Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Access Google.com from IE, Chrome or Opera


  • Please log in to reply
4 replies to this topic

#1 herohans

herohans

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 08 January 2017 - 11:36 AM

Hi All,
 
I can't get to google.com from any of my internet browsers (IE, Chrome or Opera).  I get an security/privacy error and it won't let me proceed to the site.
 
I ran Rkill and the log shows we've got Dailybee.exe and AppTrailers.exe installed - not sure that's related or not.
 
Help!
 
Herohans
 
Mod Edit: Move to Am I Infected from Win 10 ~~ boopme

Edited by boopme, 08 January 2017 - 01:19 PM.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:08 AM

Posted 08 January 2017 - 12:06 PM

Both of those are adware.  Please do the following.  Post the logs in your topic, do not use a host website to post these.  Do not wrap the logs in code or quotes.
 
I will request a Moderator to move this topic to the Am I Infected forum.  The tools used to provide these logs cannot be used in the Windows forums.
 
Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.
 
If there are no malicious programs are found you will receive the following message.
 
adwcleaner%20111_zpsiduqrrrp.png
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 
 

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  
 
mbam1_zps98e7fba9.png
 
3)  Click on Settings, you will see a image like the one below.
 
malware%20settings_zpsixkea5sd.png
 
When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits
 
4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.
 
5)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the entire log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats ([color=redonly available if ESET Online Scanner found something
  • ).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 08 January 2017 - 12:07 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 herohans

herohans
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 08 January 2017 - 10:19 PM

# AdwCleaner v6.042 - Logfile created 08/01/2017 at 16:18:01
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-06.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Fatal1ty - FATAL1TY-PC
# Running from : C:\Users\Fatal1ty\AppData\Local\Temp\scoped_dir10772_27286\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
[-] Service deleted: 1197375e304cc67d656547ab4bdd17a5
[-] Service deleted: vToolbarUpdater40.3.6
[-] Service deleted: WtuSystemSupport

***** [ Folders ] *****
[-] Folder deleted: C:\ProgramData\4299ec09-25d3-1
[-] Folder deleted: C:\ProgramData\4299ec09-5f17-0
[-] Folder deleted: C:\ProgramData\8c6e727d-04b1-1
[-] Folder deleted: C:\ProgramData\8c6e727d-2bc7-0
[-] Folder deleted: C:\ProgramData\Avg_Update_0116avz
[-] Folder deleted: C:\ProgramData\Avg_Update_0716tb
[-] Folder deleted: C:\ProgramData\Avg_Update_0816tb
[-] Folder deleted: C:\ProgramData\Avg_Update_1016tb
[-] Folder deleted: C:\ProgramData\Avg_Update_1116avz
[-] Folder deleted: C:\ProgramData\Avg_Update_1116tb
[-] Folder deleted: C:\Users\Fatal1ty\.proxycheck
[-] Folder deleted: C:\Users\Fatal1ty\.AnonymizerLauncher
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Local\NowUSeeItPlayer
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Local\AnonymizerLauncher
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Local\AppTrailers
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Local\DailyBee
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Roaming\Note-up
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Roaming\One System Care
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Roaming\ProxyGate
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Roaming\HDWallPaper
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Roaming\AppTrailers
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Roaming\DailyBee
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Roaming\Microleaves
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DailyBee
[-] Folder deleted: C:\Users\Aiden\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Users\Sierra\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Program Files\avg web tuneup
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
[-] Folder deleted: C:\ProgramData\AVG Secure Search
[-] Folder deleted: C:\ProgramData\AVG Security Toolbar
[-] Folder deleted: C:\ProgramData\Trymedia
[-] Folder deleted: C:\ProgramData\avg web tuneup
[-] Folder deleted: C:\ProgramData\Microleaves
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Security Toolbar
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Trymedia
[#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Microleaves
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NowUSeeIt Player
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
[-] Folder deleted: C:\Program Files (x86)\Itibiti Soft Phone
[-] Folder deleted: C:\Program Files (x86)\OneSystemCare
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\NowUSeeItPlayer
[-] Folder deleted: C:\Program Files (x86)\AnonymizerGadget
[-] Folder deleted: C:\Program Files (x86)\DPower
[-] Folder deleted: C:\Program Files (x86)\HDWallPaper
[-] Folder deleted: C:\Program Files (x86)\Microleaves
[-] Folder deleted: C:\Program Files (x86)\MyMemory
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[#] Folder deleted on reboot: C:\Program Files (x86)\DPower
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Roaming\AGData
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Folder deleted: C:\Users\Fatal1ty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion

***** [ Files ] *****
[-] File deleted: C:\Users\Fatal1ty\AppData\Local\Microsoft\Internet Explorer\DOMStore\N97UE06R\mapsgalaxy.dl.myway[1].xml
[-] File deleted: C:\Users\Fatal1ty\AppData\Local\Microsoft\Internet Explorer\DOMStore\6U6NAD08\free.mapsgalaxy[1].xml
[-] File deleted: C:\WINDOWS\SysNative\drivers\1197375e304cc67d656547ab4bdd17a5.sys
[-] File deleted: C:\Users\Fatal1ty\AppData\Local\uninstallro.exe
[-] File deleted: C:\Users\Fatal1ty\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
[-] File deleted: C:\END
[-] File deleted: C:\Users\Fatal1ty\AppData\Roaming\Mozilla\Firefox\Profiles\zatmf6tq.default\extensions\Avg@toolbar.xpi
[-] File deleted: C:\Users\Aiden\AppData\Roaming\Mozilla\Firefox\Profiles\57po7q90.default\extensions\Avg@toolbar.xpi
[-] File deleted: C:\Users\Fatal1ty\AppData\Roaming\Mozilla\Firefox\Profiles\zatmf6tq.default\searchplugins\avg-secure-search.xml
[-] File deleted: C:\Users\Aiden\AppData\Roaming\Mozilla\Firefox\Profiles\57po7q90.default\searchplugins\avg-secure-search.xml
[-] File deleted: C:\Users\Fatal1ty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmkckgpgekmanipelfidlhmkfcjicion_0.localstorage
[-] File deleted: C:\Users\Fatal1ty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmkckgpgekmanipelfidlhmkfcjicion_0.localstorage-journal
[-] File deleted: C:\Users\Aiden\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage
[-] File deleted: C:\Users\Aiden\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage-journal

***** [ DLL ] *****
 
***** [ WMI ] *****
 
***** [ Shortcuts ] *****
 
***** [ Scheduled Tasks ] *****
[-] Task deleted: One System Care Run Delay
[-] Task deleted: One System Care Monitor
[-] Task deleted: One System Care Task
[-] Task deleted: HDWallPaper
[-] Task deleted: Traffic Exchange Guardian
[-] Task deleted: Traffic Exchange v2
[-] Task deleted: Traffic Exchange Updater
[-] Task deleted: Traffic Exchange
[-] Task deleted: Traffic Exchange v2 Guard
[-] Task deleted: Traffic Exchange v2 OG
[-] Task deleted: Traffic Exchange v2 Guardian
[-] Task deleted: Traffic Exchange Guard
[-] Task deleted: Traffic Exchange v2 On Guard
[-] Task deleted: Online Application v2 OG
[-] Task deleted: Online Application v2 Guardian
[-] Task deleted: Online Application v2 Guard
[-] Task deleted: Online Application v2
[-] Task deleted: Online Application Guardian
[-] Task deleted: Online Application Guard
[-] Task deleted: Online Application
[-] Task deleted: Online Application v2 On Guard
[-] Task deleted: Online Application Updater

***** [ Registry ] *****
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\free.mapsgalaxy.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.dl.myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\One System Care
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\System Healer
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\WajIEnhance
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\NowUSeeItPlayer
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\MICROSOFT\wewewe
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\AppDataLow\Software\AppTrailers
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\AppDataLow\Software\DailyBee
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnonymizerGadget
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1005\Software\WajIEnhance
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1006\Software\WajIEnhance
[#] Key deleted on reboot: HKCU\Software\One System Care
[#] Key deleted on reboot: HKCU\Software\System Healer
[#] Key deleted on reboot: HKCU\Software\WajIEnhance
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\NowUSeeItPlayer
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\AppTrailers
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\DailyBee
[-] Key deleted: HKLM\SOFTWARE\Trymedia Systems
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
[-] Key deleted: HKLM\SOFTWARE\NowUSeeItPlayer
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKLM\SOFTWARE\Socia2Sear Browser Enhancer
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnonymizerGadget
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF5B9F52-33EB-4788-9569-B402FBB81FEF}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Itibiti_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DPower_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDWallPaper_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppTrailers
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DailyBee
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyMemoryPackage
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyMemory
[#] Key deleted on reboot: [x64] HKCU\Software\One System Care
[#] Key deleted on reboot: [x64] HKCU\Software\System Healer
[#] Key deleted on reboot: [x64] HKCU\Software\WajIEnhance
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\NowUSeeItPlayer
[#] Key deleted on reboot: [x64] HKCU\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\AppTrailers
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\DailyBee
[-] Key deleted: [x64] HKLM\SOFTWARE\AVG Secure Search
[-] Key deleted: [x64] HKLM\SOFTWARE\Speedchecker Limited
[-] Key deleted: [x64] HKLM\SOFTWARE\Microleaves
[-] Key deleted: [x64] HKLM\SOFTWARE\Socia2Sear Browser Enhancer
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnonymizerGadget
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\25F9B5FCBE33887459964B20BF8BF1FE
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\25F9B5FCBE33887459964B20BF8BF1FE
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25F9B5FCBE33887459964B20BF8BF1FE
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25F9B5FCBE33887459964B20BF8BF1FE
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\25F9B5FCBE33887459964B20BF8BF1FE
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\25F9B5FCBE33887459964B20BF8BF1FE
[-] Data restored: HKU\S-1-5-21-2569839009-3145067124-1236468198-1005\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1005\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKU\S-1-5-21-2569839009-3145067124-1236468198-1005\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Value deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
[-] Value deleted: HKU\S-1-5-21-2569839009-3145067124-1236468198-1000\Software\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnonymizerGadget]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DiskPower]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AppTrailers]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyMemory]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Add event reminder
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shell\Add event reminder
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Value deleted: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [NowUSeeItPlayer.exe]
[-] Key deleted: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Key deleted: HKLM\SOFTWARE\Classes\*\shell\Add event reminder
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion

***** [ Web browsers ] *****
[-] [C:\Users\Fatal1ty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Fatal1ty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Fatal1ty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.tb.ask.com
[-] [C:\Users\Fatal1ty\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bmkckgpgekmanipelfidlhmkfcjicion
[-] [C:\Users\Fatal1ty\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: chfdnecihphmhljaaejmgoiahnihplgn
[-] [C:\Users\Fatal1ty\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Deleted: bmkckgpgekmanipelfidlhmkfcjicion
[-] [C:\Users\Fatal1ty\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: bmkckgpgekmanipelfidlhmkfcjicion
[-] [C:\Users\Fatal1ty\AppData\Local\Google\Chrome\User Data\Profile 3] [extension] Deleted: bmkckgpgekmanipelfidlhmkfcjicion
[-] [C:\Users\Aiden\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Aiden\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Aiden\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mystart.incredibar.com/mb185?a=6PQNUOcYYx&i=26
[-] [C:\Users\Aiden\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://isearch.avg.com/?cid={AD2DBB7F-159E-49D3-BD8A-3EE4835C7459}&mid=23e0f44e3fd047d09aa8d1792158d4fb-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=fr&d=2012-09-29 16:27:52&v=14.0.2.14&pid=avg&sg=&sap=hp
[-] [C:\Users\Aiden\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://isearch.avg.com/?cid={8FD3A783-6751-45B1-8698-EFC80BBE0AC3}&mid=e441c015b5a247d1afcefd6e9126fdbb-5e11e1bff35d1ce505daf84dbaefabfc1dc64769&lang=en&ds=AVG&pr=fr&d=2012-09-29 00:47:49&v=14.2.0.1&pid=avg&sg=&sap=hp
[-] [C:\Users\Aiden\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: chfdnecihphmhljaaejmgoiahnihplgn
[-] [C:\Users\Sierra\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Sierra\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [25009 Bytes] - [08/01/2017 16:18:01]
C:\AdwCleaner\AdwCleaner[S0].txt - [23232 Bytes] - [08/01/2017 16:15:23]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [25157 Bytes] ##########

