-
June 17th, 2017, 11:15 PM
#16
# AdwCleaner v6.047 - Logfile created 17/06/2017 at 23:12:59
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-16.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Beth - BETH-PC
# Running from : C:\Users\Beth\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Folder Found: C:\Users\Beth\AppData\LocalLow\comcasttb
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
No malicious task found.
***** [ Registry ] *****
Key Found: HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Found: HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found: HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homes.trovit.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homes.trovit.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.com
***** [ Web browsers ] *****
No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Web data] - nortonsafe
Chrome pref Found: [C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\Beth\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - yahoo.com
Chrome pref Found: [C:\Users\Beth\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Beth\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - ask.com
[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [3468 Bytes] - [17/06/2017 23:12:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3541 Bytes] ##########
-
June 17th, 2017, 11:27 PM
#17
After it rebooted it there wasnt a adwcleanercx.txt I think because it rebooted without internet. I didnt have a choice in it. What should I do now. Sorry
-
June 17th, 2017, 11:43 PM
#18
I found it
# AdwCleaner v6.047 - Logfile created 17/06/2017 at 23:17:04
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-16.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Beth - BETH-PC
# Running from : C:\Users\Beth\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Beth\AppData\LocalLow\comcasttb
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homes.trovit.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homes.trovit.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.com
***** [ Web browsers ] *****
[-] [C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: nortonsafe
[-] [C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Beth\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Deleted: yahoo.com
[-] [C:\Users\Beth\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Beth\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Deleted: ask.com
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3290 Bytes] - [17/06/2017 23:17:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [3628 Bytes] - [17/06/2017 23:12:59]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3436 Bytes] ##########
-
June 17th, 2017, 11:59 PM
#19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64
Ran by Beth (Limited) on Sat 06/17/2017 at 23:54:12.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/17/2017 at 23:55:24.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
June 18th, 2017, 12:01 AM
#20
that didn't look like much but it was all the JRT produced??? Thank you so much for your time and help.
-
June 18th, 2017, 01:23 PM
#21
I don't see much there.
Did you remove one of your AV programs?
If so, did you try to start your computer in normal mode?
-
June 18th, 2017, 02:18 PM
#22
I did try to start in normal mode should I run that again? Sorry if I shouldnt of done that
-
June 18th, 2017, 02:22 PM
#23
one question my malwarebytes says I am not protected so that means I dont have to do anything to have it not work when I run JRT if you want me to run it
-
June 18th, 2017, 02:55 PM
#24
Did you remove one of your AV programs?
If so try to start in normal mode.
-
June 18th, 2017, 03:16 PM
#25
I thought I had removed that commando thing but it was still there so I uninstalled it and now I am in normal mode waiting for more instructions. TY
-
June 18th, 2017, 03:35 PM
#26
Very well. Does the computer behave normally?
-
June 18th, 2017, 03:36 PM
#27
-
June 18th, 2017, 03:57 PM
#28
Is there anything else I need to do? If not thank you very much for your help. So appreciated!
-
June 18th, 2017, 04:02 PM
#29
Way to go!!
Good luck and stay safe
-
June 18th, 2017, 05:37 PM
#30
Thank you so much big smiles at the tiger. I did quite well not getting a virus in over 2 years I think. I am grateful for your time
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|