Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Appsaver is ruining my life. Please help..


  • Please log in to reply
15 replies to this topic

#1 Darth Plagueis

Darth Plagueis

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, US
  • Local time:09:11 AM

Posted 21 May 2015 - 09:11 AM

my computerarrow-10x10.png is posessed!  (windows 7 64bit)(hp pavilion g7-1219wm notebook pc)

 

appsaver is hurting "my precious" me no wants it....

 

a good friend tried to walk me through removing appsaver these were the steps i took

1 started my computer in safe mode

2 i downloaded and ran malwarebytes and let it do its thing

3 i downloaded and ran ccleaner it worked its magic

4 i downloaded and ran combofix it did its thing

5 i downloaded and ran tdsskiller same as above

6 i ran msconfig and adjusted my start up leaving only what i assume i needed.

7 restarted my computer.

8 used google chrome to look up a random page (muhamid ali quotes) to see if appsaver was gone

9 APPSAVER is laughing at me

10 as i am typing this ad.randomwordsandnumbers.com keeps running at bottom diologue field at bottom of the browser

11 i sat in the corner and cried. just a little though.



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:11 PM

Posted 21 May 2015 - 09:16 AM

Hi there,

Let's see what I can do.

MiniToolbox by Farbar

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#3 Darth Plagueis

Darth Plagueis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, US
  • Local time:09:11 AM

Posted 21 May 2015 - 10:54 AM

minitoolbox

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Twanisha (administrator) on 21-05-2015 at 11:41:02
Running from "C:\Users\Twanisha\Desktop\mikes junk\lewis and clark"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: HP Pavilion g7 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
Realtek RTL8188CE 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add address name="Wireless Network Connection 2" address=192.168.137.1 mask=255.255.255.0
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : LilTunechi-HP
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : AC-81-12-AE-B1-1A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8188CE 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : AC-81-12-AE-B1-1A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : ::2525:b4a6:11fa:6854(Preferred) 
   Temporary IPv6 Address. . . . . . : ::f157:d5ae:930e:1853(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2525:b4a6:11fa:6854%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, May 21, 2015 8:48:49 AM
   Lease Expires . . . . . . . . . . : Thursday, May 21, 2015 12:18:50 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 330072338
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E5-69-FD-10-1F-74-C6-C4-A7
   DNS Servers . . . . . . . . . . . : 65.32.5.111
                                       65.32.5.112
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 10-1F-74-C6-C4-A7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter VirtualBox Host-Only Network:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-BC-BF
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dd9c:f76a:fc04:5540%70(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 1174929447
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E5-69-FD-10-1F-74-C6-C4-A7
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  dns-redir-lb-01.tampabay.rr.com
Address:  65.32.5.111
 
Name:    google.com
Addresses:  2607:f8b0:4008:809::200e
 216.58.219.174
 
 
Pinging google.com [216.58.219.174] with 32 bytes of data:
Reply from 216.58.219.174: bytes=32 time=34ms TTL=47
Reply from 216.58.219.174: bytes=32 time=34ms TTL=47
 
Ping statistics for 216.58.219.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 34ms, Maximum = 34ms, Average = 34ms
Server:  dns-redir-lb-01.tampabay.rr.com
Address:  65.32.5.111
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=57ms TTL=43
Reply from 98.139.183.24: bytes=32 time=54ms TTL=43
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 54ms, Maximum = 57ms, Average = 55ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...ac 81 12 ae b1 1a ......Microsoft Virtual WiFi Miniport Adapter
 12...ac 81 12 ae b1 1a ......Realtek RTL8188CE 802.11b/g/n WiFi Adapter
 11...10 1f 74 c6 c4 a7 ......Realtek PCIe FE Family Controller
 70...08 00 27 00 bc bf ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.4    281
      192.168.0.4  255.255.255.255         On-link       192.168.0.4    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.4    281
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link       192.168.0.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link       192.168.0.4    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     33 ::/64                    On-link
  1    306 ::1/128                  On-link
 12    281 ::2525:b4a6:11fa:6854/128
                                    On-link
 12    281 ::f157:d5ae:930e:1853/128
                                    On-link
 70    276 fe80::/64                On-link
 12    281 fe80::/64                On-link
 12    281 fe80::2525:b4a6:11fa:6854/128
                                    On-link
 70    276 fe80::dd9c:f76a:fc04:5540/128
                                    On-link
  1    306 ff00::/8                 On-link
 70    276 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/21/2015 11:26:42 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (05/21/2015 11:26:42 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (05/21/2015 08:06:14 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (05/21/2015 08:06:14 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (05/21/2015 07:57:25 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/21/2015 07:57:25 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/21/2015 07:57:25 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/21/2015 07:57:25 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/21/2015 07:57:25 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (05/21/2015 07:57:24 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (05/21/2015 11:18:55 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (05/21/2015 10:48:50 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (05/21/2015 08:48:49 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (05/21/2015 08:46:49 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (05/21/2015 08:46:47 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (05/21/2015 07:57:56 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (05/21/2015 07:57:51 AM) (Source: DCOM) (User: )
Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (05/21/2015 07:57:26 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/21/2015 07:57:26 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (05/21/2015 07:56:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
 
Microsoft Office Sessions:
=========================
Error: (05/21/2015 11:26:42 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (05/21/2015 11:26:42 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (05/21/2015 08:06:14 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (05/21/2015 08:06:14 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (05/21/2015 07:57:25 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (05/21/2015 07:57:25 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/21/2015 07:57:25 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/21/2015 07:57:25 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/21/2015 07:57:25 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (05/21/2015 07:57:24 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-21 03:58:52.114
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-21 03:58:51.854
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A01B06 - )
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version:  - )
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{DBCD5E64-7379-4648-9444-8A6558DCB614}) (Version: 2.0.0 - Hewlett-Packard) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
WebM Project Directshow Filters (HKCU\...\webmdshow) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
 
========================= Devices: ================================
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Realtek PCIE CardReader
Description: Realtek PCIE CardReader
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconduct Corp.
Service: RSPCIESTOR
Device ID: PCI\VEN_10EC&DEV_5209&SUBSYS_165E103C&REV_01\4&2E978161&0&00AA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 49%
Total physical RAM: 3689.41 MB
Available physical RAM: 1848.16 MB
Total Pagefile: 7377.02 MB
Available Pagefile: 4818.75 MB
Total Virtual: 4095.88 MB
Available Virtual: 3985.75 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:447.78 GB) (Free:334.39 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:13.82 GB) (Free:1.54 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\LILTUNECHI-HP
 
Administrator            Guest                    Twanisha                 
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
20-05-2015 21:17:18 Windows Update
21-05-2015 05:08:27 Removed Should I Remove It
21-05-2015 05:22:12 Removed BlueStacks Notification Center
21-05-2015 12:37:00 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
21-05-2015 12:45:01 Installed Oracle VM VirtualBox 4.3.12
 
**** End of log ****
 
 
 
 
 

 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 8 Update 40  
 Java version 32-bit out of Date! 
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.152) 
 Google Chrome (Plugins...) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 37% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 


#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:11 PM

Posted 21 May 2015 - 10:56 AM

Hi there,

Please run this next.

AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Regards,
Alex

#5 Darth Plagueis

Darth Plagueis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, US
  • Local time:09:11 AM

Posted 21 May 2015 - 11:16 AM

# AdwCleaner v4.205 - Logfile created 21/05/2015 at 12:09:54
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Twanisha - LILTUNECHI-HP
# Running from : C:\Users\Twanisha\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v42.0.2311.152
 
 
*************************
 
AdwCleaner[R0].txt - [39254 bytes] - [21/05/2015 01:20:28]
AdwCleaner[R1].txt - [1144 bytes] - [21/05/2015 01:44:04]
AdwCleaner[R2].txt - [1039 bytes] - [21/05/2015 06:48:04]
AdwCleaner[R3].txt - [378 bytes] - [21/05/2015 12:00:43]
AdwCleaner[R4].txt - [312 bytes] - [21/05/2015 12:03:43]
AdwCleaner[R5].txt - [1198 bytes] - [21/05/2015 12:07:17]
AdwCleaner[S0].txt - [30897 bytes] - [21/05/2015 01:39:20]
AdwCleaner[S1].txt - [1213 bytes] - [21/05/2015 01:48:52]
AdwCleaner[S2].txt - [1124 bytes] - [21/05/2015 12:09:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1183  bytes] ##########


#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:11 PM

Posted 21 May 2015 - 11:24 AM

It seems that you have ran AdwCleaner quite a lot of times to try and solve the issue.

Please run this.

Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
===

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Full Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
===

After that reset your browsers using instructions here.

Let me know when you have finished everything.

Regards,
Alex

#7 Darth Plagueis

Darth Plagueis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, US
  • Local time:09:11 AM

Posted 21 May 2015 - 03:51 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Toolarrow-10x10.png (JRT) by Thisisu
Version: 6.7.6 (05.21.2015:1)
OS: Windows 7 Home Premium x64
Ran by Twanisha on Thu 05/21/2015 at 13:22:31.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] swdumon
Successfully deleted: [Service] swdumon
 
 
 
~~~ Tasks
 
 
 
 
 
 
~~~ Registryarrow-10x10.png Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software Microsoftarrow-10x10.png\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog Applicationarrow-10x10.png\Update EnhanceTronic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update FindRight
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util FindRight
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\system32\drivers\swdumon.sys
Successfully deleted: [File] C:\Windows\syswow64\sho7C81.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoABFA.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{06629E29-8D8C-4E5C-AA03-F8CC0C845B09}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{0930CDD6-56D0-4F5C-864F-627B23CDEACF}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{09F10233-95BA-4F0D-9C4D-0623244EDA99}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{0A4DBCF0-55A6-4032-A6A5-DA18DF4D64D3}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{0CDA0BD7-64C1-4540-A154-E0FA05D99436}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{0D9CA6DD-A186-479C-9BAC-F0CBDABA8B77}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{0E8F4774-820E-47C0-A5B8-0C01CE0BF722}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{1F69183A-4E87-49D1-9E83-A68BF722BA7E}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{21A7AF8C-90FD-41F1-B6E3-10D0BAFC27FD}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{2411C2DC-2713-4421-9EEF-071D92411F55}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{24DF6A4F-B6FC-4F5C-A83E-76C991A62EB6}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{2694EE12-5EBE-49C6-8859-0852484138C1}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{2AC081DD-CCC0-4F4E-8206-A6E1923D3FD6}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{2DB44228-2715-4170-900D-40CF3DB31CCB}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{2EEF6A1A-DADD-4B0E-9874-B3C163FDCC94}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{3093073C-6E5B-4CCF-A01C-CD7B9B0259D7}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{330D46EB-0DAA-44D8-8CCF-DA3454207484}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{38FFC7EA-2AE9-44C6-8A04-44F15A6153BC}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{398B68C9-E2D9-4C25-AC1B-4A7BB8E25516}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{3CC0110F-5425-482B-9873-7205448B2C2B}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{3F2D7B1E-F519-4426-B48C-F7D0D1809E72}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{41D35BA2-399E-463B-9C59-38B1172492E9}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{42B2E5C5-84C3-4913-9DA0-6C057F0AA406}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{42C18C2F-2C9D-4D2D-8AF0-39382749148F}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{430E6F74-39AC-4F6F-9FDD-B0DBDAA80EDE}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{4678556A-2968-4DE6-BBC6-E6C4CAE1DE8A}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{4F7B74DB-DC5A-42B2-AD60-389A840B809B}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{50DA898F-E1BB-41E4-9E54-79A9D0EF3990}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{51A3FBD1-EECC-4BD7-98DF-E9DC19B8344C}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{5352F74F-38CD-44AA-96D3-D22F2283A40C}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{55ECD585-814F-4B20-AAC6-09966B2A2CF9}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{56D6B7D5-B388-46BA-A313-07F86217B96C}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{5D624117-5BFE-4E0E-B75F-28DEA3D3D8D8}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{5DF02CD8-28D2-4890-B646-D0381F131902}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{6056A803-B9E9-4C9A-9182-E53DDA570B30}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{60F6D9EE-F15C-455D-B88A-3F49B9067105}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{68E58F9C-B45E-4CE1-BB8D-813F9A9AF264}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{69E2CC86-B3BA-401C-9978-0F695524CF20}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{6CA5B232-19A4-4F11-BC09-BDF5B3E8F0BF}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{7249E2FF-1F3D-4A69-A38E-55E05CB224B