Solved Safer Browser won't uninstall

Hewlett-packard Hp compaq presario cq61z...
November 12, 2013 at 20:18:16
Specs: Windows 7 Home Premium, 2 ghz 2gb ram
I have tried to uninstall "Safer" browser from the control panel and through a 3rd party software. I've also clicked uninstall in the Program files. It does nothing and will not uninstall. It has really slowed everything when opening webpages and downloads.

Any ideas?

OMG don't judge me!


See More: Safer Browser wont uninstall

Report •


✔ Best Answer
May 7, 2014 at 18:48:55
"will that make a difference in the programs that I use?"

Off the top of my head, I know Combofix doesn't work on 8. Whatever you use, check the specs as you go along.

Start a new post, with all the logs on that comp. PM me when you do so.



#1
November 12, 2013 at 21:02:18
Download & run DDS. Upload the 2 logs please.
DDS which will create a Pseudo HJT Report as part of its log.
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
DDS will now start scanning your computer and compiling a variety of information about what programs are starting on your computer, what files have been recently created, and the general configuration of your computer. When DDS has finished scanning, all of this information will be compiled and be displayed in two Notepad windows named dds.txt and attach.txt as shown below.

Upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the link please.
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru

How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/AT6bjjD.gif
http://i.imgur.com/txFkgpT.gif


Report •

#2
April 29, 2014 at 15:20:35
Sorry I never got back to you regarding this issue a while ago. I had to return the computer to my friend, and it wasn't causing a problem. Since then, they had installed every malware under the sun. I am in the process of once again trying to clean this thing off, and that is one thing that I want to remove.

I am going to run a full malware bytes scan to see what it picks up. It picked up over 200 items last night on the quick scan, so I am sure that there are more that will appear with the regular full scan. I already ran adwcleaner. There are so many things that I would love to get off of here...and this time I am keeping the computer until it is all clean! I will post the logs requested as soon as I get them!

OMG don't judge me!


Report •

#3
April 29, 2014 at 15:28:00
http://www.load.to/9mXlkUKKAD/attac...
http://www.load.to/qz6h37JOHA/dds.txt

There are the pre-malware results...

OMG don't judge me!


Report •

Related Solutions

#4
April 29, 2014 at 17:26:33
" It picked up over 200 items last night on the quick scan"
Copy & Paste the contents of that log in your reply please.

message edited by Johnw


Report •

#5
April 30, 2014 at 17:11:06
http://www.load.to/BirbJnNIUW/attac...
http://www.load.to/jlltrJyvo8/dds.txt

post-malware, virus, defrag scans.

OMG don't judge me!


Report •

#6
April 30, 2014 at 17:19:54
"I am going to run a full malware bytes scan to see what it picks up. It picked up over 200 items last night on the quick scan"

Open Malwarebytes, go to your log that shows those 200+ items, Copy & Paste the contents into your reply.


Report •

#7
April 30, 2014 at 17:31:39
I am not sure which log is which, so here is the flash scan I ran on the 28th:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.29.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
OWNERCS :: OWNERCS-PC [administrator]

Protection: Enabled

4/28/2014 11:42:04 PM
mbam-log-2014-04-28 (23-42-04).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 197519
Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\gorillaprice\gorillaprice.exe (PUP.Optional.GorillaPrice) -> 1560 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 19
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINRST (PUP.Optional.WinRST.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Solid Savings (PUP.Optional.SolidSavings.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42DF1A72-BC07-CF0E-9B5F-74D296C42303} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42DF1A72-BC07-CF0E-9B5F-74D296C42303} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{42DF1A72-BC07-CF0E-9B5F-74D296C42303} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42DF1A72-BC07-CF0E-9B5F-74D296C42303} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42DF1A72-BC07-CF0E-9B5F-74D296C42303} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\Software\Mega Browse (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\ikgjcmfodgjkcgimppbdnkmdhmepjckc (PUP.Optional.MarioForeverTB.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\ikgjcmfodgjkcgimppbdnkmdhmepjckc (PUP.Optional.MarioForeverTB.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Level Quality Watcher (PUP.Optional.LevelQualityWatcher.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\GorillaPrice (PUP.Optional.GorillaPrice.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\GorillaPrice (PUP.Optional.GorillaPrice.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice (PUP.Optional.GorillaPrice) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gorillaprice (PUP.Optional.GorillaPrice) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bench.nmhost (PUP.Optional.Bench.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\WinRST|ImagePath (PUP.Optional.WinRST.A) -> Data: C:\Program Files (x86)\WinRST\WinRST.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 83
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0425174410 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0425215803 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_o0hl0f0xsz2jihopmi3ouknygb5i0hkl\1.4.0.0 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_o0hl0f0xsz2jihopmi3ouknygb5i0hkl (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0409175547 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Local_Weather_LLC (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0406065340 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0413172328 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0410205559 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0411210635 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0416145633 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0413170303 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0323203242 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0327185108 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0425235102 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0420171346 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421064038 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421100310 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0417154329 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0417185133 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0418070355 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0420064014 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0329184901 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0426235251 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0414173434 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0415143410 (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Optional.MarketScore) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ikgjcmfodgjkcgimppbdnkmdhmepjckc (PUP.Optional.MarioForeverTB.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\gorillaprice (PUP.Optional.GorillaPrice) -> Delete on reboot.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\images\injection (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\css\jquery_ui (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\css\jquery_ui\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\images\engines_icons (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\images\injection (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\plugins (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\css\jquery_ui (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\css\jquery_ui\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\images\engines_icons (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\images\injection (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\css\jquery_ui (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\css\jquery_ui\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\plugins (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\engines_icons (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\images\engines_icons (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\engines_icons (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0\css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.25_0 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Roaming\ContentExplorer (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3318151 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Temp\TestIfExeExist\CT3318151 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Temp\ct3318151 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Temp\TestIfExeExist\CT3318151\nativeMessaging (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 478
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-icons_222222_256x240.png (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-icons_454545_256x240.png (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Windows\SysWOW64\rlls.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\rlls.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.55.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.56.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.57.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.58.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.59.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.60.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.61.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.62.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.63.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.51.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.52.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.53.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.54.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.68.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.69.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.70.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.71.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.72.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.73.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.74.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.75.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.76.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.77.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.78.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.79.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.80.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.81.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.82.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.83.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.84.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.85.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.86.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.87.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.88.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.89.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.90.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.91.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.92.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.93.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.94.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.95.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.96.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.97.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.98.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.99.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0425174410\3738.3738.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0425174410\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.64.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.65.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.66.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.67.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0425235102\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0323203242\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\mod.DesktopWeatherAlertsApp0.dat (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_o0hl0f0xsz2jihopmi3ouknygb5i0hkl\1.4.0.0\user.config (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0409175547\3722.3722.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0406065340\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0327185108\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0329184901\3710.3710.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0411210635\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0406065340\3718.3718.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0406065340\3719.3719.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0413172328\3726.3726.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0413172328\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0409175547\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0410205559\3723.3723.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0410205559\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0411210635\3724.3724.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0413170303\3726.3726.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0413170303\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0323203242\3704.3704.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0417154329\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0327185108\3706.3706.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0327185108\3707.3707.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0425215803\3738.3738.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0425215803\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0425235102\3739.3739.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0420064014\3732.3732.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0420064014\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0420171346\3732.3732.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0420171346\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421064038\3732.3732.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421064038\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421100310\3734.19.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.100.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.39.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.40.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.41.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.42.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.43.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.44.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.45.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.46.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.47.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.48.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.49.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0421141502\3734.50.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0415143410\3726.3726.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0415143410\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0416145633\3726.3726.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0416145633\3727.3727.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0416145633\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0417185133\3728.3728.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0417154329\3728.3728.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0418070355\3730.3730.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0418070355\3729.3729.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0418070355\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0329184901\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\WAUpdater.exe (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0426235251\3740.3740.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0426235251\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe.config (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp0.dat (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe.config (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\DesktopWeatherAlertsK.dat (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\DesktopWeatherAlertsU.dat (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\DesktopWeatherAlertsuninstall.exe (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\ICSharpCode.SharpZipLib.dll (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0417154329\3727.3727.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\WAUpdater.exe.config (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\WeatherAlerts.exe (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\WeatherAlerts.exe.config (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0414173434\mergetree (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\uninstall.exe (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\WeatherAlerts\0414173434\3726.3726.tmp (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Windows\Tasks\DGChrome2383 Watcher.job (PUP.Optional.VbatesHelper.A) -> Quarantined and deleted successfully.
C:\ProgramData\AudiOConverrt\HNwctCer.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Optional.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Optional.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Optional.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Optional.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Optional.MarketScore) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ikgjcmfodgjkcgimppbdnkmdhmepjckc\MANIFEST-000002 (PUP.Optional.MarioForeverTB.A) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ikgjcmfodgjkcgimppbdnkmdhmepjckc\000003.log (PUP.Optional.MarioForeverTB.A) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ikgjcmfodgjkcgimppbdnkmdhmepjckc\CURRENT (PUP.Optional.MarioForeverTB.A) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ikgjcmfodgjkcgimppbdnkmdhmepjckc\LOCK (PUP.Optional.MarioForeverTB.A) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ikgjcmfodgjkcgimppbdnkmdhmepjckc\LOG (PUP.Optional.MarioForeverTB.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\gorillaprice\gorillaprice.exe (PUP.Optional.GorillaPrice) -> Delete on reboot.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\images\injection\bullet_arrow_down_old.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\images\injection\icon.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\js\jquery-1.7.1.min.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\images\injection\search_right_bottom_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

(continued next message)

OMG don't judge me!


Report •

#8
April 30, 2014 at 17:36:46
ok so nevermind that, I can't copy paste it, it's too long. So, here ya go:

http://www.load.to/bWff6wfTep/mbam-...

This is the most recent log:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.29.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
OWNERCS :: OWNERCS-PC [administrator]

