Page 3 of 6 FirstFirst 123456 LastLast
Results 21 to 30 of 60

Thread: Computer is running really loud lately, possible malware I'm missing?

  1. #21
    Senior Member gigglepot's Avatar
    Join Date
    Jun 2014
    Posts
    137

    Default

    I made an educated guess and exported to text file. Here is the ESET scan:

    C:\AdwCleaner\FileQuarantine\C\Users\Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\FileQuarantine\C\Users\Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\FileQuarantine\C\Users\Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\FileQuarantine\C\Users\Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\FileQuarantine\C\Users\Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\FileQuarantine\C\Users\Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3298581\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngine.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngineUninstall.exe.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupons\uninstall.exe.vir a variant of Win32/Adware.Coupons.AA application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SW-Booster\Assistant_x64.dll.vir a variant of Win64/SProtector.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentBar\tbuTor.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\ProgramData\ExsttraSSaevinags\1qC.dll.vir a variant of Win32/AdWare.MultiPlug.N application
    C:\AdwCleaner\Quarantine\C\ProgramData\saave net\wnLAlG5.exe.vir a variant of Win32/AdWare.MultiPlug.Y application
    C:\AdwCleaner\Quarantine\C\ProgramData\saavee onett\77CMT.exe.vir a variant of Win32/AdWare.MultiPlug.Y application
    C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
    C:\AdwCleaner\Quarantine\C\ProgramData\YoutubeAdblocker\lHBgJ.exe.vir a variant of Win32/AdWare.MultiPlug.Y application
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\mJ9k1J6RtZx.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp\5.14\PirYrPf.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp\5.14\sPE2dOT8epd.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk\5.14\et6j8U.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\boJ9i7Hj.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\mJ9k1J6RtZx.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea\1.0\zOCi9a.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh\2.1\B5uON.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\FSYSEmwMg0fK.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp\5.14\PirYrPf.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp\5.14\sPE2dOT8epd.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk\5.14\et6j8U.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\boJ9i7Hj.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\mJ9k1J6RtZx.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea\1.0\zOCi9a.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\198\bvIqjKgum.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh\2.1\B5uON.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\FSYSEmwMg0fK.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp\5.14\PirYrPf.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\mJ9k1J6RtZx.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp\5.14\PirYrPf.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp\5.14\sPE2dOT8epd.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk\5.14\et6j8U.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\boJ9i7Hj.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\mJ9k1J6RtZx.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea\1.0\zOCi9a.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh\2.1\B5uON.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\FSYSEmwMg0fK.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp\5.14\PirYrPf.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp\5.14\sPE2dOT8epd.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk\5.14\et6j8U.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\boJ9i7Hj.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\mJ9k1J6RtZx.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea\1.0\zOCi9a.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\198\bvIqjKgum.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh\2.1\B5uON.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\FSYSEmwMg0fK.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp\5.14\PirYrPf.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\mJ9k1J6RtZx.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp\5.14\PirYrPf.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp\5.14\sPE2dOT8epd.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk\5.14\et6j8U.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\boJ9i7Hj.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\mJ9k1J6RtZx.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea\1.0\zOCi9a.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh\2.1\B5uON.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\FSYSEmwMg0fK.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp\5.14\PirYrPf.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp\5.14\sPE2dOT8epd.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk\5.14\et6j8U.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\boJ9i7Hj.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\mJ9k1J6RtZx.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea\1.0\zOCi9a.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\198\bvIqjKgum.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh\2.1\B5uON.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\FSYSEmwMg0fK.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp\5.14\PirYrPf.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\mJ9k1J6RtZx.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Chromatic Browser\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp\5.14\PirYrPf.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp\5.14\sPE2dOT8epd.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf\10.26.0.540_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf\10.26.0.540_0\nativeMessaging\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\mJ9k1J6RtZx.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh\2.1\B5uON.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\FSYSEmwMg0fK.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp\5.14\PirYrPf.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\NativeMessaging\CT3298581\1_0_0_4\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\SwvUpdater\Updater.exe.vir a variant of Win32/Amonetize.AB potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\torch\User Data\Default\Extensions\enekehjgaaanjlpmlbcipoigpncjejlp\5.14\sPE2dOT8epd.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\torch\User Data\Default\Extensions\ikipapifkbcdpamlpjoomlcfbeopmhjk\5.14\et6j8U.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\torch\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\boJ9i7Hj.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\torch\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\torch\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\torch\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\mJ9k1J6RtZx.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\torch\User Data\Default\Extensions\lnodkiakfohbcpjjpodlnbmfmeddfeea\1.0\zOCi9a.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\torch\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\198\bvIqjKgum.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\torch\User Data\Default\Extensions\mmnofnnhckfmeelmncbocoabcggefgoh\2.1\B5uON.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\torch\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js.vir JS/Chromex.Agent.L trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\torch\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\FSYSEmwMg0fK.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\torch\User Data\Default\Extensions\olmcifmckodjahofoaagljdikbbfbmpp\5.14\PirYrPf.js.vir JS/Kryptik.ATB trojan
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\WhiteListing\PluginsWhiteListing.dll.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Vuze_Remote\tbVuze.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\Program Files\KMSpico\Service_KMS.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application
    C:\Program Files (x86)\Vuze\bunndle.zip a variant of Win32/Bunndle potentially unsafe application
    C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll a variant of Win32/Bunndle potentially unsafe application
    C:\Program Files (x86)\Vuze\.install4j\user\mism.exe a variant of Win32/Toolbar.Conduit.AR potentially unwanted application
    C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\Spybot - Search & Destroy\Recovery\Wajam33.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\Spybot - Search & Destroy\Recovery\Wajam65.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO16.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO7.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\{CA19C67B-273A-466C-A67A-E9467606540F}\Shareaza_V8_en_Setup.res a variant of Win32/Toolbar.SearchSuite.Y potentially unwanted application
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js JS/Chromex.Agent.L trojan
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js JS/Chromex.Agent.L trojan
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wajam33.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wajam65.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO16.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO7.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\{CA19C67B-273A-466C-A67A-E9467606540F}\Shareaza_V8_en_Setup.res a variant of Win32/Toolbar.SearchSuite.Y potentially unwanted application
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js JS/Chromex.Agent.L trojan
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js JS/Chromex.Agent.L trojan
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js JS/Chromex.Agent.L trojan
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js JS/Chromex.Agent.L trojan
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js JS/Chromex.Agent.L trojan
    C:\Users\Owner\.gimp-2.8\.frostwire5\updates\frostwire-5.6.9.windows.coc.premium.exe a variant of Win32/OpenCandy.A potentially unsafe application
    C:\Users\Owner\.gimp-2.8\.frostwire5\updates\frostwire-5.6.9.windows.exe a variant of Win32/OpenCandy.A potentially unsafe application
    C:\Users\Owner\Documents\Vuze Downloads\Microsoft Office Proffesional Plus 2010 Corporate Final Full Activated -NoGRp\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso a variant of MSIL/HackKMS.A potentially unsafe application

