Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware!?!? (Zombie Alert / not sure what else)


  • This topic is locked This topic is locked
13 replies to this topic

#1 Chivalry

Chivalry

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 05 September 2014 - 03:24 AM

Hello Admin | Site Admin | Global Moderator Moderator | Malware Study Hall Admin | Malware Response Instructor | Malware Response Team | BC Advisor ,
 

Hello Again! (Edit: Different Computer than Last time... similar desecration)

Operating System: Windows 7
Application>Web Browsers: Chrome, IE

 

I am not completely sure, but I believe I have an Adware infestation. 
After installing some app called rocket search (or something similar), I believe this computer came under the "protection" (aka NOT protection) of zombie alert and some other third party software... truthfully I don't think I really want the rocket search or anything of the like on my computer ;)

I have not taken any steps to try to remove it, but knowing adware, It might just go invisible...

Could anyone kindly take a look at my issue?

Thanks!

 


Edited by Chivalry, 05 September 2014 - 03:33 AM.


BC AdBot (Login to Remove)

 


m

#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 05 September 2014 - 06:00 AM

Hi Chivalry and :welcome:

 

Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Please download Farbar Service Scanner (FSS) HERE and run it on the computer with the issue.

    Make sure the following options are checked:
        Internet Services
        Windows Firewall
        System Restore
        Security Center/Action Center
        Windows Update
        Windows Defender
        Other Services
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.

 

Please download RKill by Grinler HERE and save it to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
    Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
    If nothing happens or if the tool does not run, please let me know in your next reply.
    A log pops up at the end of the run. This log file is located at C:\rkill.log.
    Please post the log in your next reply.
 

Thank you!



#3 Chivalry

Chivalry
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 05 September 2014 - 11:34 AM

Hello Alex... and Vanko..
Or are you just Vanko?

and do you really like Darth Maul? or just his picture?  :)

Here is all the stuff... Thanks for your help!


 

 

Checkup.txt:
------------------------------

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
----------------------
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Result.txt
----------------------
MiniToolBox by Farbar  Version: 21-07-2014
Ran by Owner (administrator) on 05-09-2014 at 09:10:25
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/04/2014 11:10:14 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a2c
 
Start Time: 01cfc8cff05b7a5c
 
Termination Time: 44
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (09/04/2014 11:09:23 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1c60
 
Start Time: 01cfc8cfb2ca6235
 
Termination Time: 62
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (09/04/2014 08:58:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76474981
 
Error: (09/04/2014 08:58:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76474981
 
Error: (09/04/2014 08:58:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/04/2014 08:58:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76473250
 
Error: (09/04/2014 08:58:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76473250
 
Error: (09/04/2014 08:58:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/04/2014 08:58:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76472158
 
Error: (09/04/2014 08:58:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76472158
 
 
System errors:
=============
Error: (09/04/2014 09:08:35 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.183.1564.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/28/2014 10:45:38 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:43:35 AM on ‎8/‎28/‎2014 was unexpected.
 
Error: (08/07/2014 01:02:59 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:01:07 PM on ‎8/‎7/‎2014 was unexpected.
 
Error: (08/06/2014 02:10:30 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:09:14 PM on ‎8/‎6/‎2014 was unexpected.
 
Error: (07/13/2014 10:22:45 PM) (Source: Service Control Manager) (User: )
Description: The Update NetCrawl service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/13/2014 10:22:36 PM) (Source: Service Control Manager) (User: )
Description: The Util NetCrawl service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/13/2014 04:27:23 PM) (Source: Service Control Manager) (User: )
Description: The BlockAndSurf service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/12/2014 00:26:47 PM) (Source: Service Control Manager) (User: )
Description: The AFBAgent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/06/2014 08:34:30 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.
 
Error: (07/06/2014 08:34:30 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 552.
 
 
Microsoft Office Sessions:
=========================
Error: (09/04/2014 11:10:14 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.172391a2c01cfc8cff05b7a5c44C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (09/04/2014 11:09:23 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.172391c6001cfc8cfb2ca623562C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (09/04/2014 08:58:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76474981
 
Error: (09/04/2014 08:58:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76474981
 
Error: (09/04/2014 08:58:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/04/2014 08:58:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76473250
 
Error: (09/04/2014 08:58:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76473250
 
Error: (09/04/2014 08:58:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/04/2014 08:58:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76472158
 
Error: (09/04/2014 08:58:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76472158
 
 
 
=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version:  - Compete Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
dealpeuaki (HKLM-x32\...\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}) (Version:  - deaalpeak)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 2620 series Basic Device Software (HKLM\...\{66B122CE-42ED-4143-94D2-B28575A4619F}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Idle-Crawler (HKLM-x32\...\Idle-Crawler) (Version: 67.0.0.415 - web research foundation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nike+ Connect (HKLM-x32\...\Nike+ Connect) (Version: 6.3.18 - Nike)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
Performance Optimizer (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{892cc6a3}) (Version:  - Linker Ltd)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0175 - REALTEK Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.11.3 - Client Connect LTD)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Snap.Do (HKLM-x32\...\{F97A8857-2A38-4CE9-A53A-F07E491F2DA8}) (Version: 11.77.1.17697 - ReSoft Ltd.)
Snap.Do Engine (HKCU\...\{cf63d84a-7cae-4b7c-86ed-d234aad5ea3a}) (Version: 11.77.1.17697 - ReSoft Ltd.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
V-bates 2.0.0.442 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.442 - Wajamu)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
Zombie Alert (HKLM-x32\...\ZombieAlert) (Version: 2.7.19 - Creative Island Media, LLC)
 
========================= Devices: ================================
 
Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 49%
Total physical RAM: 3874.21 MB
Available physical RAM: 1956.41 MB
Total Pagefile: 7746.61 MB
Available Pagefile: 5365.34 MB
Total Virtual: 4095.88 MB
Available Virtual: 3984.71 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:80.23 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:254.35 GB) NTFS
3 Drive e: (HP OJ2620) (CDROM) (Total:0.48 GB) (Free:0 GB) CDFS
4 Drive f: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:678.26 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\OWNER-PC
 
Administrator            Ashley                   ASPNET                   
Guest                    Owner                    
 
 
**** End of log ****
-------------------------

 

 

 

 

 

 

 

 

FFS.txt
-------------------------

Farbar Service Scanner Version: 21-07-2014
Ran by Owner (administrator) on 05-09-2014 at 09:21:09
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
------------------------
 
 
 
 
 
 
 
 
Rkill.txt
-------------------
Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/05/2014 09:30:10 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 09/05/2014 09:31:11 AM
Execution time: 0 hours(s), 1 minute(s), and 0 seconds(s)
 


#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 05 September 2014 - 01:01 PM

desecration I liked translation of this word :thumbup2:

Ok so Uninstall from Programs and Features:

dealpeuaki

Idle-Crawler

Performance Optimizer(if it is program to clean registry,junks and to speed up PC)

Search Protect

Snap.Do

V-bates 2.0.0.442

Zombie Alert

After that:

Please download AdwCleaner by Xplode HERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

 

Then:

Download Delfix HERE to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

    Activate UAC (optional; some users prefer to keep it off)
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings


Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

 

Download Malwarebytes' Anti-Malware Free 2 HERE to your desktop.
    - Do not accept the Free Trial Version at this time -
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.
How to open the log:
Open MalwareBytes Anti-Malware and then click on History
On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.
Go to the bottom left corner to Export and select Text File (*.txt)
Save it to the desktop

    Be sure to restart the computer if requested.

 

Download HitmanPro x64 HERE from onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.
 

Thank you!



#5 Chivalry

Chivalry
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 13 September 2014 - 12:12 AM

Hello again, I'm really sorry about such a long wait!

I won't lie... It's taken me a while to even want to work on this computer... 
First I tried uninstalling those programs, but Search Protect and  Zombie Alert\ wouldn't uninstall (said something about not having administrator privilages [LIES])

I ran all of the scans, but I didn't read thoroughly enough to realize that last one would delete all of the log files from before.

oopsie  :whistle:


