Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VO package virus/search protect deleting control panel


  • Please log in to reply
43 replies to this topic

#1 gapeach2777

gapeach2777

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2014 - 11:59 AM

Hey guys I sure hope one of you can help me. I have a HP 2000 Notebook laptop running windows 8 OS. My brother infected it with hundreds of viruses and malware, but I have managed to remove them all except 2. The two that are left are the VO Package virus and SearchProtect. When I use malwarebytes, revo, or the add/remove from the control panel to remove either of these viruses- the virus hides itself and deletes the programs listed in my programs and features. They also delete my control panel where I can no longer search for it using the search feature. After researching online I have noticed that no one has a solution to removing these viruses without causing the programs and features programs list to disappear. Before removing I have around 30-40 programs listed, but after trying to uninstall these two my list only shows one program left. I am trying to avoid a OS reinstall if at all possible, although that's the only solution I have seen thus far online.

I have tried removing in safemode and normal startup, using malwarebytes and revo- did not work.

I have run avast boot time scan, and full custom scan - did not work.

I have deleted the contents of my temp folders- did not work.

I have checked to make sure that the 63 character limit in the registry edit was correct and it is. (This was a common issue associated with the VO Package that allowed the virus to hide the programs and features list)

What else should I try?

Also as a side note: Luckily I am able to restore my programs and features list each time after trying to delete these viruses. I created a restore point prior to the first removal and every time I try a new way to remove these viruses and it doesn't work I can restore my computer back to the way it was.

ANY HELP MUCH APPRECIATED!


Edited by Orange Blossom, 21 June 2014 - 12:27 PM.
Moved from Windows 8 to AII. ~ OB


BC AdBot (Login to Remove)

 


m

#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:57 PM

Posted 21 June 2014 - 12:39 PM

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.
 
 
Download and run SUPERAntiSpyware.  Clicking on the link will automatically start the download.
 

Please download Hitman Pro
 
Click on HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows).  Toward the bottom of the window you will be asked to agree with the terms of the use of Hitman Pro, click on I agree, then click on Next to install Hitman Pro.
 
HM1_zpsde93e28a.png 
 
You will be asked "Would you like to store a copy of Hitman Pro program file on this computer"?  Click on No, then click on Next.  
 
hm2_zps372cdca5.png
 
Hitman Pro will now start to scan your computer.  Click on Next when the scan is finished. 
 
hm3_zps9689b301.png
 
When it is finished you will see a list of the malware found.  At the bottom of the page you will see Save Log, then click on Next to remove the malware.  If you have a window opens which states "No threats found" click on Close.
 
hm4_zpsaf0c967c.png
 
If the window below opens click on Activate free license, this will allow access the the Next button needed to close the program. 
 
hmlast_zpsa9c68c49.png
 
 
To open the log right click on Computer (for Windows 8 type Computer in the Search box, then click on Computer under Apps), click on C: drive, click on Windows, scroll down to Logs and click on that, click on the CBS log with the date you ran the scan.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 gapeach2777

gapeach2777
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2014 - 12:43 PM

I also have DDS Logs if you want me to post them... Just let me know. I'm not sure of the forum rules about posting them here.



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:57 PM

Posted 21 June 2014 - 12:54 PM

You can not post DDS logs in the Windows forums.

 

Please perform the requested scans and post the logs.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 gapeach2777

gapeach2777
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2014 - 01:01 PM

Here is the AdwCleaner Log. It looks like it actually deleted those two without removing any of my programs and features list, or control panel! Yipee! So out of safety measures should I continue following the rest of your instructions, or am I good now? 

 

# AdwCleaner v3.212 - Report created 21/06/2014 at 12:51:42
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Ricky - WINDOWSHP
# Running from : C:\Users\Ricky\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : 70e6ca8c
Service Deleted : CltMngSvc
Service Deleted : Mext Guard
[#] Service Deleted : Update WiseEnhance
[#] Service Deleted : Util WiseEnhance
Service Deleted : V-bates Updater
Service Deleted : vosr
Service Deleted : WajamUpdater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\DataMngr
Folder Deleted : C:\ProgramData\RHelpers
Folder Deleted : C:\ProgramData\Updater
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Wajam
[!] Folder Deleted : C:\Program Files (x86)\WiseEnhance
Folder Deleted : C:\Program Files\V-bates
Folder Deleted : C:\Users\Guest\AppData\Local\NewPlayer
Folder Deleted : C:\Users\Guest\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Ricky\AppData\Local\iLivid
Folder Deleted : C:\Users\Ricky\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Ricky\AppData\Local\fst_us_35
Folder Deleted : C:\Users\Ricky\AppData\Local\Temp\WiseEnhance
Folder Deleted : C:\Users\Ricky\AppData\Roaming\Activeris
Folder Deleted : C:\Users\Ricky\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\Ricky\AppData\Roaming\Qwiklinx
Folder Deleted : C:\Users\Ricky\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Ricky\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Ricky\Documents\Optimizer Pro
Folder Deleted : C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\48r6gt1h.default\Extensions\ffxtlbr@buenosearch.com
Folder Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\Extensions\a0046b9b-fdb9-497f-a4b1-2a108ad6007a@5cdf80b7-0420-4bb7-b3c0-e188e6f4fb8a.com
Folder Deleted : C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\48r6gt1h.default\Extensions\a0046b9b-fdb9-497f-a4b1-2a108ad6007a@5cdf80b7-0420-4bb7-b3c0-e188e6f4fb8a.com
Folder Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\Extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com
Folder Deleted : C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\48r6gt1h.default\Extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Ricky\AppData\Local\AnyProtectScannerSetup.exe
File Deleted : C:\Users\Ricky\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Ricky\Desktop\Continue VuuPC Installation.lnk
File Deleted : C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\48r6gt1h.default\user.js
File Deleted : C:\Windows\System32\Tasks\DTReg
File Deleted : C:\Windows\System32\Tasks\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2
File Deleted : C:\Windows\Tasks\MySearchDial.job
File Deleted : C:\Windows\System32\Tasks\MySearchDial
File Deleted : C:\Windows\System32\Tasks\RegClean Pro
File Deleted : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
File Deleted : C:\Windows\Tasks\RegClean Pro_UPDATES.job
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
File Deleted : C:\Windows\Tasks\23f7b8ee-ad5e-4f87-8874-a80a4bc54ba4-4.job
File Deleted : C:\Windows\System32\Tasks\23f7b8ee-ad5e-4f87-8874-a80a4bc54ba4-4
File Deleted : C:\Windows\Tasks\23f7b8ee-ad5e-4f87-8874-a80a4bc54ba4-5.job
File Deleted : C:\Windows\System32\Tasks\23f7b8ee-ad5e-4f87-8874-a80a4bc54ba4-5
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Updater]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_us_35]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311166}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311166}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\WiseEnhance
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\blockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\V-bates
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\Software\WiseEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\V-bates
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseEnhance
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~2.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16921
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\prefs.js ]
 
Line Deleted : user_pref("extensions.aa0046b9bfdb9497fa4b12a108ad6007a5cdf80b704204bb7b3c0e188e6f4fb8acom54248.54248.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.ae46480cf7cf6495eaf69573053f52c72b33ab36d595249aaadb2a41b3dbe51a5com53166.53166.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.crossrider.bic", "145e80410f22e948cca60a9c66cf45dd");
 
[ File : C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\48r6gt1h.default\prefs.js ]
 
Line Deleted : user_pref("extensions.aa0046b9bfdb9497fa4b12a108ad6007a5cdf80b704204bb7b3c0e188e6f4fb8acom54248.54248.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.ae46480cf7cf6495eaf69573053f52c72b33ab36d595249aaadb2a41b3dbe51a5com53166.53166.cookie.previous_page.value", "%22hxxp%3A//search.conduit.com/%3Fgd%3D%26ctid%3DCT3317820%26octid%3[...]
Line Deleted : user_pref("extensions.ae46480cf7cf6495eaf69573053f52c72b33ab36d595249aaadb2a41b3dbe51a5com53166.53166.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.buenosearch.admin", false);
Line Deleted : user_pref("extensions.buenosearch.aflt", "babsst");
Line Deleted : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Deleted : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.bbDpng", "19");
Line Deleted : user_pref("extensions.buenosearch.cntry", "US");
Line Deleted : user_pref("extensions.buenosearch.dfltLng", "en");
Line Deleted : user_pref("extensions.buenosearch.excTlbr", false);
Line Deleted : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.buenosearch.hdrMd5", "6048A817F9A64E698FA79EC180066C5A");
Line Deleted : user_pref("extensions.buenosearch.id", "0cb72ecc0000000000001216d8e4ef12");
Line Deleted : user_pref("extensions.buenosearch.instlDay", "16189");
Line Deleted : user_pref("extensions.buenosearch.instlRef", "sst");
Line Deleted : user_pref("extensions.buenosearch.lastB", "hxxp://search.conduit.com/?gd=&ctid=CT3317820&octid=EB_ORIGINAL_CTID&ISID=MA58231FF-8615-48A9-8E56-B4ED9A5CF684&SearchSource=55&CUI=&UM=5&UP=SPFB428DBC-A588-[...]
Line Deleted : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.723:34:50");
Line Deleted : user_pref("extensions.buenosearch.newTab", false);
Line Deleted : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.rvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.sg", "azb");
Line Deleted : user_pref("extensions.buenosearch.smplGrp", "azb");
Line Deleted : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=0CB71216D8E4EF12&affID=127101&tt=240414_16&tsp=5232");
Line Deleted : user_pref("extensions.buenosearch.tlbrId", "base");
Line Deleted : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=0CB71216D8E4EF12&affID=127101&tt=240414_16&tsp=5232");
Line Deleted : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Deleted : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.723:34:50");
Line Deleted : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
Line Deleted : user_pref("extensions.crossrider.bic", "144ed2d1e6452c69c084ec725a20ee92");
Line Deleted : user_pref("extensions.dynconff.cache.plugin.we-care.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1674_1169_1146_1263_1348_1482_1521_1717\">\r\n  <content id=\"MB_P1\">\r\n    <new[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.pullupdate.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1674_1169_1146_1263_1348_1482_1521_1717\">\r\n  <content id=\"MB_P1\">\r\n    <new[...]
Line Deleted : user_pref("extensions.enabledAddons", "%7B21EAF666-26B3-4a3c-ABD0-CA2F5A326744%7D:2.0.0.440,ffxtlbr%40buenosearch.com:1.6.0,adblockpopups%40jessehakanen.net:0.9.2,a0046b9b-fdb9-497f-a4b1-2a108ad6007a%[...]
Line Deleted : user_pref("extensions.irmysearch.aflt", "cmi_14_17_ff");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0Dzzzy0DyCyByB0F0F0EyDzztB0E0C0CtN0D0Tzu0SzzyEzytN1L2XzutBtFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtD0B0AyC0AyCzytGyE0B0AyDt[...]
Line Deleted : user_pref("extensions.irmysearch.cr", "1433899304");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "140305_b");
Line Deleted : user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_VBATES_partn_time_lab.search.conduit.com", "not set");
Line Deleted : user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_VBATES_partn_time_search.conduit.com", "not set");
Line Deleted : user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_whiteListSearch", "{\"isearch.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"se[...]
 
*************************
 
AdwCleaner[R0].txt - [22464 octets] - [21/06/2014 12:48:16]
AdwCleaner[S0].txt - [20024 octets] - [21/06/2014 12:51:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20085 octets] ##########


#6 gapeach2777

gapeach2777
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2014 - 01:14 PM

I am noticing one glitch that I should probably mention. I am noticing that when I am downloading these anti malware programs you requested, that I am having to clear my cache and all history in my browser each time just to get it to open the installer. For some reason something is interfering with me opening the completed file download to install these anti-malware programs. I am using opera at the moment because I cant seem to get the firefox installation file to download and open properly either. Anyhow, I am continuing running all of  those scans as per your instructions. Thank You!!!



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:57 PM

Posted 21 June 2014 - 01:17 PM

Boot into Safe Mode with Networking and try the downloads from there.

 

I see both the VO Package and the SearchProtect have been found by AdwCleaner.  


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 gapeach2777

gapeach2777
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2014 - 01:22 PM

Here's the scan log from SUPERAntispyware. I am going to reboot into safe mode with networking now.

 

 

SUPERAntiSpyware Scan Log
 
Generated 06/21/2014 at 01:15 PM
 
Application Version : 5.7.1026
 
Core Rules Database Version : 11322
Trace Rules Database Version: 9134
 
Scan type       : Quick Scan
Total Scan Time : 00:07:24
 
Operating System Information
 65 Edition 64-bit (Build 6.02.9200)
UAC On - Limited User
 
Memory items scanned      : 676
Memory threats detected   : 0
Registry items scanned    : 54988
Registry threats detected : 0
File items scanned        : 11424
File threats detected     : 22
 
Adware.Tracking Cookie
C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Cookies\IOZEF4E0.txt [ /histats.com ]
C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Cookies\Low\GIMCB2JJ.txt [ /wttracking.com ]
C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Cookies\Low\HPET57VV.txt [ /imrworldwide.com ]
C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Cookies\Low\LDTRVBB5.txt [ /financialtracker.net ]
C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Cookies\Low\U59Q923G.txt [ /ads.yahoo.com ]
C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Cookies\Low\P88QFDA3.txt [ /doubleclick.net ]
C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Cookies\Low\M54IB28K.txt [ /financialtracker.net ]
C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Cookies\Low\04S0WYFS.txt [ /apmebf.com ]
C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Cookies\Low\3J805SN3.txt [ /atdmt.com ]
 
Trojan.Agent/Gen-Nullo[Short]
C:\USERS\RICKY\APPDATA\LOCAL\TEMP\AIR864F.EXE
C:\USERS\RICKY\APPDATA\LOCAL\TEMP\AIR9B51.EXE
C:\USERS\RICKY\APPDATA\LOCAL\TEMP\AIRBC8C.EXE
C:\USERS\RICKY\APPDATA\LOCAL\TEMP\NSYBA9A.EXE
C:\USERS\RICKY\APPDATA\LOCAL\TEMP\NSB7CF9.EXE
C:\USERS\RICKY\APPDATA\LOCAL\TEMP\NSB8D20.EXE
C:\USERS\RICKY\APPDATA\LOCAL\TEMP\NSDA9B5.EXE
C:\USERS\RICKY\APPDATA\LOCAL\TEMP\NSEF931.EXE
C:\USERS\RICKY\APPDATA\LOCAL\TEMP\NSG99A.EXE
C:\USERS\RICKY\APPDATA\LOCAL\TEMP\NSM16D5.EXE
C:\USERS\RICKY\APPDATA\LOCAL\TEMP\NSYBBDF.EXE
C:\USERS\RICKY\APPDATA\LOCAL\TEMP\V-BATES.EXE
C:\USERS\RICKY\APPDATA\LOCAL\TEMP\WAJAM_INSTALL.EXE


#9 gapeach2777

gapeach2777
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2014 - 01:34 PM

So Good News here... Right before rebooting into safe mode, and after the SUPERAntispyware virus removal.... I am no longer having issues with downloading and installing programs! I decided to try it out again before rebooting into safe mode and it works fine now. Whatever was removed in that last scan must have fixed the issue. I can even download firefox now.  :)



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:57 PM

Posted 21 June 2014 - 01:42 PM

That good news, but it would be nice to know what were are dealing with as some forms of malware can replicate themselves.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 gapeach2777

gapeach2777
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2014 - 01:57 PM

Ahh... so after running the hitman scan my computer lost all Internet connection. I went to post the log and realized that the connection is gone. Of course now I'm getting the "server not found" screen in my browser. Nothing is wrong with the network... my other computer is running just fine on it. I'm going to move the hitman scan log to my other computer via flash drive and load it on here for you to look at. Any ideas?

#12 gapeach2777

gapeach2777
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2014 - 02:05 PM

Here is the hitman log. Let me know what you advise as far as the internet connection loss.

 

HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : WINDOWSHP
   Windows . . . . . . . : 6.2.0.9200.X64/2
   User name . . . . . . : WINDOWSHP\Ricky
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-06-21 13:35:52
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 2s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 4
   Traces  . . . . . . . : 77

   Objects scanned . . . : 1,816,053
   Files scanned . . . . : 29,967
   Remnants scanned  . . : 342,753 files / 1,443,333 keys

Malware _____________________________________________________________________

   C:\Users\Ricky\AppData\Local\Temp\fe327f1c-6c86-4c2a-b22e-9a11d40ce3bd\software\OptimizerPro.exe
      Size . . . . . . . : 7,361,648 bytes
      Age  . . . . . . . : 64.8 days (2014-04-17 18:35:28)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 02E4E4C3C7501F1535F3A33D0A304AFB9D0A91F4D2909339B6CFA40355A0FEE1
      Product
      Publisher
      Description
      Version
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.Agent.OBI
      Fuzzy  . . . . . . : 102.0

   C:\Users\Ricky\Downloads\Java.exe
      Size . . . . . . . : 111,560 bytes
      Age  . . . . . . . : 129.6 days (2014-02-11 23:07:04)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 0C61AD45924787300D86C980315E3B9347CDD457CB74D53CA29D490192DB91DD
      Product  . . . . . : majava
      Publisher
      Description  . . . : majava
      Copyright  . . . . : majava
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:Downloader.NSIS.OutBrowse.o
      Fuzzy  . . . . . . : 105.0


Suspicious files ____________________________________________________________

   C:\Users\Ricky\AppData\Local\Temp\ICReinstall_nswE153.tmp
      Size . . . . . . . : 588,460 bytes
      Age  . . . . . . . : 0.0 days (2014-06-21 12:27:34)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 3F61E46952179BA7E9469B0085C156D57BF95E3F7EBA0076BE7F84BC7DC6CA9D
      Source URL . . . . : hxxp://www.download-servers.com/vuupc/dl.php?r=vu_vo2_LS123&rr=S&sct=AGR
      Fuzzy  . . . . . . : 26.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -28.7s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\r[5]
         -28.6s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\r[4]
         -28.5s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\r[3]
         -19.4s C:\Windows\Prefetch\VOPACKAGE.EXE-06254AEB.pf
         -3.8s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\r[6]
         -3.7s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\r[6]
         -3.4s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\r[5]
         -3.4s C:\Users\Ricky\AppData\Local\Temp\nswE153.tmp
         -3.2s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\Setup[1].exe
         -2.3s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\0[1].gif
          0.0s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534529_stp.CIS
          0.0s C:\Users\Ricky\AppData\Local\Temp\ICReinstall_nswE153.tmp
          0.1s C:\AdwCleaner\Quarantine\C\Users\Ricky\Desktop\Continue VuuPC Installation.lnk.vir
          0.6s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534529_stp.CIS.part
          2.0s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534529_stp\
          2.0s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534529_stp\AnyProtectScannerSetup.exe
          2.4s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\declineBG[1].png
          2.4s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\Yes_Button[1].png
          2.5s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\Yes_Button_Hover[1].png
          2.5s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\No_Button[1].png
          2.5s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\No_Button_Hover[1].png
          2.5s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\Lilisipipe[1].png
          2.6s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534770_stp.CIS
          2.6s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534694_stp.CIS
          2.6s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\IE_logo[1].png
          2.6s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\CH_logo[1].png
          2.6s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\FF_logo[1].png
          2.7s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534787_stp.CIS
          2.7s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\Gerebeben_Logo[1].png
          2.7s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\Nedokugugol45[1].png
          2.7s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\Sesakesaye_bisli[1].png
          2.7s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\Nobaxotat_logo[1].png
          2.9s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\Notonoronot1[1].png
          2.9s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\Notonoronot2[1].png
          3.0s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\Cacototasa[1].jpg
          3.0s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\bg1[1].jpg
          3.0s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\bg2[1].jpg
          3.1s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\Ropopi_Title[1].png
          3.1s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\logo[1].png
          3.1s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\truste[1].png
          3.1s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\bar7[1].png
          3.2s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\logo_b[1].png
          3.2s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\logo[1].png
          3.2s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\bg1[1].png
          3.3s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\Pofosofo_bisli[1].png
          3.4s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\Yudekekug1[1].jpg
          3.5s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\bg1[1].jpg
          3.6s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534787_stp.CIS.part
          3.7s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534770_stp.CIS.part
          3.7s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\bg2[1].jpg
          3.8s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\V1_bg[1].jpg
          3.9s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\V2_bg[1].jpg
          3.9s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534787_stp\
          3.9s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534787_stp\RAM.dll
          4.0s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\Capas_EN[1].png
          4.0s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\CapasV[1].png
          4.1s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\Capas_bg[1].png
          4.1s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\bg[1].png
          4.2s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\Mamawaj[1].png
          4.3s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\Noganedede[1].png
          4.3s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\install_btn[1].png
          4.3s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\Gegogego[1].png
          4.3s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\Gegogego_Bisli[1].png
          5.0s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534770_stp\
          5.0s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534770_stp\sqlite3.dll
          5.0s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534770_stp\icc.dll
          6.4s C:\Users\Ricky\AppData\Local\Temp\icc_051186061212\
          7.4s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534978_stp.CIS
          8.1s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534978_stp.CIS.part
          8.2s C:\Windows\Prefetch\NSWE153.TMP-8391FDAE.pf
          9.4s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534694_stp.CIS.part
          9.6s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534694_stp\
          9.6s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534694_stp\HardwareInfoLib.dll

