Trojan.powerliks!gm-I think

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Trojan.powerliks!gm-I think

Post by macmanetz on Thu 06 Nov 2014, 9:16 am

First topic message reminder :

In reviewing the Norton event log, I found that Trojan.poweliks!gm has been reappearing....constantly since 10/30/2014. On 11/02/14, Norton battled it 22 times during that day alone. The computer is sluggish, and the system sounds like it is working overtime with warnings from Norton saying there is high CPU & memory usage of various items in particular reoccuring is COM.surrogate. Also small warning windows pop up saying that  the PowerShell has stopped.....whatever that means.

I am fixing my Dad's computer and it is running Windows 7 and not the computer mentioned in the margins as mine.

Norton seems to be fighting off quite a bit but seems to need extra help . Please help. I backed up the computer on a new external drive, then, I downloaded the software that GeekPolice requested, ran the scans and am adding the logs below. The computer is running and has internet connectivity.
Thank you for your help!
---------------------------------------------------------------------
AdwCleaner:

# AdwCleaner v3.311 - Report created 05/11/2014 at 16:01:21
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mac - MAC-HP
# Running from : C:\Users\Mac\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\defaulttab
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\internethelper3.1
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Mac\AppData\Local\apn
Folder Deleted : C:\Users\Mac\AppData\Local\Conduit
Folder Deleted : C:\Users\Mac\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Mac\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mac\AppData\LocalLow\internethelper3.1
Folder Deleted : C:\Users\Public\Util
Folder Deleted : C:\Users\Mac\AppData\Roaming\Mozilla\Firefox\Profiles\m85a0ybn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[!] Folder Deleted : C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
File Deleted : C:\Users\Mac\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Mac\AppData\Roaming\Mozilla\Firefox\Profiles\m85a0ybn.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Mac\AppData\Roaming\Mozilla\Firefox\Profiles\m85a0ybn.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : driverupdate startup
Task Deleted : DTChk
Task Deleted : DTReg
Task Deleted : PC Optimizer Pro Updates
Task Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[You must be registered and logged in to see this link.]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CB36D63-765C-4E6A-8F7E-EEA74969A41E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{571A32B9-3A5C-4EA0-8A8A-EACB070BF7C6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.1
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\InternetHelper3.1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Mac\AppData\Roaming\Mozilla\Firefox\Profiles\m85a0ybn.default\prefs.js ]

Line Deleted : user_pref("CT3289663.FF19Solved", "true");
Line Deleted : user_pref("CT3289663.UserID", "UN68663639610380300");
Line Deleted : user_pref("CT3289663.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3289663.fullUserID", "UN68663639610380300.IN.20130919132018");
Line Deleted : user_pref("CT3289663.installDate", "19/09/2013 13:20:19");
Line Deleted : user_pref("CT3289663.installSessionId", "{0533306F-CC74-4A1E-9664-06EF16CED931}");
Line Deleted : user_pref("CT3289663.installSp", "TRUE");
Line Deleted : user_pref("CT3289663.installerVersion", "1.7.0.9");
Line Deleted : user_pref("CT3289663.keyword", "true");
Line Deleted : user_pref("CT3289663.originalHomepage", "hxxp://www.yahoo.com/");
Line Deleted : user_pref("CT3289663.originalSearchAddressUrl", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=04C5FF2E-5567-4127-AC72-47B017475C77&apn_ptnrs=TV&apn_sauid=AFA87A01-C010-[...]
Line Deleted : user_pref("CT3289663.originalSearchEngine", "Google");
Line Deleted : user_pref("CT3289663.originalSearchEngineName", "");
Line Deleted : user_pref("CT3289663.searchRevert", "false");
Line Deleted : user_pref("CT3289663.searchUserMode", "2");
Line Deleted : user_pref("CT3289663.smartbar.homepage", "true");
Line Deleted : user_pref("CT3289663.versionFromInstaller", "10.20.0.13");
Line Deleted : user_pref("CT3289663.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=61&CUI=UN68663639610380300&UM=2&UP=SP18ED965F-7828-492F-AED8-33150DC6CD9F");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=04C5FF2E-5567-4127-AC72-47B017475C77&apn_ptnrs=TV&apn_sauid=AFA87A01-C0[...]
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.1 Customized Web Search");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.BUTTON_STRUCTURE", "[{\"b\":221584481,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221584482,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.firstKnownVersion", "6.33.3.42825");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=1FDD2146-7300-42EF-8354-56BCC7A3B518&n=780bd350&p2=^HJ^xdm635^YYA^us&si=314029");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installKeysSource", "LocalStorage");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installType", "XPI");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2014040912");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm635^YYA^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "314029");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.pixelUrl", "hxxp://videodownloadconverter.dl.tb.ask.com/install_pixels.jhtml?partner=^HJ^xdm635^YYA^us&coId=d44c0780684440acadabeea6529[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "1FDD2146-7300-42EF-8354-56BCC7A3B518");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1414953355321");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastKnownVersion", "6.72.4.54920");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.partnerPixelFired", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "Amorphophallus titanum");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.successUrl", "hxxp://www.getfreevideoconverter.com/success.html");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "33938");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289663");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289663&CUI=UN68663639610380300&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN68663639610380300&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289663");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289663");
Line Deleted : user_pref("smartbar.machineId", "O+WN051IMQ/ZVNN6L0W7W2CKIW+D+7U2FABV7JCT3FJCKQD0JS1OBU+MZEZJDUABURJ4R5XYY74SX0Z2OY20LG");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3289663&CUI=UN68663639610380300&UM=2&SearchSource=13");
Line Deleted : user_pref("yahoo.ytff.toolbar.orignalhomepage", "hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=61&CUI=UN68663639610380300&UM=2&UP=SP18ED965F-7828-492F-AED8-33150DC6CD9F");
Line Deleted : user_pref("yahoo.ytff.toolbar.orignalselectedEngine", "InternetHelper3.1 Customized Web Search");

