Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Salus will not go away!!


  • Please log in to reply
9 replies to this topic

#1 RyanStrong

RyanStrong

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 02 April 2015 - 02:29 PM

Hello, I have been infected with salus. I am runnin windows 8.1 . So far I have dowloaded adwcleaner and ran that which removes the virus (to my knowledge) as all the ads will stop once the restart is complete. a few hours later The ads come back and saying that they are powered by salus. sure enough, its back. Please help me this is very annoying especially the new window that pops up saying to call the 1800 number.

 

I have also reset firefox and IE after scanning with adwcleaner and also downloaded rkill as i seen it in other topics related to this issue.

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/02/2015 04:10:06 PM in x64 mode.
Windows Version: Windows 8.1 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Ryan\AppData\Roaming\ywy2yznxzgsybwr\ywy2yznxzgsybwr.exe (PID: 3492) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 04/02/2015 04:10:53 PM
Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s)



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:21 PM

Posted 02 April 2015 - 02:41 PM

Welcome to BC !

 

AdwCleaner is a great tool but it needs help. Use the programs below to find and remove adware and malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR REVIEW.

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  •  
  •  
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Run AdwCleaner again after doing the above and post what it finds.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 RyanStrong

RyanStrong
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 02 April 2015 - 08:35 PM

MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-04-02
Scan Time: 8:08:13 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.02.07
Rootkit Database: v2015.03.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Ryan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333547
Time Elapsed: 6 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Salus.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mwiynzm4ndy1yjz, Quarantined, [9d32a0c7622880b6a1e72d96ad561de3], 
PUP.Optional.GigaClicks.C, HKLM\SOFTWARE\WOW6432NODE\GigaClicks, Quarantined, [3b94d0973258b77fd1b82093e51eb54b], 

Registry Values: 1
PUP.Optional.Salus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mwyyntm1ndi1zdz, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz.exe, Quarantined, [f7d8d394f59530063953bf046a999868]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\nss, Quarantined, [88472c3baedc76c0d748129912f17090], 

Files: 163
PUP.Optional.Salus.A, C:\Windows\System32\drivers\mwiynzm4ndy1yjz.sys, Delete-on-Reboot, [c684182965c3f539e377252a563afecf], 
PUP.Optional.Imedia.SID, C:\Users\Ryan\AppData\Local\Temp\873C.tmp, Quarantined, [f9d6db8c6b1fc76f13a4a58de81ea858], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz.exe, Quarantined, [f7d8d394f59530063953bf046a999868], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz.log, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\settings.txt, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-snt151.mail.live.com-710d12dec71243b8c52177c4cfe189edb6562889#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-snt151.mail.live.com-710d12dec71243b8c52177c4cfe189edb6562889#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-spvideos.5min.com-9460f5cc81a9fcd21994e856b1a21de35a718ef6#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-spvideos.5min.com-9460f5cc81a9fcd21994e856b1a21de35a718ef6#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-ssl.connextra.com-1739d4538261d5231f9b2304dad0175e9152ab29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-ssl.connextra.com-1739d4538261d5231f9b2304dad0175e9152ab29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-ssl.gstatic.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-ssl.gstatic.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-stags.bluekai.com-f07750b8ca211f05ce1d00ec213b9836d01bc5d5#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-stags.bluekai.com-f07750b8ca211f05ce1d00ec213b9836d01bc5d5#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-stats.g.doubleclick.net-3d25fc6bc5d6a4c2a86d2b341802c0114744eb60#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-stats.g.doubleclick.net-3d25fc6bc5d6a4c2a86d2b341802c0114744eb60#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-ny-aaa.net-b4b57457ac0412ea3a6fece4c20e107c1ce95977#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-o2.eyereturn.com-dc2cf1541ce4ee0681c5e3af5b20fb6da936b6a4#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-o2.eyereturn.com-dc2cf1541ce4ee0681c5e3af5b20fb6da936b6a4#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-oauth.googleusercontent.com-ed8266bff3ed45a389e0748451747e8ede111709#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-oauth.googleusercontent.com-ed8266bff3ed45a389e0748451747e8ede111709#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-p.adsymptotic.com-fb08124be79bd2ab2e28b4c84bd1410e2aab8009#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-p.adsymptotic.com-fb08124be79bd2ab2e28b4c84bd1410e2aab8009#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-pagead2.googlesyndication.com-ed8266bff3ed45a389e0748451747e8ede111709#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-accounts.google.com-80e7d9110d0a336a7f8295cdeb34a2e1bbe6e03d#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-accounts.google.com-80e7d9110d0a336a7f8295cdeb34a2e1bbe6e03d#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-ad.doubleclick.net-71c3fe5c751f64a807fe109de41342e796c415a1#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-ad.doubleclick.net-71c3fe5c751f64a807fe109de41342e796c415a1#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-adsrvmedia.adk2.co-4bfc3da8c4d6274f4ca3d0b835a582e04ec99997#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-adsrvmedia.adk2.co-4bfc3da8c4d6274f4ca3d0b835a582e04ec99997#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-blocklist.addons.mozilla.org-aaf6bb10279982decc5a3852b3a38e32428248c0#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-clients6.google.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-fonts.googleapis.com-a2584803e8d665c5326d26e10599a5144181f52c#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-ny-aaa.net-b4b57457ac0412ea3a6fece4c20e107c1ce95977#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-pagead2.googlesyndication.com-ed8266bff3ed45a389e0748451747e8ede111709#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-r13---sn-tt17rn7k.googlevideo.com-6a2795c0e3d64f110145a07da140807ee3d00cb9#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s.ytimg.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-services.addons.mozilla.org-28fe543c7c08665000a051db803fde44a1fd545c#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-stats.g.doubleclick.net-95ef77c92df0b5ec9b19ffa2a9f53fd56067dd7c#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-versioncheck-bg.addons.mozilla.org-28fe543c7c08665000a051db803fde44a1fd545c#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.googletagservices.com-3d25fc6bc5d6a4c2a86d2b341802c0114744eb60#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.youtube.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-yt3.ggpht.com-ed8266bff3ed45a389e0748451747e8ede111709#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-yt3.ggpht.com-ed8266bff3ed45a389e0748451747e8ede111709#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-z.moatads.com-e639626f6ac4b94669a3aede34a6efee78517e36#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-z.moatads.com-e639626f6ac4b94669a3aede34a6efee78517e36#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\test.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\test.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-blocklist.addons.mozilla.org-aaf6bb10279982decc5a3852b3a38e32428248c0#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-bs.serving-sys.com-05929065bbe9da8575e28668f6cead73d1ed7fce#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-bs.serving-sys.com-05929065bbe9da8575e28668f6cead73d1ed7fce#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-cdn-static-secure.liverail.com-8828c7adf0e7af6b873d9e957e0fbcd0dea4d9e3#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-cdn-static-secure.liverail.com-8828c7adf0e7af6b873d9e957e0fbcd0dea4d9e3#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-cdn.adpdx.com-ef90a9f894c699390883b81f5d12d1a16aadc9fe#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-cdn.adpdx.com-ef90a9f894c699390883b81f5d12d1a16aadc9fe#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-cdn3.doubleverify.com-cc1d8a3026613bca66b31214a9579ffeae609a17#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-cdn3.doubleverify.com-cc1d8a3026613bca66b31214a9579ffeae609a17#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-clients6.google.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-r13---sn-tt17rn7k.googlevideo.com-6a2795c0e3d64f110145a07da140807ee3d00cb9#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-rover.ebay.ca-facb3f82b0c4e4fb97bbe15a13b884bba9901e0c#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-rover.ebay.ca-facb3f82b0c4e4fb97bbe15a13b884bba9901e0c#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s-passets.pinimg.com-0f3a32b324e32eadce73932105311b9f6a5e1a1e#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s-passets.pinimg.com-0f3a32b324e32eadce73932105311b9f6a5e1a1e#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s-static.ak.facebook.com-23b719b5a410d3ac80aeb5f4a25adf4cc827f708#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s-static.ak.facebook.com-23b719b5a410d3ac80aeb5f4a25adf4cc827f708#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s.adroll.com-7d15ea2d2cc9643dadd2654368901cf1dd927b2c#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s.adroll.com-7d15ea2d2cc9643dadd2654368901cf1dd927b2c#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s.youtube.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s.youtube.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s.ytimg.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-w.apprep.smartscreen.microsoft.com-81e384180116e9e2bb293740166061e1ee281c23#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-w.apprep.smartscreen.microsoft.com-81e384180116e9e2bb293740166061e1ee281c23#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-widgets.pinterest.com-b206e87997427e0bbb1e5d8c3ca7e42e03002da4#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-widgets.pinterest.com-b206e87997427e0bbb1e5d8c3ca7e42e03002da4#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.facebook.com-1f2c5432749e2b72446950dc687eb0e4d3eade7a#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.facebook.com-1f2c5432749e2b72446950dc687eb0e4d3eade7a#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.google.ca-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.google.ca-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.google.com-274430e6b5b3d80fc690f100a2cce399790f2480#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.google.com-274430e6b5b3d80fc690f100a2cce399790f2480#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.googleadservices.com-e97edbf6bf254de705ccc6f1b09385fdb851f610#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.googleadservices.com-e97edbf6bf254de705ccc6f1b09385fdb851f610#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.googletagservices.com-3d25fc6bc5d6a4c2a86d2b341802c0114744eb60#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-fonts.googleapis.com-a2584803e8d665c5326d26e10599a5144181f52c#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-gg.google.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-gg.google.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-googleads.g.doubleclick.net-3d25fc6bc5d6a4c2a86d2b341802c0114744eb60#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-googleads.g.doubleclick.net-3d25fc6bc5d6a4c2a86d2b341802c0114744eb60#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-graph.facebook.com-1f2c5432749e2b72446950dc687eb0e4d3eade7a#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-graph.facebook.com-1f2c5432749e2b72446950dc687eb0e4d3eade7a#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-i.ytimg.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-i.ytimg.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-id.google.ca-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-id.google.ca-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-lh4.googleusercontent.com-ed8266bff3ed45a389e0748451747e8ede111709#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-lh4.googleusercontent.com-ed8266bff3ed45a389e0748451747e8ede111709#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-log.pinterest.com-27dae3c64ca4cc043e568dae00b44431eba64099#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-log.pinterest.com-27dae3c64ca4cc043e568dae00b44431eba64099#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.gstatic.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.gstatic.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.superfish.com-379922b07aba0722dffe21bac8045a54dc01c757#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.superfish.com-379922b07aba0722dffe21bac8045a54dc01c757#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.youtube-nocookie.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.youtube-nocookie.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-www.youtube.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s0.2mdn.net-71c3fe5c751f64a807fe109de41342e796c415a1#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s0.2mdn.net-71c3fe5c751f64a807fe109de41342e796c415a1#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s2.googleusercontent.com-ed8266bff3ed45a389e0748451747e8ede111709#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-s2.googleusercontent.com-ed8266bff3ed45a389e0748451747e8ede111709#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-safebrowsing.google.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-safebrowsing.google.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-search.yahoo.com-68194e0972c1766e53e536eb656306d24b5d4106#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-search.yahoo.com-68194e0972c1766e53e536eb656306d24b5d4106#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-secure.adnxs.com-50f27e06a7ddfe11b8f563d42150626c9a320283#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-secure.adnxs.com-50f27e06a7ddfe11b8f563d42150626c9a320283#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-securepubads.g.doubleclick.net-3d25fc6bc5d6a4c2a86d2b341802c0114744eb60#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-securepubads.g.doubleclick.net-3d25fc6bc5d6a4c2a86d2b341802c0114744eb60#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-services.addons.mozilla.org-28fe543c7c08665000a051db803fde44a1fd545c#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-stats.g.doubleclick.net-95ef77c92df0b5ec9b19ffa2a9f53fd56067dd7c#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-syndication.twitter.com-d4429424f0ac84f482fbd96cf1f33af232e85931#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-syndication.twitter.com-d4429424f0ac84f482fbd96cf1f33af232e85931#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-tiles.cdn.mozilla.net-47d9c3ebf40184c0b5f14861023cafab071f7ac5#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-tiles.cdn.mozilla.net-47d9c3ebf40184c0b5f14861023cafab071f7ac5#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-tiles.services.mozilla.com-d3624fe8cb24f8a794d6272de306f588f5167e4d#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-tiles.services.mozilla.com-d3624fe8cb24f8a794d6272de306f588f5167e4d#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-versioncheck-bg.addons.mozilla.org-28fe543c7c08665000a051db803fde44a1fd545c#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-pixel.mathtag.com-323ea222686a450a9b1b0fc17a003bc6946ef321#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-pixel.mathtag.com-323ea222686a450a9b1b0fc17a003bc6946ef321#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-platform.linkedin.com-baeff271dd0f4445c459383c49960243287987e7#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-platform.linkedin.com-baeff271dd0f4445c459383c49960243287987e7#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-platform.twitter.com-dc1cd4d2d6c81ea0a01601e24346a59bbdd00ee5#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-platform.twitter.com-dc1cd4d2d6c81ea0a01601e24346a59bbdd00ee5#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-plus.google.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-plus.google.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-ajax.googleapis.com-a2584803e8d665c5326d26e10599a5144181f52c#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-ajax.googleapis.com-a2584803e8d665c5326d26e10599a5144181f52c#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-api.keen.io-e0a3191afaddc9466346b8373ba4380b9fc281fa#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-api.keen.io-e0a3191afaddc9466346b8373ba4380b9fc281fa#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-apis.google.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-apis.google.com-09b493f338218cabc2e84209fe43fd7741bc9a29#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-aus4.mozilla.org-f93d9f059fcc97e3caebaf3e57b9acd290c3c64b#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-aus4.mozilla.org-f93d9f059fcc97e3caebaf3e57b9acd290c3c64b#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-b.scorecardresearch.com-f01a81f9c6c0a1ffb26b477fa38145ce428a4ff9#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-b.scorecardresearch.com-f01a81f9c6c0a1ffb26b477fa38145ce428a4ff9#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-cm.g.doubleclick.net-3d25fc6bc5d6a4c2a86d2b341802c0114744eb60#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-cm.g.doubleclick.net-3d25fc6bc5d6a4c2a86d2b341802c0114744eb60#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-dwmvwp56lzq5t.cloudfront.net-f34def817618df3f2894a48ed03caeb1b1661cbe#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-dwmvwp56lzq5t.cloudfront.net-f34def817618df3f2894a48ed03caeb1b1661cbe#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-embed.textingpal.com-e300c6f60a12ff3490bc34644333682b572efccc#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-embed.textingpal.com-e300c6f60a12ff3490bc34644333682b572efccc#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-fonts.googleapis.com-7966430f2d0ef5f66b837864d19770da926e9c88#child.cer, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz\SSL\Salus CA-fonts.googleapis.com-7966430f2d0ef5f66b837864d19770da926e9c88#child.pvk, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\nss\certutil.exe, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\nss\mozcrt19.dll, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\nss\nspr4.dll, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\nss\nss3.dll, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\nss\plc4.dll, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\nss\plds4.dll, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\nss\smime3.dll, Quarantined, [88472c3baedc76c0d748129912f17090], 
PUP.Optional.Salus.A, C:\Program Files (x86)\Smwyyntm1ndi1zdz\nss\softokn3.dll, Quarantined, [88472c3baedc76c0d748129912f17090], 

Physical Sectors: 0
(No malicious items detected)


(end)

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 8.1 x64
Ran by Ryan on 2015-04-02 at 21:09:51.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1287938582-2600275468-4221663893-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-04-02 at 21:16:58.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET

C:\Users\Ryan\AppData\Roaming\ywy2yznxzgsybwr\ywy2yznxzgsybwr.exe	a variant of Win32/Adware.Salus.H application

Adwcleaner

# AdwCleaner v4.200 - Logfile created 02/04/2015 at 22:26:16
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Ryan - RYAN-LAPTOP
# Running from : C:\Users\Ryan\Desktop\adwcleaner_4.200.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2040 bytes] - [23/03/2015 16:16:41]
AdwCleaner[R1].txt - [933 bytes] - [31/03/2015 20:16:38]
AdwCleaner[R2].txt - [970 bytes] - [31/03/2015 20:37:24]
AdwCleaner[R3].txt - [1230 bytes] - [02/04/2015 16:35:11]
AdwCleaner[R4].txt - [833 bytes] - [02/04/2015 22:26:16]
AdwCleaner[S0].txt - [2099 bytes] - [23/03/2015 16:50:49]
AdwCleaner[S1].txt - [1000 bytes] - [31/03/2015 20:21:25]
AdwCleaner[S2].txt - [1307 bytes] - [02/04/2015 16:37:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1068 bytes] ##########



#4 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:21 PM

Posted 02 April 2015 - 08:55 PM

Is Salus gone?

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 RyanStrong

RyanStrong
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 02 April 2015 - 09:05 PM

startup

Yes	HKCU:Run	CCleaner Monitoring	Piriform Ltd	"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes	HKLM:Run	HPMessageService	Hewlett-Packard Development Company, L.P.	C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
Yes	HKLM:Run	mcpltui_exe	McAfee, Inc.	"C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
Yes	HKLM:Run	RTHDVCPL	Realtek Semiconductor	"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes	HKLM:Run	SynTPEnh	Synaptics Incorporated	%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
No	Startup Common	GoPro Importer.lnk	GoPro	C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe

uninstall

7-Zip 9.20 (x64 edition)	Igor Pavlov	2014-10-15	4.53 MB	9.20.00.0
Adobe Flash Player 16 NPAPI	Adobe Systems Incorporated	2015-02-25	6.00 MB	16.0.0.305
Bonjour	Apple Inc.	2014-11-05	2.00 MB	3.0.0.10
Broadcom 802.11 Wireless LAN Adapter	Broadcom Corporation	2014-11-05		
Broadcom Bluetooth Drivers	Broadcom Corporation	2014-11-05	14.7 MB	12.0.0.9870
calibre	Kovid Goyal	2015-02-22	168 MB	2.20.0
CCleaner	Piriform	2015-04-02		5.04
Energy Star	Hewlett-Packard Company	2014-11-05	3.39 MB	1.0.9
ESET Online Scanner v3		2015-04-02		
GoPro Studio 2.5.4	GoPro, Inc.	2015-03-11		2.5.4
HP Documentation	Hewlett-Packard	2014-11-05	302 MB	1.1.0.0
HP Registration Service	Hewlett-Packard	2014-11-05	30.1 MB	1.2.7745.4851
HP Support Assistant	Hewlett-Packard Company	2014-11-05	64.9 MB	7.6.31.30
HP System Event Utility	Hewlett-Packard Company	2014-11-05	8.10 MB	1.2.1
HP Utility Center	Hewlett-Packard Company	2014-11-05	7.26 MB	2.5.5
HP Wireless Button Driver	Hewlett-Packard Company	2014-11-05	765 KB	1.1.2.1
Intel(R) Processor Graphics	Intel Corporation	2014-11-05		10.18.10.3643
Intel(R) Sideband Fabric Device Driver	Intel Corporation	2014-11-05		1.70.305.16316
Intel(R) Trusted Execution Engine	Intel Corporation	2014-11-05		1.0.0.1050
Intel(R) Virtual Buttons	Intel Corporation	2014-11-05		1.0.0.17
Malwarebytes Anti-Malware version 2.1.4.1018	Malwarebytes Corporation	2015-04-02	57.6 MB	2.1.4.1018
McAfee LiveSafe - Internet Security	McAfee, Inc.	2015-04-02		13.6.1599
Microsoft Office 365 - en-us	Microsoft Corporation	2015-03-18		15.0.4701.1002
Microsoft OneDrive	Microsoft Corporation	2015-03-12	30.6 MB	17.3.4726.0226
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	2015-03-12	1.92 MB	3.1.0000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	2015-03-18	4.84 MB	8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	2015-03-11	7.00 MB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	2014-11-05	13.2 MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	2015-03-18	13.2 MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	2015-03-11	10.2 MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	2015-03-18	10.1 MB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	2015-03-18	13.8 MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	2015-03-18	11.1 MB	10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005	Microsoft Corporation	2015-03-11	20.5 MB	12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005	Microsoft Corporation	2015-03-19	17.1 MB	12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501	Microsoft Corporation	2015-03-11	17.1 MB	12.0.30501.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)	Microsoft Corporation	2015-03-18		10.0.50903
Mozilla Firefox 36.0.4 (x86 en-US)	Mozilla	2015-03-23	84.5 MB	36.0.4
Mozilla Maintenance Service	Mozilla	2015-02-18	214 KB	35.0.1
Realtek Card Reader	Realtek Semiconductor Corp.	2014-11-05		6.3.273.51
Realtek Ethernet Controller Driver	Realtek	2014-11-05		8.34.617.2014
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	2014-11-05		6.0.1.7335
StudioTax 2014	BHOK IT Consulting	2015-03-03	76.5 MB	10.0.5.1
Synaptics Pointing Device Driver	Synaptics Incorporated	2014-11-05	46.4 MB	18.0.4.91
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )	GoPro	2015-03-11		03/07/2012 
Windows Live Essentials	Microsoft Corporation	2015-03-12		16.4.3528.0331
µTorrent	BitTorrent Inc.	2015-03-19		3.4.2.38913

however C:\Users\Ryan\AppData\Roaming\ywy2yznxzgsybwr still exists...



#6 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:21 PM

Posted 02 April 2015 - 09:30 PM

Re C:\Users\Ryan\AppData\Roaming\ywy2yznxzgsybwr still exists...

Eset doesn't say it quarantined it....it should have...can you delete the file manually? If not, rerun Eset and be sure to Under scan settings, check "Scan Archives" and "Remove found threats"

 

I don't see the list of Scheduled Tasks....please post it.

 

Disable these Windows Startups: (You can use CCleaner...click to highlight each item....choose Disable on the right. )

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKLM:Run    HPMessageService    Hewlett-Packard Development Company, L.P.    C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

 

Uninstall these programs: (You can use CCleaner...click to highlight each item....choose Uninstall on the right. )

ESET Online Scanner v3        2015-04-02 (When you have removed the file it found in first scan)

µTorrent    BitTorrent Inc.    2015-03-19        3.4.2.38913 (Dangerous to use to download free stuff....high risk! Possible source of Salus)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 RyanStrong

RyanStrong
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 02 April 2015 - 10:01 PM

Scheduled Tasks

Yes	Task	Adobe Flash Player Updater	Adobe Systems Incorporated	C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes	Task	CCleanerSkipUAC	Piriform Ltd	"C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes	Task	GlobalUpdate-ywy2yznxzgsybwr		C:\Users\Ryan\AppData\Roaming\ywy2yznxzgsybwr\ywy2yznxzgsybwr.exe
Yes	Task	HPCeeScheduleForRyan	Hewlett-Packard	C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForRyan (null)
Yes	Task	Microsoft Office 15 Sync Maintenance for RYAN-LAPTOP-Ryan Ryan-Laptop	Microsoft Corporation	C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
Yes	Task	Microsoft OneDrive Auto Update Task-S-1-5-21-1287938582-2600275468-4221663893-1001	Microsoft Corporation	%localappdata%\Microsoft\OneDrive\OneDrive.exe
No	Task	Optimize Start Menu Cache Files-S-1-5-21-1287938582-2600275468-4221663893-1001		
Yes	Task	Optimize Start Menu Cache Files-S-1-5-21-1287938582-2600275468-4221663893-500		
Yes	Task	Synaptics TouchPad Enhancements	Synaptics Incorporated	"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

I was able to delete the folder in appdata\roaming by right clicking and delete

 

EDIT: i also clicked on the program in scheduled tasks and deleted it. i re ran eset and nothing came up


Edited by RyanStrong, 02 April 2015 - 11:04 PM.


#8 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:21 PM

Posted 03 April 2015 - 06:13 AM

Is this the Task you deleted?...Yes    Task    GlobalUpdate-ywy2yznxzgsybwr        C:\Users\Ryan\AppData\Roaming\ywy2yznxzgsybwr\ywy2yznxzgsybwr.exe

If not, delete that, too.

 

Disable these Scheduled Tasks:

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

Yes    Task    HPCeeScheduleForRyan    Hewlett-Packard    C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForRyan (null)

Yes    Task    Optimize Start Menu Cache Files-S-1-5-21-1287938582-2600275468-4221663893-500

 

After doing the above, I think you are good to go...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 RyanStrong

RyanStrong
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 03 April 2015 - 09:54 AM

Thank you

#10 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:21 PM

Posted 03 April 2015 - 10:12 AM

Empty the Recycle Bin...

 

You're welcome...enjoyed working with you...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users