MBAM & all other security programs removed and disabled, unable to reinstall

[EverybodyLies]

This isn't my primary computer anymore, so I'll try my best to provide info on what happened. Imagine for the past year that two preteens used the computer with no maintenance, regular scans, and countless downloads of "hacks" and tons of malware disguised as programs they think they needed.

 

Malwarebytes, Norton Security Suite (we had through our ISP) and HijackThis are completely gone and won't reinstall. Windows Defender can't even be re-enabled, nor does Windows Update seem to be able to be. I found MBAM's folder in Program files (x86), but it's locked and I'm unable to delete or run anything from it even though I am on the primary administrative user account. These are two of the errors I get when attempting to reinstall MBAM: http://imgur.com/a/QLJBH

 

The computer's time has also been set to military time and is 13 hours behind.   Performance-wise, it's pretty sluggish. Had to attach both logs due to character limits.

FRST.txt

Addition.txt

[B-boy/StyLe/]

Hello,

 

While we appreciate that you very likely posted at multiple forums in order to ensure a response, in the future please do not cross-post. Resources that help perform malware removal are very precious and very limited, and cross-posting only serves to tie up the time of multiple helpers who could be using that time to help someone else who also has problems. If you wish to work this here on Malwarebytes, then please post messages at all other forums where you have posted asking them to close the threads so that you do not waste anymore resources on duplicate work.

 

http://forums.whatthetech.com/index.php?showtopic=128240
http://www.bleepingcomputer.com/forums/t/536860/malwarebytes-and-norton-disappeared-cannot-reinstall-mbam/

In the future - choose one forum and stick with that one until they've resolved your problem.

Thank you for your understanding!

 

 

Regards,

Georgi

[EverybodyLies]

I posted here because they weren't responding to me or my requests to close the threads.

 

I posted the messages.

[B-boy/StyLe/]

Ok, thanks!

Will back to you later today since I should go to work.

Btw: a quick look at the log shows that your computer is badly infected so I would recommend you to stay offline if possible.

 

 

Regards,

Georgi

[EverybodyLies]

Thank you.

Heh, way ahead of you there. The past week I've left the ethernet cable out and the computer in sleep mode, save for logs.

[B-boy/StyLe/]

Hello,

 

 

Your computer is totally messed up!

 

 

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "LibreOffice or GIMP."

 

Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software
 

 

Also I noticed a lot of cracks and keygens files on board. Check our piracy policy. If you want to receive help I suggest that you delete all cracks immediately

 

 

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

Also I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove: (leave only one of them and uninstall the rest):

 

360 Total Security

Anvi Smart Defender

AVG 2014 (if uninstalled then use their removal tool to clean the leftovers) => Click here

Norton/Symantec (if uninstalled then use their removal tool to clean the leftovers) => Click here
Panda (if uninstalled then use their removal tool to clean the leftovers) => Click here
McAfee (if uninstalled then use their removal tool to clean the leftovers) => Click here
 

 

 

Registry Editor / Cleaner Warning !!



The following is referring to CCleaner, Cloud System Booster, DllTool 1.0, SpeedyPC Pro, Wise Registry Cleaner Free 5.35 etc.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

• Registry tools can cause irreparable damage to your Operating System
• Registry tools can, as a result of the above, render your pc to be inoperable.
  

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools

 

 

 

STEP 1

 

 

Click on Start > type in appwiz.cpl in the search box and press Enter
Select the following program from the list:

 

DarkComet RAT Legacy version 5.4

DomaIQ
Download Updater

EnjoyCooupoun

Havij 1.15 Free

Java 6 Update 31
Java SE Development Kit 6 Update 25

Search Protect
Shopping Helper Smartbar

SNT
SO.Booster
SO.Sustainer 1.80

SpeedyPC Pro

CCleaner

Cloud System Booster

DllTool 1.0

SpeedyPC Pro etc

Tiny Media Player v1.0

Uninstall 1.0.0.1

Wise Registry Cleaner Free 5.35

Zipper

HiJackThis

HitmanPro 3.7

 

and press the Uninstall button for each of them.

If some of the programs refuse to be uninstalled then try to remove them with the following tool:

http://support.microsoft.com/mats/program_install_and_uninstall/en

 

or download and install Revo Uninstaller 1.95.
Then please run Revo Uninstaller and select the program you want to uninstall.
Please click Uninstall icon to uninstall the selected program.
Please choose Advanced.
Then click Next and follow the prompts.
Please click Select All and Delete to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so.

 

 

 

STEP 2

 

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi

[EverybodyLies]

uTorrent I removed prior to running FRST, so I'm not sure why that's still showing up. When I attempted to uninstall "360 Total Security", it said I did not have permissions to remove it and to "contact the system administrator" even though I am on the main administrator account...lol. I uninstalled Anvi. The other four were already missing, so I just ran their removal tools. I'll reinstall Norton Security Suite when I have all the administrative rights back.

 

I also had them delete any cracks or keygens, and I deleted anything (at least what I can find) that they missed, so please let me know if anything is left.

I was able to run the removal tools for AVG, Norton and Panda, but ran into a problem with McAfee's. http://i.imgur.com/arXA5jZ.png When I click "View Logs", it says, "The process cannot access the file because it is being used by another process."

 

From the list of programs you listed to uninstall, I was able to remove all but three: Search Protect, Shopping Helper Smartbar and Zipper. Nothing happens when I attempt to uninstall Shopping Helper Smartbar. Search Protect and Zipper don't appear in Add/Remove Programs, Microsoft Fixit or Revo Uninstaller at all. The Uninstall option is also grayed out for every program listed in Revo.

 

Had to attach the log because of the character limit.

Fixlog.txt

[B-boy/StyLe/]

Hello,

 

Nice work. Please run a new scan with FRST (make sure that Addition.txt is checked before you proceed) and attach both logs to your next reply.

Thanks!

 

 

Regards,

Georgi

[EverybodyLies]

Here you go.

FRST.txt

Addition.txt

[B-boy/StyLe/]

Hello,

 

This look better but we still have a lot of work.

 

Please download AppRemover by Opswat and save it to your desktop.
 

• Double click on AppRemover.exe to run it.
• Check the box beside "I agree to the terms and conditions."
• Click on the Start button.
• Wait for the scan to complete.
• Check if 360 Total Security (and any other security program that you may have) is (are) listed there and if so click the remove selected applications button.
• Follow the last step and reboot if asked to do so.

 

Also go ahead and try to uninstall the following applications again as well:

 

Settings Alerter

Uninstall Helper

Download Updater

Shopping Helper Smartbar

TakeTHeCouppon

 

 

Next please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

After the fix above you should be able to see and uninstall the following applications from the Control Panel (so give it a try):

 

Search Protect (x32 Version: 2.13.3.38 - Client Connect LTD) Hidden <==== ATTENTION
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden

 

 

That's it for now.

 

Regards,

Georgi

[EverybodyLies]

After I ran AppRemover, it said there were no programs listed.

 

I was able to uninstall Settings Alerter, Uninstall Helper, Download Updater and TakeTHeCouppon, but Shopping Helper Toolbar still does nothing when I attempt to uninstall. When I uninstalled Settings Alerter, I got a message saying "An error occurred while trying to uninstall Search Protect. It may have already been uninstalled. Would you like to remove Search Protect from the Programs and Features list?", and I clicked yes. I got the same message when uninstalling Search Protect.

 

Here's the fix log.

Fixlog.txt

[B-boy/StyLe/]

Nice. Let's see if you can now run MBAM to clean the leftovers:

 

Please download Malwarebytes Anti-Malware to your desktop.
 

• Double-click mbam-setup-2.0.2.1012.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may see this message box.
  • 'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

 

Regards,

Georgi

[EverybodyLies]

Unfortunately, I seem to be getting the same error messages as before:

 

"The folder:

 

C:\Program Files (x86)\Malwarebytes Anti-Malware

 

already exists. Would you like to install to that folder anyway?"

 

The next message I get three times right after each other:

 

"Internal error: Expression error 'Runtime Error (at 79:177):

 

Eternal exception E06D7363.' "

 

Followed by:

 

"CreateFile failed; code 80.

The file exists."

 

and finally:

 

"Setup was not completed.

 

Please correct the problem and run Setup again."

 

After that, the installer closes. The program files folder still has a lock on it, too, along with numerous other folders.

[B-boy/StyLe/]

This sound like permissions issue. Let me check something else:

 

• Please download Junction.zip and save it to your desktop.
• Unzip it and put junction.exe in the Windows directory (C:\Windows).
• Press the Windows Logo in the bottom left corner of your screen.
• In the box, enter notepad and press Enter.
• Navigate to format and make sure that wordwrap is unchecked. <--- important !!!
• Highlight the contents of the following quotebox, and copy and paste that text into notepad.
  

  @ECHO OFF
  dir /a/b c:\windows\junction.exe >c:\log.txt 2>&1
  junction -s c:\>>c:\log.txt
  echo.End of Scan >>c:\log.txt
  notepad c:\log.txt

• Select File -> Save.
• Press the Desktop button on the left side of the save dialog.
• In the box, type in Fix.bat.
• Press .
• Close Notepad.
• Right click on your desktop, and choose .
• Press Yes if prompted by User Account Control.
• A command window opens starting to scan the system. Wait until a log file opens. Attach the log to your next reply.

 

Regards,

Georgi

[EverybodyLies]

Something closed the command window before the log created, so I ran it again and this time it gave me the log.

log.txt

[B-boy/StyLe/]

Ok, please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Next try to install MBAM again and let me know about the results.

 

 

 

Regards,

Georgi

[EverybodyLies]

Success! I also tried uninstalling 360 Total Security and got that "An error occurred while trying to uninstall Search Protect. It may have already been uninstalled. Would you like to remove Search Protect from the Programs and Features list?" message.

 

Here are the logs.

Fixlog.txt

mbam-log-2014-06-10 (08-43-11).xml

[B-boy/StyLe/]

Hi,

 

You posted the wrong log. Please read my instructions again on how to post the correct log:

 

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Thanks!