Protection: Enabled

4/29/2014 7:39:06 PM
mbam-log-2014-04-29 (19-39-06).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 421143
Time elapsed: 2 hour(s), 11 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 65
C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\ScorpionSaver Services\AdpeakProxy64.dll.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\ScorpionSaver Services\AdpeakRegisterLSP64.exe.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\ScorpionSaver Services\Installbat.dll.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\ScorpionSaver Services\InstallDLL64.dll.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\ScorpionSaver Services\PCProxyDLL.dll.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-bg.exe.vir (PUP.Optional.HQTotalS.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-bho.dll.vir (PUP.Optional.HQTotalS.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-bho64.dll.vir (PUP.Optional.HQTotalS.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-chromeinstaller.exe.vir (PUP.Optional.HQTotalS.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-codedownloader.exe.vir (PUP.Optional.HQTotalS.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-enabler.exe.vir (PUP.Optional.HQTotalS.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-firefoxinstaller.exe.vir (PUP.Optional.HQTotalS.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-updater.exe.vir (PUP.Optional.HQTotalS.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\utils.exe.vir (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IMVU_Inc_C\IMVU_Inc_CToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-bg.exe.vir (PUP.Optional.MediaEnhance.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-bho.dll.vir (PUP.Optional.MediaEnhance.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-bho64.dll.vir (PUP.Optional.MediaEnhance.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-chromeinstaller.exe.vir (PUP.Optional.MediaEnhance.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-codedownloader.exe.vir (PUP.Optional.MediaEnhance.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-enabler.exe.vir (PUP.Optional.MediaEnhance.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-firefoxinstaller.exe.vir (PUP.Optional.MediaEnhance.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-updater.exe.vir (PUP.Optional.MediaEnhance.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\utils.exe.vir (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mega Browse\MegaBrowseBHO.dll.vir (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mega Browse\updateMegaBrowse.exe.vir (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe.vir (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mega Browse\bin\plugins\MegaBrowse.PurBrowseG.dll.vir (PUP.Optional.Sanbreel.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\Datamngr.dll.vir (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe.vir (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe.vir (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\IEBHO.dll.vir (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\GC\uninstall.exe.vir (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\uninstall.exe.vir (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\Datamngr.dll.vir (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\IEBHO.dll.vir (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProReminder.exe.vir (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSchedule.exe.vir (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlls.dll.vir (PUP.Optional.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlls64.dll.vir (PUP.Optional.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlph.dll.vir (PUP.Optional.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlservice.exe.vir (PUP.Optional.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlvknlg.exe.vir (PUP.Optional.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlvknlg32.exe.vir (PUP.Optional.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe.vir (PUP.Optional.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlxf.dll.vir (PUP.Optional.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RelevantKnowledge\components\rlxg.dll.vir (PUP.Optional.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RelevantKnowledge\firefox\rlnx.dll.vir (PUP.Optional.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\OWNERCS\AppData\Local\Conduit\CT3318151\IMVU_Inc_CAutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\OWNERCS\AppData\Local\Coupon Server\uninstall.exe.vir (PUP.Optional.CouponServer.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\OWNERCS\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\OWNERCS\AppData\Roaming\Mysearchdial\UpdateProc\UpdateTask.exe.vir (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\OWNERCS\AppData\Roaming\VOPackage\Uninstall.exe.vir (PUP.Optional.SilenceInstall) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\OWNERCS\AppData\Roaming\VOPackage\VOPackage.exe.vir (PUP.Optional.SilenceInstall) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Windows\System32\AdpeakProxy64.dll.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Users\OWNERCS\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 (PUP.Optional.DomalQ) -> Quarantined and deleted successfully.

(end)

OMG don't judge me!


Report •

#9
April 30, 2014 at 17:42:51
"and this time I am keeping the computer until it is all clean!"
Yep, stay with me until I let you know you are clean.

"ok so nevermind that, I can't copy paste it, it's too long. So, here ya go:"
Thanks.

From the DDS log, you need to get your proxy settings back to normal.
uProxyServer = hxxp=127.0.0.1:13081;

How to Check Hosts Files, DNS and Proxy Settings for Normal Internet Access after Malware Infection
http://www.dotfab.com/resources/how...

Infection has enabled proxy
http://www.bleepingcomputer.com/vir...
Start > Control Panel > Internet Options > Connections > LAN settings, untick > Use a proxy server for your LAN. Click OK twice.
Or,
Start > Run, Copy & Paste inetcpl.cpl in the Run box and press Enter.
Restore the Run command to Windows 7 and Vista Start menu
http://www.winhelponline.com/articl...

Firefox. If no Proxy is needed, set it to > No proxy.
http://www.wikihow.com/Enter-Proxy-...

Proxy and the Windows HOSTS file
http://www.mvps.org/winhelp2002/hos...


Report •

#10
April 30, 2014 at 17:47:16
Next, after doing the proxy settings.

Run both of these, in this order. Get the latest version of AdwCleaner.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

message edited by Johnw


Report •

#11
April 30, 2014 at 19:02:19
working on it. got the adwcleaner log, and reset all the proxies, but I am not getting internet access through wireless. (am on different computer right now) It is connecting, but there is no network access. Restarted the computer and it's installing microsoft updates...ggrr

OMG don't judge me!


Report •

#12
April 30, 2014 at 19:33:16
# AdwCleaner v3.205 - Report created 30/04/2014 at 21:30:07
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : OWNERCS - OWNERCS-PC
# Running from : C:\Users\OWNERCS\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\OWNERCS\AppData\Roaming\Mozilla\Firefox\Profiles\xh1xq39c.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [60455 octets] - [28/04/2014 22:34:09]
AdwCleaner[R1].txt - [62022 octets] - [28/04/2014 22:39:57]
AdwCleaner[R2].txt - [1768 octets] - [29/04/2014 18:19:21]
AdwCleaner[R3].txt - [1085 octets] - [30/04/2014 21:28:40]
AdwCleaner[S0].txt - [55465 octets] - [28/04/2014 22:58:28]
AdwCleaner[S1].txt - [1847 octets] - [29/04/2014 18:36:55]
AdwCleaner[S2].txt - [1007 octets] - [30/04/2014 21:30:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1067 octets] ##########

OMG don't judge me!


Report •

#13
April 30, 2014 at 19:40:23
" Running from : C:\Users\OWNERCS\Downloads\AdwCleaner.exe"
A lot of these special programs are designed to be run from the Desktop.

Refer the instructions on each program as I give you the info.


Report •

#14
May 1, 2014 at 13:51:17
Oops, I thought it was on the desktop, my bad...

Here is the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by OWNERCS on Wed 04/30/2014 at 22:38:12.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsing
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-374909161-2289726547-2541875447-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-374909161-2289726547-2541875447-1001\Software\wajam

~~~ Files

Successfully deleted: [File] "C:\Users\OWNERCS\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] "C:\Users\OWNERCS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\dsearchlink"
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Failed to delete: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\torchcrashhandler"
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\regclean pro"
Failed to delete: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"

~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\OWNERCS\AppData\Roaming\mozilla\firefox\profiles\xh1xq39c.default\minidumps [2 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/30/2014 at 22:58:23.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OMG don't judge me!


Report •

#15
May 1, 2014 at 13:54:46
And the new AdwCleaner log:

# AdwCleaner v3.205 - Report created 30/04/2014 at 21:30:07
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : OWNERCS - OWNERCS-PC
# Running from : C:\Users\OWNERCS\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\OWNERCS\AppData\Roaming\Mozilla\Firefox\Profiles\xh1xq39c.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [60455 octets] - [28/04/2014 22:34:09]
AdwCleaner[R1].txt - [62022 octets] - [28/04/2014 22:39:57]
AdwCleaner[R2].txt - [1768 octets] - [29/04/2014 18:19:21]
AdwCleaner[R3].txt - [1085 octets] - [30/04/2014 21:28:40]
AdwCleaner[S0].txt - [55465 octets] - [28/04/2014 22:58:28]
AdwCleaner[S1].txt - [1847 octets] - [29/04/2014 18:36:55]
AdwCleaner[S2].txt - [1007 octets] - [30/04/2014 21:30:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1067 octets] ##########
# AdwCleaner v3.205 - Report created 01/05/2014 at 16:51:59
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : OWNERCS - OWNERCS-PC
# Running from : C:\Users\OWNERCS\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\OWNERCS\AppData\Roaming\Mozilla\Firefox\Profiles\xh1xq39c.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [60455 octets] - [28/04/2014 22:34:09]
AdwCleaner[R1].txt - [62022 octets] - [28/04/2014 22:39:57]
AdwCleaner[R2].txt - [1768 octets] - [29/04/2014 18:19:21]
AdwCleaner[R3].txt - [2229 octets] - [30/04/2014 21:28:40]
AdwCleaner[S0].txt - [55465 octets] - [28/04/2014 22:58:28]
AdwCleaner[S1].txt - [1847 octets] - [29/04/2014 18:36:55]
AdwCleaner[S2].txt - [2152 octets] - [30/04/2014 21:30:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2212 octets] ##########

OMG don't judge me!


Report •

#16
May 1, 2014 at 13:56:41
awe shoot. The JRT wasn't on the desktop either...I am too used to my own computer and where I have things set to save to. Running that again now. Blah! Thanks for your patience :)

OMG don't judge me!


Report •

#17
May 1, 2014 at 14:21:40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by OWNERCS on Thu 05/01/2014 at 16:55:47.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/01/2014 at 17:10:25.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OMG don't judge me!


Report •

#18
May 1, 2014 at 14:22:46
Interesting...now the wireless adapter is turning on and off by itself? Won't stay connected.

OMG don't judge me!


Report •

#19
May 1, 2014 at 15:00:40
"And the new AdwCleaner log:"
# Running from : C:\Users\OWNERCS\Downloads\AdwCleaner.exe
Drag programs as required out of downloads onto the desktop.

"Malwarebytes Anti-Malware (PRO) 1.75.0.1300"
Has the owner bought the Pro version?


Report •

#20
May 1, 2014 at 15:04:06
"Interesting...now the wireless adapter is turning on and off by itself? Won't stay connected"
As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.
Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These we then, have to repair.

Report •

#21
May 1, 2014 at 15:04:45
3: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it onto your Desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.
Copy & Paste the contents of the log in your next post please. Let me know if it doesn't produce a log.

4: Reboot

5: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#22
May 1, 2014 at 15:07:20
Yea, I know I need to. I have my downloads to go to my desktop on my computer, I often forget they don't go there on other systems.

To be honest, I do not know. They have installed so much stuff on here, I really don't know for sure. Hence why I have it, because when I got it to work on, it wouldn't even load any websites or anything because of all the junk. I can ask, but she won't be home from work for another hour or so, and she probably won't know, as she doesn't really use it other than for her work trainings. Her grandchildren use it, as does her daughter. It runs as Pro, but I know that when I had the computer before I had only installed the free version.

OMG don't judge me!

message edited by shanna99


Report •

#23
May 1, 2014 at 15:14:41
# AdwCleaner v3.205 - Report created 01/05/2014 at 18:10:59
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : OWNERCS - OWNERCS-PC
# Running from : C:\Users\OWNERCS\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\OWNERCS\AppData\Roaming\Mozilla\Firefox\Profiles\xh1xq39c.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [60455 octets] - [28/04/2014 22:34:09]
AdwCleaner[R1].txt - [62022 octets] - [28/04/2014 22:39:57]
AdwCleaner[R2].txt - [1768 octets] - [29/04/2014 18:19:21]
AdwCleaner[R3].txt - [2229 octets] - [30/04/2014 21:28:40]
AdwCleaner[R4].txt - [1203 octets] - [01/05/2014 18:08:29]
AdwCleaner[S0].txt - [55465 octets] - [28/04/2014 22:58:28]
AdwCleaner[S1].txt - [1847 octets] - [29/04/2014 18:36:55]
AdwCleaner[S2].txt - [2292 octets] - [30/04/2014 21:30:07]
AdwCleaner[S3].txt - [1125 octets] - [01/05/2014 18:10:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1185 octets] ##########


pasted the wrong thing

OMG don't judge me!


Report •

#24
May 1, 2014 at 15:28:05
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 05/01/2014 06:15:44 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 237125 files processed.

The C:\Users\OWNERCS\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoActiveDesktopChanges policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
* DisableTaskMgr policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Program finished at: 05/01/2014 06:27:43 PM
Execution time: 0 hours(s), 11 minute(s), and 59 seconds(s)

OMG don't judge me!


Report •

#25
May 1, 2014 at 15:36:52
"pasted the wrong thing"
No worries, we are getting there.

"I have my downloads to go to my desktop on my computer"
Me too.

message edited by Johnw


Report •

#26
May 1, 2014 at 15:55:15
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : OWNERCS [Admin rights]
Mode : Remove -- Date : 05/01/2014 18:52:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [7]) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] SaferBrowserProtectTask : C:\Users\OWNERCS\AppData\Local\Safer\Safer\Application\SaferBrowserProtector.exe [7] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600BEVT-60ZCT1 ATA Device +++++
--- User ---
[MBR] 80ef8d124b25e364fc9a39d4982fd1c6
[BSP] da051c90e3082df3e4c61cb8121afd63 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05012014_185247.txt >>
RKreport[0]_S_05012014_185141.txt

OMG don't judge me!


Report •

#27
May 1, 2014 at 16:00:22
6: Run TDSSKiller. Copy & Paste the contents of the log in your next post please.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://usa.kaspersky.com/downloads/...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...
Anti-rootkit utility TDSSKiller
http://support.kaspersky.com/faq/?q...
If TDSS doesn't run, use FixTDSS
http://www.symantec.com/content/en/...
Download FixTDSS and save it onto your Desktop.
Double click on the FixTDSS.exe icon to run it.
Click the "I Accept" button, then the "Proceed" button to begin
The tool will restart your computer automatically - click OK to allow it to do so
The tool will begin it's scan on reboot > click "run" to begin
It will report if an infected MBR is found > click the "repair" button
If you do not specify a full pathname, TDSSKiller will save the log in the same folder that the executable resides in.

Report •

#28
May 1, 2014 at 16:15:40
ran that program, and it found nothing. There isn't a log to copy paste. However, there is a quarentine folder on the desktop that I didn't notice before, from RougeKiller. What to do with that?

OMG don't judge me!


Report •

#29
May 1, 2014 at 16:27:32
"What to do with that?

If it is this one, you have now documented it here on the forum, so it can be deleted.
"Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus"

message edited by Johnw


Report •

#30
May 1, 2014 at 16:28:41
I ran it again after i clicked all the options. it did find some things and then rebooted.
http://www.load.to/H7h2gFd4Os/kille...

OMG don't judge me!


Report •

#31
May 1, 2014 at 16:29:11
7: Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...

Report •

#32
May 1, 2014 at 16:30:30
Guess I should read a little better, I see that was for the other program. oh well...

OMG don't judge me!


Report •

#33
May 1, 2014 at 16:48:11
Ok, have to make the USB drive, it won't allow me to download it. So, I will run that and maybe you will hear from me again in a while. It's 7:45pm my time, and you are behind? me in time, so we shall see what happens!

Thanks again for all of your help, I appreciate it. I am thinking I might run some of these cleaners and stuff on my computer, it's not running bad, but not as good as it used to. :)

OMG don't judge me!

message edited by shanna99


Report •

#34
May 1, 2014 at 16:57:39
" It's 7:45pm my time, and you are behind?"
It's Friday here.
http://www.timeanddate.com/worldclo...

message edited by Johnw


Report •

#35
May 1, 2014 at 19:30:46
oh I don't know why I was thinking that you were in California or something :) Anyway, just got home from dinner, running the scan now. will post later :)

OMG don't judge me!


Report •

#36
May 2, 2014 at 14:36:32
Where can I find the log for the USB scan? The one that you pointed to gives me the log for the online scanner that wouldn't download?

OMG don't judge me!


Report •

#37
May 2, 2014 at 14:45:01
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internet

OMG don't judge me!


Report •

#38
May 2, 2014 at 15:28:49
"Can not open internetCan not open internetESETSmartInstaller@High as downloader log"
Print/write the instructions I gave you, it should be covered there.

If the message persists, let the comp run, it can take up to 12 hours.


Report •

#39
May 2, 2014 at 15:33:16
I just googled the info & here is how it played out.

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
http://is.gd/qg1BQB

http://www.broadbandreports.com/r0/...
http://www.hackforums.net/printthre...
http://www.geekpolice.net/search.fo...


Report •

#40
May 2, 2014 at 19:58:25
I will try to let it go overnight, but when I try to use it, it tells me that it cannot connect to download and to check my proxies. Then it sits there, seemingly waiting for me to connect or whatever.. and that is it.

I ran the USB version, and it created a log and allowed me to delete about 65 items. However, I do not know how to get that log from Windows...?


ok, - so I thought, maybe try running it from IE instead of firefox. Opened up IE and somehow the proxy things that I changed before are set again - telling IE to use a proxy. I KNOW I changed these back, once before we got started in all this and again when you told me to way back there. Anyway, I changed it back to the automatic like it's been set at and tried the scanner again - poof - it's scanning now.

OMG don't judge me!


Report •

#41
May 3, 2014 at 03:44:51
Alright, just woke up, and have to go to an all-day soccer tourney for my kiddo, but wanted to jump on here to let you know, the scan finished and it came up clean.

What's the next treatment, Doc? :)

OMG don't judge me!


Report •

#42
May 3, 2014 at 04:44:38
8: Download ComboFix onto your Desktop & then run. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"

If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Report •

#43
May 3, 2014 at 12:29:53
ComboFix 14-04-30.01 - OWNERCS 05/03/2014 15:02:43.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1788.959 [GMT -4:00]
Running from: c:\users\OWNERCS\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\OWNERCS\AppData\Local\common_functions.dll
c:\users\OWNERCS\AppData\Local\ie_runner_app.exe
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\icon64.ico
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\0208ad0c912aae33.fb
c:\windows\SysWow64\Cache\075884af680ff6dc.fb
c:\windows\SysWow64\Cache\227113dfa1ca894d.fb
c:\windows\SysWow64\Cache\4285ee0091cba85e.fb
c:\windows\SysWow64\Cache\49fbbc5a8678d502.fb
c:\windows\SysWow64\Cache\5c54eb1a1655b076.fb
c:\windows\SysWow64\Cache\613e8ce7ab7106af.fb
c:\windows\SysWow64\Cache\633a76311867bd11.fb
c:\windows\SysWow64\Cache\691f14230153a9e1.fb
c:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fb
c:\windows\SysWow64\Cache\711ea02641f3e53f.fb
c:\windows\SysWow64\Cache\7614bd6cfa99e546.fb
c:\windows\SysWow64\Cache\77664b6ccc36be9f.fb
c:\windows\SysWow64\Cache\881b3593316772f0.fb
c:\windows\SysWow64\Cache\94baf42f810dcb87.fb
c:\windows\SysWow64\Cache\98657d0579ae1930.fb
c:\windows\SysWow64\Cache\b862d4b3927c47f3.fb
c:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\SysWow64\Cache\d9ca663388d21ec0.fb
c:\windows\SysWow64\Cache\f2cda51fd108941f.fb
c:\windows\SysWow64\Cache\f34d8db84131d925.fb
.
.
((((((((((((((((((((((((( Files Created from 2014-04-03 to 2014-05-03 )))))))))))))))))))))))))))))))
.
.
2014-05-03 19:13 . 2014-05-03 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-03 18:36 . 2014-04-29 03:23 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10B4328C-8BEC-230D-4577-E7627E48329C}\GapaEngine.dll
2014-05-03 18:35 . 2014-04-29 03:23 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{173DCBA1-B81F-777B-B9D0-B9E19A956F5E}\GapaEngine.dll
2014-05-03 10:45 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-03 10:45 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-03 10:45 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-03 02:59 . 2014-05-03 02:59 -------- d-sh--w- c:\users\OWNERCS\AppData\Local\EmieUserList
2014-05-03 02:59 . 2014-05-03 02:59 -------- d-sh--w- c:\users\OWNERCS\AppData\Local\EmieSiteList
2014-05-02 21:43 . 2014-04-16 07:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7528EF79-9F94-4E1F-9B11-AF85110F83E5}\mpengine.dll
2014-05-01 23:35 . 2014-05-01 23:35 -------- d-----w- c:\program files (x86)\ESET
2014-05-01 23:19 . 2014-05-01 23:19 -------- d-----w- C:\TDSSKiller_Quarantine
2014-05-01 21:31 . 2014-05-01 21:29 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0681F351-FF04-441D-8FA4-6854DD3709D7}\gapaengine.dll
2014-05-01 21:29 . 2014-04-16 07:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-01 21:25 . 2014-05-01 21:25 -------- d-----w- c:\program files (x86)\Hp
2014-05-01 21:25 . 2014-05-01 21:25 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2014-05-01 02:38 . 2014-05-01 02:38 -------- d-----w- c:\windows\ERUNT
2014-05-01 00:39 . 2014-05-01 02:24 -------- d-----w- c:\program files (x86)\SpywareBlaster
2014-04-30 19:07 . 2014-04-30 19:07 -------- d-----w- c:\windows\Migration
2014-04-29 22:22 . 2014-04-29 22:24 -------- d-----w- c:\users\OWNERCS\AppData\Roaming\Image Uploader
2014-04-29 22:22 . 2014-04-29 22:22 -------- d-----w- c:\program files (x86)\Image Uploader
2014-04-29 22:22 . 2014-04-29 22:22 -------- d-----w- c:\programdata\Image Uploader
2014-04-29 20:06 . 2013-09-15 19:59 2155152 ----a-w- c:\windows\system32\Incinerator64.dll
2014-04-29 20:06 . 2013-09-15 19:59 2097984 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2014-04-29 20:05 . 2013-09-15 19:50 82160 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2014-04-29 20:05 . 2013-09-15 20:18 57584 ----a-w- c:\windows\system32\iolobtdfg.exe
2014-04-29 20:05 . 2013-09-15 20:18 26184 ----a-w- c:\windows\system32\smrgdf.exe
2014-04-29 20:05 . 2013-09-15 19:50 69000 ----a-w- c:\windows\system32\offreg.dll
2014-04-29 20:05 . 2013-09-15 19:50 56200 ----a-w- c:\windows\SysWow64\offreg.dll
2014-04-29 20:02 . 2013-09-15 19:50 30752 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2014-04-29 19:58 . 2014-04-30 22:42 -------- d-----w- c:\users\OWNERCS\AppData\Roaming\iolo
2014-04-29 19:52 . 2014-04-29 19:52 -------- d-----w- c:\users\OWNERCS\AppData\Local\Macromedia
2014-04-29 19:51 . 2014-04-29 19:51 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2014-04-29 19:51 . 2014-04-30 19:25 -------- d-----w- c:\programdata\iolo
2014-04-29 19:51 . 2014-04-29 20:05 -------- d-----w- c:\program files (x86)\iolo
2014-04-29 04:15 . 2013-12-04 02:27 123392 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-04-29 04:15 . 2013-12-04 02:27 123392 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-04-29 04:15 . 2013-12-04 02:03 87040 ----a-w- c:\windows\SysWow64\secproc_ssp.dll
2014-04-29 04:15 . 2013-12-04 02:02 390144 ----a-w- c:\windows\SysWow64\msdrm.dll
2014-04-29 04:15 . 2013-12-04 02:03 87040 ----a-w- c:\windows\SysWow64\secproc_ssp_isv.dll
2014-04-29 04:15 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-04-29 04:15 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-04-29 04:15 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-04-29 04:15 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-04-29 04:15 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-04-29 04:15 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-04-29 04:15 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-04-29 04:10 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-04-29 04:10 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-04-29 04:08 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-04-29 04:08 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-04-29 04:08 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-04-29 04:08 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-04-29 04:08 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-04-29 04:04 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-04-29 04:04 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-04-29 04:02 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-04-29 04:02 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-04-29 04:02 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-04-29 04:02 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-04-29 03:59 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-04-29 03:59 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-29 03:59 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-29 03:59 . 2014-02-04 02:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-29 03:59 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-29 03:59 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
2014-04-29 03:44 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-04-29 03:44 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-04-29 03:43 . 2014-04-29 03:44 -------- d-----w- c:\users\OWNERCS\AppData\Local\Mozilla
2014-04-29 03:34 . 2014-04-29 03:34 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-04-29 03:19 . 2014-04-29 03:20 -------- d-----w- C:\a5bdd32263fd5f98bb1f0bd31724
2014-04-29 02:35 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-04-29 02:33 . 2014-05-01 22:11 -------- d-----w- C:\AdwCleaner
2014-04-29 00:45 . 2014-04-15 00:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-25 02:49 . 2014-04-24 16:33 61120 ----a-w- c:\windows\system32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
2014-04-17 20:17 . 2014-04-29 21:01 -------- d-----w- c:\programdata\AudiOConverrt
2014-04-11 23:13 . 2014-04-29 00:43 -------- d-----w- c:\programdata\9ac7d07ec32cbf8b
2014-04-11 23:13 . 2014-04-11 23:13 -------- d-----w- c:\users\OWNERCS\AppData\Local\Packages
2014-04-11 23:13 . 2014-04-29 01:03 -------- d-----w- c:\programdata\CoolSaleCoupoon
2014-04-07 20:23 . 2014-04-29 00:30 -------- d-----w- c:\users\OWNERCS\AppData\Roaming\Open Download Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 19:39 . 2013-07-22 20:10 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 19:39 . 2013-07-22 20:10 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-29 03:23 . 2013-08-22 13:34 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-31 07:51 . 2013-07-22 21:26 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-11 13:52 . 2013-01-20 19:59 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:17 . 2014-04-29 03:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-21 22:19 . 2013-10-26 20:04 1240 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R4 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64;{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64;c:\windows\system32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys;c:\windows\SYSNATIVE\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22 19:39]
.
2014-05-03 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-10-28 08:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:13081
uInternet Settings,ProxyOverride = <-loopback>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\OWNERCS\AppData\Roaming\Mozilla\Firefox\Profiles\xh1xq39c.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
SafeBoot-49489265.sys
SafeBoot-64827964.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Minecraft Packages - c:\users\OWNERCS\AppData\Roaming\1H1Q\Minecraft Packages\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va015]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-374909161-2289726547-2541875447-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:d0,75,d7,80,27,0f,0a,5f,46,a4,df,3d,ff,7b,cc,98,b0,74,26,40,f2,
d8,7c,42,24,38,6f,49,98,6f,fb,7e,5d,99,f2,39,c0,a1,85,38,25,5d,8e,2b,51,14,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-03 15:18:02
ComboFix-quarantined-files.txt 2014-05-03 19:18
.
Pre-Run: 69,865,435,136 bytes free
Post-Run: 68,973,674,496 bytes free
.
- - End Of File - - C441C22E0BA9B121F6B649DEC305A1EB
A36C5E4F47E84449FF07ED3517B43A31

OMG don't judge me!


Report •

#44
May 3, 2014 at 14:42:43
Combofix cleaned up a lot.

Are your proxy settings sticking?
In other words, are your having any problems in that area?

9: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 is out of date. Latest version is Version: 2.0.1.
Here is how to get the FREE version, if she hasn't purchased PRO.

Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log please.

http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
Or,
http://i.imgur.com/eLcvyZD.gif
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif

message edited by Johnw


Report •

#45
May 3, 2014 at 15:19:34
a real safe bet when uninstalling things that will not uninstall is to use Revo FREE uninstaller:
http://www.revouninstaller.com/revo...
It does a good and safe job and should remove that browser and all traces in the registry

HELP in posting on Computing.net plus free progs and instructions


Report •

#46
May 3, 2014 at 15:27:54
I upgraded Malware bytes. It upgraded the pro version, never gave an option to enable the free trial, so I guess I am going to assume it is the full version? IDK.

but here is the log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/3/2014
Scan Time: 6:22:28 PM
Logfile: malware log 2.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.03.06
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: OWNERCS

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 259601
Time Elapsed: 18 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, , [887a103dc6b5b87ec413028d847e9e62],
PUP.Optional.Adpeak, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Scorpion Saver, , [6e94fd500e6d48eef972e0ad6c966d93],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

as for the proxies, it seems to be sticking :)

OMG don't judge me!


Report •

#47
May 3, 2014 at 15:31:28
I have tried Revo before, and it did not work. There is so much other stuff on here though that I appreciate Johnw's help :)

OMG don't judge me!


Report •

#48
May 3, 2014 at 15:37:19
"I have tried Revo before, and it did not work"

Revo Uninstaller 64-bit is only supported in the Pro ( paid ) version.
http://www.revouninstaller.com/revo...
http://i.imgur.com/souCjaz.gif


Report •

#49
May 3, 2014 at 15:38:38
10: Download OTL, save & run from your Desktop.
http://oldtimer.geekstogo.com/OTL.exe
Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
1: When the window appears, underneath Output at the top, make sure Standard output is selected.
2: Select Scan all users
3: Change Drivers to All
4: Under the Extra Registry section, check Use SafeList
5: In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
6: Click Run Scan and let the program run uninterrupted.
Screenshots ( SS ) of 1 - 6
http://i.imgur.com/rvTDUlL.gif
When the scan is complete, two text files will be created on your Desktop
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

Upload the logs please.


Report •

#50
May 3, 2014 at 15:47:53
"Registry Keys: 2
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, , [887a103dc6b5b87ec413028d847e9e62],
PUP.Optional.Adpeak, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Scorpion Saver, , [6e94fd500e6d48eef972e0ad6c966d93], "

They needed to be Quarantined or Deleted. Did you?


Report •

#51
May 3, 2014 at 19:35:27
Yes, I quarantined them :)

OMG don't judge me!


Report •

#52
Report •

#53
May 3, 2014 at 20:09:49
Safer Browser won't uninstall?
It appears to be gone, Correct?

""Malwarebytes Anti-Malware (PRO) 1.75.0.1300"
As she has the PRO license, in her options, Enable > Rootkits: Disabled

Remove Relevant Knowledge
http://forums.spybot.info/showthrea...

message edited by Johnw


Report •

#54
May 3, 2014 at 20:17:02
Safer browser does appear to be gone, along with Scorpion Saver - which was another program that I was hoping would be gone too.

So download Spybot S&D and run it, along with deleting those files and folders listed? :) Seems like we are getting somewhere! This laptop is running better than mine now, and mine has more memory and all that jazz :) Guess maybe it's time for a tune up on her...

OMG don't judge me!


Report •

#55
May 3, 2014 at 20:32:18
Uninstall ComboFix. The reason we remove Combofix, is that a new version comes out nearly every day.
Turn off all active protection software.
Push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
Please Copy and Paste the following into the box > ComboFix /Uninstall and click OK.
Or,
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Or,
Start > All Programs > Accessories > Command Prompt, Copy and Paste > ComboFix /uninstall and hit > Enter.
Qoobox is a folder created by Combofix to quarantine any infected files.
http://www.bleepingcomputer.com/com...

RunTFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Tools to keep, just update before using. Others not mentioned, need to be downloaded again, because they release new versions constantly.
ESET Online Scanner
TDSSKiller
Malwarebytes' Anti-Malware ( MBAM )
TFC

As you can see from your logs, you had a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
http://www.softpedia.com/get/CD-DVD...
http://www.softpedia.com/get/Multim...
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshots ) of above
http://i.imgur.com/CSBplyA.gif
http://i.imgur.com/3eWWoXm.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://unchecky.com/
How to download from Softpedia
http://i.imgur.com/iZ3Fzmc.gif
http://i.imgur.com/NNgm1rF.gif
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#56
May 5, 2014 at 14:47:58
All that is finished. Cleaning up all the temp files and such and running a defrag. Thanks again for your help.

OMG don't judge me!


Report •

#57
May 5, 2014 at 15:02:46
" running a defrag"
Be aware, SSD's ( Solid State Drive ) are not to be defraged.

System Restore will have infected files in it, turning System Restore OFF & then ON will remove them.
Windows 7
http://www.7tutorials.com/system-re...
http://www.sevenforums.com/tutorial...

"Thanks again for your help"
YW, you are now clean.


Report •

#58
May 7, 2014 at 12:38:10
I did that with System Restore, and didn't do the defrag. I returned the computer to the family, and they gave me another computer with the same issues. I am going to run down this list of stuff to get it cleaned up. It is a Windows 8 machine, will that make a difference in the programs that I use?

OMG don't judge me!


Report •

#59
May 7, 2014 at 18:48:55
✔ Best Answer
"will that make a difference in the programs that I use?"

Off the top of my head, I know Combofix doesn't work on 8. Whatever you use, check the specs as you go along.

Start a new post, with all the logs on that comp. PM me when you do so.


Report •

#60
May 7, 2014 at 20:27:21
Almost be easier to wipe the drive and reinstall to a clean partition.
Please choose a Best Answer to mark the thread Solved. Anyone by JohnW would be appropriate here.

You have to be a little bit crazy to keep you from going insane.


Report •

#61
May 8, 2014 at 12:36:30
I already did most of the scans, just finished the ESET online scan...:-/ None of the scans picked up nearly as much as with the other computer. I deleted most of the logs and stuff already...phooey.

OMG don't judge me!


Report •


Ask Question