Parents let grandkids download games...bad idea, need some help please!!!

[swest8763]

Basically had it set up so they should have been safe just using the computer, but no...my mother decided to let the grandkids download a game. Computer has all kinds of malware issues. I've fought through some but I can't seem to clear out the rest, any help would be greatly appreciated. Looks like i got the SW boost out but there are still things plaguing this beast.

I've ran the backups as well as the logs stated before. Symptoms are random processes running that can't be ended, search hijacking and looks like more iexplore.exe showing up than are actually running.

Thanks in advance for the help.

 

[Juliet]

Hi and welcome

Google Chrome has been attacked.
We will have to uninstall it then have you download it again.

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

• Backup Chrome Bookmarks

~~~
Please download and install Revo Uninstaller Free

• Double click Revo Uninstaller to run it.
• From the list of programs double click on Google Chrome
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• when the built-in uninstaller is finished click on Next.
• Once the program has searched for leftovers click Next.
• Check/tick the bolded items only on the list then click Delete
• when prompted click on Yes and then on next.
• put a check on any folders that are found and select delete
• when prompted select yes then on next
• Once done click Finish.

Please also uninstall if found these
SW-Booster
SW-Sustainer

~~~~
Google Chrome can be downloaded from here http://www.google.com/chrome/

~~~~~~~~~~~~~~`

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2664552706-3889408751-4227966822-1003\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM -> {403CE8DA-BA42-478B-945D-BCD60FB70B3C} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {403CE8DA-BA42-478B-945D-BCD60FB70B3C} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2664552706-3889408751-4227966822-1000 -> {193D1EA9-94CE-481B-A4A6-ECE4F1DCAA85} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-2664552706-3889408751-4227966822-1000 -> {397CFBAF-01FE-4A0D-950E-041F4905DC38} URL =
SearchScopes: HKU\S-1-5-21-2664552706-3889408751-4227966822-1000 -> {403CE8DA-BA42-478B-945D-BCD60FB70B3C} URL =
SearchScopes: HKU\S-1-5-21-2664552706-3889408751-4227966822-1000 -> {9C89CBA4-1A70-49E4-A1E4-2DCAA8BA5931} URL = https://www.flickr.com/search/?q={searchTerms}
Toolbar: HKU\S-1-5-21-2664552706-3889408751-4227966822-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-2664552706-3889408751-4227966822-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
C:\ProgramData\dsgsdgdsgdsgw.bat
C:\ProgramData\dsgsdgdsgdsgw.reg
C:\Users\helena\AppData\Local\Temp\ose00000.exe
C:\Users\helena\AppData\Local\Temp\Quarantine.exe
C:\Users\helena\AppData\Local\Temp\sqlite3.dll
C:\Users\Helena_2\AppData\Local\Temp\UnityWebPlayer9028982610306444668.exe
SW-Booster (HKLM-x32\...\S-1530452449) (Version: 3.1.0.1868 - SW-Booster) <==== ATTENTION
SW-Sustainer (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}) (Version: - Genuine P Software) <==== ATTENTION
AlternateDataStreams: C:\Users\Helena_2\Desktop\Hoosier Kennel Club.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Helena_2\Desktop\Hoosier Kennel Club.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Public\Documents\Image (2).jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Public\Documents\Image (2).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Public\Documents\Image (2).jpg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Public\Documents\Image (2).jpg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Public\Documents\Image.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Public\Documents\Image.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Public\Documents\William Scott West.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Public\Documents\William Scott West.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~``

Malwarebytes Anti-Rootkit

• Download Malwarebytes Anti-Rootkit
• Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
• Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
• Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
• Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
• After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
• Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
• If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

• Please click by the introduction screen on the Next button to continue.

• Next you will see the Update Database screen.
• Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.

• When the update has finished, click on the Next button.

• Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
• Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

• When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
• Make sure everything is selected and that the option to create a restore point is checked.
• Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
• Click on Yes button to restart your computer.

• There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
• The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
  • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
• The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

post:
Fixlog.txt
MBAR log

 

[swest8763]

Thanks for the quick reply.

I believe I got through all the steps correctly. I've attached to requested files, let me know how to proceed.

 

[Juliet]

Did you run the fixlog more then once?

Uninstall reinstall Google Chrome?

