linds516

Once again, thank you very much for your help!

it is better now, no more pop ups and ads! hehe thanks a lot!

Here's the JavaRe log JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jun 22 19:36:49 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. and here's the malware log Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/22/2014Scan Time: 7:57:08 PMLogfile: malware bytes final.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.22.01Rootkit Database: v2014.06.20.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: LindsChua Scan Type: Threat ScanResult: CompletedObjects Scanned: 295316Time Elapsed: 9 min, 14 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.Babylon.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.babylon.com/?affID=112555&tt=201208_mnt_n_3512_4&babsrc=HP_ss&mntrId=be92a6190000000000000026c63bfd6f", "www.google.com" ],), Replaced,[a21df585c5b622142363f4bccd37ce32] Physical Sectors: 0(No malicious items detected) (end)

Adware cleaner log: # AdwCleaner v3.212 - Report created 21/06/2014 at 09:09:42# Updated 05/06/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : LindsChua - LINDS# Running from : C:\Users\LindsChua\Downloads\adwcleaner_3.212.exe# Option : Clean ***** [ Services ] ***** [#] Service Deleted : globalUpdate[#] Service Deleted : globalUpdatem ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\globalUpdateFolder Deleted : C:\Program Files (x86)\VNTFolder Deleted : C:\Users\LINDSC~1\AppData\Local\Temp\apnFolder Deleted : C:\Users\LINDSC~1\AppData\Local\Temp\ConstaSurfFolder Deleted : C:\Users\LindsChua\AppData\Local\globalUpdateFolder Deleted : C:\Users\LindsChua\AppData\Local\NativeMessagingFolder Deleted : C:\Users\LindsChua\AppData\Local\TbccintFolder Deleted : C:\Users\LindsChua\AppData\Local\VNTFile Deleted : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.jobFile Deleted : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCoreFile Deleted : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.jobFile Deleted : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [startup_urls] : hxxp://search.babylon.com/?affID=112555&tt=201208_mnt_n_3512_4&babsrc=HP_ss&mntrId=be92a6190000000000000026c63bfd6f ************************* AdwCleaner[R0].txt - [1936 octets] - [19/06/2014 20:22:00]AdwCleaner[R1].txt - [1996 octets] - [21/06/2014 08:53:15]AdwCleaner[s0].txt - [1957 octets] - [21/06/2014 09:09:42] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2017 octets] ########## Malwarebytes Anti-Malware Log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/21/2014Scan Time: 11:08:45 AMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.21.01Rootkit Database: v2014.06.20.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: LindsChua Scan Type: Threat ScanResult: CompletedObjects Scanned: 296532Time Elapsed: 10 min, 15 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.Babylon.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.babylon.com/?affID=112555&tt=201208_mnt_n_3512_4&babsrc=HP_ss&mntrId=be92a6190000000000000026c63bfd6f", "www.google.com" ],), Replaced,[19a6c8b234472511bd37b1fdc0443fc1] Physical Sectors: 0(No malicious items detected) (end) ESET Online Log: C:\AdwCleaner\Quarantine\C\Users\LindsChua\AppData\Local\NativeMessaging\CT3289075\1_0_1_5\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\LindsChua\AppData\Local\Tbccint\Chrome\CT3289075\CHUninstaller.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted applicationC:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 Win32/Adware.1ClickDownload.AJ applicationC:\Users\LindsChua\AppData\Local\Temp\uttF4F0.tmp.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe applicationC:\Users\LindsChua\Downloads\cdbxp_setup_4.5.3.4643.exe Win32/OpenCandy potentially unsafe application Attached is the FRST log.FRST.txt

Here is the logfile for Junkware Removal Tool ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 8.1 x64Ran by LindsChua on Thu 06/19/2014 at 19:53:03.42~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] APNMCPSuccessfully deleted: [service] APNMCP ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensionsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensionsSuccessfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork" ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn"Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"Successfully deleted: [Folder] "C:\Program Files (x86)\askpartnernetwork" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 06/19/2014 at 20:06:12.86End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Here is the adwcleaner log. I'm not sure on which one of these i need to save.. can you help me? # AdwCleaner v3.212 - Report created 19/06/2014 at 20:22:00# Updated 05/06/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : LindsChua - LINDS# Running from : C:\Users\LindsChua\Downloads\adwcleaner_3.212.exe# Option : Scan ***** [ Services ] ***** Service Found : globalUpdateService Found : globalUpdatem ***** [ Files / Folders ] ***** File Found : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCoreFile Found : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUAFile Found : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.jobFile Found : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.jobFolder Found : C:\Program Files (x86)\globalUpdateFolder Found : C:\Program Files (x86)\VNTFolder Found : C:\Users\LINDSC~1\AppData\Local\Temp\apnFolder Found : C:\Users\LINDSC~1\AppData\Local\Temp\ConstaSurfFolder Found : C:\Users\LindsChua\AppData\Local\globalUpdateFolder Found : C:\Users\LindsChua\AppData\Local\NativeMessagingFolder Found : C:\Users\LindsChua\AppData\Local\TbccintFolder Found : C:\Users\LindsChua\AppData\Local\VNT ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4Key Found : [x64] HKLM\SOFTWARE\installedbrowserextensions ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [startup_urls] : hxxp://search.babylon.com/?affID=112555&tt=201208_mnt_n_3512_4&babsrc=HP_ss&mntrId=be92a6190000000000000026c63bfd6f ************************* AdwCleaner[R0].txt - [1792 octets] - [19/06/2014 20:22:00] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1852 octets] ##########

Hi! Attached are the Rkill and RougueKiller log files.. This is the log from MBam. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/19/2014Scan Time: 2:41:38 AMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.18.07Rootkit Database: v2014.06.02.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: LindsChua Scan Type: Threat ScanResult: CompletedObjects Scanned: 295928Time Elapsed: 10 min, 26 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 4PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe, 5080, Delete-on-Reboot, [7a387cf75a2157df95459fd4c14017e9]PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\updateConstaSurf.exe, 4856, Delete-on-Reboot, [e9c9ee859cdfb18536a4cea560a1ab55]PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.BrowserAdapter.exe, 968, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888]PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowse64.exe, 4720, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888] Modules: 3PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurfBAApp.dll, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.dll, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.dll, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], Registry Keys: 54PUP.Optional.ConstaSurf.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util ConstaSurf, Quarantined, [7a387cf75a2157df95459fd4c14017e9], PUP.Optional.ConstaSurf.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update ConstaSurf, Quarantined, [e9c9ee859cdfb18536a4cea560a1ab55], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511701150}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511701150}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544704450}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555705550}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566706650}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555705550}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566706650}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544704450}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0057050.BHO.1, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511701150}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511701150}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0057050.BHO, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0057050.BHO, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0057050.BHO.1, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522702250}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0057050.Sandbox.1, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0057050.Sandbox, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0057050.Sandbox, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0057050.Sandbox.1, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522702250}, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511701150}\INPROCSERVER32, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [258d92e1cfac48ee52926018689aa060], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [258d92e1cfac48ee52926018689aa060], PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [f5bdbcb71269b482b58e95af28daa55b], PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [f5bdbcb71269b482b58e95af28daa55b], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [f5bdbcb71269b482b58e95af28daa55b], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [f5bdbcb71269b482b58e95af28daa55b], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SavePass, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [feb4472c4b3045f123ec54657a887c84], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\ConstaSurf, Quarantined, [cae8076cd8a3a492cb6ee8cd1ee40ef2], PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\SavePass, Quarantined, [9919f38046357abc55f65955fb07a060], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [8230d99a3e3d1d19b45b19a0d32f05fb], PUP.Optional.SavePass.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SavePass, Quarantined, [e2d0b4bf0a713ff7dd6c98167a88ff01], PUP.Optional.ConstaSurf.A, HKU\S-1-5-21-2024933626-1685542136-1983201705-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ConstaSurf, Quarantined, [efc3650e7ffc53e3ba7e3f7614ee6f91], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2024933626-1685542136-1983201705-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [08aaacc7ed8e5bdbee30e50bfd069c64], PUP.Optional.SavePass.A, HKU\S-1-5-21-2024933626-1685542136-1983201705-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SavePass, Quarantined, [04aeec87552652e451f8dfcf976bd52b], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2024933626-1685542136-1983201705-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [60527102710afd39d83882373bc705fb], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2024933626-1685542136-1983201705-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\OutBrowse, Quarantined, [d7dbdd964833a096b982b2fc25dd7090], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ConstaSurf, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{d7356335-81bf-4769-bfbd-2e2889138641}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{52654f2b-3a13-4569-ab52-ef4201f79221}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{41E2BE59-5C34-46AB-B743-6678BC94F42C}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{41E2BE59-5C34-46AB-B743-6678BC94F42C}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{52654f2b-3a13-4569-ab52-ef4201f79221}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D7356335-81BF-4769-BFBD-2E2889138641}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [7e341a59ea911e18af35306fc83a7888], Registry Values: 0(No malicious items detected) Registry Data: 1PUP.Optional.Awesomehp.A, HKU\S-1-5-21-2024933626-1685542136-1983201705-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.awesomehp.com/?type=hp&ts=1393328129&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9FD134946, Good: (http://www.google.com), Bad: (http://www.awesomehp.com/?type=hp&ts=1393328129&from=ild&uid=ST1000LM024XHN-M101MBB_S2U5J9FD134946),Replaced,[7f335b18c9b274c23eba32409d676e92] Folders: 6PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\TEMP, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB, Quarantined, [8d25343fadcef343d50dd4cdd52d2dd3], Files: 49PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe, Delete-on-Reboot, [7a387cf75a2157df95459fd4c14017e9], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\updateConstaSurf.exe, Delete-on-Reboot, [e9c9ee859cdfb18536a4cea560a1ab55], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\SavePass-bho64.dll, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\SavePass-bho.dll, Quarantined, [feb47af9542746f066cde6980ef3669a], PUP.Optional.OutBrowse, C:\Users\LindsChua\AppData\Local\Temp\DownloadManager.exe, Quarantined, [f5bdbcb71269b482b58e95af28daa55b], PUP.Optional.ScramblePacker.A, C:\Users\LindsChua\AppData\Local\Temp\1_Offer_3.exe, Quarantined, [684ae78c3645a096e8604c3f15ec7987], PUP.Optional.Smart, C:\Users\LindsChua\AppData\Local\Temp\Rar$EXa0.807\OnlineSurveyBypassTool.exe, Quarantined, [902289ea7ffcc96d181bb95323deb34d], PUP.Optional.Conduit.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_facebook.conduitapps.com_0.localstorage, Quarantined, [efc3d59e2f4cfa3ce02e55555aa838c8], PUP.Optional.Conduit.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_facebook.conduitapps.com_0.localstorage-journal, Quarantined, [b5fde88b562560d630de397154ae7789], PUP.Optional.Conduit.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage, Quarantined, [4a682b480f6ca88e1a585b51847eca36], PUP.Optional.Conduit.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal, Quarantined, [eec45d16accf2016d999179539c9758b], PUP.Optional.Superfish.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [7d35e1928af1f343cf004f5d33cf10f0], PUP.Optional.Superfish.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [258d5320324956e07c539a12c63ce21e], PUP.Optional.Conduit.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage, Quarantined, [70421b58abd03ff7ca5e0aa3f30ff10f], PUP.Optional.Conduit.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage-journal, Quarantined, [3e749ad97803cf67cd5b7e2f6c96a35d], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\background.html, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\bgNova.html, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\1293297481.mxaddon, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\360-57050.crx, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\57050.xpi, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\62226a2b-0261-4d0c-b1d3-d05b39322c23.crx, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\SavePass-nova.dll, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\SavePass.ico, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\Uninstall.exe, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass\utils.exe, Quarantined, [387a4231d2a971c571d6c3eb49b9d927], PUP.Optional.Pricegong, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage, Quarantined, [9022e88b22598caaf301249fd42e02fe], PUP.Optional.Pricegong, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal, Quarantined, [efc3b1c2afcc072f5f95913214eed52b], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\0, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\7za.exe, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\ConstaSurf.FirstRun.exe, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\ConstaSurf.ico, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\ConstaSurfUninstall.exe, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\E12ADA38-689B-4266-B51D-46F8EF8D4BA7.dll, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\updateConstaSurf.InstallState, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\7za.exe, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\BrowserAdapterS.7z, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.BrowserAdapter.exe, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowse.zip, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowse64.exe, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurfBAApp.dll, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.InstallState, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.dll, Delete-on-Reboot, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.Bromon.dll, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.BroStats.dll, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.BrowserAdapterS.dll, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.CompatibilityChecker.dll, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.PurBrowse.dll, Quarantined, [7e341a59ea911e18af35306fc83a7888], PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB\abb-bundler-uninstall.exe, Quarantined, [8d25343fadcef343d50dd4cdd52d2dd3], PUP.Optional.Babylon.A, C:\Users\LindsChua\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.babylon.com/?affID=112555&tt=201208_mnt_n_3512_4&babsrc=HP_ss&mntrId=be92a6190000000000000026c63bfd6f", "www.google.com" ],), Replaced,[ebc7f281d4a72313b682f9b2b84c37c9] Physical Sectors: 0(No malicious items detected) (end) Rkill.txt RKreport_SCN_06192014_073237.log

Hi guys, just want to follow up on this thread. Still needs help! hehe

Hi I was referred to this forum from here. As stated there When i try to install mbam-setup-2.0.2.1012 I get "Setup Files Corrupted. Please obtain a new copy of the program." I have downloaded the file a couple of times but still won't work. I think I have a virus. Also, i noticed that i have pop-ups from websites that i visited before that don't have them. how do i fix this? I also ran the FRST program. Attached are the files it produced. Thanks in advance! Addition.txt FRST.txt

Hi! When i try to install mbam-setup-2.0.2.1012 I get "Setup Files Corrupted. Please obtain a new copy of the program." I have downloaded the file a couple of times but still won't work. I think I have a virus. how do i fix this? Thanks in advance!