9}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{72A75FEF-4400-46CE-B995-481AEBA8EBC5}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{754874C8-2575-4E06-8F61-B8EB2DCDCFF7}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{754C1102-441D-40E7-AD25-2F393747EEEF}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{77F18CD4-F3D6-4C5E-A21E-C509A5B25A69}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{7962F597-24E9-4784-AE68-B515229B4144}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{7A25AFCD-2201-4B4D-B07C-1B256A8CB575}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{7A33FB90-50E9-480C-A6B1-E8475741259C}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{7A734F46-F6AB-4CA6-BAC9-91808A6CB00C}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{7B47259D-E29B-4BEB-BCE5-B0C1B75525DD}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{7D845DF9-EDCB-4EE1-B543-A00B1A3F5798}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{7E6E3F97-5A11-46B9-83F3-5FFEE6059EC6}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{84B70E64-4CC4-48F9-9276-CC9BC4F084AF}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{8976C84B-1179-46E6-AFAA-8B94D5CE0AEC}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{8EFAF983-9EAA-496B-8052-468096FB0954}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{94E9811E-9477-4119-96FF-9B29B19A706A}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{9910FEB5-189C-4190-A92F-2489BB88720C}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata localarrow-10x10.png\{99C86BAA-8BC6-40BF-9704-0F64CB0FE8C1}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{9A791D54-F852-47F3-BB03-C0D46228503F}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{9B933281-F398-4F05-8F31-4A876086B159}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{9CAD857E-CCCD-43F1-BA80-402DF42344C2}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{9EA8732A-9F87-4931-B9C1-4D3C0745C1BE}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{9EE3C384-0212-4E42-97D2-4CD15C75D08F}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{9F007B98-27F1-4070-A14A-7A677C4359E6}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{A020636C-65E8-4EAB-B707-889487A86E61}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{A1A5BBF1-56EC-4D7D-913F-C38B01E498F2}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{A20B2F89-C4DD-402E-9565-0B207A645B69}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{A31F87F6-9ED2-4543-BA71-3A6F186D9738}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{A7A231DB-C6C1-47E5-A205-2E2BC834E9DF}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{AC244C69-AB37-4879-8F43-0E62AF6D625D}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{AF8C750A-13F6-4D86-BD0E-114089A4FF85}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{B0CF3917-6B12-4AAB-A3FA-8B0C683274B4}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{B4A69BA0-9958-4113-8DE6-F1377FF78091}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{B52F21E2-7E44-4274-99E8-4BCC4CD265FD}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{B5C2E59D-DD3B-4F5C-8821-C6508F3E06A0}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{B6E4E5C5-E0CB-4FD6-96C3-182AE95978D1}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{B83CFD64-C7A4-4B1C-8D7B-19141680AC2D}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{B84B381F-7A4E-4E2E-B21C-11A4BF7920F9}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{BBA53B0C-0780-4D85-8C3D-65EC05467CD9}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{C37A07D4-970D-4341-A1A8-2DB52154C535}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{C3E3A0E2-74C8-4A74-8623-09F5AA6BD64A}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{C80963A4-0093-40E1-B2BA-5F11FE91BE23}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{CA65F5D1-BFA9-4843-94F0-7A208B18454F}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{CAEE2960-D094-42C6-A50B-4577ED2D8CFA}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{CB4B2CBA-2090-424D-8BBC-F55618F2A031}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{CB9A5CAB-6D04-47AA-BC22-A5A132C1B99B}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{CEA92878-7F9E-4A00-BB3B-4433374A4BDB}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{D0D4043C-D2F3-496A-943C-FD6110EDA741}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{D3EACAA3-E8C5-4E36-80A3-AE509476F0D1}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{D5A954F4-7145-43D1-8D5A-B375B3BD6966}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{D68A64F9-D3EF-4169-B23C-A4AF640BCE80}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{D7D89A80-2B17-4587-9EBF-B94D2429D75B}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{DC419FE1-78BA-4493-9A66-3E48CFC8B0EB}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{DF10B20C-700E-4557-8914-F4C0C6F5F788}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{E00EC26F-07AD-4442-BA2A-1325D0F3F64E}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{E3D4DCD4-9D7B-42CA-BB64-2DE8BBEACA5F}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{E436EA22-FDE0-4A23-9658-BED2AD4DC56B}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{E59DC7E0-5CC8-4E21-9C49-FB4F695C796B}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{E659A6AE-46B4-4E2D-B789-F15225D24875}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{E77174D6-2D6E-46DF-A879-C6A7D26B49BF}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{E77D62E0-87AB-441C-AFF6-C3C64A256F6E}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{EC314A2A-57C4-4931-9A2F-12403C97FC36}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{ED35B0F1-D555-4B69-9ACE-C31F584BA4EC}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{F48EC05B-40C3-4CD2-BF5F-D91CCA5D7B43}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{F61269FB-DD35-4FB4-8CFD-447B0DA205A1}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{F78FCD9C-9BBC-4A6E-9F2A-0D72315783F9}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{F7D30C6E-09DF-4681-A0AC-904614A59DF0}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{F967D240-138C-448F-BD6D-A49CD062119C}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{FCFD2C8B-C572-41BE-ADBD-D4C5829D7213}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{FDB11123-AB73-4D05-9A37-32790FD45C64}
Successfully deleted: [Empty Folder] C:\Users\Twanisha\appdata\local\{FFA45A5D-A38C-4D68-B587-B544CF3DC491}
Successfully deleted: [Folder] C:\ProgramData\pc1data
Successfully deleted: [Folder] C:\Users\Twanisha\appdata\local\slimware utilities inc
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/21/2015 at 13:34:22.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Emsisoftarrow-10x10.pngEmergency Kit - Version 9.0
Last update: 5/21/2015 1:44:01 PM
User accountarrow-10x10.png: LilTunechi-HP\Twanisha
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, E:\, Q:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extensionarrow-10x10.pngfilter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 5/21/2015 1:47:37 PM
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} detected: Application.Bundle (A)
Key: HKEY_USERS\S-1-5-21-2245524439-1488998614-4273067825-1001\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} detected: Application.Bundle (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} detected: Application.Bundle (A)
Value: HKEY_USERS\S-1-5-21-2245524439-1488998614-4273067825-1001\SOFTWARE MICROSOFTarrow-10x10.png\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE MICROSOFTarrow-10x10.png\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2245524439-1488998614-4273067825-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} detected: Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC DRIVERUPDATEarrow-10x10.png detected: Application.InstallDrive (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES, INC.\DRIVERAPP detected: Application.InstallDrive (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\appesaveo\appesaveo.exe.vir detected: Gen:Variant Adwarearrow-10x10.png.Zusy.139627 ( B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir -> (NSIS o) -> lzma_solid_nsis0002 detected: Application.SearchProtect.CB ( B)
C:\AdwCleaner\Quarantine\C\Users\Twanisha\AppData\Local\31464E43-1430304261-4A30-4A47-101F74C6C4A7\cnsgE488.tmp.vir detected: Trojan.GenericKD.2344249 ( B)
C:\AdwCleaner\Quarantine\C\Users\Twanisha\AppData\Local\31464E43-1430304276-4A30-4A47-101F74C6C4A7\onsg5776.tmp.vir detected: Trojan.GenericKD.2331245 ( B)
C:\AdwCleaner\Quarantine\C\Users\Twanisha\AppData\Local\31464E43-1430304276-4A30-4A47-101F74C6C4A7\snsg5774.tmp.vir detected: Trojan.GenericKD.2331247 ( B)
C:\AdwCleaner\Quarantine\C\Users\Twanisha\AppData\Local\Temp OptimizerProarrow-10x10.png.exe.vir detected: Application.Generic.1009352 ( B)
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys.vir detected: Adware.SwiftBrowse.CT ( B)
C:\Users\Twanisha\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 -> (NSIS o) -> zlib_nsis0000 detected: Application.Bundler.Somoto.I ( B)
C:\Users\Twanisha\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 -> (NSIS o) -> lzma_solid_nsis0000 detected: Gen:Application.Bundler.DefaultTab.1 ( B)
C:\Users\Twanisha Downloadsarrow-10x10.png\Software, Players\flvplayer4free-setup_downloader-6cQTNx3I.exe -> (NSIS o) -> zlib_nsis0000 detected: Application.Bundler.Somoto.I ( B)
C:\Users\Twanisha Downloadsarrow-10x10.png\Software, Players\free_vlc_player_setup.exe -> (NSIS o) -> zlib_nsis0000 detected: Application.Bundler.Outbrowse.A ( B)
C:\Users\Twanisha\Downloads\Software, Players Installerarrow-10x10.png.exe -> (NSIS o) -> zlib_nsis0000 detected: Application.Bundler.Outbrowse.BC ( B)
C:\Users\Twanisha\Downloads\Software, Players\Player-Chrome (2).exe detected: Gen:Variant.Application.Bundler.OptimumInstaller.1 ( B)
C:\Users\Twanisha\Downloads\Software, Players\setup.exe detected: Gen:Variant.Application.Bundler.AirInstaller.4 ( B)
 
Scanned 226272
Found 25
 
Scan end: 5/21/2015 4:21:11 PM
Scan time: 2:33:34
 
C:\Users\Twanisha\Downloads\Software, Players\setup.exe Quarantined Gen:Variant.Application.Bundler.AirInstaller.4 ( B)
C:\Users\Twanisha\Downloads\Software, Players\Player-Chrome (2).exe Quarantined Gen:Variant.Application.Bundler.OptimumInstaller.1 ( B)
C:\Users\Twanisha\Downloads\Software, Players Installerarrow-10x10.png.exe Quarantined Application.Bundler.Outbrowse.BC ( B)
C:\Users\Twanisha\Downloads\Software, Players\free_vlc_player_setup.exe Quarantined Application.Bundler.Outbrowse.A ( B)
C:\Users\Twanisha\Downloads\Software, Players\flvplayer4free-setup_downloader-6cQTNx3I.exe Quarantined Application.Bundler.Somoto.I ( B)
C:\Users\Twanisha\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 Quarantined Gen:Application.Bundler.DefaultTab.1 ( B)
C:\Users\Twanisha\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 Quarantined Application.Bundler.Somoto.I ( B)
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys.vir Quarantined Adware.SwiftBrowse.CT ( B)
C:\AdwCleaner\Quarantine\C\Users\Twanisha\AppData\Local\Temp\OptimizerPro.exe.vir Quarantined Application.Generic.1009352 ( B)
C:\AdwCleaner\Quarantine\C\Users\Twanisha\AppData\Local\31464E43-1430304276-4A30-4A47-101F74C6C4A7\snsg5774.tmp.vir Quarantined Trojan.GenericKD.2331247 ( B)
C:\AdwCleaner\Quarantine\C\Users\Twanisha\AppData\Local\31464E43-1430304276-4A30-4A47-101F74C6C4A7\onsg5776.tmp.vir Quarantined Trojan.GenericKD.2331245 ( B)
C:\AdwCleaner\Quarantine\C\Users\Twanisha\AppData\Local\31464E43-1430304261-4A30-4A47-101F74C6C4A7\cnsgE488.tmp.vir Quarantined Trojan.GenericKD.2344249 ( B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir Quarantined Application.SearchProtect.CB ( B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\appesaveo\appesaveo.exe.vir Quarantined Gen:Variant.Adware.Zusy.139627 ( B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES, INC.\DRIVERAPP Quarantined Application.InstallDrive (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC\DRIVERUPDATE Quarantined Application.InstallDrive (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} Quarantined Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} Quarantined Application.Win32.InstallAd (A)
Value: HKEY_USERS\S-1-5-21-2245524439-1488998614-4273067825-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2245524439-1488998614-4273067825-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Quarantined Application.Bundle (A)
Key: HKEY_USERS\S-1-5-21-2245524439-1488998614-4273067825-1001\SOFTWARE\APPDATALOW\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Quarantined Application.Bundle (A)
 
Quarantined 23
 

 



#8 Darth Plagueis

Darth Plagueis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, US
  • Local time:09:11 AM

Posted 21 May 2015 - 03:53 PM

appsaver still here laughing



#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:11 PM

Posted 21 May 2015 - 03:55 PM

Hi there,

Please run the following.

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#10 Darth Plagueis

Darth Plagueis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, US
  • Local time:09:11 AM

Posted 21 May 2015 - 03:58 PM

i forgot the reset browser part im doing that now. also do i delete the items in quarentine

 

 

finished that part now restarting to move to next step


Edited by Darth Plagueis, 21 May 2015 - 04:05 PM.


#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:11 PM

Posted 21 May 2015 - 04:12 PM

Can you check the browser now and see if Appsaver is still there (after the reset)?

#12 Darth Plagueis

Darth Plagueis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, US
  • Local time:09:11 AM

Posted 21 May 2015 - 04:46 PM

i am not seeing any ads. however there are blue hotlinks in the text field. only now they dont pop up and ad when the cursor is above them the show(external link)  extreme improvement. im tearing up right now...lol is the hotlink thing a major issue? will this be gone when malwarebytes is done. (Currently been running for 20 minutes detected 0) ESET (running 17 minutes infected files 13 so far)  and should i delete those quarantined files from EMISOFT?



#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:11 PM

Posted 21 May 2015 - 04:47 PM

Since it's annoying and might lead to malware, I would say it is a major issue.

Please let all scans complete normally so they can remove the malware found. We will take care of Emsisoft later.

Alex

#14 Darth Plagueis

Darth Plagueis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, US
  • Local time:09:11 AM

Posted 21 May 2015 - 07:16 PM

Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/21/2015
Scan Time: 5:19:19 PM
Logfile: malwarebyte log 1.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.21.03
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Twanisha
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 452830
Time Elapsed: 1 hr, 23 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
ESET:
 
C:\Users\All Users\pclunst.exe a variant of Win32/PCCleaners potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\del_Bridge_nsu6CCB.dll.vir Win32/Toolbar.SearchSuite.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\del_DM_DLL_nsu6CCB.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\del_IEBHO_nsu6CCB.dll.vir Win32/Toolbar.SearchSuite potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll.vir a variant of Win32/Toolbar.SearchSuite.R potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe.vir a variant of Win32/Toolbar.Visicom.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsband.dll.vir a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll.vir a variant of Win32/Toolbar.Visicom.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\del_BHO_nsu6CCB.dll.vir Win64/Toolbar.SearchSuite potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\del_DM_DLL_nsu6CCB.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\SoftConfigTest.exe.vir a variant of Win32/Adware.CouponMarvel.D application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Twanisha\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Mozilla Firefox\components\sprotector.js Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\ProgramData\pclunst.exe a variant of Win32/PCCleaners potentially unwanted application deleted - quarantined
C:\Users\Twanisha\Downloads\Documents, School\downloadmanager-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\Twanisha\Downloads\Documents, School\FlvPlayerSetup.exe a variant of Win32/InstallCore.BY potentially unwanted application deleted - quarantined
C:\Users\Twanisha\Downloads\Software, Players\flvplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\Twanisha\Downloads\Software, Players\FlvPlayerSetup.exe a variant of Win32/InstallCore.IK potentially unwanted application deleted - quarantined
C:\Users\Twanisha\Downloads\Software, Players\iLividSetupV1.exe Win32/Toolbar.SearchSuite potentially unwanted application deleted - quarantined
C:\Users\Twanisha\Downloads\Software, Players\IlliminableOggDirectshowFiltersforSpeexVorbisTheoraandFLAC32bit64bitv08517777 (2).exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
C:\Users\Twanisha\Downloads\Software, Players\IlliminableOggDirectshowFiltersforSpeexVorbisTheoraandFLAC32bit64bitv08517777.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
C:\Users\Twanisha\Downloads\Software, Players\movie_player.exe a variant of Win32/InstallIQ.A potentially unwanted application deleted - quarantined
C:\Users\Twanisha\Downloads\Software, Players\PC_Cleaner_Pro_Installer_a3.exe a variant of Win32/PCCleaners potentially unwanted application deleted - quarantined
C:\Users\Twanisha\Downloads\Software, Players\Setup (1).exe Win32/OutBrowse.J potentially unwanted application deleted - quarantined
C:\Users\Twanisha\Downloads\Software, Players\SoftonicDownloader_for_tropico-4.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application deleted - quarantined
C:\Users\Twanisha\Downloads\Software, Players\webmdshow-09120-20101216zip.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
 
 
 
(end)


#15 Darth Plagueis

Darth Plagueis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, US
  • Local time:09:11 AM

Posted 21 May 2015 - 08:36 PM

all evidence of appsaver is gone. (except) in the posts i have made on this forum. this page is the only page i have seen so far with blue hotlinks. i have noticed after doing all of this that the libraries on windows explorer are not functioning. the icons are blank sheets of paper. i can still find my files if i go through computer-local disk-pictures, etc. but the libraries paths are not valid i guess. and i have learned my lesson and will not ask anyone else but you guys for information. ill be here when you guys get the time and thank you so much

 

also Chrome and IE will not open Facebook. all other sites seem to work fine. anytime i try to use puter to access FB i get an error message saying something went wrong please close browser and try again.  


Edited by Darth Plagueis, 22 May 2015 - 12:34 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users