-\\ Google Chrome v

[ File : C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : [You must be registered and logged in to see this link.]
Deleted [Search Provider] : [You must be registered and logged in to see this link.]
Deleted [Search Provider] : [You must be registered and logged in to see this link.]
Deleted [Search Provider] : [You must be registered and logged in to see this link.]
Deleted [Search Provider] : [You must be registered and logged in to see this link.]
Deleted [Search Provider] : [You must be registered and logged in to see this link.]
Deleted [Search Provider] : [You must be registered and logged in to see this link.]

*************************

AdwCleaner[R0].txt - [19829 octets] - [02/11/2014 15:49:19]
AdwCleaner[R1].txt - [19517 octets] - [05/11/2014 15:49:37]
AdwCleaner[S0].txt - [18698 octets] - [05/11/2014 16:01:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18759 octets] ##########
---------------------------------------------------------------------------

Malwarebytes:

I ran this 2 days ago and it found 741 objects which I quarantined. Yesterday, I ran it and it found some more 20 objects that also got quarantined. Here is the log:

Malwarebytes Anti-Malware
[You must be registered and logged in to see this link.]

Scan Date: 11/5/2014
Scan Time: 4:07:36 PM
Logfile: MBM 11_05_2014.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.05.10
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mac

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325950
Time Elapsed: 12 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.DefaultTab.A, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab, , [240a8dab3d3f41f518b9c069f40fb749],
PUP.Optional.DefaultTab.A, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab, , [240a8dab3d3f41f518b9c069f40fb749],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
-----------------------------------------------------------------------

Results of screen317's Security Check version 0.99.89

Windows 7 Service Pack 1 x64 (UAC is enabled)  
Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!  
Norton 360    
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 71  
Java 8 Update 25  
Java version out of Date!
Adobe Flash Player 15.0.0.189  
Mozilla Firefox 32.0.3 Firefox out of Date!  
Google Chrome 38.0.2125.104  
Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````


Last edited by macmanetz on Thu 06 Nov 2014, 9:18 am; edited 1 time in total (Reason for editing : needed to add additional info)

macmanetz

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-02-24
Operating System : Windows 8.1

View user profile

Back to top Go down


Re: Trojan.powerliks!gm-I think

Post by Superdave on Tue 02 Dec 2014, 9:25 am

Mbar icon is still on the desktop even after running Delfix twice. I can't find the main program of mbar and when I right click on it can not find anyway to uninstall it.....what should I do?.
You can look on your C drive, Program Files. If you can't find MBAM there just delete the shortcut. If it is still there under Program Files you can uninstall it.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.powerliks!gm-I think

Post by macmanetz on Wed 03 Dec 2014, 7:53 am

I could not find MBAR in neither of the two Programs Files nor in the Uninstall area located in the Control Panel. There is a Malwarebyte Anti-Malware folder and there is no trace of MBAR there either. So, I right clicked on the desktop icon and after confirming that I indeed wanted to delete it, sent it on it's way to life ever after, in the trash!!
I guess we are done! Thanks loads!!!

macmanetz

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-02-24
Operating System : Windows 8.1

View user profile

Back to top Go down

Re: Trojan.powerliks!gm-I think

Post by Superdave on Wed 03 Dec 2014, 10:03 am

I believe MBAR removes itself when completed.
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.powerliks!gm-I think

Post by Sponsored content Today at 4:14 am


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum