I have run malewarebytes and it is showing clean. I cannot get rid of Smart PC Cleaner program. Any help would be appreciated. This is my son’s laptop and I do not know how this program got on here. But he does download a lot of malware that i was able to remove. Avast runs clean as well.
Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
I have run malewarebytes and it is showing clean.did you update it before you run it?
anyway, follow the guide Asyn gave you and you get expert help
Thanks for the help. I ran adwcleaner already but can’t find the log. I’m attaching the worst log from Malwarebytes but it is not the latest. It is from today though. I’m going to run OTL and will post log when done. Thanks again!
Here are the attachments from OTL and aswMBR. Thanks in advance for taking a look at them and giving me your diagnosis!
Let me know if this zaps it
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuyC0EtD0FyC0EtAzzyDyCtD0F0CyD0B0DtN0D0Tzu0CtBzytBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=366190637
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=0&systemid=453&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{2020A894-C86F-50A9-44E6-3537D012D3F0}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=0&systemid=453&sr=0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.gamesagogo.iplay.com/?o=shp
IE - HKCU\..\SearchScopes\{2020A894-C86F-50A9-44E6-3537D012D3F0}: "URL" = http://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
O2 - BHO: (GamesBar (W)) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files (x86)\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll File not found
O3 - HKLM\..\Toolbar: (no name) - !{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{2e94b700-eafb-4c9e-a696-77200aa3f89b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
2012/10/18 17:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Cleaner
[2012/10/18 17:50:06 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\VisicomToolBar
[2012/10/18 17:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Cleaner
[2012/10/18 17:50:17 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\Oberon Media
[2012/10/18 17:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2012/10/18 17:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gamesagogo_w3i
[2012/10/18 18:10:46 | 000,290,500 | ---- | M] () -- C:\Users\Steven\AppData\Local\funmoods-speeddial_sf.crx
[2012/10/18 17:50:09 | 000,001,093 | ---- | M] () -- C:\Users\Steven\Desktop\Smart PC Cleaner.lnk
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Many thanks for your help. I’ve followed your instructions exactly. Please see the attached log. Yes, Smart PC Cleaner is gone! Thank you thank you thank you!! (In my best Gomer Pyle voice)
Any further problems ?
Hi Essexboy,
Well the only problem is an ongoing one. From the time I asked for help until today my son had the pc again. He installed 3 bogus programs that I had to uninstall. Here is the dilemma-if I just give him a standard user account in Win 7 then he’s asking me for a password every 5 mins. If I just leave him as the administrator he downloads things like Smart PC Cleaner and messes up the computer. What advice can you give that would be a happy medium? I could enable some parental settings on my Dlink dir-655 router, but I’m afraid he will still get locked out of many sites that would be ok. Any suggestions? Thanks in advance and thanks for all of the help to date!
Maybe drop my rights, that means he will not be able to download programmes… But, surf to his hearts content http://cybercoyote.org/security/drop.shtml
Thanks for the suggestion. I’ll definitely give it a try!
Ugh!! One more problem. Something my son downloaded yesterday won’t go away completely. Genio.com Please see attached OTL file
You will need to manually change the chrome search engine defaults
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Steven\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
[2012/11/12 11:52:09 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Local\gegl-0.2
[2012/11/12 10:16:08 | 000,000,000 | ---D | C] -- C:\Users\Steven\Documents\ShopToWin
[2012/11/12 10:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2012/11/12 10:14:45 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\DefaultTab
[2012/11/12 10:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/10/18 17:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Cleaner
[2012/11/12 10:14:45 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\DefaultTab
:Files
C:\Users\Steven\AppData\Roaming\DefaultTab
C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Hi again,
Well I ran OTL with the fix provided, then upon reboot my OTL icons have changed to “desktop.ini” for both OTL icons. I had to do a search for otl.exe to be able to run the program again. I’ve attached the report. One other issue I still have is when I was installing drop my rights I followed the instructions exactly but it said the path wasn’t correct. The only thing I can add is I saved the path to be C:\program files\knowyourrights and it saved as c:\program files (x86)\knowyourrights. Would this cause that error?
Thanks for all of the free help!
Yes it needs to go to the right directory
Install DropMyRights in C:\Program Files\DropMyRights\ If you pick another folder my shortcuts won't work without modification.