The MBAM log is too long so i had to split it into 3 parts
The MBAM log is too long so i had to split it into 3 parts
Good work John.
Can you please do the same for the new FRST logs that I asked for.
Thanks
Satchfan
Last edited by Satchfan; 2015-10-11 at 23:17. Reason: Punctuation
hopefully those logs are attached now.
Thanks
Hello John and well done getting the logs.
You have an illegal activation tool for Microsoft Windows and MS Office products:
2015-10-04 21:17 - 2015-10-06 21:51 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
This forum, as well as all the other well-respected malware removal forums, does not condone the use of Pirated-Warez/Keygens/Cracked software and does not offer support unless it is for the removal of it: continuing to help you could be viewed as supporting/condoning illegal software.
If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. In doing the crack, the 'cracker' has broken the 'End User License Agreement' (EULA) of the product.
Aside from the legalities, be aware that malware authors prey on users looking to circumvent a software's protection mechanisms: there is also a high risk of infection involved in downloading and running crack codes.
The “fix” included in this post will remove it.
================================================
Run Farbar Recovery Scan Tool
Open notepad. Please copy the contents of the code box below and paste it into Notepad.
Code:Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoLogOff] 0 HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} GroupPolicy: Restriction - Chrome <======= ATTENTION SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {5885ECFB-B6D1-4EDE-AF43-AED548EF4833} URL = SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms} CHR DefaultSearchKeyword: Default -> Search Module Plus CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => No File CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL => No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File 2015-10-04 21:32 - 2015-10-08 22:12 - 00000000 ____D C:\Program Files (x86)\8a9babaa-d527-4b3a-9dbf-f6d4d5a9ba3b 2015-10-04 21:31 - 2015-10-04 21:33 - 00000000 ____D C:\Program Files (x86)\Feed Notifier 2015-10-04 21:30 - 2015-10-07 20:59 - 00000000 ____D C:\Users\Abi\AppData\Roaming\RunDir 2015-10-04 21:30 - 2015-10-04 21:30 - 00000045 _____ C:\user.js 2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Windows\system32\dev 2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Users\Abi\AppData\Local\Tempfolder 2015-10-04 21:28 - 2015-10-05 06:17 - 00000292 _____ C:\Windows\Tasks\yxnb.job 2015-10-04 21:27 - 2015-10-07 20:21 - 00170747 _____ C:\Windows\wininit.ini 2015-10-04 21:25 - 2015-10-08 22:12 - 00000000 ____D C:\Program Files (x86)\119312c4-11b3-4129-ab16-95e16f122005 2015-10-04 21:25 - 2015-10-06 20:45 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Opera Software 2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Local\Opera Software 2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Program Files (x86)\Opera 2015-10-04 21:20 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-10-04 21:19 - 2015-10-04 21:19 - 00000000 ____D C:\Users\Abi\AppData\Local\Geckofx 2015-10-04 21:17 - 2015-10-06 21:51 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kixjucfio => ""="service" CMD: ipconfig /flushdns EmptyTemp:
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
- save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
- run FRST64 then click Fix just once and wait
- it will create a log (Fixlog.txt); please post it to your reply.
================================================
Uninstall AdwCleaner
- double click on adwcleaner.exe to run the tool
- click on Uninstall
- confirm with Yes
Download AdwCleaner again from here and save it to your desktop.
- run AdwCleaner
- when it has finished, allow AdwCleaner to deleteeverything it found, then click on Clean
- if it asks to reboot, allow the reboot
- on reboot a log will be produced; please attach the content of the log to your next reply.
Logs to include in the next post:
Fixlog.txt
New AdwCleaner log
Can you tel me how your computer is now and if there are any remaining problems.
Thanks
Satchfan
Last edited by Satchfan; 2015-10-13 at 23:52. Reason: Punctuation
Machine seems to be doing much better after that last round of fixes.
Thanks for all your help
Latest logs follow:
Fix result of Farbar Recovery Scan Tool (x64) Version:12-10-2015
Ran by Abi (2015-10-13 19:51:01) Run:1
Running from C:\Users\Abi\Desktop
Loaded Profiles: Abi (Available Profiles: Abi)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {5885ECFB-B6D1-4EDE-AF43-AED548EF4833} URL =
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Module Plus
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
2015-10-04 21:32 - 2015-10-08 22:12 - 00000000 ____D C:\Program Files (x86)\8a9babaa-d527-4b3a-9dbf-f6d4d5a9ba3b
2015-10-04 21:31 - 2015-10-04 21:33 - 00000000 ____D C:\Program Files (x86)\Feed Notifier
2015-10-04 21:30 - 2015-10-07 20:59 - 00000000 ____D C:\Users\Abi\AppData\Roaming\RunDir
2015-10-04 21:30 - 2015-10-04 21:30 - 00000045 _____ C:\user.js
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Windows\system32\dev
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Users\Abi\AppData\Local\Tempfolder
2015-10-04 21:28 - 2015-10-05 06:17 - 00000292 _____ C:\Windows\Tasks\yxnb.job
2015-10-04 21:27 - 2015-10-07 20:21 - 00170747 _____ C:\Windows\wininit.ini
2015-10-04 21:25 - 2015-10-08 22:12 - 00000000 ____D C:\Program Files (x86)\119312c4-11b3-4129-ab16-95e16f122005
2015-10-04 21:25 - 2015-10-06 20:45 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Opera Software
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Local\Opera Software
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-04 21:20 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-10-04 21:19 - 2015-10-04 21:19 - 00000000 ____D C:\Users\Abi\AppData\Local\Geckofx
2015-10-04 21:17 - 2015-10-06 21:51 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kixjucfio => ""="service"
CMD: ipconfig /flushdns
EmptyTemp:
*****************
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogOff => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1835340503-273950527-3103715778-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5885ECFB-B6D1-4EDE-AF43-AED548EF4833}" => key removed successfully
HKCR\CLSID\{5885ECFB-B6D1-4EDE-AF43-AED548EF4833} => key not found.
"HKU\S-1-5-21-1835340503-273950527-3103715778-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => not found.
C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => not found.
c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => moved successfully
C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL => not found.
C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL => not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
c:\progra~2\mcafee\msc\npmcsn~1.dll => not found.
C:\Program Files (x86)\8a9babaa-d527-4b3a-9dbf-f6d4d5a9ba3b => moved successfully
C:\Program Files (x86)\Feed Notifier => moved successfully
C:\Users\Abi\AppData\Roaming\RunDir => moved successfully
C:\user.js => moved successfully
C:\Windows\system32\dev => moved successfully
C:\Users\Abi\AppData\Local\Tempfolder => moved successfully
C:\Windows\Tasks\yxnb.job => moved successfully
C:\Windows\wininit.ini => moved successfully
C:\Program Files (x86)\119312c4-11b3-4129-ab16-95e16f122005 => moved successfully
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully
C:\Users\Abi\AppData\Roaming\Opera Software => moved successfully
C:\Users\Abi\AppData\Local\Opera Software => moved successfully
C:\Program Files (x86)\Opera => moved successfully
C:\Windows\system32\Drivers\etc\hp.bak => moved successfully
C:\Users\Abi\AppData\Local\Geckofx => moved successfully
C:\Program Files (x86)\KMSPico 10.0.6 => moved successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Kixjucfio" => key removed successfully
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
EmptyTemp: => 1.4 GB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 19:52:36 ====
------------------------------------------------------------------------------------------------
# AdwCleaner v5.013 - Logfile created 13/10/2015 at 20:06:28
# Updated 09/10/2015 by Xplode
# Database : 2015-10-13.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Abi - Abi-Laptop
# Running from : C:\Users\Abi\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKCU\Software\__SP__browser_name__SP__
[-] Key Deleted : HKLM\SOFTWARE\navegaki
[-] Key Deleted : HKLM\SOFTWARE\im-dosearch
[-] Key Deleted : HKLM\SOFTWARE\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6091F327-2B13-4193-A6F1-4B2271613A74}_is1
[!] Key Not Deleted : [x64] HKCU\Software\__SP__browser_name__SP__
[-] Key Deleted : [x64] HKLM\SOFTWARE\navegaki
[-] Key Deleted : [x64] HKLM\SOFTWARE\im-dosearch
***** [ Web browsers ] *****
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1949 bytes] ##########
I'm glad things seem to be well now.
Let’s run an online scan to be sure nothing is left and if that’s clear I’ll send instructions to tidy up.
Run ESET Online Scan
Note: This may take a long time so please be patient.
IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.
Note: You can use Internet Explorer, FireFox or Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
- click the Run Eset online Scanner button
- for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
o click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
o double click on the Eset installer icon on your desktop.
- check Yes, I accept the Terms of Use
- click the Start button
- accept any security warnings from your browser
- check Enable detection of potentially unwanted applications
- click Advanced settings and select the following:
o scan archives
o scan for potentially unsafe applications
o enable Anti-Stealth technology
Note: Do not check Remove found threats
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- when the scan completes, push List of found threats
- push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - if ESET doesn't find any threats, no report will be created.
- push the back button.
- push Finish
When the scan is complete:
If no threats were found:
o put a checkmark in "Uninstall application on close"
o close program
o report to me that nothing was found.
If threats were found:
o click on "list of threats found"
o click on "export to text file" and save it as ESET results and save to the desktop
o click on back
o put a checkmark in "Uninstall application on close"
o click on finish
o close program
o copy and paste the report here.
Thanks
Satchfan
C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Kixjucfio.EXE.vir a variant of Win32/RiskWare.Komodia.J application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD\hnsfFB53.tmp.vir a variant of Win32/Adware.ConvertAd.ZE application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD\knsqCB46.tmp.vir a variant of Win32/Adware.ConvertAd.AAI application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-11.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-3.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-64.exe.vir a variant of Win64/Toolbar.Crossrider.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff.crx.vir JS/Toolbar.Crossrider.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\3c849da4-59fd-46e4-b720-3c2f7fcf62b1.dll.vir a variant of Win64/Toolbar.Crossrider.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\a690a876-c5b2-4e85-bfa0-e8f63b97d804.crx.vir JS/Toolbar.Crossrider.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\a690a876-c5b2-4e85-bfa0-e8f63b97d804.dll.vir a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-11.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-3.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-64.exe.vir a variant of Win64/Toolbar.Crossrider.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89.crx.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\a7b90909-69c6-46c5-b0e3-de2d47858766.dll.vir a variant of Win64/Toolbar.Crossrider.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\fde14152-ef36-4e91-992b-abb2ca12e38b.crx.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\fde14152-ef36-4e91-992b-abb2ca12e38b.dll.vir a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\b35d9475-1079-47e9-b589-74ee7bd164bf.crx.vir JS/Toolbar.Crossrider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\b35d9475-1079-47e9-b589-74ee7bd164bf.dll.vir a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\eec3d8c3-6b61-4094-9b64-34b591fa5e47.dll.vir a variant of Win64/Toolbar.Crossrider.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-3.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-64.exe.vir a variant of Win64/Toolbar.Crossrider.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe.vir a variant of Win32/Adware.Vitruvian.F application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe.vir a variant of MSIL/Adware.Vitruvian.A application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\A0FEA676-1443993646-E111-9F63-E98E551D30CD\onsa84DE.tmp.vir Win32/Adware.ConvertAd.AAG application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\bvxvexvbg\bvxvexvbg.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\DeskBar\2.6.5.0\DeskBar.exe.vir a variant of MSIL/Goobzo.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\102.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\104.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\119.js.vir JS/Toolbar.Crossrider.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\14.js.vir JS/Toolbar.Crossrider.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\178.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\179.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\180.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\184.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\19.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\195.js.vir JS/Toolbar.Crossrider.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\200.