~~~~~~~~~~~~~

Let's get a new FRST log and Additions txt

AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select
  
  Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
• Follow the prompts and allow your computer to reboot.
• After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• Right-Click FRST.exe / FRST64.exe and select
  
  Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
  

please post
AdwCleaner.txt
FRST.txt & Addition.txt

Also, any improvements in the computer?

 

[swest8763]

Thanks for the patience, looks like I didn't read the "you can download Google Chrome" as an actual step so that's my error. And I believe the fixlist that was on the machine was from a prior clean awhile back, not the one from your instructions.

I have reinstalled Chrome, ran AdwCleaner and generated the other new files. Haven't noticed much improvement as I've not utilized their laptop much, it is loading quicker and reboot is much quicker. I haven't used it online much other then we absolutely necessary to download updates as directed since I don't want to make it any worst since it may still be vulnerable.

Below are the details.

# AdwCleaner v4.110 - Logfile created 12/02/2015 at 08:03:00
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : helena - HELENA-PC
# Running from : C:\Users\helena\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v40.0.2214.111

[C:\Users\helena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\helena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Comodo Dragon v

[C:\Users\helena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\helena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chrome Canary v

[C:\Users\helena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\helena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [14117 bytes] - [06/02/2015 10:11:26]
AdwCleaner[R1].txt - [922 bytes] - [06/02/2015 11:09:54]
AdwCleaner[R2].txt - [1333 bytes] - [12/02/2015 07:55:53]
AdwCleaner[S0].txt - [15211 bytes] - [06/02/2015 10:16:14]
AdwCleaner[S1].txt - [987 bytes] - [06/02/2015 11:30:16]
AdwCleaner[S2].txt - [1856 bytes] - [12/02/2015 08:03:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1915 bytes] ##########

 

[Juliet]

It looks better.

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme.
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Place a checkmark next to Enable detection of potentially unwanted applications.
• Click Advanced settings. Place a checkmark next to:
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Ensure Remove found threats is unchecked.
• Click Start.
• Wait for the scan to finish. Please be patient as this can take some time.
• Upon completion, click
  
  . If no threats were found, skip the next two bullet points.
• Click
  
  and save the file to your Desktop, naming it something such as "MyEsetScan".
• Push the Back button.
• Place a checkmark next to
  
  and click
  
  .
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.
  

======================================================

 

[swest8763]

I ran the online scan but it rebooted so I did not get the output. Should I run it again.

 

[Juliet]

If you don't mind yes, disable your antivirus first in case thats what made the computer reboot.

Don't forget to turn it back on after the scan has run.

 

[swest8763]

You were not kidding about it may take a long time! But it has completed and here is the output.

C:\AdwCleaner\Quarantine\C\ProgramData\FreeWorldApp\SW-Booster\SW-Booster.exe.vir Win32/TrojanDownloader.Agent.ACF trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\torch\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\torch\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\torch\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\torch\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\torch\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\helena\AppData\Local\torch\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\torch\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\torch\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\torch\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\torch\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\torch\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Helena_2\AppData\Local\torch\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\torch\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\torch\User Data\Default\Extensions\fhgedmlkcaibnfcbehfboammkeiiibjf\2.0\NkvE.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\torch\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\torch\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\torch\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\CkY4i7WB.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\The Kids\AppData\Local\torch\User Data\Default\Extensions\ldbehanojleefjgengohcdjpbangchbg\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application
C:\ProgramData\InstallMate\{73B31F31-95DA-4883-AA68-DDF8A8503DC7}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\InstallMate\{C2D40929-C241-4775-A59E-8A6319372BDF}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\All Users\InstallMate\{73B31F31-95DA-4883-AA68-DDF8A8503DC7}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{C2D40929-C241-4775-A59E-8A6319372BDF}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\helena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\helena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\helena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\helena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\Helena_2\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\Helena_2\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\Helena_2\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a28 Win32/InstalleRex.M potentially unwanted application
C:\Users\Helena_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\Helena_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\Helena_2\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\Helena_2\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\Helena_2\Documents\TelevisionFanatic.exe Win32/AdInstaller potentially unwanted application
C:\Users\Helena_2\Downloads\FIFA 15 Ultimate Team Edition (PC) 2014.exe Win32/InstalleRex.M potentially unwanted application
C:\Users\Helena_2\Downloads\MapsGalaxy.exe Win32/AdInstaller potentially unwanted application
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\The Kids\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\The Kids\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\The Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\The Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan
C:\Users\The Kids\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js JS/Adware.MultiPlug.B application
C:\Users\The Kids\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js JS/Kryptik.ATB trojan

 

[Juliet]

With this amount of infection I feel it safe to say you should change all passwords from a known clean computer for banking and any other security related sites.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
C:\ProgramData\InstallMate\{73B31F31-95DA-4883-AA68-DDF8A8503DC7}\Custom.dll
C:\ProgramData\InstallMate\{C2D40929-C241-4775-A59E-8A6319372BDF}\Custom.dll
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\All Users\InstallMate\{73B31F31-95DA-4883-AA68-DDF8A8503DC7}\Custom.dll
C:\Users\All Users\InstallMate\{C2D40929-C241-4775-A59E-8A6319372BDF}\Custom.dll
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\helena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\helena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\helena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\helena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\Helena_2\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\Helena_2\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\Helena_2\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a28
C:\Users\Helena_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\Helena_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\Helena_2\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\Helena_2\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\Helena_2\Documents\TelevisionFanatic.exe
C:\Users\Helena_2\Downloads\FIFA 15 Ultimate Team Edition (PC) 2014.exe
C:\Users\Helena_2\Downloads\MapsGalaxy.exe
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\The Kids\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\The Kids\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\The Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\The Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
C:\Users\The Kids\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\lsdb.js
C:\Users\The Kids\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\199\sINevKlB.js
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Post the log when finished and tell me how the computer is now.

 

[swest8763]

Great! Thanks.

Looks like its moving a lot faster. The reboot seemed smoother and there is less lag in response. I'm still seeing Physical Memory at over 55% which seems very high and there isn't even much HP bloatware running.

 

[Juliet]

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
  
  You can get help on disabling your protection programs here
• Double click on ComboFix.exe & follow the prompts.
• You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
• Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
  
  ---------------------------------------------------------------------------------------------
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  
  Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
  Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
  ---------------------------------------------------------------------------------------------
• If there are Internet issues after running ComboFix:
  Internet Explorer:
  Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
  Firefox:
  Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
  Chrome:
  Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
  Safari
  Launch Safari
  Go to general settings menu
  Then in Preferences/ Advanced
  Then on line click Proxies change settings ...
  Click Internet Options, then click the Connections tab, click Network Settings.
  Disable option (uncheck) for the use of proxy server ...
  

 

[swest8763]

Juliet...back up has been taking longer than I thought as I'm pulling files, scanning them and then moving them to an external drive. There are tons of Excel files from my father's business that seem to be corrupted too.

I've just been called away on business and will not be returning until Thursday so i would be outside of the 3 day window but wanted to let you know how much I have appreciated your help on this massive infection. I plan to run the last full step when I return on Thursday.

Thank you again for everything!

 

[Juliet]

Please be careful traveling.
Post results when you return.

 

[Juliet]

Still need help?

 

[swest8763]

Yes. Just got back from travel as weather provided some extra opportunities to travel. I am running Combo Fix now. Will post the outcomes shortly.

Thanks for checking on me!!!

 

[swest8763]

Here is the outcome of the Combofix.

 

[Juliet]

How's the computer now?

 

[Juliet]

still need help?

 

[swest8763]

Well it still seems to be running high on physical memory use but at the moment that may be due to updating things since I've had it disconnected from the internet while working on it and only connected to update items as directed.

I did notice I opened chrome and it showed 11 instances in the task manager, that make me think something is still a little screwy there. There is still a program called Home and Business Attorney installed that will not let me uninstall, keeps giving me an error. Message box is titled "Wise Uninstall", message reads "Could not open INSTALL.LOG file."