linds516
Members-
Posts
9 -
Joined
-
Last visited
Reputation
0 NeutralProfile Information
-
Location
Philippines
-
Setup files corrupted, can't install program
linds516 replied to linds516's topic in Resolved Malware Removal Logs
Once again, thank you very much for your help! -
Setup files corrupted, can't install program
linds516 replied to linds516's topic in Resolved Malware Removal Logs
it is better now, no more pop ups and ads! hehe thanks a lot! -
Setup files corrupted, can't install program
linds516 replied to linds516's topic in Resolved Malware Removal Logs
Here's the JavaRe log JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jun 22 19:36:49 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. and here's the malware log Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/22/2014Scan Time: 7:57:08 PMLogfile: malware bytes final.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.22.01Rootkit Database: v2014.06.20.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: LindsChua Scan Type: Threat ScanResult: CompletedObjects Scanned: 295316Time Elapsed: 9 min, 14 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.Babylon.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.babylon.com/?affID=112555&tt=201208_mnt_n_3512_4&babsrc=HP_ss&mntrId=be92a6190000000000000026c63bfd6f", "www.google.com" ],), Replaced,[a21df585c5b622142363f4bccd37ce32] Physical Sectors: 0(No malicious items detected) (end) -
Setup files corrupted, can't install program
linds516 replied to linds516's topic in Resolved Malware Removal Logs
Adware cleaner log: # AdwCleaner v3.212 - Report created 21/06/2014 at 09:09:42# Updated 05/06/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : LindsChua - LINDS# Running from : C:\Users\LindsChua\Downloads\adwcleaner_3.212.exe# Option : Clean ***** [ Services ] ***** [#] Service Deleted : globalUpdate[#] Service Deleted : globalUpdatem ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\globalUpdateFolder Deleted : C:\Program Files (x86)\VNTFolder Deleted : C:\Users\LINDSC~1\AppData\Local\Temp\apnFolder Deleted : C:\Users\LINDSC~1\AppData\Local\Temp\ConstaSurfFolder Deleted : C:\Users\LindsChua\AppData\Local\globalUpdateFolder Deleted : C:\Users\LindsChua\AppData\Local\NativeMessagingFolder Deleted : C:\Users\LindsChua\AppData\Local\TbccintFolder Deleted : C:\Users\LindsChua\AppData\Local\VNTFile Deleted : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.jobFile Deleted : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCoreFile Deleted : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.jobFile Deleted : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [startup_urls] : hxxp://search.babylon.com/?affID=112555&tt=201208_mnt_n_3512_4&babsrc=HP_ss&mntrId=be92a6190000000000000026c63bfd6f ************************* AdwCleaner[R0].txt - [1936 octets] - [19/06/2014 20:22:00]AdwCleaner[R1].txt - [1996 octets] - [21/06/2014 08:53:15]AdwCleaner[s0].txt - [1957 octets] - [21/06/2014 09:09:42] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2017 octets] ########## Malwarebytes Anti-Malware Log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/21/2014Scan Time: 11:08:45 AMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.21.01Rootkit Database: v2014.06.20.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: LindsChua Scan Type: Threat ScanResult: CompletedObjects Scanned: 296532Time Elapsed: 10 min, 15 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.Babylon.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.babylon.com/?affID=112555&tt=201208_mnt_n_3512_4&babsrc=HP_ss&mntrId=be92a6190000000000000026c63bfd6f", "www.google.com" ],), Replaced,[19a6c8b234472511bd37b1fdc0443fc1] Physical Sectors: 0(No malicious items detected) (end) ESET Online Log: C:\AdwCleaner\Quarantine\C\Users\LindsChua\AppData\Local\NativeMessaging\CT3289075\1_0_1_5\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\LindsChua\AppData\Local\Tbccint\Chrome\CT3289075\CHUninstaller.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted applicationC:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 Win32/Adware.1ClickDownload.AJ applicationC:\Users\LindsChua\AppData\Local\Temp\uttF4F0.tmp.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe applicationC:\Users\LindsChua\Downloads\cdbxp_setup_4.5.3.4643.exe Win32/OpenCandy potentially unsafe application Attached is the FRST log.FRST.txt -
Setup files corrupted, can't install program
linds516 replied to linds516's topic in Resolved Malware Removal Logs
Here is the logfile for Junkware Removal Tool ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 8.1 x64Ran by LindsChua on Thu 06/19/2014 at 19:53:03.42~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] APNMCPSuccessfully deleted: [service] APNMCP ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensionsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensionsSuccessfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork" ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn"Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"Successfully deleted: [Folder] "C:\Program Files (x86)\askpartnernetwork" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 06/19/2014 at 20:06:12.86End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Here is the adwcleaner log. I'm not sure on which one of these i need to save.. can you help me? # AdwCleaner v3.212 - Report created 19/06/2014 at 20:22:00# Updated 05/06/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : LindsChua - LINDS# Running from : C:\Users\LindsChua\Downloads\adwcleaner_3.212.exe# Option : Scan ***** [ Services ] ***** Service Found : globalUpdateService Found : globalUpdatem ***** [ Files / Folders ] ***** File Found : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCoreFile Found : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUAFile Found : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.jobFile Found : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.jobFolder Found : C:\Program Files (x86)\globalUpdateFolder Found : C:\Program Files (x86)\VNTFolder Found : C:\Users\LINDSC~1\AppData\Local\Temp\apnFolder Found : C:\Users\LINDSC~1\AppData\Local\Temp\ConstaSurfFolder Found : C:\Users\LindsChua\AppData\Local\globalUpdateFolder Found : C:\Users\LindsChua\AppData\Local\NativeMessagingFolder Found : C:\Users\LindsChua\AppData\Local\TbccintFolder Found : C:\Users\LindsChua\AppData\Local\VNT ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4Key Found : [x64] HKLM\SOFTWARE\installedbrowserextensions ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [startup_urls] : hxxp://search.babylon.com/?affID=112555&tt=201208_mnt_n_3512_4&babsrc=HP_ss&mntrId=be92a6190000000000000026c63bfd6f ************************* AdwCleaner[R0].txt - [1792 octets] - [19/06/2014 20:22:00] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1852 octets] ########## -
