Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple programs reinstalling after they have been deleted (SmartWeb etc.)


  • Please log in to reply
5 replies to this topic

#1 Evicraft

Evicraft

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 26 August 2015 - 09:54 AM

Hello,
 
recently I downloaded a file from the internet, but I did not pay enough attention to notice it was loaded with all kinds of nasty programs. Now I'm stuck with a list of programs that keep reinstalling:
  • Crossbrowse (32 bits)
  • SmartWeb
  • mystartsearch
  • AnyProtect
  • GamesDesktop
  • MyBrowse
When I use the internet, I often get redirected to other pages, and popups appear all over the screen. Even though I have Adblock Plus installed, ads are everywhere. When I uninstall the programs listed above in the Control Panel, they just reinstall. I have run windows defender, adwcleaner and used Advanced Uninstaller to try and resolve this. I run Windows 8.1 and my standard browser is Google Chrome.
I really hope these issues can be resolved, and I would be very grateful for people helping me. I am very sorry if this is not the correct topic to post this and I will delete this post immediately if this is the case
 
Kind regards, Eva

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 PM

Posted 26 August 2015 - 11:37 AM

Welcome to BC, Eva !

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here 
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

I know you have already used AdwCleaner but it often finds more after the first run and I need to see the next scan results.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Evicraft

Evicraft
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 28 August 2015 - 03:52 PM

Hello and thank you :)

it's great that you could help me so quickly. I have tried to follow your instructions as well as possible, and this is the result:

 

=====================================================================================================

 

Malwarebytes log:

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 27-8-2015
Scan Time: 18:11
Logfile: Threats Malwarebytes.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.27.03
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Eva
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 410097
Time Elapsed: 52 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
=====================================================================================================
 
Threats AdwCleaner:
 
# AdwCleaner v5.004 - Logbestand aangemaakt 27/08/2015 op 20:54:38
# Laatste update 26/08/2015 door Xplode
# Database : 2015-08-25.1 [Server]
# Besturingssysteem : Windows 8.1 Pro  (x64)
# Gebruikersnaam : Eva - LAPTOP-EVA
# Gestart vanuit : C:\Users\Eva\Downloads\AdwCleaner.exe
# Optie : Verwijderen
# Ondersteuning : http://toolslib.net/forum
 
***** [ Services ] *****
 
[-] Service Verwijderd : SSFK
 
***** [ Mappen ] *****
 
[-] Map Verwijderd : C:\ftb
[-] Map Verwijderd : C:\Program Files (x86)\globalUpdate
[-] Map Verwijderd : C:\Program Files (x86)\predm
[-] Map Verwijderd : C:\Program Files (x86)\SFK
[-] Map Verwijderd : C:\Users\Eva\AppData\Local\globalUpdate
 
***** [ Bestanden ] *****
 
[-] Bestand Verwijderd : C:\Program Files (x86)\Mozilla Firefox\searchplugins\mystartsearch.xml
 
***** [ Snelkoppelingen ] *****
 
 
***** [ geplande taken ] *****
 
 
***** [ Register ] *****
 
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Sleutel Verwijderd : HKCU\Software\GlobalUpdate
[-] Sleutel Verwijderd : HKCU\Software\WajIEnhance
[-] Sleutel Verwijderd : HKCU\Software\DAILYPCCLEAN
[-] Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\SmartWeb
[-] Sleutel Verwijderd : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Sleutel Verwijderd : HKLM\SOFTWARE\GlobalUpdate
[-] Sleutel Verwijderd : HKLM\SOFTWARE\SupDp
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\GlobalUpdate
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\WajIEnhance
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\DAILYPCCLEAN
[!] Sleutel Niet Verwijderd : HKU\S-1-5-21-1961519318-2274157923-854318442-1001\Software\AppDataLow\Software\SmartWeb
 
***** [ Internetbrowsers ] *****
 
[-] [C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Verwijderd : hxxp://www.mystartsearch.com/webfavicon.ico
[-] [C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Verwijderd : hxxp://www.mystartsearch.com/web/?type=ds&ts=1440613171&z=4458313b5ca88c35fd2513eg6z3zbe4q3g1c5e3b9g&from=cmi&uid=TOSHIBAXMQ01ABD050_53FFW0QJTXX53FFW0QJT&q={searchTerms}
[-] [C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Verwijderd : hxxp://www.mystartsearch.com/?type=hp&ts=1440613171&z=4458313b5ca88c35fd2513eg6z3zbe4q3g1c5e3b9g&from=cmi&uid=TOSHIBAXMQ01ABD050_53FFW0QJTXX53FFW0QJT
 
*************************
 
:: Winsock instellingen gereset
 
########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [4303 bytes] ##########
 
================================================================================================================================
 
ESET threats:
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtect.exe.vir Win32/AnyProtect.H potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AnyProtectEx\Uninstall.exe.vir Win32/AnyProtect.I potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\globalupdate.exe.vir Win32/AlteredSoftware.F potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdate.exe.vir Win32/AlteredSoftware.F potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateBroker.exe.vir Win32/AlteredSoftware.H potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateCrashHandler.exe.vir Win32/AlteredSoftware.F potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateOnDemand.exe.vir Win32/AlteredSoftware.H potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll.vir a variant of Win32/AlteredSoftware.E potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir a variant of Win32/AlteredSoftware.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir a variant of Win32/AlteredSoftware.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SFKEX.dll.vir a variant of Win32/ELEX.EK potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SFKEX64.dll.vir a variant of Win64/ELEX.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SFKEX64.exe.vir a variant of Win64/ELEX.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SSFK.exe.vir a variant of Win64/ELEX.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\354f292600005bf4\354f292600005bf4.dll.vir a variant of Win32/SProtector.Q potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\342D7C90-1440410194-E211-9268-2CD4449929AC\pnsoED93.exe.vir Win32/Adware.ConvertAd.YB application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\342D7C90-1440410194-E211-9268-2CD4449929AC\rnsoED91.exe.vir a variant of Win32/Adware.ConvertAd.XK application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\102.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\178.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\179.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\180.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\184.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\19.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\200.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\220.js.vir JS/Toolbar.Crossrider.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\223.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\231.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\232.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\234.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\242.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\253.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\262.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\263.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\273.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\281.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\288.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\289.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\300.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\335.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\339.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\380.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\385.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\389.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\390.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\391.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\424.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\437.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\js\ec6e23a20288f69144e3862a892d49de.js.vir JS/Toolbar.Crossrider.E potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\js\api\3480ace691286c050576317fe7cd1e2c.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\js\api\711e7c4bb8345c06892e0611c4b96a38.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\js\api\96e0ca9f5a564467d9485b14a395ad60.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\js\lib\31f3855b7c585fb490685d7bebd8b29b.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\js\lib\522d4fc7481e80d3ac5d9d57a3987c92.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\js\lib\715fcd9e25ce16e4e767278d977a4379.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\js\lib\9b289ef51184bcc01e42c1452a85a266.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\js\lib\a7ec146a7927f579d54d7ee901ebdd5e.js.vir JS/Toolbar.Crossrider.H potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\js\lib\c7e3a80d49107d8061ff249d98c71e9c.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.102_0\js\lib\f8c11b298af8c2f44df76b68430cd581.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\SmartWeb\SmartWebApp.exe.vir a variant of Win32/PriceGong.C potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\SmartWeb\SmartWebHelper.exe.vir Win32/PriceGong.C potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\SmartWeb\swhk.dll.vir a variant of Win32/PriceGong.C potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Local\SmartWeb\__u.exe.vir a variant of Win32/PriceGong.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\AnyProtectEx\swf\swf1FFB.swf.vir Win32/AnyProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\AnyProtectEx\swf\swf3K.swf.vir Win32/AnyProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\AnyProtectEx\swf\swfij1q.swf.vir Win32/AnyProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\0mdV@OU8ec.net\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\1hRGCxa@BYCp.com\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\fdef935ff0c9f760a5d33568599b56ad.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\102.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\178.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\179.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\180.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\184.