Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Advertisements, ads popping up, and redirecting links


  • Please log in to reply
4 replies to this topic

#1 Da_Dante

Da_Dante

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 02 March 2014 - 12:25 PM

Hi, I'm kind of new to forum posting and not the best with computers so I apologize if I am unclear or slow to understand something. My problem is I keep getting random ads and pop ups in different tabs while using the internet. I'm pretty sure it came from a download I made through a bad file. I have tried removing the file and programs it came with, as well as using malwarebytes, ad w cleaner, and junkware removal tools. It seems everytime I run malwarebytes I get the same PUM's and try removing them but there still always there. My operating system is OS: Windows 7 Home Premium x64. Thanks for your help.

 

 

 

 

malwarebytes log:

 

www.malwarebytes.org

Database version: v2014.02.27.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Ryan :: RYAN-PC [administrator]

3/1/2014 2:56:02 PM
mbam-log-2014-03-01 (14-56-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226242
Time elapsed: 8 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Optional.SoftwareUpdater) -> No action taken.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Optional.SoftwareUpdater) -> No action taken.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Optional.SoftwareUpdater) -> No action taken.
HKCR\Updater.AmiUpd.1 (PUP.Optional.SoftwareUpdater) -> No action taken.
HKCR\Updater.AmiUpd (PUP.Optional.SoftwareUpdater) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Optional.Amonetize.A) -> No action taken.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SwvUpdater\Updater.exe (PUP.Optional.SoftwareUpdater) -> No action taken.
C:\Windows\Temp\awh2943.tmp (PUP.Optional.Amonetize.A) -> No action taken.
C:\Windows\Temp\awh9B4.tmp (PUP.Optional.Amonetize.A) -> No action taken.
C:\Windows\Temp\awhE67B.tmp (PUP.Optional.Amonetize.A) -> No action taken.
C:\Windows\Temp\is-EGUG8.tmp\Bundle.exe (PUP.Optional.Amonetize.A) -> No action taken.
C:\Windows\Temp\is-V6RPK.tmp\Bundle.exe (PUP.Optional.Amonetize.A) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\SwvUpdater\Updater.exe (PUP.Optional.Amonetize.A) -> No action taken.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken.

(end)
 

 

 

 

 

 

 

 

 

 

 

ad w cleaner logs:

 

# AdwCleaner v3.020 - Report created 01/03/2014 at 18:03:48
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ryan - RYAN-PC
# Running from : C:\Users\Ryan\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BCUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\DeviceVM
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\TidyNetwork
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Ryan\AppData\Local\Conduit
Folder Deleted : C:\Users\Ryan\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Ryan\AppData\Roaming\DeviceVM
Folder Deleted : C:\Users\Ryan\AppData\Roaming\iWin
Folder Deleted : C:\Users\Ryan\AppData\Roaming\ValueApps
Folder Deleted : C:\Users\Ryan\Documents\Optimizer Pro
Folder Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\zn4nmgq5.default\ValueApps
Folder Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\zn4nmgq5.default\Extensions\{94CD2CC3-083F-49BA-A218-4CDA4B4829FD}
Folder Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\zn4nmgq5.default\Extensions\DTToolbar@toolbarnet.com
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\zn4nmgq5.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\zn4nmgq5.default\searchplugins\daemon-search.xml
File Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\zn4nmgq5.default\user.js
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\zn4nmgq5.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.surf.date", "53");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "10");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "10");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2011");
Line Deleted : user_pref("aol_toolbar.surf.month", "2186");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "4800");
Line Deleted : user_pref("aol_toolbar.surf.total", "123390");
Line Deleted : user_pref("aol_toolbar.surf.week", "893");
Line Deleted : user_pref("aol_toolbar.surf.year", "123237");
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110411213358556&tb_oid=11-04-2011&tb_mrud=11-04-2[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20110411213358556&tb_oid=11-04-2011&tb_mrud=11-04-2011&query=");
Line Deleted : user_pref("valueApps.CT0000000./9B+7E+x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E,x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E-x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E.:2z527.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E.x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E/x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:", "6E6D686F6C746F707473");
Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E75727A75767A79242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E0x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E1x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E2x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E31;CJ<F8GBF8$ODG", "247E61393F236B257078767A2A212C6E414F444D327A34485244534E5244305B5053403742256257525A5558524B344D7A7D504752357275635740594B455C535E416D6E77634C6[...]
Line Deleted : user_pref("valueApps.CT0000000./9B+7E31;CJ<F8GBF8$ODG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E31;CJA>HK!LAD", "247E61393F236B257572777A2A212C6E414F444D327A344D4A54572D584D503D343F225F6250442D46383849404B2E5A5B645039524342554C5769686C78687B6B5F48676277257225[...]
Line Deleted : user_pref("valueApps.CT0000000./9B+7E31;CJA>HK!LAD.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E3x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E4x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E5x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E6x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E7x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E8x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E9x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E:x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E;x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E<x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E=x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E>x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E?x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E@x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7EAx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B+7EBx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7ECx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7EDx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7Etx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G>D", "3A70716C42416E457A43747848204B764C7D257E2252262A2526282B235A2E2A2A2F2E5D");
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G@6:5;", "");
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G@6:5;.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Line Deleted : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Deleted : user_pref("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("valueApps.CT0000000./9B3=>@44I48?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B5BA==9CJAG", "6E3B68406A7172737A6F43794A7C74774D4B4E217D");
Line Deleted : user_pref("valueApps.CT0000000./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P", "6E6D686F6C746F70736F747672");
Line Deleted : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B9643G3/9E", "6A");
Line Deleted : user_pref("valueApps.CT0000000./9B9643G3/9E.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<", "393F352F3E");
Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ", "6D70706E7674737975702A7976727C7E752121");
Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:", "4443");
Line Deleted : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("valueApps.CT0000000./9B?+E2A52D8.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H", "6D");
Line Deleted : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?", "6C");
Line Deleted : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.CT0000000.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.SF_STATUS", "454E41424C4544");
Line Deleted : user_pref("valueApps.CT0000000.SF_STATUS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.SF_USER_ID", "6369645F3238323230313431303130313039323939393130");
Line Deleted : user_pref("valueApps.CT0000000.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.cb_experience_000", "34");
Line Deleted : user_pref("valueApps.CT0000000.cb_experience_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.cb_user_id_000", "43423435323930363032333033305F313339333730363634383031375F46697265666F78");
Line Deleted : user_pref("valueApps.CT0000000.cb_user_id_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.cbfirsttime", "4672692046656220323820323031342031303A31303A313020474D542D3035303020284561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("valueApps.CT0000000.cbfirsttime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appStateReportTime", "31333933373130383634313835");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appState_UserHistory", "6F6E");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appState_UserHistory.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime", "31333933373130383634343737");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_settings1.13.0.17.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_stamp", "313039355F30");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userBornDate", "3230313430323238");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userId", "35626533346465302D323236352D346633312D623938302D626537346134393930336462");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_user_approval_interacted", "");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.url_history0001", "687474703A2F2F7777772E6C6F6C6B696E672E6E65742F73756D6D6F6E65722F6E612F34343233373132353A3A3A636C69636B68616E646C65723A3A3A313339333630303234343732372C[...]
Line Deleted : user_pref("valueApps.CT0000000.url_history0001.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E+x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E,x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E-x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E.:2z527.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E.x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E/x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E06CG5EL8:", "6E6D686F6E6D74757777");
Line Deleted : user_pref("valueApps.ct3316263./9B+7E06CG5EL8:.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E7574737A7B7D7D242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("valueApps.ct3316263./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E0x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E1x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E2x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E31;CJII=8:\"MBE.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E3x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E4x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E5x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E6x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E7x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E8x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E9x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E:x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E;x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E<x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E=x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E>x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E?x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7E@x305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7EAx305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("valueApps.ct3316263./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B+7EBx305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7ECx305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7EDx305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B+7Etx305.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263./9B-0?3G>D", "396E6A71736D44407A7247454A20744B7D7E257C204F7C2A5125262B2A27252B275A602D");
Line Deleted : user_pref("valueApps.ct3316263./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B-0?3G@6:5;", "");
Line Deleted : user_pref("valueApps.ct3316263./9B-0?3G@6:5;.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.ct3316263./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B-3=3ECCJA=F>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Line Deleted : user_pref("valueApps.ct3316263./9B-3=3ECCJA=F>.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Deleted : user_pref("valueApps.ct3316263./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("valueApps.ct3316263./9B3=>@44I48?.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B5BA==9CJAG", "676A6B3D737344717A4347787A7B794A7D4D7A217C");
Line Deleted : user_pref("valueApps.ct3316263./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B6B11G4C56B>F;P;ANR@P", "6E6D686F6E6D74766E72797777");
Line Deleted : user_pref("valueApps.ct3316263./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.ct3316263./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B9643G3/9E", "6A");
Line Deleted : user_pref("valueApps.ct3316263./9B9643G3/9E.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B;45>:BI9I7IE", "2B2E2C3D");
Line Deleted : user_pref("valueApps.ct3316263./9B;45>:BI9I7IE.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B<:222H64<", "393F352F3E");
Line Deleted : user_pref("valueApps.ct3316263./9B<:222H64<.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B<:222H64<L8DAJ", "6D70706E7674737975702A7A74727D79752121");
Line Deleted : user_pref("valueApps.ct3316263./9B<:222H64<L8DAJ.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B=+03EH8H8J?:", "4443");
Line Deleted : user_pref("valueApps.ct3316263./9B=+03EH8H8J?:.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("valueApps.ct3316263./9B?+E2A52D8.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9B?B0D:8AJ62<H", "6D");
Line Deleted : user_pref("valueApps.ct3316263./9B?B0D:8AJ62<H.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263./9BA@0<0BI6A7GN:6@L?", "6C");
Line Deleted : user_pref("valueApps.ct3316263./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.ct3316263.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.ct3316263.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.SF_STATUS", "454E41424C4544");
Line Deleted : user_pref("valueApps.ct3316263.SF_STATUS.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.SF_USER_ID", "6369645F323832323031343234353435343936303733");
Line Deleted : user_pref("valueApps.ct3316263.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.cbfirsttime", "4672692046656220323820323031342030323A30343A353520474D542D3035303020284561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("valueApps.ct3316263.cbfirsttime.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_appStateReportTime", "31333933353731303934323937");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_appState_UserHistory1", "6F6E");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_appState_UserHistory1.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_lastInstallationSessionGuid", "7B38376331373232642D373266622D346437312D393764312D6561396664376464396663627D");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_lastInstallationSessionGuid.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_lastLoginTime", "31333933353731303934353132");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_mamEnabled", "74727565");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_mamEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_settings1.13.0.17.storedInFile", true);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_stamp", "313039355F31");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_userBornDate", "3230313430323238");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_userId", "35626533346465302D323236352D346633312D623938302D626537346134393930336462");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_user_approval_interacted", "");
Line Deleted : user_pref("valueApps.ct3316263.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.ct3316263.url_history0001.storedInFile", true);

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url

*************************

AdwCleaner[R0].txt - [29787 octets] - [01/03/2014 17:59:27]
AdwCleaner[S0].txt - [29482 octets] - [01/03/2014 18:03:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29543 octets] ##########
 

 

 

 

 

 

 

 

 

 

 

 

Junkware removal tool logs:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ryan on Sat 03/01/2014 at 20:14:53.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\amiupdxp.job



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Ryan\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/01/2014 at 20:19:01.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:44 PM

Posted 02 March 2014 - 04:13 PM

Hello Da_Dante

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

 

 (PUP.Software.Updater) -> No action taken. (From your scan results)
Do you tick these items and remove them once found by Malwarebytes ??

 

Update your version of Malwarebytes Anti-Malware first

Change the scan to Full Scan to look deeper

NOTE :When the scan is complete, click OK, then Show Results to view the results.
NOTE :Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Post that log back here, not one with -> No action taken shown

Your new log should show -> Removed and Quarantined

 

Next -
Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
At most the tool will run for about 2 minutes
Post the log back here

 

Next -
* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



#3 Da_Dante

Da_Dante
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 02 March 2014 - 07:59 PM

Thanks for the reply. Here are a list of my logs.

 

Check up

 

Results of screen317's Security Check version 0.99.79 

 Windows 7 Service Pack 1 x64 (UAC is disabled!) 

 Internet Explorer 11 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

Microsoft Security Essentials  

 Antivirus up to date! 

`````````Anti-malware/Other Utilities Check:`````````

 Malwarebytes Anti-Malware version 1.75.0.1300 

 Java™ 6 Update 31 

 Java version out of Date!

 Adobe Flash Player 10 Flash Player out of Date!

  Adobe Flash Player 12.0.0.70 Flash Player out of Date! 

 Adobe Reader XI 

 Mozilla Firefox (27.0.1)

 Google Chrome 32.0.1700.107 

 Google Chrome 33.0.1750.117 

````````Process Check: objlist.exe by Laurent```````` 

 Microsoft Security Essentials MSMpEng.exe

 Microsoft Security Essentials msseces.exe

 Malwarebytes Anti-Malware mbamservice.exe 

 Malwarebytes Anti-Malware mbamgui.exe 

 Malwarebytes Anti-Malware mbam.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

 

 

Malwarebytes log

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.02.11

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

Ryan :: RYAN-PC [administrator]

 

3/2/2014 5:12:09 PM

mbam-log-2014-03-02 (17-12-09).txt

 

Scan type: Full scan (C:\|D:\|E:\|G:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 576480

Time elapsed: 1 hour(s), 54 minute(s), 28 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKCU\Software\AppDataLow\Software\TidyNetwork (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 3

C:\Users\Ryan\AppData\Local\Temp\setup__5708.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

C:\Windows\Temp\setup__4615.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

C:\Windows\Temp\setup__4793.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

 

(end)

 

Rkill log

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 03/02/2014 07:19:28 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * C:\Windows\VPDAgent_x64.exe (PID: 860) [WD-HEUR]

 

1 proccess terminated!

 

Active Proxy Server Detected

 

 * Proxy Disabled.

 * ProxyOverride value deleted.

 * ProxyServer value deleted.

 * AutoConfigURL value deleted.

 * Proxy settings were backed up to Registry file.

 

Checking Registry for malware related settings:

 

 * No issues found in the Registry.

 

Backup Registry file created at:

 C:\Users\Ryan\Desktop\rkill\rkill-03-02-2014-07-19-35.reg

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * No issues found.

 

Checking Windows Service Integrity:

 

 * No issues found.

 

Searching for Missing Digital Signatures:

 

 * No issues found.

 

Checking HOSTS File:

 

 * No issues found.

 

Program finished at: 03/02/2014 07:20:36 PM

Execution time: 0 hours(s), 1 minute(s), and 8 seconds(s)

 

 

AdwCleaner logs:

 

# AdwCleaner v3.020 - Report created 02/03/2014 at 19:47:50

# Updated 27/02/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Ryan - RYAN-PC

# Running from : C:\Users\Ryan\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Found C:\Users\Ryan\AppData\Local\SearchProtect

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Found : HKLM\Software\SearchProtect

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16518

 

 

-\\ Mozilla Firefox v27.0.1 (en-US)

 

[ File : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\zn4nmgq5.default\prefs.js ]

 

 

-\\ Google Chrome v33.0.1750.117

 

[ File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [29787 octets] - [01/03/2014 17:59:27]

AdwCleaner[R1].txt - [1015 octets] - [01/03/2014 19:07:31]

AdwCleaner[R2].txt - [1592 octets] - [01/03/2014 21:08:55]

AdwCleaner[R3].txt - [1666 octets] - [02/03/2014 19:24:14]

AdwCleaner[R4].txt - [1397 octets] - [02/03/2014 19:47:50]

AdwCleaner[S0].txt - [29652 octets] - [01/03/2014 18:03:48]

AdwCleaner[S1].txt - [1076 octets] - [01/03/2014 19:08:24]

AdwCleaner[S2].txt - [1556 octets] - [01/03/2014 21:09:19]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1638 octets] ##########

# AdwCleaner v3.020 - Report created 02/03/2014 at 19:49:37

# Updated 27/02/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Ryan - RYAN-PC

# Running from : C:\Users\Ryan\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Ryan\AppData\Local\SearchProtect

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\Software\SearchProtect

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16518

 

 

-\\ Mozilla Firefox v27.0.1 (en-US)

 

[ File : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\zn4nmgq5.default\prefs.js ]

 

 

-\\ Google Chrome v33.0.1750.117

 

[ File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [29787 octets] - [01/03/2014 17:59:27]

AdwCleaner[R1].txt - [1015 octets] - [01/03/2014 19:07:31]

AdwCleaner[R2].txt - [1592 octets] - [01/03/2014 21:08:55]

AdwCleaner[R3].txt - [1666 octets] - [02/03/2014 19:24:14]

AdwCleaner[R4].txt - [1726 octets] - [02/03/2014 19:47:50]

AdwCleaner[S0].txt - [29652 octets] - [01/03/2014 18:03:48]

AdwCleaner[S1].txt - [1076 octets] - [01/03/2014 19:08:24]

AdwCleaner[S2].txt - [1556 octets] - [01/03/2014 21:09:19]

AdwCleaner[S3].txt - [1540 octets] - [02/03/2014 19:49:37]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1600 octets] ##########



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:44 PM

Posted 03 March 2014 - 06:06 AM

Malwarebytes has removed many items that could have caused your problems.

 

Java™ 6 Update 31  Java version out of Date!
Current Java is Version7 Update51
Do not accept any offered add-ons or extras, as they are scam advertising.
Delete all older versions of Java from Programs and Features.

 

 

Run ESETOnlineScanner

Read and follow How To Temporarily Disable Your Anti-virus

Please use Internet Explorer as the scanner uses ActiveX
If you will not use Internet Explorer, please see 3 - 1 & 3 - 2
1 .Hold down Control (Ctrl) key, and click on This link to open ESET OnlineScan in a new window.
2 .Click the eset online button.
3 .For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
3 - 1 .Click on Esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
3 - 2 .Double click on esetsmartinstaller_enu on your desktop.
4 .Check "YES, I accept the Terms of Use."
5 .Click the Start button.
6 .Accept any security warnings from your browser.
7 .Under scan settings, check "Scan Archives" and "Remove found threats"
8 .Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 .ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
10 .When the scan completes, click List Threats
11 .Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12 .Click the Back button.
13 .Click the Finish button.
* NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

Finally -

Clear Cache / Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe icon to run it.
• For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator.
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.

No log is produced or expected from this program -



#5 Da_Dante

Da_Dante
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 03 March 2014 - 01:50 PM

I did the steps but when I try to load fire fox it says Firefox is configured to use a proxy server that is refusing connections.  I fixed that problem by checking no proxy server and it seems the ads and random linkings have stopped popping up. It also seems that my mom's computer could be infected with similar conduit symptoms. Could this mean that the wireless internet is infected? I've also done another quick scan through malwarebytes, and found similar pups, also conduit keeps popping up after I unistall it from the unstall and change a programs. I checked under regedit and saw a folder called conduitplugin. I've also run another full scan on malwarebytes with another 120 items detected. Sorry for the hassle and thanks again for all your help and support.

 

Here is my ESET Scan log:

 

C:\Program Files (x86)\Select-N-Go-soft\Selec.exe    a variant of Win32/AdWare.AddLyrics.AF application    cleaned by deleting - quarantined
C:\Program Files (x86)\Select-N-Go-soft\Select-N-Go155.exe    a variant of Win32/AdWare.AD150.A application    cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\Select-N-Go-soft\Select-N-Go_wd.exe    a variant of Win32/AdWare.AD150.A application    cleaned by deleting (after the next restart) - quarantined
C:\Users\Ryan\AppData\Local\Temp\NeroInstallFiles\NERO20101021110139892\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    deleted - quarantined
C:\Users\Ryan\AppData\Local\Temp\{63C3F555-E810-48C6-B1C6-C7CE371E2AC1}\setup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\Ryan\AppData\Local\Temp\~nsu.tmp\Au_.exe    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application    deleted - quarantined
C:\Windows\Temp\awhA5A3.tmp    a variant of Win32/Amonetize.AC potentially unwanted application    deleted - quarantined
C:\Windows\Temp\awhC3ED.tmp    a variant of Win32/Amonetize.AC potentially unwanted application    deleted - quarantined
C:\Windows\Temp\awhD654.tmp    a variant of Win32/Amonetize.AC potentially unwanted application    deleted - quarantined
C:\Windows\Temp\setup__4615.exe    a variant of Win32/Amonetize.AG potentially unwanted application    deleted - quarantined
C:\Windows\Temp\setup__4793.exe    a variant of Win32/Amonetize.AG potentially unwanted application    deleted - quarantined
C:\Windows\Temp\is-QGR09.tmp\Bundle.exe    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Windows\Temp\nssD9BF\SpSetup.exe    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application    deleted - quarantined

 

 

 

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.02.11

Windows 7 Service Pack 1 x64 NTFS

3/3/2014 11:34:32 PM
mbam-log-2014-03-03 (23-34-32).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 567237
Time elapsed: 1 hour(s), 49 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.ConduitSearchProtect) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 22
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\SearchProtect\STG (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

Files Detected: 96
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsc4BF3.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsiA954.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nss4E26.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nssAB67.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nssAD8A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsx4915.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\setup__4615.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\is-82HAQ.tmp\Bundle.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\is-82HAQ.tmp\sp-downloader.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsc1A47\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\SearchProtect\STG\Init_6C03.tmp (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\SearchProtect\STG\Init_6C33.tmp (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\SearchProtect\STG\Init_6C72.tmp (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

(end)


 


Edited by Da_Dante, 04 March 2014 - 11:53 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users