 

Regards,

Georgi

[EverybodyLies]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 6/10/2014

Scan Time: 8:43:11 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.06.10.04

Rootkit Database: v2014.06.02.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Owner

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 497361

Time Elapsed: 37 min, 42 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Deep Rootkit Scan: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 25

PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, Quarantined, [f6bc3c3794e7ea4c6658c1dc60a215eb], 

Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe, Quarantined, [efc3f57e97e406301d3cb980689bb24e], 

Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe, Quarantined, [8e24145fb9c273c3b3b10d2c49ba51af], 

Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe, Quarantined, [7e34c4afb8c35bdb86e8f544c73c6c94], 

Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe, Quarantined, [d1e16f043b402f0760143dfcd72c01ff], 

PUP.Optional.RewardsArcade.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dcmagccbogebndpoodhhhafmofelpffh, Quarantined, [a70bd49f7605979f8ad7b1ee61a10ef2], 

Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe, Quarantined, [0fa3a7cc03782214c8915adf1de68d73], 

Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe, Quarantined, [753da3d07704181eaeb647f29a6940c0], 

Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe, Quarantined, [a70b75fe56251422204ed861d033ad53], 

Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe, Quarantined, [803277fc512a26103044d36612f19e62], 

Malware.Trace, HKU\S-1-5-21-133263452-1906430011-745098151-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, Quarantined, [51610c673e3daf87b78272ec63a0c937], 

PUP.Optional.MultiIE.A, HKU\S-1-5-21-133263452-1906430011-745098151-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [dad86013f78467cfbceb9a55bf448779], 

PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-133263452-1906430011-745098151-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, Quarantined, [feb4e390fc7f6cca56bd3f618b7717e9], 

PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-133263452-1906430011-745098151-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, Quarantined, [cde5353e39424de9789cf8a8af53d62a], 

PUP.Optional.MindSpark.A, HKU\S-1-5-21-133263452-1906430011-745098151-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Guffins, Quarantined, [05ad1063d6a52511d805d8c744be748c], 

PUP.Optional.MindSpark.A, HKU\S-1-5-21-133263452-1906430011-745098151-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MindDabble_4p, Quarantined, [dcd62d466c0fd75fcc140996b64c8b75], 

Backdoor.Trace, HKU\S-1-5-21-133263452-1906430011-745098151-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\VB AND VBA PROGRAM SETTINGS\Microzoft, Quarantined, [8929e2918deec4727047b0d48e753cc4], 

PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-133263452-1906430011-745098151-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, Quarantined, [2d854a29e497ce68080b237d847e12ee], 

PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-133263452-1906430011-745098151-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, Quarantined, [b5fd1b583744f64073a10a9620e27888], 

PUP.Optional.MindSpark.A, HKU\S-1-5-21-133263452-1906430011-745098151-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Guffins, Quarantined, [436f9fd434474aeca23b108f42c027d9], 

PUP.Optional.MindSpark.A, HKU\S-1-5-21-133263452-1906430011-745098151-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MindDabble_4p, Quarantined, [555dacc70972f2445d83851a3bc7629e], 

PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-133263452-1906430011-745098151-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, Quarantined, [2e84492aa9d214228f845d43768cb44c], 

PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-133263452-1906430011-745098151-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, Quarantined, [ecc62e45542726103ada4a56ba48e11f], 

PUP.Optional.MindSpark.A, HKU\S-1-5-21-133263452-1906430011-745098151-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Guffins, Quarantined, [bdf599da7a01a09684593867c43e2fd1], 

PUP.Optional.MindSpark.A, HKU\S-1-5-21-133263452-1906430011-745098151-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MindDabble_4p, Quarantined, [b9f992e1d8a350e617c9d3cc49b942be], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 35

Stolen.Data, C:\Users\Owner\AppData\Roaming\dclogs, Quarantined, [a012c9aa8eedfc3a09f1a8e45ba82ad6], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil, Quarantined, [f5bd086bde9d59dde4fee8b204fe04fc], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14, Quarantined, [f5bd086bde9d59dde4fee8b204fe04fc], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil, Quarantined, [6c461360d9a2241216cc0f8b0ff39070], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14, Quarantined, [6c461360d9a2241216cc0f8b0ff39070], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil, Quarantined, [238f591a99e2fe38835fe1b921e115eb], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14, Quarantined, [238f591a99e2fe38835fe1b921e115eb], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil, Quarantined, [931f78fb0576a29424bebedc847e3fc1], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14, Quarantined, [931f78fb0576a29424bebedc847e3fc1], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm, Quarantined, [d7dbe68d8fecb383fde69901fb07bd43], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14, Quarantined, [d7dbe68d8fecb383fde69901fb07bd43], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm, Quarantined, [5b57403396e5e254eaf9b1e96e946a96], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14, Quarantined, [5b57403396e5e254eaf9b1e96e946a96], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm, Quarantined, [d3df75fe28535fd740a36d2d0ff314ec], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14, Quarantined, [d3df75fe28535fd740a36d2d0ff314ec], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm, Quarantined, [f6bc41321f5c0d2913d0f7a3e81af10f], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14, Quarantined, [f6bc41321f5c0d2913d0f7a3e81af10f], 

PUP.Optional.SaveNet.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak, Quarantined, [664c462deb904aece4009efceb17f30d], 

PUP.Optional.SaveNet.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1, Quarantined, [664c462deb904aece4009efceb17f30d], 

PUP.Optional.SaveNet.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak, Quarantined, [2092ee853c3f15216084623843bf18e8], 

PUP.Optional.SaveNet.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1, Quarantined, [2092ee853c3f15216084623843bf18e8], 

PUP.Optional.SaveNet.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak, Quarantined, [6d45e0939ddee84e608447535ba73fc1], 

PUP.Optional.SaveNet.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1, Quarantined, [6d45e0939ddee84e608447535ba73fc1], 

PUP.Optional.SaveNet.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak, Quarantined, [d2e0caa9a1da67cf5d87efab09f94db3], 

PUP.Optional.SaveNet.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1, Quarantined, [d2e0caa9a1da67cf5d87efab09f94db3], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc, Quarantined, [e6ccf47fb9c249ed12d4faa0a260ab55], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0, Quarantined, [e6ccf47fb9c249ed12d4faa0a260ab55], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc, Quarantined, [981ab1c2dba062d4ac3ac6d4e31f56aa], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0, Quarantined, [981ab1c2dba062d4ac3ac6d4e31f56aa], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc, Quarantined, [486a3e353447d0668066009a837fd32d], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0, Quarantined, [486a3e353447d0668066009a837fd32d], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc, Quarantined, [e1d191e2e794d46232b44555ed15cd33], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0, Quarantined, [e1d191e2e794d46232b44555ed15cd33], 

PUP.Optional.DealExpress.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkddmhomckbbbcokmnepgnifibflnfea, Quarantined, [456dd89b5823de581dca5644e81a9d63], 

PUP.Optional.DealExpress.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkddmhomckbbbcokmnepgnifibflnfea\2.1, Quarantined, [456dd89b5823de581dca5644e81a9d63], 

 

Files: 120

PUP.Optional.RelevantKnowledge, C:\Windows\System32\rlls64.dll, Quarantined, [e5cd52218fecee48ea337c071ee6f709], 

PUP.Optional.RelevantKnowledge, C:\Windows\SysWOW64\rlls.dll, Quarantined, [9022353e6d0ec076938a88fb000440c0], 

PUP.Optional.Conduit.A, C:\Windows\temp\nsd4222.exe, Quarantined, [9121f38086f53ef8513a3e467d84bc44], 

PUP.Optional.Conduit.A, C:\Windows\temp\nsi7E77.exe, Quarantined, [654dd0a3dc9fa096414a87fd44bda25e], 

Backdoor.Agent.DCRSAGen, C:\Users\Owner\Downloads\Roblox GUI.exe, Quarantined, [c4ee1e55a1da44f2de8c484c41bf8b75], 

PUP.Optional.Verti, C:\Users\Owner\Downloads\TinyMediaPlayer (1).exe, Quarantined, [852d492a413ac47248cb431efa0a1fe1], 

PUP.Optional.Verti, C:\Users\Owner\Downloads\TinyMediaPlayer.exe, Quarantined, [a50db9ba5b207bbbca497de49a6a827e], 

PUP.Optional.OutBrowse, C:\Users\Owner\Downloads\setup(2).exe, Quarantined, [0fa3b6bd5427b97de6ef4831679a45bb], 

Backdoor.Agent.DCRSAGen, C:\Users\Owner\Downloads\Seven2014_V1.0.0.0.exe, Quarantined, [535f6211bdbe3cfa4327bbd94bb59070], 

PUP.Optional.Verti, C:\Users\Owner\Downloads\Xvid(1).exe, Quarantined, [10a2f87bafccce6853c079e84aba916f], 

PUP.Optional.Verti, C:\Users\Owner\Downloads\Xvid.exe, Quarantined, [07ab155e62199f976ba874ed9f6533cd], 

Hacktool.CheatEngine, C:\Users\Owner\Pictures\FoXILVER Beta v0.6.EXE, Quarantined, [09a9c6ad0a71d165fe178cae52aef808], 

PUP.Optional.Superfish.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [981a95de35461d19f40c6d360cf626da], 

PUP.Optional.Superfish.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [684a1f54cdaea393f40c7b2823dfaf51], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage, Quarantined, [9a181a593e3d33036684267d30d217e9], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal, Quarantined, [446e670c8bf03afc8565ebb8ca3844bc], 

Trojan.Agent, C:\Windows\SysWOW64\rlls.dll, Quarantined, [a50db2c12d4ecc6a66e0d83514ef7e82], 

Stolen.Data, C:\Users\Owner\AppData\Roaming\dclogs\2014-05-25-1.dc, Quarantined, [a012c9aa8eedfc3a09f1a8e45ba82ad6], 

Stolen.Data, C:\Users\Owner\AppData\Roaming\dclogs\2014-05-28-4.dc, Quarantined, [a012c9aa8eedfc3a09f1a8e45ba82ad6], 

Stolen.Data, C:\Users\Owner\AppData\Roaming\dclogs\2014-05-29-5.dc, Quarantined, [a012c9aa8eedfc3a09f1a8e45ba82ad6], 

Stolen.Data, C:\Users\Owner\AppData\Roaming\dclogs\2014-05-30-6.dc, Quarantined, [a012c9aa8eedfc3a09f1a8e45ba82ad6], 

Stolen.Data, C:\Users\Owner\AppData\Roaming\dclogs\2014-05-31-7.dc, Quarantined, [a012c9aa8eedfc3a09f1a8e45ba82ad6], 

Stolen.Data, C:\Users\Owner\AppData\Roaming\dclogs\2014-06-03-3.dc, Quarantined, [a012c9aa8eedfc3a09f1a8e45ba82ad6], 

Stolen.Data, C:\Users\Owner\AppData\Roaming\dclogs\2014-06-04-4.dc, Quarantined, [a012c9aa8eedfc3a09f1a8e45ba82ad6], 

Stolen.Data, C:\Users\Owner\AppData\Roaming\dclogs\2014-06-08-1.dc, Quarantined, [a012c9aa8eedfc3a09f1a8e45ba82ad6], 

Stolen.Data, C:\Users\Owner\AppData\Roaming\dclogs\2014-06-09-2.dc, Quarantined, [a012c9aa8eedfc3a09f1a8e45ba82ad6], 

Stolen.Data, C:\Users\Owner\AppData\Roaming\dclogs\2014-06-10-3.dc, Quarantined, [a012c9aa8eedfc3a09f1a8e45ba82ad6], 

PUP.Optional.FastoSearch.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.fastosearch.info_0.localstorage, Quarantined, [436f4c270972e2542f7baf40956e30d0], 

PUP.Optional.FastoSearch.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.fastosearch.info_0.localstorage-journal, Quarantined, [82302251d1aa3600feac35baa65dc23e], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\background.html, Quarantined, [f5bd086bde9d59dde4fee8b204fe04fc], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\content.js, Quarantined, [f5bd086bde9d59dde4fee8b204fe04fc], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\lsdb.js, Quarantined, [f5bd086bde9d59dde4fee8b204fe04fc], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\manifest.json, Quarantined, [f5bd086bde9d59dde4fee8b204fe04fc], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\NRODQSy.js, Quarantined, [f5bd086bde9d59dde4fee8b204fe04fc], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\background.html, Quarantined, [6c461360d9a2241216cc0f8b0ff39070], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\content.js, Quarantined, [6c461360d9a2241216cc0f8b0ff39070], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\lsdb.js, Quarantined, [6c461360d9a2241216cc0f8b0ff39070], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\manifest.json, Quarantined, [6c461360d9a2241216cc0f8b0ff39070], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\NRODQSy.js, Quarantined, [6c461360d9a2241216cc0f8b0ff39070], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\background.html, Quarantined, [238f591a99e2fe38835fe1b921e115eb], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\content.js, Quarantined, [238f591a99e2fe38835fe1b921e115eb], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\lsdb.js, Quarantined, [238f591a99e2fe38835fe1b921e115eb], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\manifest.json, Quarantined, [238f591a99e2fe38835fe1b921e115eb], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\NRODQSy.js, Quarantined, [238f591a99e2fe38835fe1b921e115eb], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\background.html, Quarantined, [931f78fb0576a29424bebedc847e3fc1], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\content.js, Quarantined, [931f78fb0576a29424bebedc847e3fc1], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\lsdb.js, Quarantined, [931f78fb0576a29424bebedc847e3fc1], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\manifest.json, Quarantined, [931f78fb0576a29424bebedc847e3fc1], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\NRODQSy.js, Quarantined, [931f78fb0576a29424bebedc847e3fc1], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\background.html, Quarantined, [d7dbe68d8fecb383fde69901fb07bd43], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\content.js, Quarantined, [d7dbe68d8fecb383fde69901fb07bd43], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\e4MJ76eR0.js, Quarantined, [d7dbe68d8fecb383fde69901fb07bd43], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\lsdb.js, Quarantined, [d7dbe68d8fecb383fde69901fb07bd43], 

PUP.Optional.SaveOn.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\manifest.json, Quarantined, [d7dbe68d8fecb383fde69901fb07bd43], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\background.html, Quarantined, [5b57403396e5e254eaf9b1e96e946a96], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\content.js, Quarantined, [5b57403396e5e254eaf9b1e96e946a96], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\e4MJ76eR0.js, Quarantined, [5b57403396e5e254eaf9b1e96e946a96], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\lsdb.js, Quarantined, [5b57403396e5e254eaf9b1e96e946a96], 

PUP.Optional.SaveOn.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\manifest.json, Quarantined, [5b57403396e5e254eaf9b1e96e946a96], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\background.html, Quarantined, [d3df75fe28535fd740a36d2d0ff314ec], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\content.js, Quarantined, [d3df75fe28535fd740a36d2d0ff314ec], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\e4MJ76eR0.js, Quarantined, [d3df75fe28535fd740a36d2d0ff314ec], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\lsdb.js, Quarantined, [d3df75fe28535fd740a36d2d0ff314ec], 

PUP.Optional.SaveOn.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\manifest.json, Quarantined, [d3df75fe28535fd740a36d2d0ff314ec], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\background.html, Quarantined, [f6bc41321f5c0d2913d0f7a3e81af10f], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\content.js, Quarantined, [f6bc41321f5c0d2913d0f7a3e81af10f], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\e4MJ76eR0.js, Quarantined, [f6bc41321f5c0d2913d0f7a3e81af10f], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\lsdb.js, Quarantined, [f6bc41321f5c0d2913d0f7a3e81af10f], 