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\200.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\220.js.vir JS/Toolbar.Crossrider.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\223.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\231.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\232.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\234.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\242.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\253.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\262.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\263.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\273.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\281.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\288.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\289.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\300.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\335.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\339.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\380.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\385.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\389.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\390.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\391.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\424.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\437.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\dD@k.net\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\E@W.co.uk\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\f2VjP@J.com\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\Faj@reQ.com\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\Gk6l@bSo.org\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\HAGkB4Lr@g.net\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\HjY4@Jtq.com\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\khveXw@O.edu\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\olU7@ac6Xpy.org\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\c4ksncdi.default\Extensions\Q@9Iu9LD.org\content\bg.js.vir JS/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{20028c4e-ef35-4336-a227-afedf096d2a7}w64.sys.vir a variant of Win64/BrowseFox.K potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\SysWOW64\installd.exe.vir a variant of Win32/Amonetize.EI potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\baidu\Bind.exe a variant of Win32/HideBaid.L potentially unwanted application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Microsoft\Windows\INetCache\IE\0ASH943U\VuuPC_VO2_8907[1].exe Win32/InstallMonetizer.BG potentially unwanted application deleted - quarantined
C:\Users\Eva\AppData\Local\Microsoft\Windows\INetCache\IE\0D3240LX\check[1].exe a variant of Win32/Adware.ConvertAd.XD.gen application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Microsoft\Windows\INetCache\IE\0D3240LX\SearchUpdater[1].exe a variant of Win32/Adware.ConvertAd.XA.gen application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Microsoft\Windows\INetCache\IE\0D3240LX\SmartWebInstaller[1].exe a variant of Win32/PriceGong.C potentially unwanted application deleted - quarantined
C:\Users\Eva\AppData\Local\Microsoft\Windows\INetCache\IE\0D3240LX\SuperOptimizer[1].exe a variant of Win32/Adware.SpeedingUpMyPC.AT application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Microsoft\Windows\INetCache\IE\64JVSUD5\AnyProtectSetup[1].exe Win32/AnyProtect.G potentially unwanted application deleted - quarantined
C:\Users\Eva\AppData\Local\Microsoft\Windows\INetCache\IE\64JVSUD5\setup_gmsd_nl[1].exe a variant of Win32/Adware.EoRezo.AZ application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Microsoft\Windows\INetCache\IE\AUW79EDL\ASIns[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Microsoft\Windows\INetCache\IE\AUW79EDL\setup_362[1].exe a variant of Win32/Adware.Imali.E application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Temp\nsbA829.tmp a variant of Win32/Adware.ConvertAd.XD.gen application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Temp\nseCDF9.tmp a variant of Win32/Adware.ConvertAd.XC.gen application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Temp\nsgC6C5.tmp a variant of Win32/Adware.ConvertAd.XC.gen application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Temp\nsi3EDD.tmp a variant of Win32/Adware.ConvertAd.XA.gen application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Temp\nsrA227.tmp a variant of Win32/Adware.ConvertAd.XD.gen application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Temp\nssD7FC.tmp a variant of Win32/Adware.ConvertAd.XD.gen application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Temp\nsv47B.tmp a variant of Win32/Adware.ConvertAd.XD.gen application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Temp\nsw61A7.tmp a variant of Win32/Adware.ConvertAd.XA.gen application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Temp\nsw9371.tmp a variant of Win32/Adware.ConvertAd.XC.gen application cleaned by deleting - quarantined
C:\Users\Eva\AppData\Local\Temp\nsz75AC.tmp a variant of Win32/Adware.ConvertAd.XA.gen application cleaned by deleting - quarantined
C:\Users\Eva\Desktop\Games\Game Dev Tycoon v1.5.11 (2014)(2-click run).exe a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting - quarantined
C:\Users\Eva\Downloads\Cities Skylines [RePack]\Setup.exe Win32/Adware.Adverttraff.A application cleaned by deleting - quarantined
C:\Windows\Temp\18C0.tmp.exe a variant of Win32/Adware.ConvertAd.XZ application cleaned by deleting - quarantined
C:\Windows\Temp\263C.tmp.exe a variant of Win32/Adware.ConvertAd.WZ.gen application cleaned by deleting - quarantined
C:\Windows\Temp\355F.tmp.exe a variant of Win32/Adware.ConvertAd.WZ.gen application cleaned by deleting - quarantined
C:\Windows\Temp\36E7.tmp.exe a variant of Win32/Adware.ConvertAd.YF application cleaned by deleting - quarantined
C:\Windows\Temp\409B.tmp.exe a variant of Win32/Adware.ConvertAd.YF application cleaned by deleting - quarantined
C:\Windows\Temp\91F.tmp.exe a variant of Win32/Adware.ConvertAd.WZ.gen application cleaned by deleting - quarantined
 
