istart123 removal

Viruses and worms
1

Total Newbie,
Hoping I’m playing by the rules … started a ‘New Topic’.
Please advise if incorrect.
Ran MalwareBytes AM (attached) and found nothing.
Ran other two scans as directed in post (https://forum.avast.com/?topic=53253.0) and attached.
FYI - Started running aswMBR.exe and computer froze.
Thanks for the help.

2

UPDATE: I ran the aswMBR again after noting that another person had attached that txt to their initial post.
I couldn’t tell if the program had stopped running (the timer was no longer running) so I clicked the ‘save log’ button (see attached).
This time I got Blue Screen and computer rebooted.

3

I would recommend that you uninstall Privdog and AVG

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY HKLM-x32\...\Run: [PrivDogService] => C:\Program Files (x86)\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe [662184 2014-06-17] (AdTrustMedia) HKU\S-1-5-21-868807578-1825496825-1427103154-1001\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Mike\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 4c1a193e0f5647d6847c850b0f096f27-623184ff05667f91e04f0f06a7807532b6b57d4f --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters). Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File) Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File) HKU\S-1-5-21-868807578-1825496825-1427103154-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1423332997&from=wpm0202&uid=ST9320310AS_5WV0C812XXXX5WV0C812&q={searchTerms} BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll (AdTrustMedia) BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files (x86)\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll (AdTrustMedia) Toolbar: HKU\S-1-5-21-868807578-1825496825-1427103154-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF HKU\S-1-5-21-868807578-1825496825-1427103154-1001\...\Firefox\Extensions: [PrivDog@AdTrustMedia.com] - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1u6sv6l5.default\extensions CHR HomePage: Default -> hxxp://www.istart123.com/?type=hp&ts=1423332997&from=wpm0202&uid=ST9320310AS_5WV0C812XXXX5WV0C812 CHR StartupUrls: Default -> "hxxp://www.istart123.com/?type=hp&ts=1423332997&from=wpm0202&uid=ST9320310AS_5WV0C812XXXX5WV0C812" CHR DefaultSearchKeyword: Default -> istart123 CHR DefaultSuggestURL: Default -> CHR Extension: (PrivDog) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-04-06] 2015-03-03 08:47 - 2015-01-12 18:38 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\AdTrustMedia 2015-03-03 08:47 - 2014-04-06 11:23 - 00000000 ____D () C:\ProgramData\Adtrustmedia EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

4

Thank you, Brother.
FYI - my browser (firefox) closed during the fixlist process and shortly after I pressed ‘fix’ my computer restarted …
see attachment.

5

Oh yeah - removed PrivDog (via Revo Uninstaller) and AVG (via AVG Remover (64 bit) 2015) previously.
Did NOT see istart123 at start of firefox this time post reboot (rather my old start page !!).
Did not have the [S1] version of the AdwCleaner txt file you requested so I’ve attached all the other versions

6

Any further problems ?

7

Haven’t touched my computer since I cleaned it this last weekend but everything, at least istart123-wise, seems ok. I will be using tonight and this weekend so will monitor. If everything stays good, shall I cleanup like you instructed in post
https://forum.avast.com/index.php?topic=165709.msg1180862#msg1180862 ?

8

:slight_smile: