Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop-ups and weird instalations


  • Please log in to reply
5 replies to this topic

#1 popperupping

popperupping

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 23 April 2015 - 07:29 AM

my gateway LT21 running windows 7 starter service pack1 is giving me popups in firefox and installing programs without my permission.  when i uninstal them they re-appear.  they include "EixstraSavings" and DisicoUntExtensi on my programs list.  please help i have tried everything i know :)


Edited by hamluis, 23 April 2015 - 08:32 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:13 PM

Posted 23 April 2015 - 08:25 AM

Welcome to BC !

 

Best to use the programs below to find and remove the adware and malware. No one program will find all.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR REVIEW.

 

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 popperupping

popperupping
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 23 April 2015 - 01:50 PM

ok here's the txt:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/22/2015
Scan Time: 5:50:24 PM
Logfile: mbam application log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.04.22.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307655
Time Elapsed: 1 hr, 5 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 1
PUP.Optional.IndepthRunner.A, C:\Program Files\IndepthRunner\IndepthRunner.dll, No Action By User, [1b1fa0cfdfab44f219988347f80b39c7],

Registry Keys: 29
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{11179b8c-0456-4dfd-81d3-308d585d66b2}, No Action By User, [d169105f96f4d85ea807b38f4cb652ae],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11179B8C-0456-4DFD-81D3-308D585D66B2}, No Action By User, [d169105f96f4d85ea807b38f4cb652ae],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P11179b8c_0456_4dfd_81d3_308d585d66b2_.P11179b8c_0456_4dfd_81d3_308d585d66b2_, No Action By User, [d169105f96f4d85ea807b38f4cb652ae],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P11179b8c_0456_4dfd_81d3_308d585d66b2_.P11179b8c_0456_4dfd_81d3_308d585d66b2_.9, No Action By User, [d169105f96f4d85ea807b38f4cb652ae],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11179B8C-0456-4DFD-81D3-308D585D66B2}, No Action By User, [d169105f96f4d85ea807b38f4cb652ae],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{11179B8C-0456-4DFD-81D3-308D585D66B2}\INPROCSERVER32, No Action By User, [d169105f96f4d85ea807b38f4cb652ae],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{3133c21d-c059-4119-9654-b5800ed4e377}, No Action By User, [c5757cf33d4d55e1ec36f9389171e020],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3133C21D-C059-4119-9654-B5800ED4E377}, No Action By User, [c5757cf33d4d55e1ec36f9389171e020],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P3133c21d_c059_4119_9654_b5800ed4e377_.P3133c21d_c059_4119_9654_b5800ed4e377_, No Action By User, [c5757cf33d4d55e1ec36f9389171e020],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P3133c21d_c059_4119_9654_b5800ed4e377_.P3133c21d_c059_4119_9654_b5800ed4e377_.9, No Action By User, [c5757cf33d4d55e1ec36f9389171e020],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3133C21D-C059-4119-9654-B5800ED4E377}, No Action By User, [c5757cf33d4d55e1ec36f9389171e020],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{3133C21D-C059-4119-9654-B5800ED4E377}\INPROCSERVER32, No Action By User, [c5757cf33d4d55e1ec36f9389171e020],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{bb9c12ad-00b8-4996-a98a-9c31c2adb50c}, No Action By User, [6fcbb2bd0783c86e6b445de5cb3722de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BB9C12AD-00B8-4996-A98A-9C31C2ADB50C}, No Action By User, [6fcbb2bd0783c86e6b445de5cb3722de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Pbb9c12ad_00b8_4996_a98a_9c31c2adb50c_.Pbb9c12ad_00b8_4996_a98a_9c31c2adb50c_, No Action By User, [6fcbb2bd0783c86e6b445de5cb3722de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Pbb9c12ad_00b8_4996_a98a_9c31c2adb50c_.Pbb9c12ad_00b8_4996_a98a_9c31c2adb50c_.9, No Action By User, [6fcbb2bd0783c86e6b445de5cb3722de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BB9C12AD-00B8-4996-A98A-9C31C2ADB50C}, No Action By User, [6fcbb2bd0783c86e6b445de5cb3722de],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{BB9C12AD-00B8-4996-A98A-9C31C2ADB50C}\INPROCSERVER32, No Action By User, [6fcbb2bd0783c86e6b445de5cb3722de],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{ccded228-fa15-44dc-97d4-10e7e974fb5c}, No Action By User, [80bad59a8bff999dcb5760d1d230768a],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CCDED228-FA15-44DC-97D4-10E7E974FB5C}, No Action By User, [80bad59a8bff999dcb5760d1d230768a],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\Pccded228_fa15_44dc_97d4_10e7e974fb5c_.Pccded228_fa15_44dc_97d4_10e7e974fb5c_, No Action By User, [80bad59a8bff999dcb5760d1d230768a],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\Pccded228_fa15_44dc_97d4_10e7e974fb5c_.Pccded228_fa15_44dc_97d4_10e7e974fb5c_.9, No Action By User, [80bad59a8bff999dcb5760d1d230768a],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CCDED228-FA15-44DC-97D4-10E7E974FB5C}, No Action By User, [80bad59a8bff999dcb5760d1d230768a],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{CCDED228-FA15-44DC-97D4-10E7E974FB5C}\INPROCSERVER32, No Action By User, [80bad59a8bff999dcb5760d1d230768a],
PUP.Optional.MultiPlug.Uns, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, No Action By User, [67d38fe05436a39380b467d55ba813ed],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CA1838EF-A497-194E-3850-37A62CEE398B}, No Action By User, [3efc90df2a60989e834ce24fb0526d93],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B138259A-351E-33FA-2726-8D71704F1DA9}, No Action By User, [d7639cd3e1a9f83eb21da889db27da26],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}, No Action By User, [b783b3bc3159d462646be849c53d11ef],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}, No Action By User, [0b2f096663279c9a2ba4e64b6a98a858],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Astromenda.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|First Home Page, http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=httpBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),No Action By User,[c07a83eca5e53bfbe57eb15543c3ac54]AGood: (www.google.com)FGood: (www.google.com)Fwww.microsoft.comGood: (www.google.com)FisapiGood: (www.google.com)Fredir.dllBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),No Action By User,[c07a83eca5e53bfbe57eb15543c3ac54]FprdBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),No Action By User,[c07a83eca5e53bfbe57eb15543c3ac54]Die%26arBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),No Action By User,[c07a83eca5e53bfbe57eb15543c3ac54]Dmsnhome&OSP=httpBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),No Action By User,[c07a83eca5e53bfbe57eb15543c3ac54]AGood: (www.google.com)FGood: (www.google.com)Fastromenda.comGood: (www.google.com)Fresults.phpBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),No Action By User,[c07a83eca5e53bfbe57eb15543c3ac54]FfBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),No Action By User,[c07a83eca5e53bfbe57eb15543c3ac54]D4%26qBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),No Action By User,[c07a83eca5e53bfbe57eb15543c3ac54]D%7BsearchTerms%7D%26aBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),No Action By User,[c07a83eca5e53bfbe57eb15543c3ac54]Dast%5Fdnldstr%5F14%5F48%5Fff%26cdBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),No Action By User,[c07a83eca5e53bfbe57eb15543c3ac54]D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26crBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),No Action By User,[c07a83eca5e53bfbe57eb15543c3ac54]D2092084023%26irBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),No Action By User,[c07a83eca5e53bfbe57eb15543c3ac54]D, %4, %5

Folders: 2
PUP.Optional.IndepthRunner.A, C:\Program Files\IndepthRunner, No Action By User, [1b1fa0cfdfab44f219988347f80b39c7],
PUP.Optional.Fun2Save.A, C:\Program Files\Fun2SavE, No Action By User, [ab8fe18e6f1b78be901f78377a89ff01],

Files: 13
PUP.Optional.MultiPlug.A, C:\Program Files\Fun2SavE\44HfjUJTIVmNj4.dll, No Action By User, [d169105f96f4d85ea807b38f4cb652ae],
PUP.Optional.Multiplug, C:\Program Files\SAveNeewaaAppz\nKV8Pn3OokiAwN.dll, No Action By User, [c5757cf33d4d55e1ec36f9389171e020],
PUP.Optional.MultiPlug.A, C:\Program Files\EnjoYCouppono\JJoTJkkshUNd0s.dll, No Action By User, [6fcbb2bd0783c86e6b445de5cb3722de],
PUP.Optional.Multiplug, C:\Program Files\Fun2Savae\hRUR2EagH8a894.dll, No Action By User, [80bad59a8bff999dcb5760d1d230768a],
PUP.Optional.MultiPlug.Uns, C:\ProgramData\The AdBlocker\The AdBlocker.exe, No Action By User, [67d38fe05436a39380b467d55ba813ed],
PUP.Optional.Multiplug.A, C:\Program Files\Diablo III Server Status\Diablo III Server Status.exe, No Action By User, [3efc90df2a60989e834ce24fb0526d93],
PUP.Optional.Multiplug.A, C:\Program Files\DiscountExtensio\DiscountExtensio.exe, No Action By User, [d7639cd3e1a9f83eb21da889db27da26],
PUP.Optional.Multiplug.A, C:\Program Files\EnjoYCouppono\JJoTJkkshUNd0s.exe, No Action By User, [b783b3bc3159d462646be849c53d11ef],
PUP.Optional.Multiplug.A, C:\Program Files\Fun2SavE\44HfjUJTIVmNj4.exe, No Action By User, [0b2f096663279c9a2ba4e64b6a98a858],
PUP.Optional.SoftPulse.gen, C:\Users\Owner\AppData\Local\Temp\qjoFxyK8.exe.part, No Action By User, [e753e788f991a294a8a56db3d82ac838],
PUP.Optional.IndepthRunner.A, C:\Program Files\IndepthRunner\IndepthRunner.dll, No Action By User, [1b1fa0cfdfab44f219988347f80b39c7],
PUP.Optional.Fun2Save.A, C:\Program Files\Fun2SavE\44HfjUJTIVmNj4.dat, No Action By User, [ab8fe18e6f1b78be901f78377a89ff01],
PUP.Optional.Fun2Save.A, C:\Program Files\Fun2SavE\44HfjUJTIVmNj4.tlb, No Action By User, [ab8fe18e6f1b78be901f78377a89ff01],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

--------------------------------------------------

 

 

# AdwCleaner v4.201 - Logfile created 23/04/2015 at 10:32:50
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Local]
# Operating system : Windows 7 Starter Service Pack 1 (x86)
# Username : Owner - COMPUTER
# Running from : C:\Users\Owner\Downloads\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : 82ef9f5b

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\BestaSaaveForYou
Folder Deleted : C:\ProgramData\DiscoUntExtenosi
Folder Deleted : C:\ProgramData\NeewwSaaver
Folder Deleted : C:\ProgramData\NietoCoupon
Folder Deleted : C:\ProgramData\fa104b478ff42852
Folder Deleted : C:\Program Files\Isaver
Folder Deleted : C:\Program Files\Check Point Software Technologies LTD
Folder Deleted : C:\Program Files\BestaSaaveForYou
Folder Deleted : C:\Program Files\CooupExitenssiuona
Folder Deleted : C:\Program Files\DiscoUntExtenosi
Folder Deleted : C:\Program Files\DisiCCoUntExtensi
Folder Deleted : C:\Program Files\EiXstraSavings
Folder Deleted : C:\Program Files\Fun2Savae
Folder Deleted : C:\Program Files\Fuon22Save
Folder Deleted : C:\Program Files\NeewwSaaver
Folder Deleted : C:\Program Files\NietoCoupon
Folder Deleted : C:\Program Files\RaNDomPerice
Folder Deleted : C:\Program Files\RegulaRDeals
Folder Deleted : C:\Program Files\ReugulaaRDeallss
Folder Deleted : C:\Program Files\SAveNeewaaAppz
Folder Deleted : C:\Program Files\unIsaales
Folder Deleted : C:\Program Files\unnisaLes
Folder Deleted : C:\Users\Owner\AppData\Roaming\Check Point Software Technologies LTD
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ua9cja8a.default-1405573087322\Extensions\ffxtlbr@zonealarm.com
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ua9cja8a.default-1405573087322\Extensions\4YX@BhIO.com
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ua9cja8a.default-1405573087322\Extensions\B@grHg.org
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbamhommiimchnoffljfcijigbnibffb
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\null
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ua9cja8a.default-1405573087322\invalidprefs.js
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ua9cja8a.default-1405573087322\searchplugins\zonealarm.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ua9cja8a.default-1405573087322\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\P0ba98ace_3bb4_403a_ba7a_bf3ba364de64_.P0ba98ace_3bb4_403a_ba7a_bf3ba364de64_
Key Deleted : HKLM\SOFTWARE\Classes\P0ba98ace_3bb4_403a_ba7a_bf3ba364de64_.P0ba98ace_3bb4_403a_ba7a_bf3ba364de64_.9
Key Deleted : HKLM\SOFTWARE\Classes\P80b3e7e2_5de1_4ba1_b5d8_692fd4f07643_.P80b3e7e2_5de1_4ba1_b5d8_692fd4f07643_
Key Deleted : HKLM\SOFTWARE\Classes\P80b3e7e2_5de1_4ba1_b5d8_692fd4f07643_.P80b3e7e2_5de1_4ba1_b5d8_692fd4f07643_.9
Key Deleted : HKLM\SOFTWARE\2e8b9465-ce43-bf98-ef4f-70b6a8de0c82
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0ba98ace-3bb4-403a-ba7a-bf3ba364de64}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80b3e7e2-5de1-4ba1-b5d8-692fd4f07643}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E52324B-66BF-44AE-A8C5-2DB48E90E729}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{598DCD74-3F5B-4E16-8749-057F426F232A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ba98ace-3bb4-403a-ba7a-bf3ba364de64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80b3e7e2-5de1-4ba1-b5d8-692fd4f07643}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ba98ace-3bb4-403a-ba7a-bf3ba364de64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{80b3e7e2-5de1-4ba1-b5d8-692fd4f07643}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKU\.DEFAULT\Software\PennyBee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-73936CAB8FFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)

[ua9cja8a.default-1405573087322\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[ua9cja8a.default-1405573087322\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchfix.info/?pid=724&r=2015/01/05&hid=17652424312883898316&lg=EN&cc=US&l=1&q=");
[ua9cja8a.default-1405573087322\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[ua9cja8a.default-1405573087322\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[ua9cja8a.default-1405573087322\prefs.js] - Line Deleted : user_pref("extensions.VKGjOQpEu5OZjTrp.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjC7qjs9rTnHrjs5pdr5pjYHrjg\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[ua9cja8a.default-1405573087322\prefs.js] - Line Deleted : user_pref("extensions.VMt78D5bpKQVq4Ab.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjC7qjs9rTnHrjs5pdr5pjYHrjg\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[ua9cja8a.default-1405573087322\prefs.js] - Line Deleted : user_pref("extensions.bD4Vga2Cai8CL6Es.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjC7qjs9rTnHrjs5pdr5pjYHrjg\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[ua9cja8a.default-1405573087322\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=1f6278306d784768a347125dff9165a6&tu=10G9z00JU2D33N0&sku=&tstsId=&ver=&&q=");
[ua9cja8a.default-1405573087322\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=1f6278306d784768a347125dff9165a6&tu=10G9z00JU2D33N0&sku=&tstsId=&ver=&&q=");
[ua9cja8a.default-1405573087322\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=1f6278306d784768a347125dff9165a6&tu=10G9z00JU2D33N0&sku=&tstsId=&ver=&&q=");

-\\ Google Chrome v

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2015/01/05&hid=17652424312883898316&lg=EN&cc=US
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : null

*************************

AdwCleaner[R5].txt - [10680 bytes] - [23/04/2015 10:26:18]
AdwCleaner[S4].txt - [10644 bytes] - [23/04/2015 10:32:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [10704  bytes] ##########
 

 

 

--------------------------------------

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.1 (04.23.2015:1)
OS: Windows 7 Starter x86
Ran by Owner on Thu 04/23/2015 at 10:50:57.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster SkipUAC (Owner)



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\DiagISaver
Successfully deleted: [Folder] C:\ProgramData\GreatSavE4Uu
Successfully deleted: [Folder] C:\ProgramData\The AdBlocker



~~~ FireFox

Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ua9cja8a.default-1405573087322\prefs.js

user_pref(extensions.BCL2yWiPfQajGy5y.scode, (function(){try{if(window.self.location.href.indexOf(\rjC7qjs9rTnHrjs5pdr5pjYHrjg\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.H6uEw0iRRqYmTgSA.scode, (function(){try{if(window.self.location.href.indexOf(\rjC7qjs9rTnHrjs5pdr5pjYHrjg\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.J0sqgelYfw6l8wtS.scode, (function(){try{if(window.self.location.href.indexOf(\rjC7qjs9rTnHrjs5pdr5pjYHrjg\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.MNlhJTbFHISZ2yUp.scode, (function(){try{if(window.self.location.href.indexOf(\rjC7qjs9rTnHrjs5pdr5pjYHrjg\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.f3lnGjUR9vaZ4Af2.scode, (function(){try{if(window.self.location.href.indexOf(\rjC7qjs9rTnHrjs5pdr5pjYHrjg\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.fBTa6HB1Tpnyd1jy.scode, (function(){try{if(window.self.location.href.indexOf(\rjC7qjs9rTnHrjs5pdr5pjYHrjg\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.k5jQaQx7P97JgoNJ.scode, (function(){try{if(window.self.location.href.indexOf(\rjC7qjs9rTnHrjs5pdr5pjYHrjg\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.kWsEqzKPMxPIzRfg.scode, (function(){try{if(window.self.location.href.indexOf(\rjC7qjs9rTnHrjs5pdr5pjYHrjg\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.lQvI4ZIZsraYPLg6.scode, (function(){try{if(window.self.location.href.indexOf(\rjC7qjs9rTnHrjs5pdr5pjYHrjg\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.pIIMwOpXpFUOEM4p.scode, (function(){try{if(window.self.location.href.indexOf(\rjC7qjs9rTnHrjs5pdr5pjYHrjg\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.xpiState, {\app-profile\:{\firefox@ghostery.com\:{\d\:\C:\\\\Users\\\\Owner\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ua9cja8a.
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ua9cja8a.default-1405573087322\minidumps [16 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/23/2015 at 11:06:21.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

-----------------------------------------

 

 

 

 

C:\Users\All Users\bpoifgdnilcihbhnmehbkfhjeaojdfnm\jYqzo.js    JS/Kryptik.ATB trojan    
C:\Users\All Users\fikokollhibpdnghflieecldghnnfaom\content.js    JS/Adware.MultiPlug.B application    
C:\Users\All Users\fikokollhibpdnghflieecldghnnfaom\lsdb.js    JS/Adware.MultiPlug.B application    
C:\Users\All Users\fikokollhibpdnghflieecldghnnfaom\q5lFSdCcov.js    JS/Kryptik.ATB trojan    
C:\Users\All Users\idoloickfnnilnejnjocgingmchmmhge\content.js    JS/Adware.MultiPlug.B application    
C:\Users\All Users\idoloickfnnilnejnjocgingmchmmhge\kX3XolnNX.js    JS/Kryptik.ATB trojan    
C:\Users\All Users\idoloickfnnilnejnjocgingmchmmhge\lsdb.js    JS/Adware.MultiPlug.B application    
C:\AdwCleaner\Quarantine\C\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll.vir    a variant of Win32/Toolbar.Montiera.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe.vir    a variant of Win32/Toolbar.Montiera.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\CooupExitenssiuona\qhPgOa02JEn3hX.dll.vir    a variant of Win32/Adware.MultiPlug.FL application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\CooupExitenssiuona\qhPgOa02JEn3hX.exe.vir    a variant of Win32/BHOUninstaller.AB potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\EiXstraSavings\1av9qU6AdgEDwm.dll.vir    a variant of Win32/Adware.MultiPlug.FL application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Isaver\C5PccRXRzQBSIp.dll.vir    a variant of Win32/Adware.MultiPlug.FL application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Isaver\C5PccRXRzQBSIp.exe.vir    a variant of Win32/BHOUninstaller.AB potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\RegulaRDeals\RegulaRDeals.exe.vir    a variant of Win32/BHOUninstaller.AB potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\ReugulaaRDeallss\PMtcwzvxDEYOVq.dll.vir    a variant of Win32/Adware.MultiPlug.FL application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\ReugulaaRDeallss\PMtcwzvxDEYOVq.exe.vir    a variant of Win32/BHOUninstaller.AB potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbamhommiimchnoffljfcijigbnibffb\4.7\F3UdJXvKT.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbamhommiimchnoffljfcijigbnibffb\4.7\lsdb.js.vir    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\null\106\dHS3QFDMC4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\null\106\lsdb.js.vir    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe.vir    Win32/Toolbar.Montiera.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe.vir    Win32/Toolbar.Montiera.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe.vir    Win32/Toolbar.Montiera.E potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ua9cja8a.default-1405573087322\Extensions\ffxtlbr@zonealarm.com\uninstall.exe.vir    Win32/Toolbar.Montiera.B potentially unwanted application    deleted - quarantined
C:\Program Files\CheckPoint\Install\CUninstallerZA.exe    Win32/Toolbar.Conduit potentially unwanted application    deleted - quarantined
C:\Program Files\CheckPoint\Install\zatb.exe    Win32/Toolbar.Montiera.I potentially unwanted application    deleted - quarantined
C:\Program Files\IndepthRunner\IndepthRunner.dll    a variant of Win32/SProtector.Q potentially unwanted application    deleted - quarantined
C:\Program Files\Share with Facebook Twitter Google Email\Share with Facebook Twitter Google Email.exe    a variant of Win32/BHOUninstaller.AB potentially unwanted application    deleted - quarantined
C:\ProgramData\bpoifgdnilcihbhnmehbkfhjeaojdfnm\jYqzo.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\ProgramData\fikokollhibpdnghflieecldghnnfaom\content.js    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\ProgramData\fikokollhibpdnghflieecldghnnfaom\lsdb.js    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\ProgramData\fikokollhibpdnghflieecldghnnfaom\q5lFSdCcov.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\ProgramData\idoloickfnnilnejnjocgingmchmmhge\content.js    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\ProgramData\idoloickfnnilnejnjocgingmchmmhge\kX3XolnNX.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\ProgramData\idoloickfnnilnejnjocgingmchmmhge\lsdb.js    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\209\content.js    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\209\lsdb.js    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\209\W1QHWr3XGn.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnmmjgjaaomkcjibnncokikbianjap\125\N.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadjnjjgcjdhpcjhoplojnicjgeajah\152\YE73PfS1g.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbpkcodlmobmmbhdhfembofegbpghdnh\226\c8NkBDzj.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbpkcodlmobmmbhdhfembofegbpghdnh\226\content.js    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbpkcodlmobmmbhdhfembofegbpghdnh\226\lsdb.js    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaboflcmhejfihjcbmdiebgfchigjcf\133\content.js    JS/Chromex.Agent.L trojan    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaboflcmhejfihjcbmdiebgfchigjcf\133\t9yq.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf\185\hZ4.js    JS/Kryptik.ATL trojan    cleaned by deleting - quarantined
C:\Windows\Installer\MSI7EAB.tmp    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    deleted - quarantined
 

 

 

 

i hope these make more sense to you than they do to me :)



#4 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:13 PM

Posted 23 April 2015 - 02:21 PM

You got rid of a lot but you need to rerun MBAM after changing the scan settings. Nothing it found was removed.

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn..... Change this to PUP: Enabled.....
PUM: Enabled

 

Rerun AdwCleaner as it often finds more on second run.

 

When the MBAM and Adw Cleaner scan has completed and you have posted what they found, do this:

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 popperupping

popperupping
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 23 April 2015 - 04:03 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/23/2015
Scan Time: 3:34:07 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.04.23.05
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295008
Time Elapsed: 39 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{478472F9-9E09-492A-BDAB-42EE595EF1AD}, Quarantined, [8180adc315752e08b981913a59aa24dc],

Registry Values: 4
PUP.Optional.Astromenda.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Astromenda, Quarantined, [20e14f21e8a2a1956c3d7adafe0733cd]
PUP.Optional.Astromenda.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_48_ff&cd=2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q&cr=2092084023&ir=, Quarantined, [a25f1e52dab050e64a5f58fcdf2639c7]
PUP.Optional.Astromenda.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_48_ff&cd=2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q&cr=2092084023&ir=, Quarantined, [f809d0a00387cf67e8c1490bc342ef11]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-69463875-1081789065-2004109604-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_48_ff&cd=2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q&cr=2092084023&ir=, Quarantined, [ac551c54305a6dc90c9d66ee9b6a9f61]

Registry Data: 1
PUP.Optional.Astromenda.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|First Home Page, http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=httpBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),Replaced,[e8191060d2b86fc78f8d9b6c39cd9f61]AGood: (www.google.com)FGood: (www.google.com)Fwww.microsoft.comGood: (www.google.com)FisapiGood: (www.google.com)Fredir.dllBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),Replaced,[e8191060d2b86fc78f8d9b6c39cd9f61]FprdBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),Replaced,[e8191060d2b86fc78f8d9b6c39cd9f61]Die%26arBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),Replaced,[e8191060d2b86fc78f8d9b6c39cd9f61]Dmsnhome&OSP=httpBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),Replaced,[e8191060d2b86fc78f8d9b6c39cd9f61]AGood: (www.google.com)FGood: (www.google.com)Fastromenda.comGood: (www.google.com)Fresults.phpBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),Replaced,[e8191060d2b86fc78f8d9b6c39cd9f61]FfBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),Replaced,[e8191060d2b86fc78f8d9b6c39cd9f61]D4%26qBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),Replaced,[e8191060d2b86fc78f8d9b6c39cd9f61]D%7BsearchTerms%7D%26aBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),Replaced,[e8191060d2b86fc78f8d9b6c39cd9f61]Dast%5Fdnldstr%5F14%5F48%5Fff%26cdBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),Replaced,[e8191060d2b86fc78f8d9b6c39cd9f61]D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26crBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),Replaced,[e8191060d2b86fc78f8d9b6c39cd9f61]D2092084023%26irBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.microsoft.com%2Fisapi%2Fredir.dll%3Fprd%3Die%26ar%3Dmsnhome&OSP=http%3A%2F%2Fastromenda.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dast%5Fdnldstr%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1QzuzyyCyE0C0EyDzztDyByC0EtA0FtD0AtCtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0E0CyByC0B0BtG0EyByCyDtG0ByByEyEtG0D0DtDyCtGyDtCyC0F0EyEtCtD0E0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzy0CyC0FtD0FtG0B0D0AyEtGyC0F0E0AtGyDtDtB0FtGtCtAtByCyDtByD0DyE0AyE0F2Q%26cr%3D2092084023%26ir%3D),Replaced,[e8191060d2b86fc78f8d9b6c39cd9f61]D, %4, %5

Folders: 15
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhmhnomplgoidnkjdacpmpccmaplnmk\180, Quarantined, [1ce5d0a0b5d55ed8fe36f26432d38e72],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhmhnomplgoidnkjdacpmpccmaplnmk, Quarantined, [1ce5d0a0b5d55ed8fe36f26432d38e72],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnmmjgjaaomkcjibnncokikbianjap\125, Quarantined, [679a50205a30ec4a211397bfb74e8c74],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnmmjgjaaomkcjibnncokikbianjap, Quarantined, [679a50205a30ec4a211397bfb74e8c74],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadjnjjgcjdhpcjhoplojnicjgeajah\152, Quarantined, [30d11f51c7c39c9ab97b332309fcef11],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadjnjjgcjdhpcjhoplojnicjgeajah, Quarantined, [30d11f51c7c39c9ab97b332309fcef11],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpbofogepkkeoockhkfcgngjkimndlp\118, Quarantined, [56ab7af698f214223400abab09fc02fe],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpbofogepkkeoockhkfcgngjkimndlp, Quarantined, [56ab7af698f214223400abab09fc02fe],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaboflcmhejfihjcbmdiebgfchigjcf\133, Quarantined, [98690d633d4dbc7add5774e29b6a19e7],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaboflcmhejfihjcbmdiebgfchigjcf, Quarantined, [98690d633d4dbc7add5774e29b6a19e7],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiocogpenlopnoeibcegpepnoggijck\109, Quarantined, [ac552b45eb9ff145003463f3a65fd927],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiocogpenlopnoeibcegpepnoggijck, Quarantined, [ac552b45eb9ff145003463f3a65fd927],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf\185, Quarantined, [a9588de3b3d775c1112324320ff6ba46],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf, Quarantined, [a9588de3b3d775c1112324320ff6ba46],
PUP.Optional.MultiPlug, C:\ProgramData\bpoifgdnilcihbhnmehbkfhjeaojdfnm, Quarantined, [4cb54a262b5f35017710db7c9f66fb05],

Files: 34
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhmhnomplgoidnkjdacpmpccmaplnmk\180\lsdb.js, Quarantined, [1ce5d0a0b5d55ed8fe36f26432d38e72],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhmhnomplgoidnkjdacpmpccmaplnmk\180\background.html, Quarantined, [1ce5d0a0b5d55ed8fe36f26432d38e72],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhmhnomplgoidnkjdacpmpccmaplnmk\180\content.js, Quarantined, [1ce5d0a0b5d55ed8fe36f26432d38e72],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhmhnomplgoidnkjdacpmpccmaplnmk\180\manifest.json, Quarantined, [1ce5d0a0b5d55ed8fe36f26432d38e72],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhmhnomplgoidnkjdacpmpccmaplnmk\180\ttN2AJeE.js, Quarantined, [1ce5d0a0b5d55ed8fe36f26432d38e72],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnmmjgjaaomkcjibnncokikbianjap\125\lsdb.js, Quarantined, [679a50205a30ec4a211397bfb74e8c74],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnmmjgjaaomkcjibnncokikbianjap\125\background.html, Quarantined, [679a50205a30ec4a211397bfb74e8c74],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnmmjgjaaomkcjibnncokikbianjap\125\content.js, Quarantined, [679a50205a30ec4a211397bfb74e8c74],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnmmjgjaaomkcjibnncokikbianjap\125\manifest.json, Quarantined, [679a50205a30ec4a211397bfb74e8c74],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadjnjjgcjdhpcjhoplojnicjgeajah\152\lsdb.js, Quarantined, [30d11f51c7c39c9ab97b332309fcef11],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadjnjjgcjdhpcjhoplojnicjgeajah\152\background.html, Quarantined, [30d11f51c7c39c9ab97b332309fcef11],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadjnjjgcjdhpcjhoplojnicjgeajah\152\content.js, Quarantined, [30d11f51c7c39c9ab97b332309fcef11],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadjnjjgcjdhpcjhoplojnicjgeajah\152\manifest.json, Quarantined, [30d11f51c7c39c9ab97b332309fcef11],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpbofogepkkeoockhkfcgngjkimndlp\118\lsdb.js, Quarantined, [56ab7af698f214223400abab09fc02fe],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpbofogepkkeoockhkfcgngjkimndlp\118\b.js, Quarantined, [56ab7af698f214223400abab09fc02fe],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpbofogepkkeoockhkfcgngjkimndlp\118\background.html, Quarantined, [56ab7af698f214223400abab09fc02fe],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpbofogepkkeoockhkfcgngjkimndlp\118\content.js, Quarantined, [56ab7af698f214223400abab09fc02fe],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpbofogepkkeoockhkfcgngjkimndlp\118\manifest.json, Quarantined, [56ab7af698f214223400abab09fc02fe],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaboflcmhejfihjcbmdiebgfchigjcf\133\lsdb.js, Quarantined, [98690d633d4dbc7add5774e29b6a19e7],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaboflcmhejfihjcbmdiebgfchigjcf\133\background.html, Quarantined, [98690d633d4dbc7add5774e29b6a19e7],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaboflcmhejfihjcbmdiebgfchigjcf\133\manifest.json, Quarantined, [98690d633d4dbc7add5774e29b6a19e7],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiocogpenlopnoeibcegpepnoggijck\109\lsdb.js, Quarantined, [ac552b45eb9ff145003463f3a65fd927],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiocogpenlopnoeibcegpepnoggijck\109\background.html, Quarantined, [ac552b45eb9ff145003463f3a65fd927],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiocogpenlopnoeibcegpepnoggijck\109\content.js, Quarantined, [ac552b45eb9ff145003463f3a65fd927],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiocogpenlopnoeibcegpepnoggijck\109\dlQoyOhuC.js, Quarantined, [ac552b45eb9ff145003463f3a65fd927],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiocogpenlopnoeibcegpepnoggijck\109\manifest.json, Quarantined, [ac552b45eb9ff145003463f3a65fd927],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf\185\lsdb.js, Quarantined, [a9588de3b3d775c1112324320ff6ba46],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf\185\background.html, Quarantined, [a9588de3b3d775c1112324320ff6ba46],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf\185\content.js, Quarantined, [a9588de3b3d775c1112324320ff6ba46],
PUP.Optional.MultiPlug.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf\185\manifest.json, Quarantined, [a9588de3b3d775c1112324320ff6ba46],
PUP.Optional.MultiPlug, C:\ProgramData\bpoifgdnilcihbhnmehbkfhjeaojdfnm\lsdb.js, Quarantined, [4cb54a262b5f35017710db7c9f66fb05],
PUP.Optional.MultiPlug, C:\ProgramData\bpoifgdnilcihbhnmehbkfhjeaojdfnm\background.html, Quarantined, [4cb54a262b5f35017710db7c9f66fb05],
PUP.Optional.MultiPlug, C:\ProgramData\bpoifgdnilcihbhnmehbkfhjeaojdfnm\content.js, Quarantined, [4cb54a262b5f35017710db7c9f66fb05],
PUP.Optional.MultiPlug, C:\ProgramData\bpoifgdnilcihbhnmehbkfhjeaojdfnm\manifest.json, Quarantined, [4cb54a262b5f35017710db7c9f66fb05],

Physical Sectors: 0
(No malicious items detected)


(end)











# AdwCleaner v4.202 - Logfile created 23/04/2015 at 16:50:34
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 7 Starter Service Pack 1 (x86)
# Username : Owner - COMPUTER
# Running from : C:\Users\Owner\Downloads\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\fikokollhibpdnghflieecldghnnfaom
Folder Deleted : C:\ProgramData\idoloickfnnilnejnjocgingmchmmhge

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Local AppWizard-Generated Applications

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R5].txt - [10680 bytes] - [23/04/2015 10:26:18]
AdwCleaner[R6].txt - [1096 bytes] - [23/04/2015 16:41:58]
AdwCleaner[S4].txt - [10785 bytes] - [23/04/2015 10:32:50]
AdwCleaner[S5].txt - [1028 bytes] - [23/04/2015 16:50:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1087  bytes] ##########






Yes    HKCU:Run    Advanced SystemCare 8    IObit    "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
No    HKLM:Run    Adobe ARM        
Yes    HKLM:Run    Apoint    Alps Electric Co., Ltd.    C:\Program Files\Apoint2K\Apoint.exe
Yes    HKLM:Run    HotKeysCmds    Intel Corporation    C:\Windows\system32\hkcmd.exe
No    HKLM:Run    IAAnotif        
Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe
Yes    HKLM:Run    MSC    Microsoft Corporation    "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes    HKLM:Run    Persistence    Intel Corporation    C:\Windows\system32\igfxpers.exe
No    HKLM:Run    QuickTime Task        
No    HKLM:Run    RtHDVCpl        C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
No    HKLM:Run    SunJavaUpdateSched        
No    HKLM:Run    VideoWebCamera        "C:\Program Files\VideoWebCamera\VideoWebCamera.exe" -a
Yes    HKLM:Run    ZoneAlarm    Check Point Software Technologies Ltd.    "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"

thanks i hope i got it this time...

 



#6 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:13 PM

Posted 23 April 2015 - 04:26 PM

Okay...so far...so good.

 

Disable these startups: (Use CCleaner. Click on each item to highlight and on the right choose Disable, Remove or Uninstall)

Yes    HKCU:Run    Advanced SystemCare 8    IObit    "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe

 

Post the lists of Scheduled Tasks and List of Installed programs.

Repeat...

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users