================================================================================================================================
 
JRT log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.8 (08.24.2015:1)
OS: Windows 8.1 Pro x64
Ran by Eva on do 27-08-2015 at 21:00:10,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\UninstallMonitor
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BCEC5353-A508-4D9C-B0BE-EC89269DA64B}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update SecretSauce
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Successfully deleted: [File] C:\Users\Eva\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\systemcontinue
Successfully deleted: [Folder] C:\Users\Eva\Appdata\Local\alawarwrapper
Successfully deleted: [Folder] C:\Users\Eva\Appdata\Local\worldoftanks
Successfully deleted: [Folder] C:\Users\Eva\AppData\Roaming\goldengate
Successfully deleted: [Folder] C:\users\Public\Documents\alawarwrapper
Successfully deleted: [Folder] C:\Users\Public\qiyi
Successfully deleted: [Folder] C:\Users\Eva\Appdata\Local\6163
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Eva\AppData\Roaming\mozilla\firefox\profiles\c4ksncdi.default\prefs.js
 
user_pref(extensions.G3e8ZJIrDQq5hn9y.url, hxxp://canadafirstforeverygroup.net/sync2/?q=hfZ9oeFEAHnMCyVUojsEqdU9tMqLDe49CNU0jUEMCMlNhd9Fqja8rjaFrTa4qjrMBzqUojw8rdYGqda6qjUE
 
 
 
~~~ Chrome
 
 
[C:\Users\Eva\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Eva\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Eva\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Eva\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  booedmolknjekdopkepjjeckmjkdpfgl,
  flpcjncodpafbgdpnkljologafpionhb,
  ifohbjbgfchkkfhphahclmkpgejiplfo,
  oilkkkefbalmbfppgjmgjoefbclebkce,
  pelmeidfhdlhlbjimpabfcbnnojbboma
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on do 27-08-2015 at 21:03:45,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
================================================================================================================================
 
Since i've completed all of these scans my computer seems to be free of infections again. I hope it stays this way, and I am very grateful for all of the effort and time there has gone into helping computernoobs like me. I hope these logs are the files you wanted, and that they will be helpful to you :).
 
Thank you for this great experience on this forum :)


#4 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 PM

Posted 28 August 2015 - 04:56 PM

There was a lot of junk....mostly adware. Free games or cracked games appear to be a big source.

This item...Game Dev Tycoon v1.5.11...if it is not that important to you then I suggest you delete from the desktop.

 

Post the three lists mentioned below using CCleaner:

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Evicraft

Evicraft
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 30 August 2015 - 12:46 PM

Hi again,

 

these are the lists you asked for:

 

Windows startups:

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task ATe1Se7xLo1nleAP7 C:\Users\Eva\AppData\Roaming\ATe1Se7xLo1nleAP7.exe --c=wymsD8Aw671g+Jb6AD1XM8uCA6U0Wf9oKf9/V0uWFhTQTeyq6bZtWqXdjYTnMaeDjtuz+1oUhagHF6jiwmyERInrjMpviEIfXcvxWXgF7T0oiGs6VHjLrNeHxhrx7uJJBvoxcmpLRPDjrZqMKwBIkTwYnzAQKOiUcwVHFigEhFx19smzxVofHO9HU4NBvguaoPvnl2dMESUQeOHTnaiJ7Xbl3ghaHCghMWL+ck3HBBqkaYZCE8PSwBZ7MAVtTk3I810F/Pf8CWbWx/YI6bUmgJu9Ri3YuWZutTMlBn22OB7jVmtwzyBxcmRCSBuvZ4N+RXTSRQvKRkkmuizfV947Fg==
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask Microsoft Corporation C:\Windows\BrowserChoice\browserchoice.exe /launch
Yes Task DqGdoyJk9AdVKWb396d C:\Users\Eva\AppData\Roaming\DqGdoyJk9AdVKWb396d.exe --c=HlAgzqk1s3HMq4ZDqkw2YlmJXG82xlRwRorX3/qSW+/nQ7X6NdykZoCqsgQISemmhKQUdTAkQAUyv2tRew2ntt/i12AFP2oAEOcO/p46JHExrx7ix0OXPoVWaE3nt2awTsmuWzuD+s+I5buh7ZFIQ1bFmmX7AYuknirsyPtGwhRyOkovxS3kCOoBC3pM7hZzLeWJQJ4WLT5thzTNDFaSNTYAPPLU3UTC147eHDHCGY2jj3yEycTAjMa2lNdEY6ClI7trppMZT4qHRBOEUeOM7bGFAi0J+6RZNQMiS3GpzvlhJGNWzbhr+hZp16PqsE32UXTkpDlOdsj4j3MlvtC/wA==
Yes Task GoogleUpdateTaskMachineCore C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Health-Check C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe -scan
Yes Task Health-Check-auto C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe -startup
Yes Task Health-Check-deep C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe -deepscan
Yes Task IPtzOXXX1GBuhY9I C:\Users\Eva\AppData\Roaming\IPtzOXXX1GBuhY9I.exe --c=spiZvoiXxd72Q2tjsEkgsLgyLIhOOZv7UUpsiNqOJMvJ+/SGjQtvLSc2JmId05FXQVcLlDQkpXJS8JzPFIboySTPN1n5KDp4A/zSzUSqtljyT3l3WoYgOXH3QTsLO5+QTag2YVJLfLTqnpPOQODiggNLsVvWCgya7hIcuf+ee69mf0Rcqx5ka8yO37d0bKc8WskRFZrX6WADiMTjwZci17OGQIZD+irupDxr2biT0yylypaozCsvg4LVoaH1BqLgi9CbKbYlFAccmO/iuNDOj1T8RkrS9abqR6xe9qBqRmcNZ1da+HW0QSk1wvjUpMf9gaOM3sy6kIbooq8KM659hg==
Yes Task IwHxqkvBNdr3GYSdWXupX C:\Users\Eva\AppData\Roaming\IwHxqkvBNdr3GYSdWXupX.exe --c=iEdd5FBeVYKt4HxfJ1oXtqb1blgDpbaqk7Soj0SiBr9/49+qWSED6YcIB8cZcfnqjY8Nuch7BcF0jTQP+AyEYtQJw8xYQNk5GBfazT9tJfIs6gSlW8FXqxdhWofxLRlheHy9rDWFCuB/rEgZFyKZcqZQWMnddd/fnd+tdqcIs3gObrKt3xOrs8wqiw4eoVlheDC/Jfy1rbewIJOKqwCxaMrR0yHfrpK58g5zUf51ADBnWBI6msfjJPyr1IPKf7m69xPK2mOr1vHWD9ATENnji+zgNUTWt/UVJGqD9wRrYtHE4BXu14C4Rw8ihLWujkPsCtjkz39rzym+iKRWlsZrxw==
No Task Optimize Start Menu Cache Files-S-1-5-21-1961519318-2274157923-854318442-1001
Yes Task SpyHunter3 "C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter3.exe" /s
Yes Task VpOuKspfF8dkS2LrV C:\Users\Eva\AppData\Roaming\VpOuKspfF8dkS2LrV.exe --c=uEkzvznaICC7tG86V+cMxWd/2xbCUJ799KiLBNkMTwjnlgOvFO/pdED23msqyVbWBuSgj0EzJ2BlARdtrJ6AKL0mpepn8ky4uVpMOrvpMkopGmoqlFhTq5aNqLQDUKbhD8frtcb97b+4CoU9h0PY88STRDlAopVR90vIDwK+1MutOsNyuxqSzjm6ayK0wW9NUBB5Dxq87PGUQr1G69/33LiRnCJ0KSEg/VNpvKe0ykNURjaweyJTySrX+o/kwdSxCn5Y2j+szL+IleRS869SNOIZDc/h1BaUi2XsprFZJeSD1TZLbfPS46kzyS3MxY30hf5Gst/SemZMN9nG/oZhBg==
Yes Task vxQiKv2AEFZ4mUT C:\Users\Eva\AppData\Roaming\vxQiKv2AEFZ4mUT.exe --c=fzUkqck1ZyfVdufOwiIjeltd2/cJ++HQLPSEN9D8TEZXda9qXEpb5bxISc2H33Dj3Qmlm9lYfvvUb0sg7e0m4MEwgMwQMkmIJHu5ir1IpQeUsORr1WpafY+ZvVGpQsG7o46iWJP4Db1jkrGH8f4ml0Ypf0C6FNo17SUxzK0XNNE6IZL2Ea/YMgSQc3zMqfQZCtkRpDZkFx5Fc3hwQs99NgHqIooMGmr2SncuQ1yNuJhPPUZSvpof74gOXjOwa40uLdtIBBDGPwyGzTjJsvwAQUrfkaZkgtTU0CANisnn7wDz8yz7qnGcGc6iBDbeYidosIjXI5XgQSvtDZDi08XJHw==
Yes Task {4D1222AC-DCB9-4EBC-813E-AC50E1DC7190} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a C:\Users\Eva\AppData\Local\{FABF5FC1-F862-429F-81C6-1E4326311837}\OffersWizard.exe -c -delete-
 
Scheduled tasks:
 
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
No HKCU:Run uTorrent BitTorrent Inc. "C:\Users\Eva\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
No HKLM:Run DivXMediaServer C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\WINDOWS\system32\hkcmd.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\WINDOWS\system32\igfxtray.exe"
No HKLM:Run LogMeIn Hamachi Ui LogMeIn Inc. "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
Yes HKLM:Run Persistence Intel Corporation "C:\WINDOWS\system32\igfxpers.exe"
No HKLM:Run Wondershare Helper Compact.exe Wondershare C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
Installed programs:
 
Adobe Download Assistant Adobe Systems Incorporated 6-6-2014 1.2.6
Adobe Reader XI (11.0.12) - Nederlands Adobe Systems Incorporated 14-8-2015 203 MB 11.0.12
Advanced Uninstaller PRO - Version 11 Innovative Solutions 24-8-2015 39,2 MB 11.67.0.327
Battle.net Blizzard Entertainment 28-6-2015
CCleaner Piriform 27-8-2015 5.09
CDBurnerXP CDBurnerXP 19-12-2014 18,8 MB 4.5.4.5143
Cities Skylines Релиз от R.G. Steamgames 22-6-2015 2,94 GB 1.0
Curse Curse 1-4-2015 80,3 MB 6.0.0.0
Don't Starve GOG.com 12-7-2015 395 MB 2.7.0.16
ESET Online Scanner v3 28-8-2015
Google Chrome Google Inc. 24-8-2015 44.0.2403.157
Hearthstone Blizzard Entertainment 28-6-2015
Imagine Champion Rider Phoenix Interactive 15-8-2014 1.00.0000
Intel® Processor Graphics Intel Corporation 11-12-2013 10.18.10.3316
Java 8 Update 40 Oracle Corporation 1-4-2015 9,10 MB 8.0.400
Java 8 Update 40 (64-bit) Oracle Corporation 1-4-2015 10,1 MB 8.0.400
Java SE Development Kit 8 Update 31 (64-bit) Oracle Corporation 30-1-2015 312 MB 8.0.310.13
LogMeIn Hamachi LogMeIn, Inc. 10-8-2015 2.2.0.383
Malwarebytes Anti-Malware version 2.1.8.1057 Malwarebytes Corporation 27-8-2015 64,6 MB 2.1.8.1057
Microsoft Office File Validation Add-In Microsoft Corporation 18-5-2014 10,9 MB 14.0.5130.5003
Microsoft Office Standard 2007 Microsoft Corporation 6-6-2014 12.0.6612.1000
Microsoft Silverlight Microsoft Corporation 13-8-2015 298 MB 5.1.40728.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 24-10-2013 1,92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2-1-2015 4,47 MB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 19-12-2014 6,83 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 23-12-2014 12,4 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 19-12-2014 11,2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 16-8-2013 10,2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17-8-2013 10,1 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 19-12-2014 13,8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 19-12-2014 12,2 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 19-12-2014 20,5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 19-12-2014 17,3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 1-1-2015 20,5 MB 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 1-1-2015 17,1 MB 12.0.21005.1
Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 7-6-2014 9,44 MB 4.0.20823.0
Minecraft Mojang 5-2-2015 1,22 MB 1.0.3.0
Mozilla Firefox 26.0 (x86 nl) Mozilla 6-6-2014 51,8 MB 26.0
Mozilla Maintenance Service Mozilla 6-6-2014 221 KB 26.0
Origin Electronic Arts, Inc. 6-6-2014 9.4.6.2792
paint.net dotPDN LLC 16-3-2015 26,2 MB 4.0.5
Popcorn Time Popcorn Official 17-7-2015 110 MB
PowerISO Power Software Ltd 6-6-2014 5.9
Robocraft Freejam 19-8-2014
Roller coaster 3 5-1-2015
Skype™ 7.6 Skype Technologies S.A. 23-6-2015 70,4 MB 7.6.103
Steam Valve Corporation 19-8-2014
TeamSpeak 3 Client TeamSpeak Systems GmbH 18-1-2015 3.0.10
TeamSpeak 3 Client TeamSpeak Systems GmbH 18-1-2015 3.0.16
The Escapists GOG.com 2-7-2015 82,4 MB 2.0.0.1
Unity Web Player Unity Technologies ApS 24-8-2015 12,0 MB 4.6.1f1
VIO Player version 2.0 VIO PLayer 1-4-2014 43,2 MB 2.0
Visual Studio 2012 x64 Redistributables AVG Technologies 5-1-2014 12,9 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 5-1-2014 10,5 MB 14.0.0.1
Wajam Wajam 27-8-2015 1.51.1.9 (i1.0)
Windows Live Essentials Microsoft Corporation 24-10-2013 16.4.3508.0205
WinRAR 4.11 (64-bit) win.rar GmbH 11-12-2013 4.11.0
Wondershare Video Editor(Build 5.0.0) Wondershare Software 15-1-2015 97,1 MB
µTorrent BitTorrent Inc. 28-8-2015 3.4.4.40911
 
 
I hope this helps you :)


#6 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:49 PM

Posted 30 August 2015 - 02:35 PM

You have your list headings reversed....Tasks and Windows Startups....no biggee...just didn't want you to try to find the tasks in startups.. :)

 

EDIT: Find this file and delete it: C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter3.exe

You can do a search for SpyHunter and Enigma....delete any file those are in.

 

Remove these Tasks.....not just disable. Use CCleaner by clicking on each item to highlight and then choose on the right Remove or Uninstall

Yes Task ATe1Se7xLo1nleAP7 C:\Users\Eva\AppData\Roaming\ATe1Se7xLo1nleAP7.exe --c=wymsD8Aw671g+Jb6AD1XM8uCA6U0Wf9oKf9/V0uWFhTQTeyq6bZtWqXdjYTnMaeDjtuz+1oUhagHF6jiwmyERInrjMpviEIfXcvxWXgF7T0oiGs6VHjLrNeHxhrx7uJJBvoxcmpLRPDjrZqMKwBIkTwYnzAQKOiUcwVHFigEhFx19smzxVofHO9HU4NBvguaoPvnl2dMESUQeOHTnaiJ7Xbl3ghaHCghMWL+ck3HBBqkaYZCE8PSwBZ7MAVtTk3I810F/Pf8CWbWx/YI6bUmgJu9Ri3YuWZutTMlBn22OB7jVmtwzyBxcmRCSBuvZ4N+RXTSRQvKRkkmuizfV947Fg==
 
Yes Task DqGdoyJk9AdVKWb396d C:\Users\Eva\AppData\Roaming\DqGdoyJk9AdVKWb396d.exe --c=HlAgzqk1s3HMq4ZDqkw2YlmJXG82xlRwRorX3/qSW+/nQ7X6NdykZoCqsgQISemmhKQUdTAkQAUyv2tRew2ntt/i12AFP2oAEOcO/p46JHExrx7ix0OXPoVWaE3nt2awTsmuWzuD+s+I5buh7ZFIQ1bFmmX7AYuknirsyPtGwhRyOkovxS3kCOoBC3pM7hZzLeWJQJ4WLT5thzTNDFaSNTYAPPLU3UTC147eHDHCGY2jj3yEycTAjMa2lNdEY6ClI7trppMZT4qHRBOEUeOM7bGFAi0J+6RZNQMiS3GpzvlhJGNWzbhr+hZp16PqsE32UXTkpDlOdsj4j3MlvtC/wA==
 
Yes Task Health-Check C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe -scan
Yes Task Health-Check-auto C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe -startup
Yes Task Health-Check-deep C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe -deepscan
 
Yes Task IPtzOXXX1GBuhY9I C:\Users\Eva\AppData\Roaming\IPtzOXXX1GBuhY9I.exe --c=spiZvoiXxd72Q2tjsEkgsLgyLIhOOZv7UUpsiNqOJMvJ+/SGjQtvLSc2JmId05FXQVcLlDQkpXJS8JzPFIboySTPN1n5KDp4A/zSzUSqtljyT3l3WoYgOXH3QTsLO5+QTag2YVJLfLTqnpPOQODiggNLsVvWCgya7hIcuf+ee69mf0Rcqx5ka8yO37d0bKc8WskRFZrX6WADiMTjwZci17OGQIZD+irupDxr2biT0yylypaozCsvg4LVoaH1BqLgi9CbKbYlFAccmO/iuNDOj1T8RkrS9abqR6xe9qBqRmcNZ1da+HW0QSk1wvjUpMf9gaOM3sy6kIbooq8KM659hg==
 
Yes Task IwHxqkvBNdr3GYSdWXupX C:\Users\Eva\AppData\Roaming\IwHxqkvBNdr3GYSdWXupX.exe --c=iEdd5FBeVYKt4HxfJ1oXtqb1blgDpbaqk7Soj0SiBr9/49+qWSED6YcIB8cZcfnqjY8Nuch7BcF0jTQP+AyEYtQJw8xYQNk5GBfazT9tJfIs6gSlW8FXqxdhWofxLRlheHy9rDWFCuB/rEgZFyKZcqZQWMnddd/fnd+tdqcIs3gObrKt3xOrs8wqiw4eoVlheDC/Jfy1rbewIJOKqwCxaMrR0yHfrpK58g5zUf51ADBnWBI6msfjJPyr1IPKf7m69xPK2mOr1vHWD9ATENnji+zgNUTWt/UVJGqD9wRrYtHE4BXu14C4Rw8ihLWujkPsCtjkz39rzym+iKRWlsZrxw==
 
Yes Task SpyHunter3 "C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter3.exe" /s
 
Yes Task VpOuKspfF8dkS2LrV C:\Users\Eva\AppData\Roaming\VpOuKspfF8dkS2LrV.exe --c=uEkzvznaICC7tG86V+cMxWd/2xbCUJ799KiLBNkMTwjnlgOvFO/pdED23msqyVbWBuSgj0EzJ2BlARdtrJ6AKL0mpepn8ky4uVpMOrvpMkopGmoqlFhTq5aNqLQDUKbhD8frtcb97b+4CoU9h0PY88STRDlAopVR90vIDwK+1MutOsNyuxqSzjm6ayK0wW9NUBB5Dxq87PGUQr1G69/33LiRnCJ0KSEg/VNpvKe0ykNURjaweyJTySrX+o/kwdSxCn5Y2j+szL+IleRS869SNOIZDc/h1BaUi2XsprFZJeSD1TZLbfPS46kzyS3MxY30hf5Gst/SemZMN9nG/oZhBg==
 
Yes Task vxQiKv2AEFZ4mUT C:\Users\Eva\AppData\Roaming\vxQiKv2AEFZ4mUT.exe --c=fzUkqck1ZyfVdufOwiIjeltd2/cJ++HQLPSEN9D8TEZXda9qXEpb5bxISc2H33Dj3Qmlm9lYfvvUb0sg7e0m4MEwgMwQMkmIJHu5ir1IpQeUsORr1WpafY+ZvVGpQsG7o46iWJP4Db1jkrGH8f4ml0Ypf0C6FNo17SUxzK0XNNE6IZL2Ea/YMgSQc3zMqfQZCtkRpDZkFx5Fc3hwQs99NgHqIooMGmr2SncuQ1yNuJhPPUZSvpof74gOXjOwa40uLdtIBBDGPwyGzTjJsvwAQUrfkaZkgtTU0CANisnn7wDz8yz7qnGcGc6iBDbeYidosIjXI5XgQSvtDZDi08XJHw==
 
Yes Task {4D1222AC-DCB9-4EBC-813E-AC50E1DC7190} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a C:\Users\Eva\AppData\Local\{FABF5FC1-F862-429F-81C6-1E4326311837}\OffersWizard.exe -c -delete-
 
Disable these Tasks: Use CCleaner by clicking on each item to highlight and then choose Disable on the right.
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask Microsoft Corporation C:\Windows\BrowserChoice\browserchoice.exe /launch
Yes Task GoogleUpdateTaskMachineCore C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run IgfxTray Intel Corporation "C:\WINDOWS\system32\igfxtray.exe"
 
Uninstall These programs: Use Download Revo Uninstaller Freeware in Advanced Mode
Advanced Uninstaller PRO - Version 11 Innovative Solutions 24-8-2015 39,2 MB 11.67.0.327
ESET Online Scanner v3 28-8-2015
Java 8 Update 40 Oracle Corporation 1-4-2015 9,10 MB 8.0.400 Old Java are Malware magnets...
Java 8 Update 40 (64-bit) Oracle Corporation 1-4-2015 10,1 MB 8.0.400
Java SE Development Kit 8 Update 31 (64-bit) Oracle Corporation 30-1-2015 312 MB 8.0.310.13
Mozilla Firefox 26.0 (x86 nl) Mozilla 6-6-2014 51,8 MB 26.0 OR UPDATE
Mozilla Maintenance Service Mozilla 6-6-2014 221 KB 26.0
Unity Web Player Unity Technologies ApS 24-8-2015 12,0 MB 4.6.1f1
VIO Player version 2.0 VIO PLayer 1-4-2014 43,2 MB 2.0
Wajam Wajam 27-8-2015 1.51.1.9 (i1.0)
µTorrent BitTorrent Inc. 28-8-2015 3.4.4.40911 A lot of adware and malware are bundled with free downloads from this site
Popcorn Time Popcorn Official 17-7-2015 110 MB

Edited by buddy215, 30 August 2015 - 02:50 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users