:/ what should I do now? haha
Here are the log files from Malwarebytes and HitmanPro:
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/6/2014
Scan Time: 3:38:07 AM
Logfile: Malwarebytes.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.06.01
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352155
Time Elapsed: 29 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.ZombieAlert.A, C:\ProgramData\AZNqUXjpkW\xSakwhAkT.exe, 2636, Delete-on-Reboot, [21486387bfbcef479b7baee9ed148f71]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 60
PUP.Optional.ZombieAlert.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xSakwhAkT, Quarantined, [21486387bfbcef479b7baee9ed148f71], 
PUP.Optional.VBates, HKU\S-1-5-21-4233013369-1694252847-3016774584-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, Quarantined, [ed7c1ad098e3d95dd66b057d46bc29d7], 
PUP.Optional.VBates, HKU\S-1-5-21-4233013369-1694252847-3016774584-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, Quarantined, [ed7c1ad098e3d95dd66b057d46bc29d7], 
PUP.Optional.QuickShare.A, HKU\S-1-5-21-4233013369-1694252847-3016774584-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [99d09a5013682511f74bb1041ee4a858], 
PUP.Optional.QuickShare.A, HKU\S-1-5-21-4233013369-1694252847-3016774584-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [99d09a5013682511f74bb1041ee4a858], 
PUP.Optional.IdleCrawler.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\The Idle-Crawler Updater, Quarantined, [096068823348d363b3cff1a4c83952ae], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [e18848a291eacd69a112b374d1320ff1], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [9fca23c7abd0d264cfe484a32fd410f0], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [cf9a0ae06813b87e7c37d84f1ae9a25e], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [ea7f10dac0bb6fc74d66e04790737f81], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [5d0c73770b705adcbcf740e75ba88080], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [80e95d8d7506ae880ca74fd809fa49b7], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [5b0ece1c6615f2442c873deac93aeb15], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [a6c33dadf9823df9dfd4a2859172da26], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [acbd9d4d5a218ea8f6bd48df61a2ee12], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [6bfe03e79fdc77bf951e5fc89c678779], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [3c2dad3d89f2d462a211ca5d9271bb45], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [df8aa842d6a56fc7f3c0bc6b7b88f30d], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [52178e5c512aa2945d560d1aac577b85], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [ca9f9e4cb6c535011b987ea9bc4751af], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [d4959a50403ba88e1f948e9905fe6d93], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [db8ef3f7582389ad833039ee3cc7fa06], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [d49500eae299b28442710b1cf31060a0], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [53169258c2b9a096fab90c1b4cb7916f], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [a2c74c9e83f86fc72291ec3b08fb50b0], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [c1a8737724574de9e9ca26016f9420e0], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [23468f5b1764b482a60d0a1df70c6a96], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [1455b634601b9d99edc65acd18ebd729], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [fd6cfcee9dded066c4ef9097ee15a65a], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [d2977476136894a2e0d349dee51e9070], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [93d612d8d7a492a47c373deac3406d93], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [dd8c64866e0da195149f1e09f50eee12], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [7aef529898e31e18852e50d70bf8ea16], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [125723c77407989e0da6f33451b24eb2], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [00695991f88375c1fcb7ce5926dd7d83], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [aabfc525fa817eb86c4760c73bc8de22], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [aebb10dad7a491a54f647aad010201ff], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [09608c5eff7c3ef882316fb847bcee12], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [75f4a248ef8c91a5b003dd4a0df60ff1], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [baaf2dbd9eddbe78813260c708fb55ab], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [2c3dfdedd9a2ab8b92210c1ba55e07f9], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [5a0ff6f4532838fee3d0889f29da05fb], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [1c4dd614b5c677bfc0f3b374a85bba46], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [6aff5991f18a41f5cde6a38420e3926e], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [05648b5f7b0087af278cd84f47bc8f71], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [fb6e09e1d4a79d991e95a97eb84be917], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [11585d8d7a0110263b785ec961a2da26], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [135632b81b60c2748e25081f1be8659b], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [e78231b9e893fd39e3d01e09f0136898], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [3d2c64864c2fbf77efc4e740fb08659b], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [35347a70c8b38da9d7dc59cecf3439c7], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [521730ba9be08caac4ef0b1c7f8407f9], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [a9c0f7f32754979fe8cb3ceb2dd6a957], 
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [e188e00a97e443f33e7582a5bc470af6], 
PUP.Optional.Consumer.Input.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\consumerinput_update, Quarantined, [78f149a1b1ca73c39e164add1fe408f8], 
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [6207e8026b1074c200850cefae545ea2], 
PUP.Optional.NetCrawl.A, HKU\S-1-5-21-4233013369-1694252847-3016774584-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\NetCrawl, Quarantined, [d59435b5dc9f40f658d5ae5671927c84], 
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-4233013369-1694252847-3016774584-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [482148a27ffce84e236250ab25dd50b0], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4233013369-1694252847-3016774584-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [cd9cb83288f3d264de49bc6a44bf0cf4], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4233013369-1694252847-3016774584-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [8adf4b9f7b0082b4b4d4f4485aaa30d0], 
 
Registry Values: 2
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\, Quarantined, [85e4ecfee19a3006b74acf8dd331a45c]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4233013369-1694252847-3016774584-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0B1R1B0D2P1N, Quarantined, [8adf4b9f7b0082b4b4d4f4485aaa30d0]
 
Registry Data: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-4233013369-1694252847-3016774584-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),Replaced,[6bfe67830f6c9d9987200be163a19769]
 
Folders: 7
PUP.Optional.ZombieAlert.A, C:\Users\Owner\AppData\Local\ZombieAlert, Quarantined, [95d444a6a2d9fb3b5c56f126f50e35cb], 
PUP.Optional.Consumer.Input.A, C:\Users\Owner\AppData\Local\Consumer Input, Quarantined, [b9b0a347c2b941f580414585b44e8b75], 
PUP.Optional.Consumer.Input.A, C:\Users\Owner\AppData\Local\Consumer Input\CrashReports, Quarantined, [b9b0a347c2b941f580414585b44e8b75], 
PUP.Optional.Extutil.A, C:\Users\Owner\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [1b4e83671764f244dc5edd040bf7d828], 
PUP.Optional.Managera.A, C:\Users\Owner\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [bdac2cbe106bbb7b79c2a73a976b9a66], 
PUP.Optional.IdleCrawler, C:\Users\Owner\AppData\Local\Idle-Crawler, Quarantined, [95d4d218611a8aac2c7b7b70dc2602fe], 
PUP.Optional.IdleCrawler, C:\Users\Owner\AppData\Local\Idle-Crawler\Modules, Quarantined, [95d4d218611a8aac2c7b7b70dc2602fe], 
 
Files: 50
PUP.Optional.ZombieAlert.A, C:\ProgramData\AZNqUXjpkW\xSakwhAkT.exe, Delete-on-Reboot, [21486387bfbcef479b7baee9ed148f71], 
PUP.Optional.ZombieAlert.A, C:\ProgramData\AZNqUXjpkW\dat\FbCxgenYsyk.exe, Delete-on-Reboot, [e7827476fb80023463b392055ea312ee], 
PUP.Optional.ZombieAlert.A, C:\ProgramData\AZNqUXjpkW\dat\QzwrVp.exe, Delete-on-Reboot, [2e3b6288bcbfeb4b2ee89dfa7190b44c], 
PUP.Optional.Somoto.A, C:\Users\Owner\AppData\Local\Temp\YIs9z16R.exe.part, Quarantined, [1b4e55954d2e4ee8d0368019847d817f], 
PUP.Optional.IdleCrawler.A, C:\Users\Owner\AppData\Local\Temp\6770706438, Quarantined, [cf9ad3171b60290d93ef1184827fc43c], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\nsnC05.exe, Quarantined, [76f3ab3f1f5c87af28791b753ec32cd4], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\6895412511, Quarantined, [a1c839b148333ff7ae60434f9a67e818], 
PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\7543475112, Quarantined, [d297b7336b10b97dd4b75e31dd24a759], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\nss851E.exe, Quarantined, [94d5b6347efd67cf6d34385813eef30d], 
PUP.Optional.InstallCore, C:\Users\Owner\AppData\Local\Temp\nsw1382.tmp, Quarantined, [5118b139e299b3835a01911a5ca5966a], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\nsc1A67.exe, Quarantined, [94d528c2bdbe45f1168b8c0488796a96], 
PUP.Optional.InstallCore, C:\Users\Owner\AppData\Local\Temp\nsm9030.tmp, Quarantined, [f6736b7f4d2e072f9cbfc3e8669b31cf], 
PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nsn33B0.tmp, Quarantined, [b9b019d1681343f3d5f34b4ff908b34d], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\nsn9610.exe, Quarantined, [cf9a14d62358c96d8d140b8543bed030], 
PUP.Optional.Wajam.A, C:\Users\Owner\AppData\Local\Temp\2857805583, Quarantined, [3c2deffbbac10f278aa11a2d14ec22de], 
PUP.Optional.ConsumerInput, C:\Users\Owner\AppData\Local\Temp\ConsumerInputSetup.exe, Quarantined, [2a3f7575a8d30333a313c2f69470aa56], 
PUP.Optional.ConsumerInput, C:\Users\Owner\AppData\Local\Temp\9640575061, Quarantined, [db8e4e9ce19ab284ae08e6d2ee16c23e], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\9831441104, Quarantined, [86e342a8d6a553e37f8ffa98ec1518e8], 
PUP.Optional.VBates.A, C:\Users\Owner\AppData\Local\Temp\0026164081, Quarantined, [d3969f4bfc7f86b09436ad25c24233cd], 
PUP.Optional.ZombieAlert.A, C:\Users\Owner\AppData\Local\Temp\1434213108, Quarantined, [7bee8b5f3f3cc86e6ea85c3bcf324cb4], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\1475509914, Quarantined, [d198b93178035ed8917db6dcb8497090], 
PUP.Optional.InstallManager, C:\Users\Owner\Downloads\PC_Driver_kit.exe, Quarantined, [5a0fa5451b602610294b0ed6986c51af], 
PUP.Optional.OptimunInstaller, C:\Users\Owner\Downloads\Player-Chrome.exe, Quarantined, [bbaea248fb800630c7155dec9868847c], 
PUP.Optional.IdleCrawler.A, C:\Users\Owner\AppData\Local\Idle-Crawler\uninstall.exe, Quarantined, [096068823348d363b3cff1a4c83952ae], 
PUP.Optional.IdleCrawler, C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Idle-Crawler Update, Quarantined, [92d747a3f08bf343167e01f63ec415eb], 
PUP.Optional.RocketTab.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibnjmihbbanannlbobkbmnmckjnmdnom_0.localstorage, Quarantined, [5118d218dc9fab8b883724d9897937c9], 
PUP.Optional.RocketTab.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibnjmihbbanannlbobkbmnmckjnmdnom_0.localstorage-journal, Quarantined, [e782509a493238fec5fab14cf50d23dd], 
PUP.Optional.Consumer.Input.A, C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore, Quarantined, [21485c8ed7a40a2c2c3e956eee158878], 
PUP.Optional.Consumer.Input.A, C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA, Quarantined, [db8e915952292016cc9e0300aa599b65], 
PUP.Optional.Superfish.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [f9703caeb4c7ef474ae4c34ba2614cb4], 
PUP.Optional.Superfish.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [3b2eeffb3645280eb37b7896748fc33d], 
PUP.Optional.MySearchDial.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iagcajndpnfncplednpbnkahadegklfa_0.localstorage-journal, Quarantined, [60093fab6b103105c1851bfa768de21e], 
PUP.Optional.ZombieAlert.A, C:\Users\Owner\AppData\Local\ZombieAlert\data2.dat, Quarantined, [95d444a6a2d9fb3b5c56f126f50e35cb], 
PUP.Optional.Consumer.Input.A, C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job, Quarantined, [a5c47971d1aaa294f87f183dfd07758b], 
PUP.Optional.Consumer.Input.A, C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job, Quarantined, [2742b2387cff86b02a4dfc59f50f3dc3], 
PUP.Optional.VBates.A, C:\Users\Owner\AppData\Local\Temp\v-bates.exe, Quarantined, [0c5dedfd2655df57db93411cd52fb24e], 
PUP.Optional.Extutil.A, C:\Users\Owner\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [1b4e83671764f244dc5edd040bf7d828], 
PUP.Optional.Extutil.A, C:\Users\Owner\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [1b4e83671764f244dc5edd040bf7d828], 
PUP.Optional.Extutil.A, C:\Users\Owner\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [1b4e83671764f244dc5edd040bf7d828], 
PUP.Optional.Managera.A, C:\Users\Owner\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [bdac2cbe106bbb7b79c2a73a976b9a66], 
PUP.Optional.Managera.A, C:\Users\Owner\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [bdac2cbe106bbb7b79c2a73a976b9a66], 
PUP.Optional.IdleCrawler, C:\Users\Owner\AppData\Local\Idle-Crawler\msvcp110.dll, Quarantined, [95d4d218611a8aac2c7b7b70dc2602fe], 
PUP.Optional.IdleCrawler, C:\Users\Owner\AppData\Local\Idle-Crawler\msvcr110.dll, Quarantined, [95d4d218611a8aac2c7b7b70dc2602fe], 
PUP.Optional.IdleCrawler, C:\Users\Owner\AppData\Local\Idle-Crawler\Modules\7z.dll, Quarantined, [95d4d218611a8aac2c7b7b70dc2602fe], 
PUP.Optional.IdleCrawler, C:\Users\Owner\AppData\Local\Idle-Crawler\Modules\CmnUtls.dll, Quarantined, [95d4d218611a8aac2c7b7b70dc2602fe], 
PUP.Optional.IdleCrawler, C:\Users\Owner\AppData\Local\Idle-Crawler\Modules\InSes.dll, Quarantined, [95d4d218611a8aac2c7b7b70dc2602fe], 
PUP.Optional.IdleCrawler, C:\Users\Owner\AppData\Local\Idle-Crawler\Modules\NavSupp.dll, Quarantined, [95d4d218611a8aac2c7b7b70dc2602fe], 
PUP.Optional.IdleCrawler, C:\Users\Owner\AppData\Local\Idle-Crawler\Modules\WblSupp.dll, Quarantined, [95d4d218611a8aac2c7b7b70dc2602fe], 
PUP.Optional.IdleCrawler, C:\Users\Owner\AppData\Local\Idle-Crawler\Modules\WbSes.dll, Quarantined, [95d4d218611a8aac2c7b7b70dc2602fe], 
PUP.Optional.IdleCrawler, C:\Users\Owner\AppData\Local\Idle-Crawler\Modules\WdcMan.dll, Quarantined, [95d4d218611a8aac2c7b7b70dc2602fe], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

HitmanPro 3.7.9.225
www.hitmanpro.com
   Computer name . . . . : OWNER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Owner-PC\Owner
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (31 days left)
   Scan date . . . . . . : 2014-09-12 21:44:38
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 14m 48s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes
   Threats . . . . . . . : 13
   Traces  . . . . . . . : 116
   Objects scanned . . . : 1,970,961
   Files scanned . . . . : 49,806
   Remnants scanned  . . : 373,258 files / 1,547,897 keys
Malware _____________________________________________________________________
   C:\Users\Ashley\AppData\Local\Temp\is45637729\1909618_stp\NetCrawlSetup.exe -> Quarantined
      Size . . . . . . . : 582,048 bytes
      Age  . . . . . . . : 64.1 days (2014-07-10 18:54:10)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 8F88E33B292FBF9EA7EC35F506BADE936026EF910BBF304D4A1815CD78C7F624
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.SwiftBrowse.AQ
      Fuzzy  . . . . . . : 107.0
   C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JYG5HLQ\compete[1].exe -> Quarantined
      Size . . . . . . . : 1,852,714 bytes
      Age  . . . . . . . : 69.4 days (2014-07-05 12:06:15)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : E122AC07BF8E39E81984533265164282CBD5559E2B0EB2C1A33A88EB0D399F18
      Source URL . . . . : hxxp://totalnethits.biz/offers/compete.exe
    > Kaspersky  . . . . : not-a-virus:Downloader.Win32.Agent.avvk
      Fuzzy  . . . . . . : 114.0
   C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JYG5HLQ\VuuPC_VO2_8907[1].exe -> Quarantined
      Size . . . . . . . : 224,654 bytes
      Age  . . . . . . . : 69.3 days (2014-07-05 14:20:48)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : FE249AAB4C7B5E1749D6518F64DEBA6881A61481EF69528F8817A96BD34326AF
      Source URL . . . . : hxxp://secure.letigerfastcdn.com/nsi/nsis-html/VuuPC_VO2_8907.exe
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.InstallMonetizer.a
      Fuzzy  . . . . . . : 114.0
   C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VBG0Z79H\Installer[1].exe -> Quarantined
      Size . . . . . . . : 11,186,208 bytes
      Age  . . . . . . . : 69.4 days (2014-07-05 12:04:31)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 8032A6A3E9B19F94ED6D8F5A5A9FBFBA8314FFED14B28E46F4A016F5AC765738
      RSA Key Size . . . : 2048
      Source URL . . . . : hxxp://gogeneral.blob.core.windows.net/versions-20140610-snapdo/Installer.exe
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.Generic.996671
      Fuzzy  . . . . . . : 102.0
   C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VBG0Z79H\OptimizerPro[1].exe -> Quarantined
      Size . . . . . . . : 7,248,392 bytes
      Age  . . . . . . . : 69.4 days (2014-07-05 12:04:16)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : C8471DBA9C687A483E8F42CFE676FF3FA87C74045C6757F370C8C26AD8EE69EE
      Product
      Publisher
      Description
      Version
      RSA Key Size . . . : 2048
      Source URL . . . . : hxxp://dl.softservers.net/111001500/OptimizerPro.exe
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:RiskTool.Win32.Agent.iht
      Fuzzy  . . . . . . : 102.0
   C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIIW0LYY\Setup[1].exe -> Quarantined
      Size . . . . . . . : 4,087,008 bytes
      Age  . . . . . . . : 69.4 days (2014-07-05 12:03:58)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 14BBC189C39BE335090626CB8734462330E25F851B91F6DDF3CFE4EBBA5CF831
      Product  . . . . . : Zombie Alert
      RSA Key Size . . . : 2048
      Source URL . . . . : hxxp://metrix.questspoint.com/za/115001/Setup.exe
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Bitdefender  . . . : Trojan.Generic.11388921
      Fuzzy  . . . . . . : 107.0
   C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3AVK970\BlockAndSurf_2222-5510[1].exe -> Deleted
      Size . . . . . . . : 1,801,310 bytes
      Age  . . . . . . . : 69.3 days (2014-07-05 14:29:52)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 2CD8276C2B8B329A8D54EB726A24B82D3016B71960A650445497956BD8F588A0
      Source URL . . . . : hxxp://app.dcexpath.org/apps/dist/BlockAndSurf_2222-5510.exe
    > Bitdefender  . . . : Adware.Generic.976121
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Lyckriks.yn
      Fuzzy  . . . . . . : 114.0
   C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3AVK970\wajam_validate[1].exe -> Quarantined
      Size . . . . . . . : 11,264 bytes
      Age  . . . . . . . : 69.4 days (2014-07-05 12:02:16)
      Entropy  . . . . . : 7.3
      SHA-256  . . . . . : 561B6080396BA1218D886E7F4999918B3E85D50B4BFC05772C911CBE5AF7947A
      Source URL . . . . : hxxp://www.wajam.com/download/wajam_validate.exe
    > Kaspersky  . . . . : not-a-virus:Downloader.NSIS.Agent.ij
      Fuzzy  . . . . . . : 110.0
   C:\Users\Owner\AppData\Local\Temp\0780661677 -> Quarantined
      Size . . . . . . . : 7,248,392 bytes
      Age  . . . . . . . : 69.4 days (2014-07-05 12:04:16)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : C8471DBA9C687A483E8F42CFE676FF3FA87C74045C6757F370C8C26AD8EE69EE
      Product
      Publisher
      Description
      Version
      RSA Key Size . . . : 2048
      Source URL . . . . : hxxp://dl.softservers.net/111001500/OptimizerPro.exe
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:RiskTool.Win32.Agent.iht
      Fuzzy  . . . . . . : 112.0
   C:\Users\Owner\AppData\Local\Temp\5589216127 -> Quarantined
      Size . . . . . . . : 11,264 bytes
      Age  . . . . . . . : 69.4 days (2014-07-05 12:11:14)
      Entropy  . . . . . : 7.3
      SHA-256  . . . . . : 561B6080396BA1218D886E7F4999918B3E85D50B4BFC05772C911CBE5AF7947A
      Source URL . . . . : hxxp://www.wajam.com/download/wajam_validate.exe
    > Kaspersky  . . . . : not-a-virus:Downloader.NSIS.Agent.ij
      Fuzzy  . . . . . . : 120.0
   C:\Users\Owner\AppData\Local\Temp\8750950185 -> Quarantined
      Size . . . . . . . : 11,264 bytes
      Age  . . . . . . . : 69.4 days (2014-07-05 12:03:11)
      Entropy  . . . . . : 7.3
      SHA-256  . . . . . : 561B6080396BA1218D886E7F4999918B3E85D50B4BFC05772C911CBE5AF7947A
      Source URL . . . . : hxxp://www.wajam.com/download/wajam_validate.exe
    > Kaspersky  . . . . : not-a-virus:Downloader.NSIS.Agent.ij
      Fuzzy  . . . . . . : 120.0
   C:\Users\Owner\AppData\Local\Temp\8856115149 -> Quarantined
      Size . . . . . . . : 11,264 bytes
      Age  . . . . . . . : 69.4 days (2014-07-05 12:02:16)
      Entropy  . . . . . : 7.3
      SHA-256  . . . . . : 561B6080396BA1218D886E7F4999918B3E85D50B4BFC05772C911CBE5AF7947A
      Source URL . . . . : hxxp://www.wajam.com/download/wajam_validate.exe
    > Kaspersky  . . . . : not-a-virus:Downloader.NSIS.Agent.ij
      Fuzzy  . . . . . . : 120.0
   C:\Users\Owner\AppData\Local\Temp\9371512550 -> Quarantined
      Size . . . . . . . : 11,186,208 bytes
      Age  . . . . . . . : 69.4 days (2014-07-05 12:04:31)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 8032A6A3E9B19F94ED6D8F5A5A9FBFBA8314FFED14B28E46F4A016F5AC765738
      RSA Key Size . . . : 2048
      Source URL . . . . : hxxp://gogeneral.blob.core.windows.net/versions-20140610-snapdo/Installer.exe
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.Generic.996671
      Fuzzy  . . . . . . : 112.0