 

 

 

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 1/8/17
Scan Time: 4:25 PM
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.952
License: Trial
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 553028
Time Elapsed: 9 min, 3 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 10
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GeekBuddy, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B0B954AA-EA93-4A0C-A672-85459335C651}, Delete-on-Reboot, [694], [357327],1.0.952
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\cb1d0f14f8c656d5a249861bec71378a, Delete-on-Reboot, [17881], [261569],1.0.952
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\GeekBuddyRSP, Delete-on-Reboot, [2243], [342277],1.0.952
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{010F762A-8645-4AAE-9E69-40254D5147F9}, Delete-on-Reboot, [694], [335317],1.0.952
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A91EEA9B-DCAA-4B2D-B62A-50B8EA351561}, Delete-on-Reboot, [694], [321304],1.0.952
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\NC, Delete-on-Reboot, [694], [357334],1.0.952
PUP.Optional.GeekBuddy, HKLM\SYSTEM\SOFTWARE\COMODO\CLPS, Delete-on-Reboot, [2243], [342292],1.0.952
PUP.Optional.GeekBuddy, HKLM\SYSTEM\SOFTWARE\COMODO\CLPS 4, Delete-on-Reboot, [2243], [342292],1.0.952
PUP.Optional.GeekBuddy, HKLM\SYSTEM\SOFTWARE\COMODO\GeekBuddy, Delete-on-Reboot, [2243], [346772],1.0.952
Registry Value: 7
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B0B954AA-EA93-4A0C-A672-85459335C651}|PATH, Delete-on-Reboot, [694], [357327],1.0.952
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\cb1d0f14f8c656d5a249861bec71378a|DISPLAYNAME, Delete-on-Reboot, [17881], [261569],1.0.952
PUP.Optional.DailyBee, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DAILYBEE, Delete-on-Reboot, [688], [335037],1.0.952
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{010F762A-8645-4AAE-9E69-40254D5147F9}|CONTACT, Delete-on-Reboot, [694], [333851],1.0.952
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{010F762A-8645-4AAE-9E69-40254D5147F9}|URLINFOABOUT, Delete-on-Reboot, [694], [335317],1.0.952
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A91EEA9B-DCAA-4B2D-B62A-50B8EA351561}|CONTACT, Delete-on-Reboot, [694], [333851],1.0.952
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A91EEA9B-DCAA-4B2D-B62A-50B8EA351561}|URLINFOABOUT, Delete-on-Reboot, [694], [321304],1.0.952
Data Stream: 0
(No malicious items detected)
Folder: 31
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-10, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-18, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-30, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-32, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-202, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-203, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-0, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\plugin, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt\components\plugin, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt\components\core, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt\components, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\imageformats, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\resources, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\PROGRAM FILES\COMODO\GeekBuddy, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.MyMemory, C:\PROGRAM FILES (X86)\4102E3CD-C549-4B18-843F-7D8E016B26FF1483746283, Delete-on-Reboot, [1889], [357989],1.0.952
PUP.Optional.Wajam.Gen, C:\Program Files\cb1d0f14f8c656d5a249861bec71378a\71a57cbf79f23f8f7eaff51f4d3fed18, Delete-on-Reboot, [17834], [259462],1.0.952
PUP.Optional.Wajam.Gen, C:\PROGRAM FILES\cb1d0f14f8c656d5a249861bec71378a, Delete-on-Reboot, [17834], [259462],1.0.952
File: 131
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\imageformats\qgif4.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\component.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\lpsgui.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\translation_1033.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\translation_1055.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\translation_gui_1033.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\translation_gui_1055.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-202\component.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-202\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-202\gateway.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-202\local.cer, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-203\component.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-203\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\components\plugin\empty, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-ca\application.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-0\component.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-0\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-0\translation_1033.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-0\translation_1055.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-10\component.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-10\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\component.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\eventdisplaysettings.txt, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\lpsres.rcc, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\translation_gui_1033.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\translation_gui_1055.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-18\component.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-18\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\component.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\configuration_1033.db, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\configuration_1055.db, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\configuration_cs_1033.db, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\configuration_cs_1055.db, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-30\component.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-30\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-30\lpsres.rcc, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-30\translation_gui_1033.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-30\translation_gui_1055.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-32\component.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-32\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\component.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\eventmonitorapi.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\component.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\eventsolverapi.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\translation_1033.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\translation_1055.