Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: So many popups

  1. 2015-10-11, 22:48 #11
    JohnSnow
    JohnSnow is offline
    Junior Member
    Join Date
    Oct 2015
    Posts
    9

    Default

    The MBAM log is too long so i had to split it into 3 parts
    Attached Files Attached Files
  2. 2015-10-11, 23:16 #12
    Satchfan
    Satchfan is offline
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    Good work John.

    Can you please do the same for the new FRST logs that I asked for.

    Thanks

    Satchfan
    Last edited by Satchfan; 2015-10-11 at 23:17. Reason: Punctuation
  3. 2015-10-12, 23:59 #13
    JohnSnow
    JohnSnow is offline
    Junior Member
    Join Date
    Oct 2015
    Posts
    9

    Default

    hopefully those logs are attached now.
    Thanks
    Attached Files Attached Files
  4. 2015-10-13, 10:18 #14
    Satchfan
    Satchfan is offline
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    Hello John and well done getting the logs.


    You have an illegal activation tool for Microsoft Windows and MS Office products:

    2015-10-04 21:17 - 2015-10-06 21:51 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6

    This forum, as well as all the other well-respected malware removal forums, does not condone the use of Pirated-Warez/Keygens/Cracked software and does not offer support unless it is for the removal of it: continuing to help you could be viewed as supporting/condoning illegal software.

    If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. In doing the crack, the 'cracker' has broken the 'End User License Agreement' (EULA) of the product.

    Aside from the legalities, be aware that malware authors prey on users looking to circumvent a software's protection mechanisms: there is also a high risk of infection involved in downloading and running crack codes.

    The “fix” included in this post will remove it.

    ================================================

    Run Farbar Recovery Scan Tool

    Open notepad. Please copy the contents of the code box below and paste it into Notepad.
    Code:
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {5885ECFB-B6D1-4EDE-AF43-AED548EF4833} URL = 
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Module Plus
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
2015-10-04 21:32 - 2015-10-08 22:12 - 00000000 ____D C:\Program Files (x86)\8a9babaa-d527-4b3a-9dbf-f6d4d5a9ba3b
2015-10-04 21:31 - 2015-10-04 21:33 - 00000000 ____D C:\Program Files (x86)\Feed Notifier
2015-10-04 21:30 - 2015-10-07 20:59 - 00000000 ____D C:\Users\Abi\AppData\Roaming\RunDir
2015-10-04 21:30 - 2015-10-04 21:30 - 00000045 _____ C:\user.js
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Windows\system32\dev
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Users\Abi\AppData\Local\Tempfolder
2015-10-04 21:28 - 2015-10-05 06:17 - 00000292 _____ C:\Windows\Tasks\yxnb.job
2015-10-04 21:27 - 2015-10-07 20:21 - 00170747 _____ C:\Windows\wininit.ini
2015-10-04 21:25 - 2015-10-08 22:12 - 00000000 ____D C:\Program Files (x86)\119312c4-11b3-4129-ab16-95e16f122005
2015-10-04 21:25 - 2015-10-06 20:45 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Opera Software
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Local\Opera Software
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-04 21:20 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-10-04 21:19 - 2015-10-04 21:19 - 00000000 ____D C:\Users\Abi\AppData\Local\Geckofx
2015-10-04 21:17 - 2015-10-06 21:51 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kixjucfio => ""="service"
CMD: ipconfig /flushdns
EmptyTemp:

    NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
    • run FRST64 then click Fix just once and wait
    • it will create a log (Fixlog.txt); please post it to your reply.

    ================================================

    Uninstall AdwCleaner

    • double click on adwcleaner.exe to run the tool
    • click on Uninstall
    • confirm with Yes

    Download AdwCleaner again from here and save it to your desktop.

    • run AdwCleaner
    • when it has finished, allow AdwCleaner to deleteeverything it found, then click on Clean
    • if it asks to reboot, allow the reboot
    • on reboot a log will be produced; please attach the content of the log to your next reply.

    Logs to include in the next post:

    Fixlog.txt
    New AdwCleaner log

    Can you tel me how your computer is now and if there are any remaining problems.

    Thanks

    Satchfan
    Last edited by Satchfan; 2015-10-13 at 23:52. Reason: Punctuation
  5. 2015-10-14, 02:16 #15
    JohnSnow
    JohnSnow is offline
    Junior Member
    Join Date
    Oct 2015
    Posts
    9

    Default

    Machine seems to be doing much better after that last round of fixes.

    Thanks for all your help

    Latest logs follow:

    Fix result of Farbar Recovery Scan Tool (x64) Version:12-10-2015
    Ran by Abi (2015-10-13 19:51:01) Run:1
    Running from C:\Users\Abi\Desktop
    Loaded Profiles: Abi (Available Profiles: Abi)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoLogOff] 0
    HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {5885ECFB-B6D1-4EDE-AF43-AED548EF4833} URL =
    SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> Search Module Plus
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => No File
    CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL => No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
    CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
    2015-10-04 21:32 - 2015-10-08 22:12 - 00000000 ____D C:\Program Files (x86)\8a9babaa-d527-4b3a-9dbf-f6d4d5a9ba3b
    2015-10-04 21:31 - 2015-10-04 21:33 - 00000000 ____D C:\Program Files (x86)\Feed Notifier
    2015-10-04 21:30 - 2015-10-07 20:59 - 00000000 ____D C:\Users\Abi\AppData\Roaming\RunDir
    2015-10-04 21:30 - 2015-10-04 21:30 - 00000045 _____ C:\user.js
    2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Windows\system32\dev
    2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Users\Abi\AppData\Local\Tempfolder
    2015-10-04 21:28 - 2015-10-05 06:17 - 00000292 _____ C:\Windows\Tasks\yxnb.job
    2015-10-04 21:27 - 2015-10-07 20:21 - 00170747 _____ C:\Windows\wininit.ini
    2015-10-04 21:25 - 2015-10-08 22:12 - 00000000 ____D C:\Program Files (x86)\119312c4-11b3-4129-ab16-95e16f122005
    2015-10-04 21:25 - 2015-10-06 20:45 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Opera Software
    2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Local\Opera Software
    2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Program Files (x86)\Opera
    2015-10-04 21:20 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2015-10-04 21:19 - 2015-10-04 21:19 - 00000000 ____D C:\Users\Abi\AppData\Local\Geckofx
    2015-10-04 21:17 - 2015-10-06 21:51 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kixjucfio => ""="service"
    CMD: ipconfig /flushdns
    EmptyTemp:
    *****************

    "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
    HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
    HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
    HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
    HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogOff => value removed successfully
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
    C:\Windows\system32\GroupPolicy\Machine => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
    HKU\S-1-5-21-1835340503-273950527-3103715778-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-1835340503-273950527-3103715778-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5885ECFB-B6D1-4EDE-AF43-AED548EF4833}" => key removed successfully
    HKCR\CLSID\{5885ECFB-B6D1-4EDE-AF43-AED548EF4833} => key not found.
    "HKU\S-1-5-21-1835340503-273950527-3103715778-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
    HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
    Chrome DefaultSearchURL => removed successfully
    Chrome DefaultSearchKeyword => removed successfully
    C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => not found.
    C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => not found.
    C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => not found.
    c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => moved successfully
    C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL => not found.
    C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL => not found.
    C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
    C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => not found.
    c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
    c:\progra~2\mcafee\msc\npmcsn~1.dll => not found.
    C:\Program Files (x86)\8a9babaa-d527-4b3a-9dbf-f6d4d5a9ba3b => moved successfully
    C:\Program Files (x86)\Feed Notifier => moved successfully
    C:\Users\Abi\AppData\Roaming\RunDir => moved successfully
    C:\user.js => moved successfully
    C:\Windows\system32\dev => moved successfully
    C:\Users\Abi\AppData\Local\Tempfolder => moved successfully
    C:\Windows\Tasks\yxnb.job => moved successfully
    C:\Windows\wininit.ini => moved successfully
    C:\Program Files (x86)\119312c4-11b3-4129-ab16-95e16f122005 => moved successfully
    C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully
    C:\Users\Abi\AppData\Roaming\Opera Software => moved successfully
    C:\Users\Abi\AppData\Local\Opera Software => moved successfully
    C:\Program Files (x86)\Opera => moved successfully
    C:\Windows\system32\Drivers\etc\hp.bak => moved successfully
    C:\Users\Abi\AppData\Local\Geckofx => moved successfully
    C:\Program Files (x86)\KMSPico 10.0.6 => moved successfully
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Kixjucfio" => key removed successfully

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => 1.4 GB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 19:52:36 ====


    ------------------------------------------------------------------------------------------------
    # AdwCleaner v5.013 - Logfile created 13/10/2015 at 20:06:28
    # Updated 09/10/2015 by Xplode
    # Database : 2015-10-13.2 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Abi - Abi-Laptop
    # Running from : C:\Users\Abi\Desktop\adwcleaner_5.013.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****