   C:\Users\Ricky\AppData\Local\Temp\nswE153.tmp
      Size . . . . . . . : 588,460 bytes
      Age  . . . . . . . : 0.0 days (2014-06-21 12:27:30)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 3F61E46952179BA7E9469B0085C156D57BF95E3F7EBA0076BE7F84BC7DC6CA9D
      Source URL . . . . : hxxp://www.download-servers.com/vuupc/dl.php?r=vu_vo2_LS123&rr=S&sct=AGR
      Fuzzy  . . . . . . : 26.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -25.3s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\r[5]
         -25.2s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\r[4]
         -25.1s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\r[3]
         -16.0s C:\Windows\Prefetch\VOPACKAGE.EXE-06254AEB.pf
         -0.4s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\r[6]
         -0.3s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\r[6]
         -0.0s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\r[5]
          0.0s C:\Users\Ricky\AppData\Local\Temp\nswE153.tmp
          0.2s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\Setup[1].exe
          1.1s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\0[1].gif
          3.4s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534529_stp.CIS
          3.4s C:\Users\Ricky\AppData\Local\Temp\ICReinstall_nswE153.tmp
          3.5s C:\AdwCleaner\Quarantine\C\Users\Ricky\Desktop\Continue VuuPC Installation.lnk.vir
          4.0s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534529_stp.CIS.part
          5.3s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534529_stp\
          5.3s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534529_stp\AnyProtectScannerSetup.exe
          5.8s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\declineBG[1].png
          5.8s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\Yes_Button[1].png
          5.9s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\Yes_Button_Hover[1].png
          5.9s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\No_Button[1].png
          5.9s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\No_Button_Hover[1].png
          5.9s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\Lilisipipe[1].png
          5.9s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534770_stp.CIS
          5.9s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534694_stp.CIS
          6.0s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\IE_logo[1].png
          6.0s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\CH_logo[1].png
          6.0s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\FF_logo[1].png
          6.0s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534787_stp.CIS
          6.0s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\Gerebeben_Logo[1].png
          6.1s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\Nedokugugol45[1].png
          6.1s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\Sesakesaye_bisli[1].png
          6.1s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\Nobaxotat_logo[1].png
          6.2s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\Notonoronot1[1].png
          6.3s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\Notonoronot2[1].png
          6.3s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\Cacototasa[1].jpg
          6.4s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\bg1[1].jpg
          6.4s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\bg2[1].jpg
          6.4s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\Ropopi_Title[1].png
          6.5s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\logo[1].png
          6.5s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\truste[1].png
          6.5s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\bar7[1].png
          6.5s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\logo_b[1].png
          6.6s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\logo[1].png
          6.6s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\bg1[1].png
          6.7s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\Pofosofo_bisli[1].png
          6.7s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\Yudekekug1[1].jpg
          6.9s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\bg1[1].jpg
          6.9s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534787_stp.CIS.part
          7.1s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534770_stp.CIS.part
          7.1s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\bg2[1].jpg
          7.2s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\V1_bg[1].jpg
          7.3s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\V2_bg[1].jpg
          7.3s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534787_stp\
          7.3s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534787_stp\RAM.dll
          7.4s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\Capas_EN[1].png
          7.4s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\CapasV[1].png
          7.4s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\Capas_bg[1].png
          7.5s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\bg[1].png
          7.6s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GQWPKRB\Mamawaj[1].png
          7.6s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN9P1UXC\Noganedede[1].png
          7.7s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\install_btn[1].png
          7.7s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LY9QNNX\Gegogego[1].png
          7.7s C:\Users\Ricky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARVM4CL4\Gegogego_Bisli[1].png
          8.4s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534770_stp\
          8.4s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534770_stp\sqlite3.dll
          8.4s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534770_stp\icc.dll
          9.8s C:\Users\Ricky\AppData\Local\Temp\icc_051186061212\
         10.8s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534978_stp.CIS
         11.5s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534978_stp.CIS.part
         11.5s C:\Windows\Prefetch\NSWE153.TMP-8391FDAE.pf
         12.7s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534694_stp.CIS.part
         13.0s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534694_stp\
         13.0s C:\Users\Ricky\AppData\Local\Temp\is45637729\3534694_stp\HardwareInfoLib.dll


Malware remnants ____________________________________________________________

   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6EC77D09-02CB-4E1F-E3C4-FB141B2610B3}\ (Activeris)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Activeris AntiMalware_is1\ (Activeris)

Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Wow6432Node\Taronja\ (MyStart)
   HKU\S-1-5-21-644065785-2507278298-738882786-501\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ (AskBar)
   HKU\S-1-5-21-644065785-2507278298-738882786-501\Software\Microsoft\Internet Explorer\SearchScopes\{AA073413-5AA5-4F10-B1A5-9A39A7B6F691}\ (Conduit)

Cookies _____________________________________________________________________

   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:7search.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ad.360yield.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ad.afy11.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ad.convfunnel.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ad.incurads.info
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ad.propellerads.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ad.yabuka.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ad.zanox.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.adsrvmedia.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.al.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.cleveland.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.creative-serving.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.masslive.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.mlive.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.nj.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.nola.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.oregonlive.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.p161.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.pennlive.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.pointroll.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.pubmatic.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.syracuse.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.undertone.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ads.yahoo.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:adtech.de
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:adtechus.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:advertising.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ashleyhomestores.122.2o7.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:at.atwola.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:atdmt.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:atwola.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:biglots.112.2o7.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:bs.serving-sys.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:burstnet.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:casalemedia.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:collective-media.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:dbjzz.promorewards.xxxtoe.eu
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:doubleclick.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:emjcd.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:fastclick.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:goodyeartires.122.2o7.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:interclick.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:levelwing.112.2o7.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:media6degrees.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:mediaplex.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:network.realmedia.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:pointroll.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:promorewards.xxxtoe.eu
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:questionmarket.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:realmedia.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:revsci.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:roomstogo.122.2o7.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ru4.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:serving-sys.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:smartadserver.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:specificclick.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:statcounter.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:stats.adotube.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:survey.g.doubleclick.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:track.bestreviews.org
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:track.cliqrr.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:tribalfusion.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:ww251.smartadserver.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:www.burstnet.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:www.googleadservices.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\8lf5f7gq.default-1399676394754\cookies.sqlite:zedo.com
 

#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:57 PM

Posted 21 June 2014 - 02:08 PM

Windows Repair (All in one)
 
Please download and install Windows Repair (All in one)
 
To open the program click on the Start orb.
 
Click on All Programs.
 
Click on Windows Repair (All in one), this may be listed as Tweaking.com.
 
If you are running Windows Vista, 7, or 8 right click on Windows Repair (All in one)  and then click on Run as administrator.
 
Notice:  You will need to disable your antivirus in order to run this program, for this reason you should run this while off line.
 
Go to Step 2 and click on the Do it button to allow CheckDisk to run. 
 
windowsrepairstep2-1_zps08aed02b.png
 
Go to Step 3 and click on the Do it button to run System File Check.
 
windowsrepairstep3-1_zps935b7603.png
 
Go to Step 4 and click on the Create button under System Restore.
 
windowsrepairstept4-1_zpseb336401.png
 
Go to Start Repairs and click on the Start button.
 
Important: Do not make any changes to the check marks.
 
For those running Windows 8 please note that  Reset Registry Permissions is not checked by design.
 
When the page below opens click on the Start button.
 
windowsrepairstartrepairs-1_zpsa179850d.
 
Please copy and paste the Windows Repair Log in your next post.  This log (_windows_repair_log.txt) is located in the following folder:
 
*  64-bit systems file path - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
 
*  32-bit systems file path - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
 
Copy the file path for your version of Windows (32-bit or 64-bit), click on the Start orb and paste it in the Search all programs and files box.
 
Click on Logs.
 
Click on _Windows_Repair_Logs.
 
Copy and paste this log in your next post. 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 gapeach2777

gapeach2777
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2014 - 02:30 PM

Okay well not only did that last scan disable my internet, but the usb port is not working now. Under my device manager, there is the yellow exclamation point next to usb mass storage device. So unfortunately I cant transfer that all in one program to the defective laptop. When I look under the device properties it says "Windows successfully loaded the device driver for this hardware but cannot find the hardware device". So at this point I could try a system restore and restore the computer to where it was prior to us running these scans today... but I'm just waiting on your advice of what you would like me to do before I attempt to restore.



#15 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:57 PM

Posted 21 June 2014 - 02:44 PM

I would have to agree with the System Restore.

 

After you have done this run the SUPERAntiSpyware again.

 

Hitman Pro can occasionally have an adverse effect.  It's a good tool, but it's a craps shoot.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users