Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search.conduit


  • Please log in to reply
21 replies to this topic

#1 mpetro1

mpetro1

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 29 August 2014 - 10:59 PM

Hi,

I believe the computer I'm helping a co-worker work on has a virus or something like that.

The Laptop is an HP Pavilion TouchSmart 14 Sleekbook with Windows 8. It takes a long time to load after a reboot. It also times out when trying to load a web page or it will say (not responding). He has not used this computer for approx. 5 months because of this issue.

It needs everything updated, but I'm not sure if I should clean the system or update first!

I did run an AdwCleaner scan which found a lot of issues.

 

I will attach the AdwCleaner file. Sorry if I was not suppose to attach now!!

I'm looking to see if someone could advise me what to do!

 

Also the Norton is expired. I would like to remove Norton and install a free version. Can you help me remove Norton? Should I install free version now or wait until the system is clean?

 

If you need anymore information just let me know!

Thanks

 

# AdwCleaner v3.308 - Report created 29/08/2014 at 20:31:45
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Garrett - PC
# Running from : E:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 70e6ca8c
Service Deleted : BackupStack
Service Deleted : CltMngSvc
Service Deleted : netfilter64
[#] Service Deleted : SecureAssist
Service Deleted : SupraSavingsService64
Service Deleted : vxlsnyaiet64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\ProgramData\RoeyyalCuooupon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\PriceGong
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\SupraSavings
Folder Deleted : C:\Program Files (x86)\HQvidPv1.1
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\SupraSavings
Folder Deleted : C:\Users\Garrett\AppData\Local\emaze
Folder Deleted : C:\Users\Garrett\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Garrett\AppData\Local\VisualBeeClient
Folder Deleted : C:\Users\Garrett\AppData\Local\VisualBeeExe
Folder Deleted : C:\Users\Garrett\AppData\Local\Webinternetsecurity
Folder Deleted : C:\Users\Garrett\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Garrett\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Garrett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjegdojkkoghnbiollpogeeimocanmk
Folder Deleted : C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak
File Deleted : C:\WINDOWS\SysWOW64\SecureAssist.ini
File Deleted : C:\WINDOWS\SysWOW64\SecureAssistOff.ini
File Deleted : C:\WINDOWS\System32\drivers\netfilter64.sys
File Deleted : C:\WINDOWS\System32\drivers\SAWFP64.sys
File Deleted : C:\WINDOWS\System32\SecureAssist.ini
File Deleted : C:\WINDOWS\System32\SecureAssistOff.ini
File Deleted : C:\Users\Garrett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : 90ea0056-47b8-4705-bc6a-783c6f594e02-1
Task Deleted : 90ea0056-47b8-4705-bc6a-783c6f594e02-2
Task Deleted : 90ea0056-47b8-4705-bc6a-783c6f594e02-3
Task Deleted : 90ea0056-47b8-4705-bc6a-783c6f594e02-4
Task Deleted : 90ea0056-47b8-4705-bc6a-783c6f594e02-5

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\RoyalCoupaon.RoyalCoupaon
Key Deleted : HKLM\SOFTWARE\Classes\RoyalCoupaon.RoyalCoupaon.1.6
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053098.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053098.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053098.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053098.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{76A60138-58B3-4E27-85FB-8FEF344A8998}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6046777E-256F-AE51-6D89-8888DC8AD14B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544304498}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6046777E-256F-AE51-6D89-8888DC8AD14B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511301198}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6046777E-256F-AE51-6D89-8888DC8AD14B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511301198}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6046777E-256F-AE51-6D89-8888DC8AD14B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511301198}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6046777E-256F-AE51-6D89-8888DC8AD14B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6046777E-256F-AE51-6D89-8888DC8AD14B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6046777E-256F-AE51-6D89-8888DC8AD14B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511301198}
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\suprasavings
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Rr Savings
Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings
Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
Key Deleted : HKCU\Software\AppDataLow\Software\HQvidPv1.1
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\suprasavings
Key Deleted : HKLM\SOFTWARE\visualbee
Key Deleted : HKLM\SOFTWARE\HQvidPv1.1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee for Microsoft PowerPoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40DC4B27-4588-C56F-7737-D03A0ACE4383}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQvidPv1.1
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Rr Savings
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~2.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3326302&octid=EB_ORIGINAL_CTID&ISID=M751516C0-BA7D-4700-8D69-9126BFA2EAA0&SearchSource=55&CUI=&UM=5&UP=SP9D697E10-282B-4DE5-B978-F330505416B3&SSPV=
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3326302&octid=EB_ORIGINAL_CTID&ISID=M751516C0-BA7D-4700-8D69-9126BFA2EAA0&SearchSource=55&CUI=&UM=5&UP=SP9D697E10-282B-4DE5-B978-F330505416B3&SSPV=
Deleted [Extension] : afjegdojkkoghnbiollpogeeimocanmk
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : gngfnjclpjflgomhidfecidndbfaniak
Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R0].txt - [18604 octets] - [29/08/2014 20:20:28]
AdwCleaner[S0].txt - [17532 octets] - [29/08/2014 20:31:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17593 octets] ##########



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 30 August 2014 - 11:45 AM

Hi mpetro1 and :welcome:

Let`s continue!

Please download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

 

Download Malwarebytes' Anti-Malware Free 2.0 HERE to your desktop.
    - Do not accept the Free Trial Version at this time -
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.
How to open the log:
Open MalwareBytes Anti-Malware and then click on History
On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.
Go to the bottom left corner to Export and select Text File (*.txt)
Save it to the desktop

    Be sure to restart the computer if requested.

 

Thank you!



#3 mpetro1

mpetro1
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 30 August 2014 - 11:45 PM

I did what you requested! I have attached the logs you requested.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Garrett on Sat 08/30/2014 at 23:48:26.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/30/2014 at 23:56:55.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/31/2014
Scan Time: 12:16:20 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.31.01
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Garrett

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306283
Time Elapsed: 17 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [f6274984bcbfc96d24f1a6b2f1136a96],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [6bb23697ef8c5ed8a0746deb94701be5],
PUP.Optional.SupraSavings, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}, Quarantined, [7f9e11bc790274c2031c9f54ed158779],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, Quarantined, [3ce164692259a98dcf5661a6b54e34cc],
PUP.Optional.HQVid.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQvidPv1.1, Quarantined, [34e9daf3cab120168faff21a5ea5649c],
PUP.Optional.WebInternetSecurity, HKU\S-1-5-21-2081853122-2922882189-671885779-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\webinternetsecurity, Quarantined, [37e64687542724123888d01faa58847c],
PUP.Optional.WebInternetSecurity, HKU\S-1-5-21-2081853122-2922882189-671885779-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\webinternetsecurity, Quarantined, [22fb5a73a0db90a6378a02edb64cd729],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.CrossRider.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak, Quarantined, [cd50f0ddd5a6cd6937d0a7238979c43c],
PUP.Optional.SupraSavings.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjegdojkkoghnbiollpogeeimocanmk, Quarantined, [988502cb7dfe0d29cd0ed3f8c53d1be5],
PUP.Optional.CrossRider.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak, Quarantined, [e23bd6f7a1da37ff09fbc20a24de44bc],
PUP.Optional.CrossRider.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gngfnjclpjflgomhidfecidndbfaniak_0, Quarantined, [938aae1f770466d0fb0a715bad55669a],

Files: 40
PUP.Optional.BundleInstaller.A, C:\$Recycle.Bin\S-1-5-21-2081853122-2922882189-671885779-1001\$RD6HZKB.exe, Quarantined, [07162f9e552661d5c1019eb6877a13ed],
PUP.Optional.SearchProtect.A, C:\$Recycle.Bin\S-1-5-21-2081853122-2922882189-671885779-1001\$RCF33JQ.exe, Quarantined, [051808c596e5d264c9ecbc7a4ab7fc04],
PUP.Optional.BundleInstaller.A, C:\$Recycle.Bin\S-1-5-21-2081853122-2922882189-671885779-1001\$RS7C0U9.exe, Quarantined, [cb52bd10f8833600883a4f05926f0af6],
PUP.Optional.DomalQ, C:\$Recycle.Bin\S-1-5-21-2081853122-2922882189-671885779-1001\$RGT2E59.exe, Quarantined, [ac713a93a3d8a591cfd3f1bbd92be21e],
PUP.Optional.DomaIQ, C:\$Recycle.Bin\S-1-5-21-2081853122-2922882189-671885779-1001\$RNL5VIH.exe, Quarantined, [b667834a8af1a690a852ae05c93853ad],
PUP.Optional.SearchProtect.A, C:\$Recycle.Bin\S-1-5-21-2081853122-2922882189-671885779-1001\$RO8BCN0.exe, Quarantined, [b36a9b32a0db37fff9c81386e918639d],
PUP.Optional.SearchProtect.A, C:\$Recycle.Bin\S-1-5-21-2081853122-2922882189-671885779-1001\$RDM366U.exe, Quarantined, [cf4e8944cbb089ad793cbd79ae531ee2],
PUP.Optional.SearchProtect.A, C:\$Recycle.Bin\S-1-5-21-2081853122-2922882189-671885779-1001\$R0763ZX.exe, Quarantined, [f924705dafcc3cfa1d9857df23dea65a],
PUP.Optional.AirAdInstaller, C:\$Recycle.Bin\S-1-5-21-2081853122-2922882189-671885779-1001\$RUXJAJV.exe, Quarantined, [d04da22b314a181ee655f34718e82ed2],
PUP.Optional.SearchProtect.A, C:\$Recycle.Bin\S-1-5-21-2081853122-2922882189-671885779-1001\$R5ODF09.exe, Quarantined, [2df0c706166548ee4b6af34352af54ac],
PUP.Optional.Conduit.A, C:\$Recycle.Bin\S-1-5-21-2081853122-2922882189-671885779-1001\$RM7ACHL\SpSetup.exe, Quarantined, [59c41cb1502b0036c4e24be0629f5fa1],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, Quarantined, [8499d4f9c6b5092daef5bc81fa06fd03],
PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [a17c4a8396e5dc5a77cccff63aca7789],
PUP.Optional.SearchProtect.A, C:\Users\Garrett\AppData\Local\Temp\SPSetup.exe, Quarantined, [5dc00ac32e4dfe38239eddbca75a47b9],
PUP.Optional.SupraSavings, C:\Windows\Temp\6E6B36EB-9156-411B-B951-C735F4747DCFn.exe, Quarantined, [db425677ccaf26107189bb17f90bee12],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsc19BD.exe, Quarantined, [2af3428b4c2ff046d2c84b44679a6f91],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsdACB.exe, Quarantined, [1409d4f945367cba1189236c41c0e818],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsgFC8.exe, Quarantined, [819ccffe90eb65d15941078821e02ad6],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsj1477.exe, Quarantined, [70ad9c31bbc08caa8f0bc4cb4bb6f20e],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsp3AFC.exe, Quarantined, [d7464d80a5d6142287138c035ba6e31d],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsq39.exe, Quarantined, [918cf0dd2853d5619802f8973ec347b9],
PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\SPVCLdr64.dll, Delete-on-Reboot, [d746daf37902181e9f22a4f56e939a66],
PUP.Optional.SupraSavings.A, C:\Windows\Installer\5191ca.msi, Quarantined, [cf4e7f4e9fdcac8aa99a289d45bf867a],
PUP.Optional.AdPeak.A, C:\Windows\Installer\5191cf.msi, Quarantined, [0e0f74592d4e979f02a1b489a55b3cc4],
PUP.Optional.CrossRider.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngfnjclpjflgomhidfecidndbfaniak_0.localstorage, Quarantined, [6ab309c4fc7f7abcc57222ec53b0b14f],
PUP.Optional.CrossRider.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngfnjclpjflgomhidfecidndbfaniak_0.localstorage-journal, Quarantined, [4cd1aa234338af87ca6d947a24dfc040],
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [fa235d70cead77bf2bed4e0acf35c838],
PUP.Optional.CrossRider.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\000015.log, Quarantined, [e23bd6f7a1da37ff09fbc20a24de44bc],
PUP.Optional.CrossRider.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\000016.ldb, Quarantined, [e23bd6f7a1da37ff09fbc20a24de44bc],
PUP.Optional.CrossRider.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\CURRENT, Quarantined, [e23bd6f7a1da37ff09fbc20a24de44bc],
PUP.Optional.CrossRider.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\LOCK, Quarantined, [e23bd6f7a1da37ff09fbc20a24de44bc],
PUP.Optional.CrossRider.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\LOG, Quarantined, [e23bd6f7a1da37ff09fbc20a24de44bc],
PUP.Optional.CrossRider.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\LOG.old, Quarantined, [e23bd6f7a1da37ff09fbc20a24de44bc],
PUP.Optional.CrossRider.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\MANIFEST-000013, Quarantined, [e23bd6f7a1da37ff09fbc20a24de44bc],
PUP.Optional.CrossRider.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gngfnjclpjflgomhidfecidndbfaniak_0\1, Quarantined, [938aae1f770466d0fb0a715bad55669a],
PUP.Optional.Conduit, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "suggest_url": "http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}",), Replaced,[839ae3ea651689adfe3e2ee92fd6a45c]
PUP.Optional.Conduit.A, C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "search_url": "http://search.conduit.com/Results.aspx?gd=&ctid=CT3326302&octid=EB_ORIGINAL_CTID&ISID=M751516C0-BA7D-4700-8D69-9126BFA2EAA0&SearchSource=58&CUI=&UM=5&UP=SP9D697E10-282B-4DE5-B978-F330505416B3&q={searchTerms}&SSPV=",), Replaced,[a07d8d4052295cdaed26fe1b57aecc34]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (127.0.0.1 173.214.178.24), Replaced,[8598418c0a7170c6f8fcd0462ed7f30d]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (127.0.0.1 192.185.97.25), Replaced,[d34a9c31bdbe57df5b9ad34353b23cc4]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (127.0.0.1 82.98.147.80), Replaced,[cd501faee59684b2a5511006de277a86]

Physical Sectors: 0
(No malicious items detected)

(end)



#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 31 August 2014 - 09:41 AM

Hi mpetro1!

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Please download Farbar Service Scanner (FSS) HERE and run it on the computer with the issue.

    Make sure the following options are checked:
        Internet Services
        Windows Firewall
        System Restore
        Security Center/Action Center
        Windows Update
        Windows Defender
        Other Services
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.

 

Please download RKill by Grinler HERE and save it to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
    Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
    If nothing happens or if the tool does not run, please let me know in your next reply.
    A log pops up at the end of the run. This log file is located at C:\rkill.log.
    Please post the log in your next reply.

At the end:

Download Delfix HERE to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

    Activate UAC (optional; some users prefer to keep it off)
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings


Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

 

Thank you!



#5 mpetro1

mpetro1
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 31 August 2014 - 04:44 PM

I completed the above steps! Here are the logs!!
I am having trouble copying and pasting RKill log. I will copy and paste it on a separate reply!


MiniToolBox by Farbar Version: 21-07-2014
Ran by Garrett (administrator) on 31-08-2014 at 16:42:58
Running from "C:\Users\Garrett\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================






127.0.0.1 capitalimonline.com
127.0.0.1 www.verifi-infonet.com
127.0.0.1 www.forsil-srl.com
127.0.0.1 trustedppiclaims.co.uk
127.0.0.1 ftp.signara.org
127.0.0.1 buy-fifa-ultimateteam-coins.com
127.0.0.1 pay.pal-schutz.com
127.0.0.1 swqk3xftx38.h149.pp39dk.com
127.0.0.1 robertoleal.es
127.0.0.1 verifi-infonet.com
127.0.0.1 ssl.paypal.secure.your.billing.information.mytrickworld.com
127.0.0.1 lastminute-ibiza.net
127.0.0.1 myaccount.aol.com.onlineaccounts.upgrade.online.billing.account.update.alcaldiadearaure.gob.ve
127.0.0.1 www.rhnp.org
127.0.0.1 bit.ly
127.0.0.1 www.axisengneering.com
127.0.0.1 www.positive-eft.com
127.0.0.1 hw0vrcfmu0fpd.com
127.0.0.1 www.art3c.com.tw

There are 70 more lines starting with "127.0.0.1"


========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (08/31/2014 00:36:15 AM) (Source: Service Control Manager) (User: )
Description: The SAWFP service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================


=========================== Installed Programs ============================
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.98 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.2.2126 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.7.4528 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.5.5811 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{6821D775-9303-46DD-977A-2D97CA18B054}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{DD27F8B0-BFDE-4188-89A0-BBF389FC367E}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.00.132 - Oracle, Inc.) Hidden
Java SE Development Kit 8 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 3986.28 MB
Available physical RAM: 2856.37 MB
Total Pagefile: 4946.28 MB
Available Pagefile: 3884.96 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.33 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:437.49 GB) (Free:388.56 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:27.15 GB) (Free:3.18 GB) NTFS

========================= Users: ========================================

User accounts for \\PC

Administrator Garrett Guest


**** End of log ****




Farbar Service Scanner Version: 21-07-2014
Ran by Garrett (administrator) on 31-08-2014 at 16:58:16
Running from "C:\Users\Garrett\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

#6 mpetro1

mpetro1
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 31 August 2014 - 05:25 PM

s there a size limit to copy and paste a file? RKill is 5.26mb. I cannot copy and paste RKill. Would there be another way to copy and paste RKill so you can view it?

#7 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 01 September 2014 - 06:25 AM

5.26mb txt file? How many pages is it?

 

Thank you!



#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 01 September 2014 - 06:50 AM

Right click upon it and choose send to and then compressed Zip folder.Upload it here:

http://www.zippyshare.com/

No registration needed.Post the generated link.

 

Thank you!



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:15 AM

Posted 01 September 2014 - 07:37 AM

Hi -

It seems a bit odd to me, as I just ran Rkill on my Win 8.1 and got this ..........

 

Ignore the Missing Services, as I know what they are -

 

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/01/2014 10:26:39 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * MsKeyboardFilter [Missing Service]
 * CSC [Missing Service]
 * E1G60 [Missing Service]
 * kbldfltr [Missing Service]
 * storvsp [Missing Service]
 * Vid [Missing Service]
 * vmbusr [Missing Service]
 * vpcivsp [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 09/01/2014 10:27:01 PM
Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)

 

22 seconds to run the program !!!!!!! and a fairly small output -



#10 mpetro1

mpetro1
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 01 September 2014 - 10:17 AM

http://www62.zippyshare.com/v/6935989/file.html

#11 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 01 September 2014 - 12:48 PM

If you ran Delfix:

 

Download HitmanPro x64 HERE from onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.

 

Thank you!


Edited by Alex&Vanko, 01 September 2014 - 12:59 PM.


#12 mpetro1

mpetro1
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 01 September 2014 - 02:20 PM

Here is HitmanPro log.....

 

 

 

 

HitmanPro 3.7.9.224
www.hitmanpro.com
   Computer name . . . . : PC
   Windows . . . . . . . : 6.3.0.9600.X64/2
   User name . . . . . . : PC\Garrett
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-09-01 15:08:58
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 3s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 2
   Traces  . . . . . . . : 49
   Objects scanned . . . : 1,874,897
   Files scanned . . . . : 34,689
   Remnants scanned  . . : 725,947 files / 1,114,261 keys
Malware _____________________________________________________________________
   C:\Users\Garrett\AppData\Local\Microsoft\Windows\INetCache\IE\QIBSV2KW\OptimizerPro[1].exe
      Size . . . . . . . : 7,136,784 bytes
      Age  . . . . . . . : 139.0 days (2014-04-15 15:30:33)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : A8DC7CA30688C42F623BCE23DC0D91C550C1278ADFCD7404DFF2D9150932B2F4
      Product
      Publisher
      Description
      Version
      RSA Key Size . . . : 2048
      Source URL . . . . : hxxp://dl.softservers.net/111001231/OptimizerPro.exe
      LanguageID . . . . : 9242
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.Agent.OBK
      Fuzzy  . . . . . . : 102.0
   C:\Users\Garrett\AppData\Local\Microsoft\Windows\INetCache\IE\V4WRFRZF\sp-downloader[1].exe
      Size . . . . . . . : 66,368 bytes
      Age  . . . . . . . : 139.0 days (2014-04-15 15:29:48)
      Entropy  . . . . . : 7.2
      SHA-256  . . . . . : B42F721E861C4AE46C71993C87A01D8E5CBA55096DB4DD7804F26E40CC5D24D5
      RSA Key Size . . . : 2048
      Source URL . . . . : hxxps://sp-storage.conduit-services.com/sp-downloader.exe
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:Downloader.NSIS.Agent.fq
      Fuzzy  . . . . . . : 103.0

Potential Unwanted Programs _________________________________________________
   ask.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Web Data
   trovi.search
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Web Data
   HKU\S-1-5-21-2081853122-2922882189-671885779-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{1631550F-191D-4826-B069-D9439253D926} (PriceGong)
   HKU\S-1-5-21-2081853122-2922882189-671885779-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info\ (ShopperPro)
Cookies _____________________________________________________________________
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertise.bingads.microsoft.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Garrett\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Garrett\AppData\Local\Microsoft\Windows\INetCookies\0RBHCRB4.txt
   C:\Users\Garrett\AppData\Local\Microsoft\Windows\INetCookies\17BYJQQS.txt
   C:\Users\Garrett\AppData\Local\Microsoft\Windows\INetCookies\1Q314XQ0.txt
   C:\Users\Garrett\AppData\Local\Microsoft\Windows\INetCookies\1VA32T0Q.txt
   C:\Users\Garrett\AppData\Local\Microsoft\Windows\INetCookies\80F3X6RM.txt
   C:\Users\Garrett\AppData\Local\Microsoft\Windows\INetCookies\8IO6JGJ5.txt
   C:\Users\Garrett\AppData\Local\Microsoft\Windows\INetCookies\F4ZOU7KD.txt
   C:\Users\Garrett\AppData\Local\Microsoft\Windows\INetCookies\KY4CU6BE.txt
   C:\Users\Garrett\AppData\Local\Microsoft\Windows\INetCookies\LL64W9H4.txt
   C:\Users\Garrett\AppData\Local\Microsoft\Windows\INetCookies\NZ679UCO.txt
   C:\Users\Garrett\AppData\Local\Microsoft\Windows\INetCookies\YSHLNH6K.txt


#13 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 02 September 2014 - 08:42 AM

Ok.Apply action in order to remove them.You may uninstall Hitman if you want so.

 

Please download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When completed select Uninstall application on close if you so wish
    Now click on Finish
The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt")

Note: Do not forget to re-enable your antivirus application after running the above scan!

 

Thank you!
 



#14 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 02 September 2014 - 08:54 AM

We will uninstall Norton so choose a free Antivirus.

I wonder about long time to load after a reboot and Windows\Temp folder.

Thank you!



#15 mpetro1

mpetro1
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 02 September 2014 - 11:42 PM

I ran the ESET scan.
After we uninstall Norton could you recommend a new free Antivirus.
Thanks,
Mike


ESETSmartInstaller@High as downloader log:
all ok




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users