Infected-Started with Kreapixel I think

[newb24]

Hi,

 

Son tried to download some original oregon trail program he was playing during a school event about it and not sure what he downloaded but we got hit by about everything imaginable.  I've fumbled my way through and got back on the internet and finally found this website.

 

I started with RevoUninstaller to just keep deleting what new things keep getting added.  I have so many ads on websites that it makes it impossible to navigate and several new tabs open up with more ads it is crazy.

 

I'm running windows 8, not sure what other info you need.

 

I followed all the directions on the help I'm infected forum topic and here I am.  I've run the free malware removal tool and the Farbar Recovery tool

 

TXT FILES ARE TOO LONG TO POST, PLEASE SEE ATTACHED...

 

FRST.txt

Addition.txt

[kevinf80]

Hello and welome,

 

P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• 
  

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

Please download Junkware Removal Tool to your desktop.

• 
  

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Scan with ESET Online Scanner

 

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

 

Click there Run ESET Online Scanner.

 

If using Internet Explorer:

 

• 
  

Accept the Terms of Use and click Start.
Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

• 
  

Download esetsmartinstaller_enu.exe that you'll be given link to.
Double click esetsmartinstaller_enu.exe.
Allow the Terms of Use and click Start.

To perform the scan:

• 
  

Make sure that Remove found threats is unchecked.
Scan archives is checked.
In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
Under “Enable Stealth Technology select “Change” select any extra drives in that window.
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done, click Finish.
A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.

 

Don't forget to re-enable protection software!

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thanks,

 

Kevin...

 

 

 

 

 

Fixlist.txt

[newb24]

I can only do a little at a time, here is where I am so far!

 

attached is the FRS log

 