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\empty, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-cspm\application.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\antierrorgui.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\component.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\translation_1033.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\translation_1055.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\translation_gui_1033.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\translation_gui_1055.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt\components\plugin\empty, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lps-vt\application.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\resources\translation_ca_notifier_1033.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\resources\translation_ca_notifier_1055.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\resources\translation_ca_splash_1033.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\resources\translation_ca_splash_1055.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\resources\translation_vt_notifier_1033.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\resources\translation_vt_notifier_1055.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\resources\translation_vt_splash_1033.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\resources\translation_vt_splash_1055.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\resources\translation_welcome_1033.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\resources\translation_welcome_1055.qm, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\libeay32.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\QtScript4.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\unit.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\ccav-yahoo-install.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\CLPSLA.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\distribution_info.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\export.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\GeekBuddyRSP.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\Hyperlink.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\launcher.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\launcher_service.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\locale.id, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lpsres_ca.rcc, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lpsres_splash.rcc, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\lpsres_vt.rcc, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\NOKIA-QT-LICENSE.LGPL, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\notification.wav, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\publisher.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\QtCore4.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\QtGui4.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\QtSql4.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\QtWebKit4.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\QtXmlPatterns4.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\safesearch.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\sas.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\screenhooks32.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\splash_screen.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\ssleay32.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\uninstall.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\unit.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\unity_core.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\unit_manager.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\unit_manager.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\unit_notifier.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\unit_notifier.rcc, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\update.cfg, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\version_logging.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\web-client.dll, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\welcome_screen.exe, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.GeekBuddy, C:\Program Files\COMODO\GeekBuddy\welcome_screen.rcc, Delete-on-Reboot, [2243], [342281],1.0.952
PUP.Optional.DriverUpdate, C:\$RECYCLE.BIN\S-1-5-21-2569839009-3145067124-1236468198-1005\$R1M5OEJ.EXE, Delete-on-Reboot, [1207], [327739],1.0.952
PUP.Optional.DriverUpdate, C:\$RECYCLE.BIN\S-1-5-21-2569839009-3145067124-1236468198-1005\$RK1MWPB.EXE, Delete-on-Reboot, [1207], [327739],1.0.952
PUP.Optional.MyMemory, C:\PROGRAM FILES (X86)\4102E3CD-C549-4B18-843F-7D8E016B26FF1483746283\MYMEMORYPACKAGE.EXE, Delete-on-Reboot, [1889], [357989],1.0.952
PUP.Optional.MyMemory, C:\Program Files (x86)\4102e3cd-c549-4b18-843f-7d8e016b26ff1483746283\kns4102e3cd-c549-4b18-843f-7d8e016b26ff.tmpfs, Delete-on-Reboot, [1889], [357989],1.0.952
PUP.Optional.MyMemory, C:\Program Files (x86)\4102e3cd-c549-4b18-843f-7d8e016b26ff1483746283\Uninstall.exe, Delete-on-Reboot, [1889], [357989],1.0.952
PUP.Optional.Tuto4PC, C:\USERS\FATAL1TY\APPDATA\LOCAL\TEMP\SQU2D0Z8YK.EXE, Delete-on-Reboot, [112], [314786],1.0.952
PUP.Optional.GeekBuddy, C:\USERS\FATAL1TY\APPDATA\LOCAL\TEMP\NSSD125.TMP\LPS-GB-VT-X64.EXE, Delete-on-Reboot, [2243], [342282],1.0.952
PUP.Optional.OnlineIO, C:\USERS\FATAL1TY\APPDATA\LOCAL\TEMP\440113890\IC-0.D51A7A053DC64.EXE, Delete-on-Reboot, [694], [337831],1.0.952
PUP.Optional.NowUSeeItPlayer, C:\WINDOWS\INSTALLER\1A459077.MSI, Delete-on-Reboot, [1425], [299989],1.0.952
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\NC, Delete-on-Reboot, [694], [357341],1.0.952
PUP.Optional.Wajam.Gen, C:\PROGRAM FILES\cb1d0f14f8c656d5a249861bec71378a\71a57cbf79f23f8f7eaff51f4d3fed18\0073703b51402a3f3d1a6166a0c7f1b2.ico, Delete-on-Reboot, [17834], [259462],1.0.952
PUP.Optional.Wajam.Gen, C:\Program Files\cb1d0f14f8c656d5a249861bec71378a\71a57cbf79f23f8f7eaff51f4d3fed18\0efe804e69e56858de7b08f76008f8cb.ico, Delete-on-Reboot, [17834], [259462],1.0.952
PUP.Optional.Wajam.Gen, C:\Program Files\cb1d0f14f8c656d5a249861bec71378a\71a57cbf79f23f8f7eaff51f4d3fed18\f764f0a1ba1f2c937a8b68acbc400122.ico, Delete-on-Reboot, [17834], [259462],1.0.952
PUP.Optional.Wajam.Gen, C:\Program Files\cb1d0f14f8c656d5a249861bec71378a\0da427bdd20a7940757cecc678f2d289, Delete-on-Reboot, [17834], [259462],1.0.952
PUP.Optional.Wajam.Gen, C:\Program Files\cb1d0f14f8c656d5a249861bec71378a\0efe804e69e56858de7b08f76008f8cb.ico, Delete-on-Reboot, [17834], [259462],1.0.952
PUP.Optional.Wajam.Gen, C:\Program Files\cb1d0f14f8c656d5a249861bec71378a\5edf2f9a044017af42b8ad93e0483c29.exe, Delete-on-Reboot, [17834], [259462],1.0.952
PUP.Optional.Wajam.Gen, C:\Program Files\cb1d0f14f8c656d5a249861bec71378a\d38aa589bf669c734c05dc75b7a6553e.exe, Delete-on-Reboot, [17834], [259462],1.0.952
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\NC.JOB, Delete-on-Reboot, [694], [357340],1.0.952
Physical Sector: 0
(No malicious items detected)

(end)

 

ESET SCAN

 

C:\AdwCleaner\quarantine\files\gfwhnvdicepckunxesetblewenhbjtvh\NowUSeeItPlayer.dll a variant of Win32/Verti.R potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\gfwhnvdicepckunxesetblewenhbjtvh\NowUSeeItPlayer.exe a variant of Win32/Verti.U potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\rpdcosotdphjtjuwbuayqugzqzyghlsl\MainService.exe a variant of Win32/ProxyGate.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\rpdcosotdphjtjuwbuayqugzqzyghlsl\PGChk.exe a variant of Win32/ProxyGate.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\rpdcosotdphjtjuwbuayqugzqzyghlsl\ProxyGate.exe a variant of Win32/ProxyGate.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\rpdcosotdphjtjuwbuayqugzqzyghlsl\Socket.exe a variant of Win32/ProxyGate.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\rpdcosotdphjtjuwbuayqugzqzyghlsl\TrafficMonitor.exe a variant of Win32/ProxyGate.A potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Users\Fatal1ty\AppData\Local\Microsoft\Windows\INetCache\IE\MGEA4IE3\jXsQWvvo[1].exe a variant of Win32/Adware.ConvertAd.AJQ.gen application cleaned by deleting
C:\Users\Fatal1ty\AppData\Local\Microsoft\Windows\INetCache\IE\MGEA4IE3\MapsGalaxy.c0515f058a8e464b943cd47b03d57508[1].exe Win32/Toolbar.MyWebSearch.BA potentially unwanted application deleted
C:\Users\Fatal1ty\AppData\Local\Microsoft\Windows\INetCache\IE\QHKAQ26D\brastub6ab_ftptn_inst[1].exe a variant of Win32/SpeedBit.BE potentially unwanted application cleaned by deleting
C:\Users\Fatal1ty\AppData\Local\Microsoft\Windows\INetCache\IE\W74YV095\4MVkl1Nny[1] a variant of Win32/Adware.ConvertAd.AJQ.gen application cleaned by deleting
C:\Users\Fatal1ty\AppData\Local\Microsoft\Windows\INetCache\IE\W74YV095\bXoa5[1].exe a variant of Win32/Adware.ConvertAd.AJI application cleaned by deleting
C:\Users\Fatal1ty\AppData\Local\Microsoft\Windows\INetCache\IE\W74YV095\xPNMJ22[1] a variant of Win32/Adware.ConvertAd.AJQ.gen application cleaned by deleting
C:\Users\Fatal1ty\AppData\Local\Temp\nsv1A59.tmp a variant of Win32/Adware.ConvertAd.AJQ.gen application cleaned by deleting
C:\Users\Fatal1ty\AppData\Local\Temp\nsxD0A9.tmp a variant of Win32/Adware.ConvertAd.AJQ.gen application cleaned by deleting
C:\Users\Fatal1ty\AppData\Local\Temp\6DZ51A2Y1\6DZ51A2Y1.exe Win32/Adware.ConvertAd.AJL application cleaned by deleting
C:\Users\Fatal1ty\AppData\Local\Temp\DXK65Q6ZA\GeekBuddy8098.exe NSIS/TrojanDownloader.Adload.CG trojan cleaned by deleting
C:\Users\Fatal1ty\AppData\Local\Temp\MHYX3WFB1\social2search.exe a variant of Win32/Packed.NSISmod.AE suspicious application cleaned by deleting
C:\Users\Fatal1ty\AppData\Local\Temp\nso855F.tmp\dnow4.exe a variant of Win32/Adware.Dotdo.M application cleaned by deleting
C:\Users\Fatal1ty\Downloads\winzip20-wz.exe a variant of Win32/InstallCore.AGV potentially unwanted application cleaned by deleting
C:\Windows\5edf2f9a044017af42b8ad93e0483c29.exe a variant of Win32/Packed.NSISmod.AE suspicious application cleaned by deleting
F:\Users\CandyCane01\Desktop\Hansome\AppData\Local\Sparta\CreateShortCut.dll a variant of Win32/InstallCore.ACL potentially unwanted application cleaned by deleting
F:\Users\CandyCane01\Desktop\Hansome\AppData\Local\Sparta\TaskScheduler.dll a variant of Win32/InstallCore.ACL potentially unwanted application cleaned by deleting
F:\Users\CandyCane01\Desktop\Hansome\AppData\Local\Sparta\Uninstaller.exe a variant of Win32/InstallCore.ADB potentially unwanted application cleaned by deleting
F:\Users\CandyCane01\Desktop\Hansome\Downloads\winzip18-lan_en (1).exe a variant of Win32/InstallCore.AEO.gen potentially unwanted application cleaned by deleting
F:\Users\CandyCane01\Desktop\Hansome\Downloads\winzip18-lan_en.exe a variant of Win32/InstallCore.AEO.gen potentially unwanted application cleaned by deleting
F:\Windows.old\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
F:\Windows.old\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application cleaned by deleting
F:\Windows.old\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
F:\Windows.old\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
F:\Windows.old\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
F:\Windows.old\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
 



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:08 AM

Posted 09 January 2017 - 10:54 AM

Did you restart the computer after running Malwarebytes?

 

Are you still seeing the adware?

 

You had a large amount of PUPs (Potentially Unwanted Programs).  One of the most common ways to "acquire" these is through installing downloaded programs.  Authors of programs that are available to download make extra revenue by bundling other programs supplied by other authors.  There are two ways to install these downloads, Express installation and Custom installation.  The express installation is usually "suggested", this type of installation will install all of the bundled programs.  If you use the Custom installation you view the bundled software and select or delete it.  A lot of the time these bundled software already have a check in the box to install it.  In these cases you can simply delete the check.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 herohans

herohans
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 09 January 2017 - 08:36 PM

It looks like I'm good.  I rebooted but still got stopped from going to Google.com.  It looks like it was ssp.zryydi.com redirect tied to the google.com address.  I ran a Malwarebytes scan a second time and it found 1 other threat.  I also ran hitmanpro and it found and removed 4 other threats.  Another reboot and google is google again. 

 

I'll see if I can get my 13 year old son to do custom installs from now on.

 

Thanks for the help.

 

Hans






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users