PUP.Optional.SaveOn.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\manifest.json, Quarantined, [f6bc41321f5c0d2913d0f7a3e81af10f], 

PUP.Optional.SaveNet.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\background.html, Quarantined, [664c462deb904aece4009efceb17f30d], 

PUP.Optional.SaveNet.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\content.js, Quarantined, [664c462deb904aece4009efceb17f30d], 

PUP.Optional.SaveNet.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\lsdb.js, Quarantined, [664c462deb904aece4009efceb17f30d], 

PUP.Optional.SaveNet.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\manifest.json, Quarantined, [664c462deb904aece4009efceb17f30d], 

PUP.Optional.SaveNet.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\newtab.html, Quarantined, [664c462deb904aece4009efceb17f30d], 

PUP.Optional.SaveNet.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\ptUx.js, Quarantined, [664c462deb904aece4009efceb17f30d], 

PUP.Optional.SaveNet.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\background.html, Quarantined, [2092ee853c3f15216084623843bf18e8], 

PUP.Optional.SaveNet.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\content.js, Quarantined, [2092ee853c3f15216084623843bf18e8], 

PUP.Optional.SaveNet.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\lsdb.js, Quarantined, [2092ee853c3f15216084623843bf18e8], 

PUP.Optional.SaveNet.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\manifest.json, Quarantined, [2092ee853c3f15216084623843bf18e8], 

PUP.Optional.SaveNet.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\newtab.html, Quarantined, [2092ee853c3f15216084623843bf18e8], 

PUP.Optional.SaveNet.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\ptUx.js, Quarantined, [2092ee853c3f15216084623843bf18e8], 

PUP.Optional.SaveNet.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\background.html, Quarantined, [6d45e0939ddee84e608447535ba73fc1], 

PUP.Optional.SaveNet.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\content.js, Quarantined, [6d45e0939ddee84e608447535ba73fc1], 

PUP.Optional.SaveNet.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\lsdb.js, Quarantined, [6d45e0939ddee84e608447535ba73fc1], 

PUP.Optional.SaveNet.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\manifest.json, Quarantined, [6d45e0939ddee84e608447535ba73fc1], 

PUP.Optional.SaveNet.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\newtab.html, Quarantined, [6d45e0939ddee84e608447535ba73fc1], 

PUP.Optional.SaveNet.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\ptUx.js, Quarantined, [6d45e0939ddee84e608447535ba73fc1], 

PUP.Optional.SaveNet.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\background.html, Quarantined, [d2e0caa9a1da67cf5d87efab09f94db3], 

PUP.Optional.SaveNet.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\content.js, Quarantined, [d2e0caa9a1da67cf5d87efab09f94db3], 

PUP.Optional.SaveNet.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\lsdb.js, Quarantined, [d2e0caa9a1da67cf5d87efab09f94db3], 

PUP.Optional.SaveNet.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\manifest.json, Quarantined, [d2e0caa9a1da67cf5d87efab09f94db3], 

PUP.Optional.SaveNet.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\newtab.html, Quarantined, [d2e0caa9a1da67cf5d87efab09f94db3], 

PUP.Optional.SaveNet.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\ptUx.js, Quarantined, [d2e0caa9a1da67cf5d87efab09f94db3], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\background.html, Quarantined, [e6ccf47fb9c249ed12d4faa0a260ab55], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\content.js, Quarantined, [e6ccf47fb9c249ed12d4faa0a260ab55], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\hoQwy7SF.js, Quarantined, [e6ccf47fb9c249ed12d4faa0a260ab55], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\lsdb.js, Quarantined, [e6ccf47fb9c249ed12d4faa0a260ab55], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\manifest.json, Quarantined, [e6ccf47fb9c249ed12d4faa0a260ab55], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\background.html, Quarantined, [981ab1c2dba062d4ac3ac6d4e31f56aa], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\content.js, Quarantined, [981ab1c2dba062d4ac3ac6d4e31f56aa], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\hoQwy7SF.js, Quarantined, [981ab1c2dba062d4ac3ac6d4e31f56aa], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\lsdb.js, Quarantined, [981ab1c2dba062d4ac3ac6d4e31f56aa], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\manifest.json, Quarantined, [981ab1c2dba062d4ac3ac6d4e31f56aa], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\background.html, Quarantined, [486a3e353447d0668066009a837fd32d], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\content.js, Quarantined, [486a3e353447d0668066009a837fd32d], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\hoQwy7SF.js, Quarantined, [486a3e353447d0668066009a837fd32d], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\lsdb.js, Quarantined, [486a3e353447d0668066009a837fd32d], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\manifest.json, Quarantined, [486a3e353447d0668066009a837fd32d], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\background.html, Quarantined, [e1d191e2e794d46232b44555ed15cd33], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\content.js, Quarantined, [e1d191e2e794d46232b44555ed15cd33], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\hoQwy7SF.js, Quarantined, [e1d191e2e794d46232b44555ed15cd33], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\lsdb.js, Quarantined, [e1d191e2e794d46232b44555ed15cd33], 

PUP.Optional.YoutubeAdblocker.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\manifest.json, Quarantined, [e1d191e2e794d46232b44555ed15cd33], 

PUP.Optional.DealExpress.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkddmhomckbbbcokmnepgnifibflnfea\2.1\background.html, Quarantined, [456dd89b5823de581dca5644e81a9d63], 

PUP.Optional.DealExpress.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkddmhomckbbbcokmnepgnifibflnfea\2.1\content.js, Quarantined, [456dd89b5823de581dca5644e81a9d63], 

PUP.Optional.DealExpress.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkddmhomckbbbcokmnepgnifibflnfea\2.1\lsdb.js, Quarantined, [456dd89b5823de581dca5644e81a9d63], 

PUP.Optional.DealExpress.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkddmhomckbbbcokmnepgnifibflnfea\2.1\manifest.json, Quarantined, [456dd89b5823de581dca5644e81a9d63], 

PUP.Optional.DealExpress.A, C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkddmhomckbbbcokmnepgnifibflnfea\2.1\ns9KcbOxeBg.js, Quarantined, [456dd89b5823de581dca5644e81a9d63], 

PUP.Optional.Trovi.A, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": ""http://websearch.fastosearch.info/?pid=377&r=2014/05/26&hid=17411091879117559275&lg=EN&cc=US&unqvl=55", "http://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN36684672281832221&UM=2&UP=SPF6EC1199-7514-407F-94DC-905A8F1137B3&SSPV=" ],), Replaced,[cae894dfb4c791a5ea17d9c659abf60a]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[B-boy/StyLe/]

Hello,

 

Good. Let's ensure that your system is malware free:

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator.
• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

  Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

 

Regards,

Georgi

[EverybodyLies]

I attached the [R0] one too just in case.

 

== JRT ==

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Owner on Wed 06/11/2014 at  6:52:29.98

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\plusservice

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yuna software

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yuna software

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\messenger plus! for skype_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\messenger plus! for skype_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\plusskypeservice_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\plusskypeservice_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DropDownDealsSetup-SilentInstaller-07F4_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DropDownDealsSetup-SilentInstaller-07F4_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_downloader_for_msft_word_wiewer_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_downloader_for_msft_word_wiewer_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnpip_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnpip_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DropDownDealsSetup-SilentInstaller-07F4_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DropDownDealsSetup-SilentInstaller-07F4_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_downloader_for_msft_word_wiewer_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_downloader_for_msft_word_wiewer_RASMANCS

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] C:\Users\Owner\AppData\LocalLow\FCTB000062899

Successfully deleted: [Folder] "C:\ProgramData\big fish games"

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\getrighttogo"

Successfully deleted: [Folder] "C:\Program Files (x86)\pagetheme"

Successfully deleted: [Folder] "C:\Program Files (x86)\yuna software"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

Successfully deleted: [Folder] "C:\Windows\buzzsocialpointschecker"

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{05D12031-46DF-41CE-9EF2-B252002CD643}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0853B087-B0D6-44CB-BE34-C80E04A5D945}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{186D6ED6-32EE-4747-A0DD-F2F97997FE3A}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1A33F086-0322-4517-B3C8-5B028C454C7F}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1AC67AF5-566C-4C8D-92C1-4D8B3467D5EC}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1F63B14B-AFC5-4BB6-8D65-591A67BC8C75}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2023EE31-44F0-46E0-9BE8-3120D69790B9}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{25ED43B4-6CC6-4DBA-AABB-F56F59B629CC}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{32D79594-90D5-466E-8CFC-002C3C606332}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{369EEE1A-DFA6-4B33-9508-DB110A23CDD2}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3F218211-E296-4EB9-BB22-4809556F9361}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{40ADE0BC-8CEC-4E44-8EDA-68BE4854BAA6}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4A756543-CDEE-4733-A3B0-ABE387B6A190}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{514B5E07-CF53-4F69-99AA-9F927B26E976}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5CE36C1B-09A8-458B-AF3A-D1D7D440569D}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5EC49C85-783B-4ED3-BF91-89E777BA68C7}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5ED1BE9E-FC6B-4DAC-9B28-3C711B4B416F}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5FBD399D-F67C-4B90-8DB0-CC17A9583A16}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6972C2DF-4A74-4B95-A494-528C723B05D5}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6D531427-E795-4042-B809-8DA4BE4E70FB}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6F2BA374-B63B-4D93-86AE-13A43CC90063}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{780565A8-C066-4496-8B8A-9D2523560555}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7B4E186A-80D1-4E96-81DB-C38598E559DC}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{85C4CDA7-B39B-475F-A067-C8DA7A737037}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{861F1C0F-61A0-4300-B47A-7F1441284A60}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8A5210DA-901F-4FC2-8489-8A61C5360CFD}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8D3CC931-9276-4E0B-8854-7CB3E3FDF571}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8E6F7E03-2E0D-47ED-8C8F-7D69C685F12A}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A0788393-D9B6-49C9-A842-9A034E30A71D}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A092F635-8FC5-44AC-A1D7-02E33D51BF80}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A3E5DB00-71A8-4A26-9A45-125695AAC393}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A6781FDD-EFB1-4FDF-AA2E-14887FEE6D2D}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B8528610-DE5C-4EAF-A2B3-2B0316C54942}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BB8DDBD1-E6F8-4FB4-8E26-99827CC2C026}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BFBBCA89-96F4-4270-99AE-6916FAE1E2A4}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D29418EE-B76E-4678-8A4D-B5E823146C04}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D2BBE033-220B-404D-B9A9-195C70B45CF9}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D50AED5F-B0D1-4280-A9A4-B61816553010}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DB416CA4-A1B3-42A2-9393-6FCC4C9E3890}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E5F13BA4-FBD4-44D1-B116-FBAEC5019E12}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EA8A3FBA-63EC-4E51-9887-2F3940767809}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EE4A0D9E-AEF3-46AA-93FB-EDDCCB06C8BE}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F295CBB6-E1C1-4A29-B172-32ADC0EA3B96}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F399993E-7982-4043-B66D-25270E571AAD}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FA8E6F9F-A39C-4203-A1CA-50FC7D295B80}

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\user.js

Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\prefs.js

 

user_pref("extensions.cuAZZyQI.url", "hxxp://jpi-syncs.info/sync2/?q=hfZ9ofV9CShEAen0rHC6tMqLDe49CNU0llrMCMlNhd9Fqda8rTgErdsGrHkMBzqUojw9rdkGpdsFrjCFpch7hfs0pihPBMn0rHY4qdwErj

user_pref("extensions.knJ_sT2dP.url", "hxxp://safefacile.net/sync2/?q=hfZ9ofV9CShEAen0rTnEqihTB6lKDzt4olljtNtVh7n0rjnEqjs7rTwHpjkGtMFHhd9Fqda8rTYGrjw5rdnMDMlGojUMAe4Uojw9qHwHq

Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\minidumps [2 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 06/11/2014 at  7:01:51.04

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

AdwCleanerS0.txt

AdwCleanerR0.txt

[B-boy/StyLe/]

Hi,

 

Good work! How are the things now? Please try to reinstall and uninstall Qihoo 360 Total Security and let me know about the results and for any remaining problems.

Thanks!

 

 

Regards,

Georgi

[EverybodyLies]

The computer seems to be running a lot better. I was able to install and uninstall 360 this time without a problem.

[B-boy/StyLe/]

Hi,

 

 

I am glad to hear that your issue is resolved!

 

However if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

 

STEP 1

 

 

• Please download RKill by Grinler from the link below and save it to your desktop.
  
  Rkill
• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
• Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
• If nothing happens or if the tool does not run, please let me know in your next reply.
• A log pops up at the end of the run. This log file is located at C:\rkill.log.
• Please post the log in your next reply.

 

 

STEP 2

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure that all options are checked.
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and past the results in your next reply.

 

 

 

STEP 3

 

 

• Please download RogueKillerX64.exe and save to the desktop.
• Close all windows and browsers
• Right-click the program and select 'Run as Administrator'
• Press the scan button.
• A report opens on the desktop named - RKreport.txt
• Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
• Put a checkmark beside loaded modules.
  
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.
   
• Click the Start Scan button.
   
• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

• For 32-bit Operating System - .
• This is the mirror -
• For 64-bit Operating System -
• This is the mirror -

2.Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations.

 

 

Regards,

Georgi

[EverybodyLies]

Not a problem. TeamViewer in Rkill's log is my fault. I've been doing some of the work remotely to save some trips up and down the stairs to the computer you're helping with. 

 

Rkill

Rkill 2.6.6 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 06/11/2014 09:36:32 AM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * C:\Users\Owner\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe (PID: 5996) [T-HEUR]

 * C:\Users\Owner\AppData\Local\Temp\TeamViewer\Version9\tv_w32.exe (PID: 2852) [T-HEUR]

 * C:\Users\Owner\AppData\Local\Temp\TeamViewer\Version9\tv_x64.exe (PID: 3592) [T-HEUR]

 

3 proccesses terminated!

 

Checking Registry for malware related settings:

 

 * No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * No issues found.

 

Checking Windows Service Integrity: 

 

 * Windows Defender (WinDefend) is not Running.

   Startup Type set to: Automatic

 

 * WinDefend => %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [incorrect ServiceDLL]

 

Searching for Missing Digital Signatures: 

 

 * No issues found.

 

Checking HOSTS File: 

 

 * No issues found.

 

Program finished at: 06/11/2014 09:38:40 AM

Execution time: 0 hours(s), 2 minute(s), and 7 seconds(s)

 

 

 

FSS

Farbar Service Scanner Version: 10-06-2014

Ran by Owner (administrator) on 11-06-2014 at 09:42:32

Running from "C:\Users\Owner\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

 

 

RogueKiller

http://pastebin.com/zBY1nNfj

 

TDSSKiller

http://pastebin.com/9SuLVHJJ

 

HitmanPro

http://pastebin.com/i06N36jS

 

Security Check

 Results of screen317's Security Check version 0.99.84  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Wise Disk Cleaner 5.33  

 JavaFX 2.1.1    

 Java 7 Update 55  

 Java version out of Date! 

 Adobe Flash Player 13.0.0.214  

 Adobe Reader 10.1.10 Adobe Reader out of Date!  

 Mozilla Firefox (29.0.1) 

 Google Chrome 34.0.1847.137  

 Google Chrome 35.0.1916.114  

````````Process Check: objlist.exe by Laurent````````  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log``````````````````````