    Computer still is running loud.

  2. #22
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,985

    Default

    I made an educated guess and exported to text file. Here is the ESET scan
    Original instructions were first posted on post #7
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    C:\Program Files\KMSpico\Service_KMS.exe
    tool often used to activate illegal versions of Microsoft Office
    Note:
    We do not support the use of Pirated-Warez-Keygens-Cracked software.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    (P2P) file sharing software is installed on your computer. I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

    Your P2P software can be removed by following the instructions below.
    • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for the aforementioned programme(s), right-click and click Uninstall.


    ~~~~~~~~~~~~~~~~~~~``

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    C:\Program Files\KMSpico\Service_KMS.exe
    C:\Program Files (x86)\Vuze\bunndle.zip
    C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll
    C:\Program Files (x86)\Vuze\.install4j\user\mism.exe
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\All Users\{CA19C67B-273A-466C-A67A-E9467606540F}\Shareaza_V8_en_Setup.res a variant of Win32/Toolbar.SearchSuite.Y potentially unwanted application
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Owner\.gimp-2.8\.frostwire5\updates\frostwire-5.6.9.windows.coc.premium.exe
    C:\Users\Owner\.gimp-2.8\.frostwire5\updates\frostwire-5.6.9.windows.exe
    C:\Users\Owner\Documents\Vuze Downloads\Microsoft Office Proffesional Plus 2010 Corporate Final Full Activated -NoGRp\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    Hosts:
    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~`

    Update Outdated Software
    Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #23
    Senior Member gigglepot's Avatar
    Join Date
    Jun 2014
    Posts
    137

    Default

    Hello, that's what I thought but when I went back to re-read #7, there was nothing after "click....". Just letting you know for the next person.

    When I tried to save the fixlist.txt, it asks whether I want it saved as ANSI or Unicode. The default was ANSI but it says there is Unicode and all of those commands will be lost if I save it as ANSI. Not sure what all of this means, sorry.

  4. #24
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,985

    Default

    Must be a glitch somewhere.....I looked over it again and did not see any Unicode so??

    Go back and see if it will run as saved in Unicode?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #25
    Senior Member gigglepot's Avatar
    Join Date
    Jun 2014
    Posts
    137

    Default

    I got a warning when pressing "fix". It says "Looks like you don't know what to do. To prevent damage to the system, the tool will exit."

    That was when I used "unicode". Should I try it again using ANSI?

  6. #26
    Senior Member gigglepot's Avatar
    Join Date
    Jun 2014
    Posts
    137

    Default

    I guess I should ask, what does the stuff in the quote box/fix do?

    Oh, and I forgot to tell you that I updated Adobe and Java like you said below.

  7. #27
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,985

    Default

    I don't know whats going on.

    Let's start over.

    Find Farbar Recovery Scan Tool thats located on your desktop
    Right click on that and you should see the option to delete. If you don't drag it to the recycle bin.
    Then look for the Fixlog.txt and delete it too.

    Now, we'll see if downloading a new version will help.



    After it's on Desktop don't click on anything.

    We'll create a new script.

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



    start
    CreateRestorePoint:
    CloseProcesses:
    C:\Program Files\KMSpico\Service_KMS.exe
    C:\Program Files (x86)\Vuze\bunndle.zip
    C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll
    C:\Program Files (x86)\Vuze\.install4j\user\mism.exe
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\All Users\{CA19C67B-273A-466C-A67A-E9467606540F}\Shareaza_V8_en_Setup.res
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Owner\.gimp-2.8\.frostwire5\updates\frostwire-5.6.9.windows.coc.premium.exe
    C:\Users\Owner\.gimp-2.8\.frostwire5\updates\frostwire-5.6.9.windows.exe
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    Hosts:
    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~`
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #28
    Senior Member gigglepot's Avatar
    Join Date
    Jun 2014
    Posts
    137

    Default

    It worked! And I know what I did wrong (but am too embarrassed to say!).
    Here is the Fixlog.txt:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
    Ran by Owner (2016-06-30 19:43:58) Run:2
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    C:\Program Files\KMSpico\Service_KMS.exe
    C:\Program Files (x86)\Vuze\bunndle.zip
    C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll
    C:\Program Files (x86)\Vuze\.install4j\user\mism.exe
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\All Users\{CA19C67B-273A-466C-A67A-E9467606540F}\Shareaza_V8_en_Setup.res
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js
    C:\Users\Owner\.gimp-2.8\.frostwire5\updates\frostwire-5.6.9.windows.coc.premium.exe
    C:\Users\Owner\.gimp-2.8\.frostwire5\updates\frostwire-5.6.9.windows.exe
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    Hosts:
    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    C:\Program Files\KMSpico\Service_KMS.exe => moved successfully
    C:\Program Files (x86)\Vuze\bunndle.zip => moved successfully
    C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll => moved successfully
    C:\Program Files (x86)\Vuze\.install4j\user\mism.exe => moved successfully
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js => moved successfully
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js => moved successfully
    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js => moved successfully
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js => moved successfully
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js => moved successfully
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js => moved successfully
    C:\Users\All Users\{CA19C67B-273A-466C-A67A-E9467606540F}\Shareaza_V8_en_Setup.res => moved successfully
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js => moved successfully
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js => moved successfully
    C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js => moved successfully
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js => moved successfully
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js => moved successfully
    C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js => moved successfully
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js => moved successfully
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js => moved successfully
    C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmebbfaopbbaeefhbhgfgdcganoifhje\5.14\content.js => moved successfully
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kljcpckmkjfjcncacblmkbeeibblkfph\5.14\content.js => moved successfully
    C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llenmfobpkcbohomijckfhhehblnlilb\1.0\content.js => moved successfully
    C:\Users\Owner\.gimp-2.8\.frostwire5\updates\frostwire-5.6.9.windows.coc.premium.exe => moved successfully
    C:\Users\Owner\.gimp-2.8\.frostwire5\updates\frostwire-5.6.9.windows.exe => moved successfully

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= netsh winsock reset all =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= netsh int ipv4 reset =========

    Reseting Global, OK!
    Reseting Interface, OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= netsh int ipv6 reset =========

    Reseting Interface, OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

    The operation completed successfully.



    ========= End of Reg: =========


    ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

    The operation completed successfully.



    ========= End of Reg: =========


    ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

    The operation completed successfully.



    ========= End of Reg: =========


    ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

    The operation completed successfully.



    ========= End of Reg: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22275879 B
    Java, Flash, Steam htmlcache => 2251 B
    Windows/system/drivers => 303240 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 333777233 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 66228 B
    systemprofile32 => 692 B
    LocalService => 0 B
    NetworkService => 8596 B
    Owner => 126236171 B

    RecycleBin => 3140818 B
    EmptyTemp: => 471.3 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 19:49:22 ====

  9. #29
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,985

    Default

    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java

    If you do need to keep Java then download JavaRa
    Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
    Once done then run it again and select Update Java runtime &gt; Download and install Latest version.

    Or install the latest version here https://java.com/en/download/

    Flash Player Update
    make sure you Uncheck the box to install the Optional Offer software or whatever offer they try to bundle along with it..
    http://get.adobe.com/flashplayer/
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #30
    Senior Member gigglepot's Avatar
    Join Date
    Jun 2014
    Posts
    137

    Default

    How do I figure out if I need Java or not? I don't even know what it does.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •