Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New lenovo comp, adware, trojans, maleware, rockettab


  • Please log in to reply
17 replies to this topic

#1 lisa0477

lisa0477

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 25 November 2014 - 08:14 AM

I recently purchased a Lenovo ultrabook, this is my second one due to the first one crashing. I bought at best buy and had to return due to the hard drive being wiped out..

Apparently this is easy to do?? Nothing had been removed or deleted to my knowledge so I am not sure how it happened. I was told that it is easy to do through my documents. Anyway, It seems like from the first time being on the internet I have tons of ads that pop. Rockettab is stalking me and every purchase I try to make. The computer came with a free trial of mcafee and I am including the screen shots of what it says it cleaned off. I am terrified to download or run any type of scan unless you tell me to. I have windows 8 =(

 

Please tell me what scan I should do first to help you..help me!!! I was told these were really good computers....but what do I know :crazy:

Well... I would attach my screen shots but, it won't let me.

artemus, rockettab, adware out are a few of the 2,000 threats mcafee said it found.



BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:14 PM

Posted 25 November 2014 - 08:27 AM

Use the programs below to scan for and remove adware and malware.

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR REVIEW.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars...especially Yahoo.

You may see Google Tool Bar being offered.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Eset scan can take an hour or more to complete depending on computer's resources and size of files. Plan accordingly.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 lisa0477

lisa0477
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 25 November 2014 - 11:17 PM

how do I attach the scan, I don' t see a paper clip  haha!


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:14 AM

Posted 25 November 2014 - 11:34 PM

Hi -

Just to help, please >> Copy and Paste << all answers in this area.

 

Thank You -



#5 lisa0477

lisa0477
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 25 November 2014 - 11:43 PM

I have a few questions before I delete. I am scared of wiping out my comp. This is from Adwcleaner- Am I supposed to delete all those registry keys??

 

 

# AdwCleaner v4.102 - Report created 25/11/2014 at 22:28:14
# Updated 23/11/2014 by Xplode
# Database : 2014-11-25.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : lisa - LENOVO-PC
# Running from : C:\Users\lisa\AppData\Local\Microsoft\Windows\INetCache\IE\9YWTFAO1\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc

***** [ Files / Folders ] *****

File Found : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\lisa\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
File Found : C:\Users\Public\Desktop\Knctr.lnk
Folder Found : C:\Program Files (x86)\Search Extensions
Folder Found : C:\ProgramData\Pokki
Folder Found : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppihnomfdolaldammcfbbgnakngfgkl
Folder Found : C:\Users\lisa\AppData\Local\Pokki
Folder Found : C:\Users\lisa\AppData\Local\Temp\snipsmart

***** [ Scheduled Tasks ] *****

Task Found : RocketTab Update Task
Task Found : RocketTab

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll
Key Found : HKCU\Software\BRS
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\BRS
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Pokki
Key Found : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D3048B2-3FB1-436D-9470-E62E5EB7832A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v39.0.2171.65

[C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1QzutB0A0BtB0B0DtC0AyBzyyCtBtD0E0FyCtN0D0Tzu0StCtDtAtBtN1L2XzutAtFyDtFtCtFtCtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StB0BtAyByB0EyB0BtGzz0AyDtCtGtBzy0DzztGyEyD0ByCtGyCtD0Azy0C0F0DtD0F0D0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByCzz0FtD0C0CtCtG0AtAzztDtGyE0ByDzytG0B0FzyyDtG0AtBzy0B0E0AtCyD0F0D0F0B2Q&cr=1002741422&ir=

*************************

AdwCleaner[R0].txt - [6233 octets] - [25/11/2014 22:28:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6293 octets] ##########

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/25/2014
Scan Time: 10:04:52 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.26.02
Rootkit Database: v2014.11.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: lisa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319704
Time Elapsed: 7 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.MaintainerSvc.A, C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65\maintainer.exe, 19892, Delete-on-Reboot, [f961c878fb8191a5a633be23df22966a]
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Client.exe, 6412, Delete-on-Reboot, [0f4b82beb9c37eb88e1ba7122fd5d030]

Modules: 0
(No malicious items detected)

Registry Keys: 13
PUP.Optional.MaintainerSvc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc3.35.6688013, Quarantined, [f961c878fb8191a5a633be23df22966a],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64, Quarantined, [c595a49c611bc571f60302509a69b44c],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{9f797875-3e17-4f05-af13-44c39bc9c2c2}Gw64, Quarantined, [6eec132ddaa2b87e27d22e249d6627d9],
PUP.Optional.SearchExtensions.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RocketTab, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\RocketTab, Quarantined, [1f3bed537dff3ef8ed8a0e3cd42fcb35],
PUP.Optional.Groovorio.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\Groovorio, Quarantined, [e872b090bebeee488a6660f38e75827e],
PUP.Optional.Groovorio.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Groovorio, Quarantined, [1545da668bf13105bb312231f40fd62a],
PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, Quarantined, [cf8b20207b0157df2a7ddab53aca30d0],
PUP.Optional.Groovorio.A, HKU\S-1-5-21-2582311336-3938755921-3903018293-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\groovorio, Quarantined, [6eec08382656f24414d99ab98281f709],
PUP.Optional.RocketTab.A, HKU\S-1-5-21-2582311336-3938755921-3903018293-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, Quarantined, [be9cca76304c2c0ab2c657f33fc47e82],
PUP.Optional.Groovorio.A, HKU\S-1-5-21-2582311336-3938755921-3903018293-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\Groovorio, Quarantined, [49119ba5bebef442777a4f04f90a0ff1],
PUP.Optional.Groovorio, HKU\S-1-5-21-2582311336-3938755921-3903018293-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CC865B26-C31D-4D23-B17B-96548EEF03F6}, Quarantined, [1e3ce8589ae23204d64f862e17ed728e],
PUP.Optional.RocketTab.A, HKU\S-1-5-21-2582311336-3938755921-3903018293-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS, Quarantined, [5406360ab0cce056feae6554c93bca36],

Registry Values: 1
PUP.Optional.RocketTab.A, HKU\S-1-5-21-2582311336-3938755921-3903018293-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|RocketTab, 1, Quarantined, [5406360ab0cce056feae6554c93bca36]

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions, Delete-on-Reboot, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.Groovorio.A, C:\Program Files (x86)\Groovorio, Quarantined, [acaef54be89438fec71e01278d76ea16],
PUP.Optional.Groovorio.A, C:\Program Files (x86)\Groovorio\bh, Quarantined, [acaef54be89438fec71e01278d76ea16],
PUP.Optional.Groovorio.A, C:\Program Files (x86)\Groovorio\BRS, Quarantined, [acaef54be89438fec71e01278d76ea16],
PUP.Optional.Groovorio.A, C:\Users\lisa\AppData\Roaming\Groovorio, Quarantined, [31292e1284f8979f27c0ac7cc1429d63],
PUP.Optional.Groovorio.A, C:\Users\lisa\AppData\Roaming\Groovorio\UpdateProc, Quarantined, [31292e1284f8979f27c0ac7cc1429d63],

Files: 32
PUP.Optional.MaintainerSvc.A, C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65\maintainer.exe, Delete-on-Reboot, [f961c878fb8191a5a633be23df22966a],
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, Quarantined, [b2a860e092ea4fe73644d07ad2318a76],
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab Update Task, Quarantined, [03572818700c082eaad04a0052b1a45c],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}Gw64.sys, Quarantined, [c595a49c611bc571f60302509a69b44c],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{9f797875-3e17-4f05-af13-44c39bc9c2c2}Gw64.sys, Quarantined, [6eec132ddaa2b87e27d22e249d6627d9],
PUP.Optional.Groovorio.A, C:\Windows\Tasks\Groovorio.job, Quarantined, [4e0cd96789f389adf403f261e221d42c],
PUP.Optional.Groovorio.A, C:\Windows\System32\Tasks\Groovorio, Quarantined, [540688b8e49856e023d59bb831d2ef11],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\TrustedRoot.cer, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\App.config, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\app.manifest, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\certmanager.exe, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Client.exe, Delete-on-Reboot, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\makecert.exe, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\uninstall.exe, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\certutil.exe, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libnspr4.dll, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libplc4.dll, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libplds4.dll, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\nss3.dll, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\smime3.dll, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\softokn3.dll, Quarantined, [0f4b82beb9c37eb88e1ba7122fd5d030],
PUP.Optional.ConduitSearchProtect, C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe, Quarantined, [cf8b20207b0157df2a7ddab53aca30d0],
PUP.Optional.Groovorio.A, C:\Program Files (x86)\Groovorio\astcnfg.dat, Quarantined, [acaef54be89438fec71e01278d76ea16],
PUP.Optional.Groovorio.A, C:\Program Files (x86)\Groovorio\FavIcon.ico, Quarantined, [acaef54be89438fec71e01278d76ea16],
PUP.Optional.Groovorio.A, C:\Program Files (x86)\Groovorio\Sqlite3.dll, Quarantined, [acaef54be89438fec71e01278d76ea16],
PUP.Optional.Groovorio.A, C:\Program Files (x86)\Groovorio\uninst.dat, Quarantined, [acaef54be89438fec71e01278d76ea16],
PUP.Optional.Groovorio.A, C:\Program Files (x86)\Groovorio\BRS\Sqlite3.dll, Quarantined, [acaef54be89438fec71e01278d76ea16],
PUP.Optional.Groovorio.A, C:\Users\lisa\AppData\Roaming\Groovorio\UpdateProc\bkup.dat, Quarantined, [31292e1284f8979f27c0ac7cc1429d63],
PUP.Optional.Groovorio.A, C:\Users\lisa\AppData\Roaming\Groovorio\UpdateProc\config.dat, Quarantined, [31292e1284f8979f27c0ac7cc1429d63],
PUP.Optional.Groovorio.A, C:\Users\lisa\AppData\Roaming\Groovorio\UpdateProc\info.dat, Quarantined, [31292e1284f8979f27c0ac7cc1429d63],
PUP.Optional.Groovorio.A, C:\Users\lisa\AppData\Roaming\Groovorio\UpdateProc\STTL.DAT, Quarantined, [31292e1284f8979f27c0ac7cc1429d63],
PUP.Optional.Groovorio.A, C:\Users\lisa\AppData\Roaming\Groovorio\UpdateProc\TTL.DAT, Quarantined, [31292e1284f8979f27c0ac7cc1429d63],