Setup files corrupted, can't install program
linds516 replied to linds516's topic in Resolved Malware Removal Logs
Hi! Attached are the Rkill and RougueKiller log files.. This is the log from MBam. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/19/2014Scan Time: 2:41:38 AMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.18.07Rootkit Database: v2014.06.02.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: LindsChua Scan Type: Threat ScanResult: CompletedObjects Scanned: 295928Time Elapsed: 10 min, 26 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 4PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe, 5080, Delete-on-Reboot, [7a387cf75a2157df95459fd4c14017e9]PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\updateConstaSurf.exe, 4856, Delete-on-Reboot, [e9c9ee859cdfb18536a4cea560a1ab55]PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.BrowserAdapter.exe, 968, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888]PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowse64.exe, 4720, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888] Modules: 3PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurfBAApp.dll, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.dll, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.dll, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], Registry Keys: 54PUP.Optional.ConstaSurf.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util ConstaSurf, Quarantined, [7a387cf75a2157df95459fd4c14017e9], PUP.Optional.ConstaSurf.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update ConstaSurf, Quarantined, [e9c9ee859cdfb18536a4cea560a1ab55], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511701150}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511701150}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544704450}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555705550}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566706650}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555705550}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566706650}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544704450}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0057050.BHO.1, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511701150}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511701150}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0057050.BHO, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0057050.BHO, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0057050.BHO.1, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522702250}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0057050.Sandbox.1, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0057050.Sandbox, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0057050.Sandbox, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0057050.Sandbox.1, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522702250}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511701150}\INPROCSERVER32, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [258d92e1cfac48ee52926018689aa060], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [258d92e1cfac48ee52926018689aa060], PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [f5bdbcb71269b482b58e95af28daa55b], PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [f5bdbcb71269b482b58e95af28daa55b], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [f5bdbcb71269b482b58e95af28daa55b], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [f5bdbcb71269b482b58e95af28daa55b], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SavePass, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [feb4472c4b3045f123ec54657a887c84], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\ConstaSurf, Quarantined, [cae8076cd8a3a492cb6ee8cd1ee40ef2], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\SavePass, Quarantined, [9919f38046357abc55f65955fb07a060], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [8230d99a3e3d1d19b45b19a0d32f05fb], PUP.Optional.SavePass.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SavePass, Quarantined, [e2d0b4bf0a713ff7dd6c98167a88ff01], PUP.Optional.ConstaSurf.A, HKU\S-1-5-21-2024933626-1685542136-1983201705-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ConstaSurf, Quarantined, [efc3650e7ffc53e3ba7e3f7614ee6f91], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2024933626-1685542136-1983201705-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [08aaacc7ed8e5bdbee30e50bfd069c64], PUP.Optional.SavePass.A, HKU\S-1-5-21-2024933626-1685542136-1983201705-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SavePass, Quarantined, [04aeec87552652e451f8dfcf976bd52b], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2024933626-1685542136-1983201705-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [60527102710afd39d83882373bc705fb], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2024933626-1685542136-1983201705-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\OutBrowse, Quarantined, [d7dbdd964833a096b982b2fc25dd7090], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ConstaSurf, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{d7356335-81bf-4769-bfbd-2e2889138641}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{52654f2b-3a13-4569-ab52-ef4201f79221}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{41E2BE59-5C34-46AB-B743-6678BC94F42C}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{41E2BE59-5C34-46AB-B743-6678BC94F42C}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{52654f2b-3a13-4569-ab52-ef4201f79221}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D7356335-81BF-4769-BFBD-2E2889138641}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [7e341a59ea911e18af35306fc83a7888], Registry Values: 0(No malicious items detected) Registry Data: 1PUP.Optional.Awesomehp.A, HKU\S-1-5-21-2024933626-1685542136-1983201705-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.awesomehp.com/?type=hp&ts=1393328129&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9FD134946, Good: (http://www.google.com), Bad: (http://www.awesomehp.com/?type=hp&ts=1393328129&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9FD134946),Replaced,[7f335b18c9b274c23eba32409d676e92] Folders: 6PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\TEMP, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB, Quarantined, [8d25343fadcef343d50dd4cdd52d2dd3], Files: 49PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe, Delete-on-Reboot, [7a387cf75a2157df95459fd4c14017e9], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\updateConstaSurf.exe, Delete-on-Reboot, [e9c9ee859cdfb18536a4cea560a1ab55], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\SavePass-bho64.dll, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\SavePass-bho.dll, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.OutBrowse, C:\Users\LindsChua\AppData\Local\Temp\DownloadManager.exe, Quarantined, [f5bdbcb71269b482b58e95af28daa55b], PUP.Optional.ScramblePacker.A, C:\Users\LindsChua\AppData\Local\Temp\1_Offer_3.exe, Quarantined, [684ae78c3645a096e8604c3f15ec7987], PUP.Optional.Smart, C:\Users\LindsChua\AppData\Local\Temp\Rar$EXa0.807\OnlineSurveyBypassTool.exe, Quarantined, [902289ea7ffcc96d181bb95323deb34d], PUP.Optional.Conduit.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_facebook.conduitapps.com_0.localstorage, Quarantined, [efc3d59e2f4cfa3ce02e55555aa838c8], PUP.Optional.Conduit.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_facebook.conduitapps.com_0.localstorage-journal, Quarantined, [b5fde88b562560d630de397154ae7789], PUP.Optional.Conduit.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage, Quarantined, [4a682b480f6ca88e1a585b51847eca36], PUP.Optional.Conduit.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal, Quarantined, [eec45d16accf2016d999179539c9758b], PUP.Optional.Superfish.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [7d35e1928af1f343cf004f5d33cf10f0], PUP.Optional.Superfish.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [258d5320324956e07c539a12c63ce21e], PUP.Optional.Conduit.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage, Quarantined, [70421b58abd03ff7ca5e0aa3f30ff10f], PUP.Optional.Conduit.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage-journal, Quarantined, [3e749ad97803cf67cd5b7e2f6c96a35d], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\background.html, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\bgNova.html, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\1293297481.mxaddon, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\360-57050.crx, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\57050.xpi, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\62226a2b-0261-4d0c-b1d3-d05b39322c23.crx, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\SavePass-nova.dll, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\SavePass.ico, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\Uninstall.exe, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\utils.exe, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.Pricegong, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage, Quarantined, [9022e88b22598caaf301249fd42e02fe], PUP.Optional.Pricegong, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal, Quarantined, [efc3b1c2afcc072f5f95913214eed52b], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\0, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\7za.exe, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\ConstaSurf.FirstRun.exe, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\ConstaSurf.ico, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\ConstaSurfUninstall.exe, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\E12ADA38-689B-4266-B51D-46F8EF8D4BA7.dll, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\updateConstaSurf.InstallState, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\7za.exe, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\BrowserAdapterS.7z, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.BrowserAdapter.exe, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowse.zip, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowse64.exe, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurfBAApp.dll, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.InstallState, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.dll, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.Bromon.dll, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.BroStats.dll, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.BrowserAdapterS.dll, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.CompatibilityChecker.dll, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.PurBrowse.dll, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB\abb-bundler-uninstall.exe, Quarantined, [8d25343fadcef343d50dd4cdd52d2dd3], PUP.Optional.Babylon.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.babylon.com/?affID=112555&tt=201208_mnt_n_3512_4&babsrc=HP_ss&mntrId=be92a6190000000000000026c63bfd6f", "www.google.com" ],), Replaced,[ebc7f281d4a72313b682f9b2b84c37c9] Physical Sectors: 0(No malicious items detected) (end) Rkill.txt RKreport_SCN_06192014_073237.log -
Setup files corrupted, can't install program
linds516 replied to linds516's topic in Resolved Malware Removal Logs
Hi guys, just want to follow up on this thread. Still needs help! hehe -
Hi I was referred to this forum from here. As stated there When i try to install mbam-setup-2.0.2.1012 I get "Setup Files Corrupted. Please obtain a new copy of the program." I have downloaded the file a couple of times but still won't work. I think I have a virus. Also, i noticed that i have pop-ups from websites that i visited before that don't have them. how do i fix this? I also ran the FRST program. Attached are the files it produced. Thanks in advance! Addition.txt FRST.txt