Potential Unwanted Programs _________________________________________________
   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player) -> Deleted
   HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> Deleted
   HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted
   HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> PendingDelete
   HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> PendingDelete
   HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted
   HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted
   HKU\S-1-5-21-4233013369-1694252847-3016774584-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
   HKU\S-1-5-21-4233013369-1694252847-3016774584-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player) -> Deleted
Repairs _____________________________________________________________________
   Proxy server on this computer (User)
   127.0.0.1:50060
   Proxy server on this computer (User)
   127.0.0.1:50060

Cookies _____________________________________________________________________
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:3877730.fls.doubleclick.net
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.al.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bridgetrack.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cleveland.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpserve.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.masslive.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mlive.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.nj.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.nola.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.oregonlive.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pennlive.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.syracuse.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:hearstmagazines.112.2o7.net
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:network.realmedia.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:oasc17.247realmedia.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.adotube.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpserve.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver482next.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
   C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com

 



 


#6 Chivalry

Chivalry
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 13 September 2014 - 02:39 AM

Also, I think search protect got uninstalled after malwarebytes and hitman pro finished.
Zombie Alert is still there...

On chrome I'm getting ad's saying
ads by deAolpeaK

Internet Explorer doesn't seem to be infected


Edited by Chivalry, 13 September 2014 - 02:45 AM.


#7 Chivalry

Chivalry
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 15 September 2014 - 08:06 PM

 


Edited by Chivalry, 15 September 2014 - 08:07 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:28 AM

Posted 16 September 2014 - 10:45 AM

Look in Chrome's Add-ons and remove anything you don't recognize and anything like deAolpeaK
 
How To Disable Individual Plug-ins in Google Chrome
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Chivalry

Chivalry
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 16 September 2014 - 08:44 PM

This is all that it shows...

 

 

PLUGINS

 
Adobe Flash Player (2 files) - Version: 15.0.0.152
Shockwave Flash 15.0 r0
Name: Shockwave Flash
Description: Shockwave Flash 15.0 r0
Version: 15.0.0.152
Location: C:\Program Files (x86)\Google\Chrome\Application\39.0.2159.4\PepperFlash\pepflashplayer.dll
Type: PPAPI (out-of-process)
  Disable
MIME types: MIME type Description File extensions application/x-shockwave-flash Shockwave Flash .swf application/futuresplash FutureSplash Player .spl
Name: Shockwave Flash
Description: Shockwave Flash 15.0 r0
Version: 15,0,0,152
Location: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll
Type: NPAPI
  Disable
MIME types: MIME type Description File extensions application/x-shockwave-flash Adobe Flash movie .swf application/futuresplash FutureSplash movie .spl
Disable  Always allowed
Chrome PDF Viewer
Name: Chrome PDF Viewer
Version:  
Location: C:\Program Files (x86)\Google\Chrome\Application\39.0.2159.4\pdf.dll
Type: PPAPI (in-process)
  Disable
MIME types: MIME type Description File extensions application/pdf Portable Document Format .pdf application/x-google-chrome-print-preview-pdf Portable Document Format .pdf
Disable  Always allowed
Chrome Remote Desktop Viewer
This plugin allows you to securely access other computers that have been shared with you. To use this plugin you must first install the Chrome Remote Desktop webapp.
Name: Chrome Remote Desktop Viewer
Description: This plugin allows you to securely access other computers that have been shared with you. To use this plugin you must first install the Chrome Remote Desktop webapp.
Version:  
Location: internal-remoting-viewer
Type: PPAPI (out-of-process)
  Disable
MIME types: MIME type Description File extensions application/vnd.chromium.remoting-viewer   .
Disable  Always allowed
Native Client
Name: Native Client
Version:  
Location: C:\Program Files (x86)\Google\Chrome\Application\39.0.2159.4\internal-nacl-plugin
Type: PPAPI (in-process)
  Disable
MIME types: MIME type Description File extensions application/x-nacl Native Client Executable . application/x-pnacl Portable Native Client Executable .
Disable  Always allowed
Microsoft Office - Version: 14.0.4730.1010
Office Authorization plug-in for NPAPI browsers
Name: Microsoft Office 2010
Description: Office Authorization plug-in for NPAPI browsers
Version: 14.0.4730.1010
Location: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
Type: NPAPI
  Disable
MIME types: MIME type Description File extensions application/x-msoffice14 14.0.4730.1010 .*
Disable  Always allowed
Silverlight - Version: 5.1.30514.0
Name: Silverlight Plug-In
Version: 5.1.30514.0
Location: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
Type: NPAPI
  Disable
MIME types: MIME type Description File extensions application/x-silverlight npctrl .scr application/x-silverlight-2    
Disable  Always allowed


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:28 AM

Posted 16 September 2014 - 09:57 PM

As we have a list to re enable... Disable all.
close and reopen your browser.

Do what you normally do and see if its stopped.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Chivalry

Chivalry
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 16 September 2014 - 10:21 PM

it would seem as tho it isn't in the plugins...

The ads still show. I inspected the element of an ad and it says something about sophia search...

EDIT: I did some snooping, I've looked for all modified files on the date Zombie Alert was installed...
I found this bit of code in a user.js file

 user_pref("extensions.autoDisableScopes", 0);

not sure if that is actually anything...


 


Edited by Chivalry, 17 September 2014 - 12:05 AM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:28 AM

Posted 17 September 2014 - 11:05 AM

Appears we will have to go in and get it..

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.
If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Chivalry

Chivalry
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 18 September 2014 - 04:38 AM

Note: I just finished starting a topic in malware removal.
http://www.bleepingcomputer.com/forums/t/548832/zombie-alertware-the-search-for-the-fix-continues/



#14 hamluis

hamluis

    Moderator


  • Moderator
  • 54,839 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:28 AM

Posted 18 September 2014 - 10:23 AM

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users