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\220.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\223.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\231.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\232.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\234.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\242.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\252.js.vir JS/Toolbar.Crossrider.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\253.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\273.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\281.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\288.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\300.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\311.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\334.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\335.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\339.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\356.js.vir JS/Toolbar.Crossrider.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\376.js.vir JS/Toolbar.Crossrider.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\380.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\385.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\390.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\391.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\419.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\424.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\47.js.vir JS/Toolbar.Crossrider.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\64.js.vir JS/Toolbar.Crossrider.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\97.js.vir JS/Toolbar.Crossrider.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\8e3d4a71c60adf7e0e481a61af985563.js.vir JS/Toolbar.Crossrider.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\api\1b92538e9b5fc70d39e7a57345b39e3e.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\api\86a763b3ae1f08c92ce3d9f482b451ed.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\api\a28e83e9a96d2d301df58fb15df41115.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\45858129d16879a6b95a4e5a4c35cee1.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\4993660ba4c16459f9fa1f92c7b51139.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\d77e6e8f1174be1eb9953f59e05916d0.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\dbfbf1f6009dac0974cd056f6a0cde86.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\dc9f68679eeb6752cf18f4f90da3c8db.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\ee0d1604a9ee2453aea2416a3d06738a.js.vir JS/Toolbar.Crossrider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\eee626fb15240dc5edf64d1d273fea64.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\swsedrvr_vt_1_10_0_25.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\Kixjucfio.dll.vir a variant of Win32/RiskWare.Komodia.I application
C:\Users\Abi\Downloads\FLVPlayer-Chrome (1).exe NSIS/TrojanDownloader.Adload.AP trojan
C:\Users\Abi\Downloads\FLVPlayer-Chrome.exe NSIS/TrojanDownloader.Adload.AP trojan
C:\Users\Abi\Downloads\PREACTIVATED WINDOWS 7 + WINDOWS 8.1 +OFFICE 2013 PRO PLUS\Win7.x64.20in1.en-US.Sept2013.iso a variant of Win32/HackKMS.W potentially unsafe application
I noticed signs that you may have had pirated software on your computer and this has confirmed it.
Maybe this result will show you that as well as being illegal, how harmful downloading Cracked/Keygens/Warez programs can be. There are threats going around now that are un-cleanable and do so much damage that a format and reinstall of windows is the only option.
This forum, as well as all the other well-respected malware removal forums, does not condone the use of illegal software and does not offer support unless it is for the removal of it: continuing to help you could be viewed as supporting/condoning illegal software.
This fix will delete the infected iso.
Please copy all text in the code box below and paste it into Notepad:
Code:@echo off del /f /s /q "C:\Users\Abi\Downloads\FLVPlayer-Chrome (1).exe” del /f /s /q “C:\Users\Abi\Downloads\FLVPlayer-Chrome.exe” del /f /s /q "C:\Users\Abi\Downloads\PREACTIVATED WINDOWS 7 + WINDOWS 8.1 +OFFICE 2013 PRO PLUS\Win7.x64.20in1.en-US.Sept2013.iso” del %0
- save the Notepad file to your desktop and name it delfiles.bat
- save type as "All Files"
- on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).
The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.
The rest of the Online scan is only reporting what has already been quarantined: whatever is in these folders can't cause any harm and will be removed when we tidy up.
Please let me know if there are any remaining problems and if all is well I’ll send instructions to tidy up.
Satchfan
Hi John
It has been a few days since I sent my last set of instructions to finalise the cleaning of your computer.
Please let me know if you still need help. If I do not hear from you within 24 hours I'll assume that all is now OK and close this topic.
Satchfan