MSE detected potential threats

Started by rc, February 07, 2014, 05:25:04 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2
User actions

rc

#15
February 18, 2014, 03:05:48 AM
# AdwCleaner v3.019 - Report created 17/02/2014 at 18:53:44
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Rita - RITA-PC
# Running from : C:\Users\Rita\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\uniblue
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\Rita\AppData\Local\PackageAware
Folder Deleted : C:\Users\Rita\AppData\Roaming\uniblue
Folder Deleted : C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings
Folder Deleted : C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\6skr432c.default\Extensions\specialsavings@superfish.com
  • Not Deleted : C:\Program Files\Mozilla Firefox\user.js
    File Deleted : C:\Windows\System32\Tasks\bProtector
    File Deleted : C:\Windows\Tasks\paretologic registration3.job
    File Deleted : C:\Windows\System32\Tasks\paretologic registration3

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4AD55D8-77FB-41BD-A78D-58EFB4587DAF}
  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4AD55D8-77FB-41BD-A78D-58EFB4587DAF}
  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCDB5828-2CAC-4A70-A1C9-14EE9365B78F}
  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCDB5828-2CAC-4A70-A1C9-14EE9365B78F}
  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF61CEDA-010F-4E23-8DC5-8BCCD13C07C6}
  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF61CEDA-010F-4E23-8DC5-8BCCD13C07C6}
  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7146686F-6A51-4915-8A66-D7CCAD7E624C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\Uniblue
    Key Deleted : HKCU\Software\AppDataLow\Software\SpecialSavings
    Key Deleted : HKLM\Software\ParetoLogic
    Key Deleted : HKLM\Software\Uniblue
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16518


    -\\ Mozilla Firefox v27.0.1 (en-US)

    [ File : C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\7hxc032n.WW Field Portal\prefs.js ]

    Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    [ File : C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\om87y09e.default-1391373284856\prefs.js ]


    -\\ Google Chrome v32.0.1700.107

    [ File : C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage

    *************************

    AdwCleaner[R0].txt - [6059 octets] - [17/02/2014 18:51:40]
    AdwCleaner[S0].txt - [6082 octets] - [17/02/2014 18:53:44]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6142 octets] ##########

rc

#16
February 18, 2014, 03:06:26 AM
# AdwCleaner v3.019 - Report created 17/02/2014 at 18:53:44
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Rita - RITA-PC
# Running from : C:\Users\Rita\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\uniblue
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\Rita\AppData\Local\PackageAware
Folder Deleted : C:\Users\Rita\AppData\Roaming\uniblue
Folder Deleted : C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings
Folder Deleted : C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\6skr432c.default\Extensions\specialsavings@superfish.com
  • Not Deleted : C:\Program Files\Mozilla Firefox\user.js
    File Deleted : C:\Windows\System32\Tasks\bProtector
    File Deleted : C:\Windows\Tasks\paretologic registration3.job
    File Deleted : C:\Windows\System32\Tasks\paretologic registration3

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4AD55D8-77FB-41BD-A78D-58EFB4587DAF}
  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4AD55D8-77FB-41BD-A78D-58EFB4587DAF}
  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCDB5828-2CAC-4A70-A1C9-14EE9365B78F}
  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCDB5828-2CAC-4A70-A1C9-14EE9365B78F}
  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF61CEDA-010F-4E23-8DC5-8BCCD13C07C6}
  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF61CEDA-010F-4E23-8DC5-8BCCD13C07C6}
  • Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7146686F-6A51-4915-8A66-D7CCAD7E624C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\Uniblue
    Key Deleted : HKCU\Software\AppDataLow\Software\SpecialSavings
    Key Deleted : HKLM\Software\ParetoLogic
    Key Deleted : HKLM\Software\Uniblue
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16518


    -\\ Mozilla Firefox v27.0.1 (en-US)

    [ File : C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\7hxc032n.WW Field Portal\prefs.js ]

    Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    [ File : C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\om87y09e.default-1391373284856\prefs.js ]


    -\\ Google Chrome v32.0.1700.107

    [ File : C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage

    *************************

    AdwCleaner[R0].txt - [6059 octets] - [17/02/2014 18:51:40]
    AdwCleaner[S0].txt - [6082 octets] - [17/02/2014 18:53:44]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6142 octets] ##########

Corrine

#17
February 18, 2014, 03:39:24 PM
Excellent, Rita.  How is your computer now?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

rc

#18
February 19, 2014, 04:43:22 AM
Hi Corrine,
I have been working super long days and haven't had a chance to use it.  But does everything look good to you?  I'm not thinking straight from being tired, but do I need to go back and enable anything?  Maybe not, since you said I didn't need to disable the antivirus.
You are fantastic!!  I was afraid my computer was dead, and it's back in action!  I don't know what I'd do without you!
Thank you :)
Rita

Corrine

#19
February 19, 2014, 03:15:06 PM
Hi, Rita.

Ah, yes, as usual real life gets in the way of other activities!  You don't need to enable anything, just a bit of cleanup of the tools we used.

Go ahead and delete SecurityCheck and the Junkware Removal Tool from your desktop.  Then do the following to uninstall AdwCleaner:

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
Please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".

Should you have any questions, we'll be here!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Aaron Hulett

#20
February 23, 2014, 01:45:25 AM
Quote from: rc on February 07, 2014, 05:25:04 AM
The first one said something about MSE finding some problems and listed the following:
Trojan-PSW.Win32.launch
Hack Tool: Win32/welevate.A
Adware.Win32.Fraud
Then I got a message that said "MSE detected potential threats that might compromise your privacy or damage your computer.  You need to clean your computer immediately to prevent the system crash."
In case it helps (whether now or someone reading this thread later) this is very much not Security Essentials. This was a rogue.

//A

rc

#21
February 23, 2014, 05:01:46 AM
Corrine,
Thank you so very much :)   I'm so glad my Dad introduced me to you!!  Take care - so many of us appreciate what you do!
Rita
Print
Go Up Pages 1 2
User actions