New
#31
Ok Now Open AdwCleaner and click on the Delete button . Click OK on the Information window . The PC will restart when its done and it will upload a text file. Upload that text file. Should be called " AdwCleaner[S1].txt "
Ok Now Open AdwCleaner and click on the Delete button . Click OK on the Information window . The PC will restart when its done and it will upload a text file. Upload that text file. Should be called " AdwCleaner[S1].txt "
Ok, here it is.
Run JRT
Download Junkware Removal Toolkit
Click here Junkware Removal Tool to download
Drag the JRT.exe from the Downloads folder to your Desktop
Right click JRT.exe and choose
Once done upload the JRT.txt file
Once you're done with that run Malwarebytes
Malwarebytes
Download Link MalwareBytes
When the installation is done uncheck Enable free trial of Malwarebytes (see image below )
Update the definitions and do a full scan
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Log looks like this : mbam-log-yyyy-mm-dd
Log located : C:\Users\{Your UserName}\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs or C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs
(Oddly, I'm now getting some spam pop-ups, after all this cleaning! lol. I'm suspecting Firefox is responsible for several of these "blockades" with downloading and ads. Is not happening in Explorer).
MB log, after removal process
******************
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.14.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Brian :: BRIAN-PC [administrator]
8/14/2013 9:53:50 AM
mbam-log-2013-08-14 (09-53-50).txt
Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 464675
Time elapsed: 1 hour(s), 54 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LessTabs (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8A2BBD3A-2130-4882-B198-863271F320DE} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCR\Interface\{39E6096A-E5CA-483A-A05C-AA967F48FD1C} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
C:\Program Files (x86)\LessTabs (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\FireFox (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\IE32 (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
Files Detected: 55
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\ExtensionUpdaterService.exe.vir (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\OptChrome.exe.vir (PUP.Optional.OptChrome.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe.vir (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Brian\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Brian\AppData\Local\Temp\delta\delta\1.8.22.0\delta4ie.exe.vir (PUP.Delta.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Brian\AppData\Roaming\eIntaller\F71A3AC468FD4b039CFFF6F25F8CDF2A\De sk365.exe.vir (PUP.Optional.E7) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\BabSolution\Shared\NTRedirect.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ICReinstall_setup(1).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ICReinstall_setup(2).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\Impressioner.exe (PUP.Optional.MSIL.Downloader.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\MixiCND_CID2_20130716.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\Updater.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\133BB07C-BAB0-7891-A45E-39C6C5E79CDB\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\133BB07C-BAB0-7891-A45E-39C6C5E79CDB\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\C635BED7-BAB0-7891-8D28-8EFD70602A8E\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\C635BED7-BAB0-7891-8D28-8EFD70602A8E\Latest\ccp.exe (PUP.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\C635BED7-BAB0-7891-8D28-8EFD70602A8E\Latest\MyDeltaTB.exe (PUP.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\C635BED7-BAB0-7891-8D28-8EFD70602A8E\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\C635BED7-BAB0-7891-8D28-8EFD70602A8E\Latest\Setup.exe (PUP.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ct3289847\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ct3289847\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ct3289847\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ct3289847\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ct3289847\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\DIQM\FlashPlayer_151\DomaIQ.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\DIQM\FlashPlayer_151\DomaIQ10.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\DIQM\FlashPlayer_151\exes.zip (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\DIQM\FlashPlayer_151\software\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\is1326335552\12262888_Setup.EXE (PUP.Optional.IBryte.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\is1326335552\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\is1326335552\wajam_validate.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\DownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\fbsoft.exe (HackTool.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\ffdshow_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\FirstRowSportApp_setup(47c42).exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\FlashPlayer_V.143646672b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\FlashPlayer_V.143674269b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\PDFReaderSetup_V3.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\setup(1).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\setup(2).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\Setup.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\terms-of-service.rtf (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\Uninstall.exe (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\UAC-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\FireFox\lesstabs@lesstabs.com.xpi (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
(end)
Download a newer version of AdwCleaner
AdwCleaner
Click here AdwCleaner
Click on Download Now button
Save to the Desktop
Right-click on AdwCleaner.exe and choose
Click the Clean button
Upload the AdwCleaner[n].txt in your reply.
NoteThe log file is at C:\AdwCleaner[n].txt
Adw (still getting a "congratulations" pop-up on Mozilla)
Can you do a scrnprnt of the pop up ? Paste it inside mspaint.
click on type in mspaint.exe inside and press Enter
save the file and upload it .