here is the clip board copy and paste

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/1/2015
Scan Time: 9:14:24 PM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.01.11
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: melissa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356719
Time Elapsed: 39 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 67
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataContainer, Quarantined, [640bca9df09ae254515a1d98788b6f91],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataContainer.1, Quarantined, [07685f0819715ed8a2092d886b9839c7],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataController, Quarantined, [caa5bdaab0da9c9aa407b104758e0000],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataController.1, Quarantined, [d29db4b306844ee8d0db674e0df631cf],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataTable, Quarantined, [9fd083e48efc989e317a595ca55ecd33],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataTable.1, Quarantined, [2748bbac57334ee8298213a2689bbc44],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataTableFields, Quarantined, [9bd4fe691674c670f8b306afc63d768a],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataTableFields.1, Quarantined, [df90a9be7911350102a94174ff04cf31],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataTableHolder, Quarantined, [74fbfd6acbbfc4724c5fe9cc7f84a45c],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.DataTableHolder.1, Quarantined, [303fc2a51d6d072f8d1eb203e61d0ff1],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.LSPLogic, Quarantined, [fd72f0779ded6acc2d7ec6ef20e308f8],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.LSPLogic.1, Quarantined, [8ae5c89fd5b52c0a8724268f8d76a858],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.ReadOnlyManager, Quarantined, [89e60c5b147675c14962a80d917239c7],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.ReadOnlyManager.1, Quarantined, [77f8fe690387e74f307bbbfad82b50b0],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.WFPController, Quarantined, [5c1396d1a8e2320475369f16a45f8779],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\CLASSES\GambaliLib.WFPController.1, Quarantined, [d19e0166167450e6bbf0c2f30003867a],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataContainer, Quarantined, [6c03d4932e5cea4cdda68332768dfa06],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataContainer.1, Quarantined, [92dd0e59662439fd5c2754613ac97b85],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataController, Quarantined, [5a1582e51971f145a0e36b4ad033fc04],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataController.1, Quarantined, [ec832443a8e294a2f88bf0c5946fc63a],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTable, Quarantined, [2e414126a1e9da5c6320872e5da65ea2],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTable.1, Quarantined, [acc3e08738521e189ee5f8bd699a56aa],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableFields, Quarantined, [fd724d1a2367270fed9655603bc8eb15],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableFields.1, Quarantined, [b6b996d1583269cdb1d241748380dd23],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableHolder, Quarantined, [ef8078ef8efcb185354e02b3fd068779],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableHolder.1, Quarantined, [4f20e483b8d2eb4b12715e57bd4644bc],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.LSPLogic, Quarantined, [87e84522246661d50e75c8ed2dd6619f],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.LSPLogic.1, Quarantined, [ee81f17698f2f83e8cf732833dc617e9],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.ReadOnlyManager, Quarantined, [fa759ccba7e3df57daa98f265aa9c43c],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.ReadOnlyManager.1, Quarantined, [6d020a5d107a1e18e59eb7fe847f59a7],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.WatchDog, Quarantined, [501f27408bff1323d9aa4c69b64d4db3],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.WatchDog.1, Quarantined, [9fd0f3748efcb086f3901a9b32d14bb5],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\APPID\WebWatcherProxy.EXE, Quarantined, [630ce87f3f4bb581e79befc6d42fea16],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\WebWatcherProxy.EXE, Quarantined, [3d32a4c3018950e6dba7d0e5e221956b],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataContainer, Quarantined, [c0af94d39febb680ecbf9f169f6434cc],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataContainer.1, Quarantined, [26498bdc6d1d7db9515a575e56adec14],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataController, Quarantined, [2d421750fa902214911af7be6e9552ae],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataController.1, Quarantined, [06696ff8dbaf6dc9109b7b3a8380d729],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataTable, Quarantined, [77f8462127637db9e6c58d28be45926e],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataTable.1, Quarantined, [333ce384dcae62d45a51882d23e054ac],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataTableFields, Quarantined, [81ee4522890165d13e6dc4f19d66e31d],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataTableFields.1, Quarantined, [0c635d0a5e2cde58d5d6f5c0679c0bf5],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataTableHolder, Quarantined, [c6a90b5cc2c84cea1992377e0cf758a8],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.DataTableHolder.1, Quarantined, [4a255e0926646bcbb1faad08768d718f],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.LSPLogic, Quarantined, [1a55cc9b404ae2546f3cc6ef0003b947],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.LSPLogic.1, Quarantined, [185795d2e2a81b1b4b60e4d1bb489a66],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.ReadOnlyManager, Quarantined, [3e31df885733eb4b55569322d42f05fb],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.ReadOnlyManager.1, Quarantined, [d59a23440f7bf4422e7d595cc53e10f0],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.WFPController, Quarantined, [c5aa84e38efc59dd416ab6ffb84bc33d],
PUP.Optional.Gambali.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GambaliLib.WFPController.1, Quarantined, [cda29dca4b3f49ed6f3cecc900038080],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.DataContainer, Quarantined, [3639135488024de95d262a8b659eee12],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.DataContainer.1, Quarantined, [90df452294f6c96d236007aeac57b24e],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.DataController, Quarantined, [d6995116bbcf59dd0e75892c07fcb44c],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.DataController.1, Quarantined, [cfa0343369216dc93d4601b4e41f8a76],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.DataTable, Quarantined, [77f8a3c4dfaba591b6cdeec743c0f20e],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.DataTable.1, Quarantined, [2b441255583241f5fb888f261ce7b749],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.DataTableFields, Quarantined, [47281255acdeeb4bb5ce4a6b689bf50b],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.DataTableFields.1, Quarantined, [7bf47dea6c1edc5a275cbef71fe43bc5],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.DataTableHolder, Quarantined, [fb743d2aa6e488ae3152971e5ca75ea2],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.DataTableHolder.1, Quarantined, [cca3ea7d6e1cbb7b196a95207e850df3],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.LSPLogic, Quarantined, [a8c7e6818703fd3984ffdfd649ba55ab],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.LSPLogic.1, Quarantined, [87e8d69117737abcf3907a3b8182a858],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.ReadOnlyManager, Quarantined, [0f6041262e5c979f493aa80d8f7459a7],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.ReadOnlyManager.1, Quarantined, [85ea8dda90fa0c2a20639c19bb48dc24],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.WatchDog, Quarantined, [e887d6914c3e9b9b453ec0f5709322de],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebWatcherProxyLib.WatchDog.1, Quarantined, [e689402746440630bdc6b500b54e926e],
PUP.Optional.WebWatcher.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\WebWatcherProxy.EXE, Quarantined, [cea1a0c72169c76ff98955608c779d63],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.HealthCareGovTool.A, C:\Program Files (x86)\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi, Quarantined, [670880e778125cda5b297e371be828d8],
PUP.Optional.HealthCareGovTool.A, C:\Program Files (x86)\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi, Quarantined, [aac57ee97e0ce2541a6b6e471ce7e51b],

Physical Sectors: 0
(No malicious items detected)


(end)

Fixlog.txt

[newb24]

ad cleaner txt

 

# AdwCleaner v4.200 - Logfile created 02/04/2015 at 07:39:29
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [server]
# Operating system : Windows 8.1  (x64)
# Username : melissa - MOMSLAPTOP
# Running from : C:\Users\melissa\Downloads\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\melissa\AppData\Local\GAMESDESKTOP
File Deleted : C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\3lj8hsj4.default-1410915130780\invalidprefs.js

***** [ Scheduled tasks ] *****

Task Deleted : ObronaCleanerUacSkip

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Uniblue
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [2728 bytes] - [16/09/2014 20:54:34]
AdwCleaner[R1].txt - [1750 bytes] - [02/04/2015 07:36:50]
AdwCleaner[s0].txt - [2635 bytes] - [16/09/2014 20:56:38]
AdwCleaner[s1].txt - [1612 bytes] - [02/04/2015 07:39:29]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1671  bytes] ##########
 

[newb24]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 8.1 x64
Ran by melissa on Thu 04/02/2015 at  7:46:17.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVERSCANNER.TMP-BE261EA5.pf



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\melissa\AppData\Roaming\mozilla\firefox\profiles\3lj8hsj4.default-1410915130780\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/02/2015 at  7:50:46.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[kevinf80]

Thanks for those logs, ESET can take several hours, post log when ready. Also give an update on any remaining issues or concers....

[newb24]

Final Scan

ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OK# product=EOS# version=8# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)# OnlineScanner.ocx=1.0.0.7623# api_version=3.0.2# EOSSerial=65c41d5d496fac4c8b478f0a0243944f# engine=23205# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2015-04-02 04:39:03# local_time=2015-04-02 12:39:03 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=6.3.9600 NT # compatibility_mode_1=''# compatibility_mode=5893 16776573 100 94 0 4988735 0 0# scanned=194195# found=16# cleaned=16# scan_time=16602sh=4AEA8AA4BE69640B239FF83753CD546C9B9BFE44 ft=1 fh=00738fb9751f6fa9 vn="a variant of Win64/NetFilter.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys.vir"sh=D72E8CDA0A17B9014A41A00ACCB89E845D9822E6 ft=1 fh=2e6a73bc1aa9c52f vn="a variant of Win32/Adware.ObronaAds.F application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Program Files (x86)\PikeOsalverjobship\PikeOsalverjobship.exe.xBAD"sh=156C4A0D60FF369C136217659FADCE584E05A705 ft=1 fh=3c3ae91019f6896e vn="a variant of Win32/Komodia.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Program Files (x86)\SysFiles\WebWatcherCert.dll"sh=912716D7D73C000C919AC3C737838FC7A193559B ft=1 fh=47743b6d79dd2deb vn="a variant of Win32/Komodia.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Program Files (x86)\SysFiles\WebWatcherLSP.dll"sh=5DD9A206281503930CF45B1C3F4EBBC6194922CD ft=1 fh=445a5ec2fa3a283a vn="a variant of Win32/Komodia.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Program Files (x86)\SysFiles\WebWatcherLSP.exe"sh=AB085A23155EEED14AB22FE0A391C59F81D54A4B ft=1 fh=3260cab2c57ae0cd vn="a variant of Win32/Komodia.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Program Files (x86)\SysFiles\WebWatcherProxy.exe"sh=97CF60513F9D4D8F9CFF8B7C8A213922F139B09A ft=1 fh=19409b6638692c15 vn="a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\melissa\AppData\Local\Temp\1282.exe.xBAD"sh=FEF12B6189EC9970A841D1A224FF8E7486B3B816 ft=1 fh=f5e21f8e71334ddc vn="a variant of Win32/InstallMonetizer.BC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\melissa\AppData\Local\Temp\Installmanager.exe.xBAD"sh=147E7AEBDEBB6E9F8FF6421745782501C2C5B245 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\melissa\AppData\Roaming\DBFHQR.xBAD"sh=244EA60E7D5D45DE10670B877D24A480419F30A3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\melissa\AppData\Roaming\QTY.xBAD"sh=244EA60E7D5D45DE10670B877D24A480419F30A3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\melissa\AppData\Roaming\UFKIDYN.xBAD"sh=147E7AEBDEBB6E9F8FF6421745782501C2C5B245 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\melissa\AppData\Roaming\YCXIEMNW.xBAD"sh=147E7AEBDEBB6E9F8FF6421745782501C2C5B245 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\melissa\AppData\Roaming\ZOGRYRA.xBAD"sh=FE3889F123BA47D647F3B24A2439FBCCDAB3C591 ft=1 fh=16a141c928e4c0c1 vn="a variant of Win32/Komodia.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Windows\SysFilesController\SysFiles_backup.exe"sh=FE3889F123BA47D647F3B24A2439FBCCDAB3C591 ft=1 fh=16a141c928e4c0c1 vn="a variant of Win32/Komodia.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Windows\SysHealthController\SysFiles_backup.exe"sh=912716D7D73C000C919AC3C737838FC7A193559B ft=1 fh=47743b6d79dd2deb vn="a variant of Win32/Komodia.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Windows\SysWOW64\WebWatcherLSP.dll.xBAD"

[kevinf80]

What is the current state of the PC/System, any remaining issues or concerns?

[newb24]

sorry for the delay, I was on the road.

 

Appears to be working back to normal, popups and ads are way down from what I can tell

[kevinf80]

Run the following and post the log, also let me know if any remaining issues or concerns...

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...
 

Thanks,

 

Kevin...

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!