Physical Sectors: 0
(No malicious items detected)

(end)



#6 lisa0477

lisa0477
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 25 November 2014 - 11:54 PM

This is from CCleaner

 

Some of this I am not sure if I should delete, again I am scared

 

uggh it's not letting me paste, I am going nuts here.  it looks like it wants to delete my ms office, nitro pro, skydrive...I don't want some of these programs gone. not sure how to show you.



#7 lisa0477

lisa0477
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 26 November 2014 - 12:34 AM

another thing...sorry. When I go on the internet and want to shop I know have a different pop up but its the same as rocket tab, this one is called visual discovery. I swear I never had problems as bad as this from the beginning with my other laptops. Did I buy a junk computer?



#8 buddy215

buddy215

  • BC Advisor
  • 12,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:14 PM

Posted 26 November 2014 - 05:03 AM

If you scanned with CCleaner using only the default settings then you can delete all that it found. It is a very safe program to use.

You can use it every day with no problem. You do not need to post what CCleaner found to remove.

 

Rerun AdwCleaner and choose Clean. A lot of what it found has already been quarantined by MBAM. So rerun it and

and allow it to remove what it found by choosing Clean. Superfish is likely what is causing you to see the visual discovery ads.

I see it mentioned in AdwCleaner's log. Lenovo likely installed it.

 

Please continue by posting the scans from Junkware Remover and Eset Online scan. Both very safe to use programs.

 

EDIT: Open CCleaner and click on Tools. Choose Uninstall. Look in the list of installed programs for Superfish and choose

to uninstall if found. At the bottom of that page is a button that when clicked will allow you to copy and paste the list of programs installed

on your computer. Please post that list.


Edited by buddy215, 26 November 2014 - 05:11 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 Karl2014

Karl2014

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 27 November 2014 - 05:30 AM

Hi,

I just signed up to say thanks very much for this.

I brought a Lenovo flex today and it was soo disappointing that there was so much crap on it. It was practically unusable with all the popups etc. Even when I tried to click a link within a page another page would open with some ad.... this was not even including all the ads that would roll onto the screen from 3 or 4 different angles at once.

 

It is highly disappointing that manufacturers can get away with this and think that they won't lose customers.

 

I followed you instructions pretty much to the letter and it seems to have nailed it all... touch wood so far.

Even the last online scan picked up a few installers in there too.

 

So, thanks again.

This was very helpful.

 

Cheers

Karl



#10 buddy215

buddy215

  • BC Advisor
  • 12,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:14 PM

Posted 27 November 2014 - 07:41 AM

Karl2014...Welcome to BC and thanks for taking the time to sign up....and saying thanks !

 

Now that you have cleaned up the crapware you can check to see if anything is in your Startups or Tasks

that you do not need. Such as CCleaner's monitor and constant update checking done by so many programs. Removing

large programs such as office programs, Java, media players from Windows startup will decrease boot time and use of RAM.

You can even check the startups in your Browsers, too. You can do all of that using CCleaner's Tools.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 Karl2014

Karl2014

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 27 November 2014 - 08:41 AM

Thanks very much.

 

I've never used windows 8 yet so this is taking a little bit to get used to... Have been stuck using a work computer with XP.

 

Will definitely have a look into the startup and see what I can disable/remove.

 

 I have been using this laptop for about 4 hours straight since following the above and haven't had one unwanted screen.

 

Legend. thanks once again.



#12 lisa0477

lisa0477
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 30 November 2014 - 06:10 AM

Sorry, Thanksgiving slowed down my progress!! Hope you all had a great one!

 

Here is my AdwCleaner- This already has helped soooo much. It took me forever to be able to run it because every single thing I clicked made all these pop ups and redirects worse than ever before. I am now going to finish the rest!

 

 

 

# AdwCleaner v4.102 - Report created 30/11/2014 at 05:03:52
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : lisa - LENOVO-PC
# Running from : C:\Users\lisa\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Pokki
Folder Deleted : C:\Users\lisa\AppData\Local\Pokki
Folder Deleted : C:\Users\lisa\AppData\Local\Temp\snipsmart
Folder Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppihnomfdolaldammcfbbgnakngfgkl
File Deleted : C:\Users\Public\Desktop\Knctr.lnk
File Deleted : C:\Users\lisa\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
File Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : RocketTab Update Task
Task Deleted : RocketTab

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D3048B2-3FB1-436D-9470-E62E5EB7832A}
Key Deleted : HKCU\Software\BRS
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v39.0.2171.71

*************************

AdwCleaner[R0].txt - [6445 octets] - [25/11/2014 22:28:14]
AdwCleaner[R1].txt - [6103 octets] - [30/11/2014 04:59:52]
AdwCleaner[S0].txt - [5824 octets] - [30/11/2014 05:03:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5884 octets] ##########



#13 lisa0477

lisa0477
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 30 November 2014 - 06:26 AM

CCleaner

 

Still nervous about this one. Just so I am 100% sure I am doing this right, this is what I did. I apologize for sounding so stupid.

When you say make sure it's in default settings...you mean leaving it just as is??

 

In my settings It has add run ccleaner to recycle bin checked,

open ccleaner to recycle bin context menu, auto check for updates

 

Secure Deletion- Normal file deletion

 

 

When I click the Registry under the Cleaner broom- I unchecked all of those---- This is what you were talking about when you said this was too risky correct??

 

Now here is my uninstall list- It looks like it wants to delete a lot of programs??

 

