Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

How to remove ADWARE -[Solved]

Laurie

By Laurie
in Spyware-Malware Removal Help!

Recommended Posts

Laurie Newbie

Laurie

Posted
Posted

Hi

 

I'm back! I need help!

 

I downloaded "free ebook" and it came with bad stuff too.

 

Geeze, now I understand "There ain't no such thing as a free lunch"! :roll:

 

Can someone help me clean my mess?

 

Thank You!!!

 

Laurie" :oops:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.7 (10.15.2013:3)

OS: Windows Vista Home Premium x86

Ran by HP_Owner on Mon 10/21/2013 at 4:42:24.15

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_mpiolpdppdlenlpinemeiecpnmodalfl

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ED40B38C-CB38-4FB8-92FC-045B980EB84D}

 

~~~ Files

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\ProgramData\conduit"

Successfully deleted: [Folder] "C:\Users\HP_Owner\AppData\Roaming\systweak"

Successfully deleted: [Folder] "C:\Users\HP_Owner\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\HP_Owner\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Program Files\conduit"

 

~~~ Chrome

 

Successfully deleted: [Folder] C:\Users\HP_Owner\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

~~~ Event Viewer Logs were cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 10/21/2013 at 4:46:15.75

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to comment
Share on other sites
Laurie Newbie

Laurie

Posted
  • Author
Posted

Clarity...

 

:oops: The JRT Report indicates "successful" I don't know why.

 

Some Issues :cry:

Chrome is messed up, some website can't perform

Search engines blocked

Where NEVER BEFORE there are now Text Link Ads all websites n both IE9 & Chrome

AD Block App is not working - it's blocked!

IE9 50% website "not-responding" needs reload

 

Hope there's a simple way to remove the menace.

 

Thank You!

Laurie"

 

.......

 

Hitman Pro Report

HitmanPro 3.7.8.207
www.hitmanpro.com

  Computer name . . . . : HP_OWNER-PC
  Windows . . . . . . . : 6.0.2.6002.X86/2
  User name . . . . . . : HP_Owner-PC\HP_Owner
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Trial (Expired)

  Scan date . . . . . . : 2013-10-21 05:28:55
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 5m 49s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 1
  Traces  . . . . . . . : 1

  Objects scanned . . . : 1,801,070
  Files scanned . . . . : 21,387
  Remnants scanned  . . : 268,988 files / 1,510,695 keys

Malware _____________________________________________________________

  C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}\Custom.dll
     Size . . . . . . . : 75,264 bytes
     Age  . . . . . . . : 2.6 days (2013-10-18 14:33:24)
     Entropy  . . . . . : 6.5
     SHA-256  . . . . . : 46341D5F415B96337C561A908B0AB47280325B96D3F86ED323681674EE94CDD7
     Product  . . . . . : SummerSoft
     Publisher  . . . . : SummerSoft
     Description  . . . : Custom DLL for SummerSof
     Version  . . . . . : 2013.10
     Copyright  . . . . : Copyright © 2012 S
   > Kaspersky  . . . . : not-a-virus:Downloader.Win32.AdLoad.fwz
     Fuzzy  . . . . . . : 102.0
     Forensic Cluster
        -0.0s C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}\
        -0.0s C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}\_Setup.dll
        -0.0s C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}\Setup.ico
        -0.0s C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}\Readme.txt
         0.0s C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}\Custom.dll
         0.7s C:\ProgramData\SummerSoft\Setup\
        19.8s C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}\Setup.dat

 

Properties

Name Custom.dll

Location C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}

Size 73.5 KB

Time 2.6 days ago (2013-10-18 14:33:24)

Entropy 6.5

Product SummerSoft

Publisher SummerSoft

Description Custom DLL for SummerSof

Version 2013.10

Copyright Copyright © 2012 S

SHA-256 46341D5F415B96337C561A908B0AB47280325B96D3F86ED323681674EE94CDD7

 

Detection Names

Kaspersky not-a-virus:Downloader.Win32.AdLoad.fwz

 

Scoring (102.0)

One or more antivirus vendors have indicated that the file is malicious.

Time indicates that the file appeared recently on this computer.

 

Forensic Cluster

-0.0s C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}\

-0.0s C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}\_Setup.dll

-0.0s C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}\Setup.ico

-0.0s C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}\Readme.txt

* C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}\Custom.dll

0.7s C:\ProgramData\SummerSoft\Setup\

19.8s C:\ProgramData\InstallMate\{993FAF8C-4102-4A58-A8B3-092042DC8D7A}\Setup.dat

Link to comment
Share on other sites
Laurie Newbie

Laurie

Posted
  • Author
Posted

Resolved!

 

Hi Everyone!

 

Thanks to all I learned from Superdave and others in September 2013 when I had virus or some menace ... I was able to resolve this new issue with the info and insight I gained from this forum.

 

So THANK YOU one and ALL!

 

Turns out when I downloaded an innocent free book "Bragg Apple Cider Vinegar Miracle Health System: With the Bragg Healthy Lifestyle" I unwittingly downloaded from a website that apparently hosts all kinds of free stuff, just about anything you can think of it also sneaks in there a BROWSER HIJACKER

 

In case you don't know of this, BEWARE of anything that has to do with SOFTONIC

 

All's Well that Ends Well.

 

Laurie" :-D

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...