    [-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
    [-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
    [-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0
    [-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    [-] Key Deleted : HKCU\Software\__SP__browser_name__SP__
    [-] Key Deleted : HKLM\SOFTWARE\navegaki
    [-] Key Deleted : HKLM\SOFTWARE\im-dosearch
    [-] Key Deleted : HKLM\SOFTWARE\NetTcpHandler
    [-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6091F327-2B13-4193-A6F1-4B2271613A74}_is1
    [!] Key Not Deleted : [x64] HKCU\Software\__SP__browser_name__SP__
    [-] Key Deleted : [x64] HKLM\SOFTWARE\navegaki
    [-] Key Deleted : [x64] HKLM\SOFTWARE\im-dosearch

    ***** [ Web browsers ] *****


    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1949 bytes] ##########
  6. 2015-10-14, 09:58 #16
    Satchfan
    Satchfan is offline
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    I'm glad things seem to be well now.

    Let’s run an online scan to be sure nothing is left and if that’s clear I’ll send instructions to tidy up.


    Run ESET Online Scan

    Note: This may take a long time so please be patient.

    IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

    Note: You can use Internet Explorer, FireFox or Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

    • click the Run Eset online Scanner button
    • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    o click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    o double click on the Eset installer icon on your desktop.

    • check Yes, I accept the Terms of Use
    • click the Start button
    • accept any security warnings from your browser
    • check Enable detection of potentially unwanted applications
    • click Advanced settings and select the following:


    o scan archives
    o scan for potentially unsafe applications
    o enable Anti-Stealth technology


    Note: Do not check Remove found threats

    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • when the scan completes, push List of found threats
    • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.

    • push the back button.
    • push Finish

    When the scan is complete:

    If no threats were found:


    o put a checkmark in "Uninstall application on close"
    o close program
    o report to me that nothing was found.

    If threats were found:


    o click on "list of threats found"
    o click on "export to text file" and save it as ESET results and save to the desktop
    o click on back
    o put a checkmark in "Uninstall application on close"
    o click on finish
    o close program
    o copy and paste the report here.

    Thanks

    Satchfan
  7. 2015-10-17, 03:19 #17
    JohnSnow
    JohnSnow is offline
    Junior Member
    Join Date
    Oct 2015
    Posts
    9

