"C:\Program Files (x86)\Lampy Lighty"
S1 {d441afc2-977b-40eb-b688-431b09118e9e}Gw64; system32\drivers\{d441afc2-977b-40eb-b688-431b09118e9e}Gw64.sys [X]
Task: {A557D312-1840-44AA-8F66-4CBB1C22D9D5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Folder: C:\ProgramData\600440862
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt  
CMD: ipconfig /release
CMD: ipconfig /renew
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Move FRST program from the Downloads folder to the desktop, it's important that the program and fixlist.txt is in the same location.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

 

 

2. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Turn off all programs, including browsers.

Double-click on AdwCleaner to start the program.

 

Click on the Scan button.

Wait until the search has finished.

 

Click on the Report button.

A report will be displayed, copy its content and paste into your answer.

If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[R0].txt.

Edited by CeciliaB

Share this post


Link to post
Share on other sites

Fixlog:

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_se_8] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{EF885E64-14B2-4652-99B0-A93E03F8AD46}: [NameServer] 31.168.224.106,5.135.12.52
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HKU\S-1-5-21-885031716-1343160219-1764188400-1000\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
S2 BackupStack; [X] <==== ATTENTION
S2 Update Lampy Lighty; "C:\Program Files (x86)\Lampy Lighty\updateLampyLighty.exe" [X]
"C:\Program Files (x86)\Lampy Lighty"
S1 {d441afc2-977b-40eb-b688-431b09118e9e}Gw64; system32\drivers\{d441afc2-977b-40eb-b688-431b09118e9e}Gw64.sys [X]
Task: {A557D312-1840-44AA-8F66-4CBB1C22D9D5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Folder: C:\ProgramData\600440862
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_se_8 => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
Hosts was reset successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EF885E64-14B2-4652-99B0-A93E03F8AD46}\\NameServer => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-885031716-1343160219-1764188400-1000\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.
BackupStack => Service deleted successfully.
Update Lampy Lighty => Service deleted successfully.
C:\Program Files (x86)\Lampy Lighty => Moved successfully.
{d441afc2-977b-40eb-b688-431b09118e9e}Gw64 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A557D312-1840-44AA-8F66-4CBB1C22D9D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A557D312-1840-44AA-8F66-4CBB1C22D9D5}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
========================= Folder: C:\ProgramData\600440862 ========================
====== End of Folder: ======
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ip reset c:\resetlog.txt =========
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= ipconfig /release =========
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::c804:fcdc:804:c535%11
Default Gateway . . . . . . . . . :
========= End of CMD: =========
========= ipconfig /renew =========
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::c804:fcdc:804:c535%11
IPv4 Address. . . . . . . . . . . : 192.168.1.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 18:43:42 ====
adwcleaner
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\Kristensen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Kristensen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Kristensen\Desktop\Sync Folder.lnk
Folder Found : C:\Program Files (x86)\Bench
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\ProgramData\IePluginServices
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\Kristensen\Documents\Optimizer Pro
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\SupHpUISoft
Key Found : HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\SupHpUISoft
Key Found : [x64] HKCU\Software\TutoTag
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\AdvertisingSupport
Key Found : HKLM\SOFTWARE\Browser Guard
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\GAMESDESKTOP
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{900625B6-F89A-40E3-AEE1-3A9A5E8723A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\supWPM
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{900625B6-F89A-40E3-AEE1-3A9A5E8723A7}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v39.0.2171.99
*************************
AdwCleaner[R0].txt - [3504 octets] - [15/01/2015 18:46:29]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3564 octets] ##########
Should I press the clean and uninstall button in adwcleaner?
Thanks for all the help!

Share this post


Link to post
Share on other sites

You're welcome :)

 

1. Please, turn off all programs, including browsers.

Double-click on AdwCleaner to start the program.

 

Click on the Scan button.

Wait until the search has finished.

 

Click on the Clean button.

 

Click on OK.

Click on OK on any message that pops up.

The computer will be restarted.

 

A report will be displayed, copy its content and paste into your reply, please.

If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[s0].txt

 

 

2. Please, start FRST.

Select Addition.txt.

Let the program scan the computer and then paste the content of the two new log files into your reply.

 

 

3. To get a second opinion, please run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/

To shorten the scanning time disable your antivirus program while scanning.

 

Select Enable detection of potentially unwanted applications.

Click Advanced Settings.

 

Deselect Remove found threats.

 

Select:

Scan Archives

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Click Start.

 

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your answer.

Share this post


Link to post
Share on other sites

The infection is still there.

 

Here is my fixlog txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2015 01
Ran by Alan at 2015-01-16 09:22:40 Run:1
Running from C:\Users\Alan\Desktop
Loaded Profiles: Alan (Available profiles: Alan)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_se_8] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{EF885E64-14B2-4652-99B0-A93E03F8AD46}: [NameServer] 31.168.224.106,5.135.12.52
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HKU\S-1-5-21-885031716-1343160219-1764188400-1000\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
S2 BackupStack; [X] <==== ATTENTION
S2 Update Lampy Lighty; "C:\Program Files (x86)\Lampy Lighty\updateLampyLighty.exe" [X]
"C:\Program Files (x86)\Lampy Lighty"
S1 {d441afc2-977b-40eb-b688-431b09118e9e}Gw64; system32\drivers\{d441afc2-977b-40eb-b688-431b09118e9e}Gw64.sys [X]
Task: {A557D312-1840-44AA-8F66-4CBB1C22D9D5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Folder: C:\ProgramData\600440862
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM-x32\...\Run: [gmsd_se_8] => [X] => Error: No automatic fix found for this entry.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EF885E64-14B2-4652-99B0-A93E03F8AD46}\\NameServer => Value not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKU\S-1-5-21-885031716-1343160219-1764188400-1000\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => Key not found.
BackupStack => Service not found.
Update Lampy Lighty => Service not found.
"C:\Program Files (x86)\Lampy Lighty" => File/Directory not found.
{d441afc2-977b-40eb-b688-431b09118e9e}Gw64 => Service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A557D312-1840-44AA-8F66-4CBB1C22D9D5} => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => Key not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
========================= Folder: C:\ProgramData\600440862 ========================
Directory Not Found
========= ipconfig /flushdns =========
========= End of CMD: =========
========= netsh winsock reset catalog =========
========= End of CMD: =========
========= netsh int ip reset c:\resetlog.txt =========
and adw cleaner log
# AdwCleaner v4.107 - Report created 16/01/2015 at 09:32:15
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Alan - ALAN-THINK
# Running from : C:\Users\Alan\Desktop\adwcleaner_4.107 (1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v39.0.2171.95
*************************
AdwCleaner[R0].txt - [15705 octets] - [09/01/2015 11:48:02]
AdwCleaner[R1].txt - [933 octets] - [16/01/2015 09:30:04]
AdwCleaner[s0].txt - [15925 octets] - [09/01/2015 11:49:59]
AdwCleaner[s1].txt - [857 octets] - [16/01/2015 09:32:15]
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [916 octets] ##########

Share this post


Link to post
Share on other sites

Sorry, I wanted logs from a scan with FRST, and not the fix again.

Share this post


Link to post
Share on other sites

1. Please, uninstall "Java 7 Update 71" since it's an old version with known vulnerabilities that can be exploited by a web page to infect the computer.

 

 

2. Please, start Notepad.

Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Users\Alan\Desktop\adwcleaner_4.107 (1).exe:BDU
AlternateDataStreams: C:\Users\Alan\Downloads\Adaware_Installer (5).exe:BDU
AlternateDataStreams: C:\Users\Alan\Downloads\adwcleaner_4.107.exe:BDU
AlternateDataStreams: C:\Users\Alan\Downloads\FRST (1).exe:BDU
AlternateDataStreams: C:\Users\Alan\Downloads\setup (4).exe:BDU
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
URLSearchHook: HKLM - (No Name) - {2088f46c-e352-46dd-9434-bb81014359db} -  No File
URLSearchHook: HKU\S-1-5-21-2131158719-1438252908-2869001253-1001 - (No Name) - {2088f46c-e352-46dd-9434-bb81014359db} -  No File
SearchScopes: HKLM -> {AB69074F-4B36-49FC-B465-DF8F2E3122F4} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2131158719-1438252908-2869001253-1001 -> {15B16E98-DE47-4372-8330-BA6A5203FC25} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=745656&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2131158719-1438252908-2869001253-1001 -> {7685959D-50EB-4DDE-9723-26ADB6FD1028} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10813
SearchScopes: HKU\S-1-5-21-2131158719-1438252908-2869001253-1001 -> {AB69074F-4B36-49FC-B465-DF8F2E3122F4} URL = 
Toolbar: HKU\S-1-5-21-2131158719-1438252908-2869001253-1001 -> No Name - {DA7959CC-B2F2-4929-A64D-1EFD30F83542} -  No File
Toolbar: HKU\S-1-5-21-2131158719-1438252908-2869001253-1001 -> No Name - {2088F46C-E352-46DD-9434-BB81014359DB} -  No File
Tcpip\..\Interfaces\{108346FC-BB31-4D97-8FEF-AC099BEA307B}: [NameServer] 31.168.224.100,5.135.12.56
CHR HomePage: Profile 1 -> hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP4721BC8E-8067-413A-B16C-F98FEFF2D9D2&SSPV=
CHR StartupUrls: Profile 1 -> "hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP4721BC8E-8067-413A-B16C-F98FEFF2D9D2&SSPV="
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt  
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Note that the above script will delete everything in the Recycle Bin and in all folders with temporary files.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

The computer will be restarted.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

Share this post


Link to post
Share on other sites

Any improvements?

If not, new logs from a scan with FRST please.

Share this post


Link to post
Share on other sites

Very good!

You're welcome :)

 

Time for final clean-up.

 

1. Removal of tools

Please, turn off all programs, including browsers.

Double-click on AdwCleaner to start the program.

Click on the Uninstall button.

 

Download OTC http://oldtimer.geekstogo.com/OTC.exe

Close all programs.

Start OTC program.

Click the CleanUp! button.

Select Yes when asked "Begin cleanup process".

If you are asked to reboot, select Yes.

If any logs remain on the computer you can remove them.

Any tools left?

 

2. Improve the security in the computer

It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this