CCleaner Piriform 11/25/2014  5.00
CyberLink PowerDirector 10 CyberLink Corp. 8/20/2014 293 MB 10.0.0.2810
Dolby Digital Plus Home Theater Dolby Laboratories Inc 8/20/2014 2.71 MB 7.5.1.1
Dragon Assistant 3 Nuance Communications, Inc. 8/20/2014 92.7 MB 3.1.30
Dragon Assistant 3 Language Data Pack en_US Nuance Communications, Inc. 8/20/2014 635 MB 3.1.30
Energy Manager Lenovo 8/20/2014 90.3 MB 1.0.1.51
Google Chrome Google Inc. 10/28/2014  39.0.2171.71
Hightail for Lenovo Hightail, Inc. 8/20/2014 29.1 MB 2.4.97.2857
Intel® Dynamic Platform and Thermal Framework Intel Corporation 8/20/2014  7.1.0.2103
Intel® Experience Center Desktop Software Intel 8/20/2014 14.6 MB 1.7.0.179
Intel® Management Engine Components Intel Corporation 8/19/2014  9.5.13.1706
Intel® Processor Graphics Intel Corporation 8/19/2014  10.18.10.3496
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1419.2) Intel Corporation 8/20/2014 37.7 MB 17.0.1405.0464
Intel® Rapid Storage Technology Intel Corporation 8/20/2014  12.8.0.1016
Intel® Smart Connect Technology Intel Corporation 8/20/2014 30.5 MB 4.2.41.2633
Intel® Update Manager Intel Corporation 11/30/2014 22.6 MB 2.3.1338
Intel® PROSet/Wireless Software Intel Corporation 8/20/2014 347 MB 17.0.3
KNCTR Itibiti Inc. 10/28/2014 9.81 MB 
Lenovo Browser Guard ClientConnect LTD 10/25/2014  2.16.50.5
Lenovo Dependency Package Lenovo Group Limited 8/20/2014  1.6.32.00
Lenovo EasyCamera SunplusIT 8/20/2014 7.00 MB 3.4.5.43
Lenovo Experience Improvement Lenovo 10/25/2014  1.0.17.0
Lenovo FusionEngine Lenovo, Inc. 8/20/2014  1.0.13.0
Lenovo Mobile Phone Wireless Import Lenovo 8/20/2014 7.14 MB 1.1.1.9
Lenovo Motion Control PointGrab 8/20/2014 152 MB 2.5.1.0224
Lenovo OneKey Recovery CyberLink Corp. 8/20/2014  8.0.0.2105
Lenovo Photo Master CyberLink Corp. 8/20/2014  1.0.1823.01
Lenovo SHAREit Lenovo Group Limited 8/20/2014  2.0.5.0
Lenovo Smart Voice Lenovo 8/20/2014  1.0.2.4
Lenovo Transition Lenovo 8/20/2014  2.0.13.12271
Lenovo VeriFace Lenovo 8/20/2014  5.0.13.5261
Lenovo Yoga 2 Demo Lenovo 8/20/2014 47.7 MB 1.0.7
Lenovo Yoga PhoneCompanion Lenovo 8/20/2014 30.2 MB 1.1.9.3
Malwarebytes Anti-Malware version 2.0.3.1025 Malwarebytes Corporation 11/25/2014 56.7 MB 2.0.3.1025
McAfee LiveSafe – Internet Security McAfee, Inc. 10/30/2014  13.6.1248
Microsoft Office 365 - en-us Microsoft Corporation 11/25/2014  15.0.4667.1002
Microsoft OneDrive Microsoft Corporation 11/18/2014 29.3 MB 17.3.1229.0918
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8/20/2014 4.89 MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 8/20/2014 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 8/20/2014 10.1 MB 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 8/20/2014 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 8/20/2014 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 8/20/2014 17.3 MB 11.0.61030.0
Nitro Pro 9 Nitro 8/20/2014 536 MB 9.0.5.9
OneKey Recovery CyberLink Corp. 8/20/2014  8.0.0.2105
PowerDirector CyberLink Corp. 8/20/2014 293 MB 10.0.0.2810
Realtek Card Reader Realtek Semiconductor Corp. 8/20/2014  6.2.9200.30164
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 8/20/2014  6.0.1.7058
Superfish Inc. VisualDiscovery Superfish 8/20/2014  1.0.0.1
Synaptics Pointing Device Driver Synaptics Incorporated 8/20/2014 46.4 MB 17.0.8.7
User Manuals Lenovo 8/20/2014 26.1 MB 3.0.0.3
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) Lenovo 8/20/2014  02/17/2013 9.52.0.776
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) Lenovo 8/20/2014  07/25/2013 10.30.0.288
Yoga Picks Lenovo 8/20/2014  1.5.014.0106
 



#14 lisa0477

lisa0477
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 30 November 2014 - 06:37 AM

Junkware log

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by lisa on Sun 11/30/2014 at  5:29:29.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/30/2014 at  5:32:38.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#15 lisa0477

lisa0477
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 30 November 2014 - 07:16 AM

ESET

 

Now I may need to go and redo this one. I missed the step where I needed to do some stuff under settings, but here is the first scan.

 

C:\AdwCleaner\Quarantine\C\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppihnomfdolaldammcfbbgnakngfgkl\1.0.1_0\background.js.vir Win32/BrowseFox.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppihnomfdolaldammcfbbgnakngfgkl\1.0.1_0\content.js.vir Win32/BrowseFox.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\lisa\AppData\Local\Temp\Uninstall.exe.vir a variant of MSIL/Adware.iBryte.J application cleaned by deleting - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPTool64.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64.dll a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll a variant of Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\SPTool.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\uninstall.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Users\lisa\AppData\Local\Microsoft\Windows\INetCache\IE\Q7EP475R\EasyHomeDecorating.exe a variant of Win32/AdInstaller potentially unwanted application deleted - quarantined
C:\Users\lisa\AppData\Local\Microsoft\Windows\INetCache\IE\YF90I4QE\grvStubSetup[1].exe a variant of Win32/DealPly.V potentially unwanted application deleted - quarantined
C:\Users\lisa\AppData\Local\Microsoft\Windows\INetCache\IE\YF90I4QE\snipsmart[1].dll a variant of Win32/BrowseFox.O potentially unwanted application deleted - quarantined
C:\Users\lisa\AppData\Local\Temp\bacicabebebfi.exe a variant of Win32/OutBrowse.BA potentially unwanted application deleted - quarantined
C:\Users\lisa\AppData\Local\Temp\SPSetup.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsk9A38.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsoA4E7.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
 






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users