    Default

    C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Kixjucfio.EXE.vir a variant of Win32/RiskWare.Komodia.J application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD\hnsfFB53.tmp.vir a variant of Win32/Adware.ConvertAd.ZE application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD\knsqCB46.tmp.vir a variant of Win32/Adware.ConvertAd.AAI application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-11.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-3.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-64.exe.vir a variant of Win64/Toolbar.Crossrider.N potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff.crx.vir JS/Toolbar.Crossrider.E potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\3c849da4-59fd-46e4-b720-3c2f7fcf62b1.dll.vir a variant of Win64/Toolbar.Crossrider.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\a690a876-c5b2-4e85-bfa0-e8f63b97d804.crx.vir JS/Toolbar.Crossrider.E potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\a690a876-c5b2-4e85-bfa0-e8f63b97d804.dll.vir a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-11.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-3.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-64.exe.vir a variant of Win64/Toolbar.Crossrider.N potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89.crx.vir JS/Toolbar.Crossrider.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\a7b90909-69c6-46c5-b0e3-de2d47858766.dll.vir a variant of Win64/Toolbar.Crossrider.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\fde14152-ef36-4e91-992b-abb2ca12e38b.crx.vir JS/Toolbar.Crossrider.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\fde14152-ef36-4e91-992b-abb2ca12e38b.dll.vir a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\b35d9475-1079-47e9-b589-74ee7bd164bf.crx.vir JS/Toolbar.Crossrider.H potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\b35d9475-1079-47e9-b589-74ee7bd164bf.dll.vir a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\eec3d8c3-6b61-4094-9b64-34b591fa5e47.dll.vir a variant of Win64/Toolbar.Crossrider.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-3.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-64.exe.vir a variant of Win64/Toolbar.Crossrider.N potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe.vir a variant of Win32/Adware.Vitruvian.F application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe.vir a variant of MSIL/Adware.Vitruvian.A application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\A0FEA676-1443993646-E111-9F63-E98E551D30CD\onsa84DE.tmp.vir Win32/Adware.ConvertAd.AAG application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\bvxvexvbg\bvxvexvbg.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\DeskBar\2.6.5.0\DeskBar.exe.vir a variant of MSIL/Goobzo.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\102.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\104.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\119.js.vir JS/Toolbar.Crossrider.K potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\14.js.vir JS/Toolbar.Crossrider.O potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\178.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\179.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\180.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\184.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\19.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\195.js.vir JS/Toolbar.Crossrider.K potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\200.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\220.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\223.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\231.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\232.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\234.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\242.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\252.js.vir JS/Toolbar.Crossrider.K potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\253.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\273.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\281.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\288.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\300.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\311.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\334.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\335.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\339.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\356.js.vir JS/Toolbar.Crossrider.K potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\376.js.vir JS/Toolbar.Crossrider.L potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\380.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\385.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\390.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\391.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\419.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\424.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\47.js.vir JS/Toolbar.Crossrider.M potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\64.js.vir JS/Toolbar.Crossrider.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\97.js.vir JS/Toolbar.Crossrider.N potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\8e3d4a71c60adf7e0e481a61af985563.js.vir JS/Toolbar.Crossrider.E potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\api\1b92538e9b5fc70d39e7a57345b39e3e.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\api\86a763b3ae1f08c92ce3d9f482b451ed.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\api\a28e83e9a96d2d301df58fb15df41115.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\45858129d16879a6b95a4e5a4c35cee1.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\4993660ba4c16459f9fa1f92c7b51139.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\d77e6e8f1174be1eb9953f59e05916d0.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\dbfbf1f6009dac0974cd056f6a0cde86.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\dc9f68679eeb6752cf18f4f90da3c8db.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\ee0d1604a9ee2453aea2416a3d06738a.js.vir JS/Toolbar.Crossrider.H potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\eee626fb15240dc5edf64d1d273fea64.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\swsedrvr_vt_1_10_0_25.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\Kixjucfio.dll.vir a variant of Win32/RiskWare.Komodia.I application
    C:\Users\Abi\Downloads\FLVPlayer-Chrome (1).exe NSIS/TrojanDownloader.Adload.AP trojan
    C:\Users\Abi\Downloads\FLVPlayer-Chrome.exe NSIS/TrojanDownloader.Adload.AP trojan
    C:\Users\Abi\Downloads\PREACTIVATED WINDOWS 7 + WINDOWS 8.1 +OFFICE 2013 PRO PLUS\Win7.x64.20in1.en-US.Sept2013.iso a variant of Win32/HackKMS.W potentially unsafe application
  8. 2015-10-17, 08:09 #18
    Satchfan
    Satchfan is offline
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    I noticed signs that you may have had pirated software on your computer and this has confirmed it.

    Maybe this result will show you that as well as being illegal, how harmful downloading Cracked/Keygens/Warez programs can be. There are threats going around now that are un-cleanable and do so much damage that a format and reinstall of windows is the only option.

    This forum, as well as all the other well-respected malware removal forums, does not condone the use of illegal software and does not offer support unless it is for the removal of it: continuing to help you could be viewed as supporting/condoning illegal software.

    This fix will delete the infected iso.


    Please copy all text in the code box below and paste it into Notepad:

    Code:
    @echo off
del /f /s /q "C:\Users\Abi\Downloads\FLVPlayer-Chrome (1).exe” 
del /f /s /q “C:\Users\Abi\Downloads\FLVPlayer-Chrome.exe” 
del /f /s /q "C:\Users\Abi\Downloads\PREACTIVATED WINDOWS 7 + WINDOWS 8.1 +OFFICE 2013 PRO PLUS\Win7.x64.20in1.en-US.Sept2013.iso” 
del %0

    • save the Notepad file to your desktop and name it delfiles.bat
    • save type as "All Files"
    • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

    The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.

    The rest of the Online scan is only reporting what has already been quarantined: whatever is in these folders can't cause any harm and will be removed when we tidy up.

    Please let me know if there are any remaining problems and if all is well I’ll send instructions to tidy up.

    Satchfan
  9. 2015-10-19, 22:59 #19
    Satchfan
    Satchfan is offline
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    Hi John

    It has been a few days since I sent my last set of instructions to finalise the cleaning of your computer.

    Please let me know if you still need help. If I do not hear from you within 24 hours I'll assume that all is now OK and close this topic.

    Satchfan
  10. 2015-10-22, 08:54 #20
    Satchfan
    Satchfan is offline
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    Since this issue appears to be resolved, this topic has been closed. Glad we could be of assistance.

    If you're the topic starter, and need this topic re-opened, please contact a staff member with the address of the thread.

    Everyone else please read this and then start a New Topic here.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules